last executing test programs:

4.773419322s ago: executing program 3 (id=6294):
mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
setsockopt$auto(0xffffffffffffffff, 0x6a, 0x3, 0x0, 0xc)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x80)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_setup$auto(0x7, 0x0)

3.235402038s ago: executing program 3 (id=6306):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0)
write$auto(r0, 0x0, 0x2b6)

2.973214986s ago: executing program 1 (id=6307):
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x2, 0x1)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendto$auto(0x3, 0x0, 0xfdef, 0xe, &(0x7f0000000100)=@in={0x2, 0x0, @rand_addr=0xe0000700}, 0x19)

2.732872999s ago: executing program 1 (id=6310):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x1e, 0x805, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
sysfs$auto(0x2, 0x19, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x3, &(0x7f0000000000)='4\x93f\x06\x04\x00\x00', &(0x7f0000000040), 0x7f)

2.584186777s ago: executing program 2 (id=6312):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bpq3/statistics/rx_packets\x00', 0xa0140, 0x0)
socketpair$auto(0x1e, 0x1, 0xffffffff, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)

2.503555595s ago: executing program 1 (id=6313):
close_range$auto(0x2, 0xa, 0x0)
socket(0x11, 0x80003, 0x300)
openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
unshare$auto(0x40000080)
write$auto(0x3, 0x0, 0x7)

2.490693309s ago: executing program 3 (id=6314):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027617c36720add70ab0343990f7d0bbc96dc0b"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
read$auto(r0, &(0x7f0000000040)='\x00', 0x10001)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01202cbd7000fbdbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

2.278404703s ago: executing program 2 (id=6317):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90)

1.961243472s ago: executing program 3 (id=6318):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
socket(0x29, 0x5, 0x0)
write$auto(0x3, 0x0, 0x100082)
write$auto(0x3, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)

1.858137882s ago: executing program 1 (id=6320):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
mkdir$auto(0x0, 0x353)

1.736811956s ago: executing program 0 (id=6321):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r0)
sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}}, 0x40040)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto(0x3, 0x0, 0xfffffdef)
r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x3b72, 0x0)

1.526585294s ago: executing program 0 (id=6322):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_setup$auto(0x100, 0x0)
mlockall$auto(0x7)
mbind$auto(0xf000, 0x8000000000000001, 0x100000000, 0x0, 0x6, 0x2)
socket(0x18, 0x5, 0x0)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000001}, 0x4880)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

1.525870185s ago: executing program 2 (id=6323):
socket(0xa, 0x1, 0x100)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x568)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000)
move_pages$auto(0x0, 0xd0, &(0x7f0000001100)=0x0, 0x0, 0x0, 0x2)
setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b)

1.07256577s ago: executing program 0 (id=6324):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0)
write$auto(r0, 0x0, 0x2b6)

1.072446472s ago: executing program 1 (id=6325):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48302, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x40000104, 0x400, 0x6}]})

1.070392377s ago: executing program 3 (id=6326):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, 0x0, 0x800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getsockopt$auto(0xffffffffffffffff, 0x84, 0xff, 0x0, 0x0)
openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x40, 0x0)
bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa)

1.023811837s ago: executing program 2 (id=6327):
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
ioctl$auto_SG_GET_SG_TABLESIZE(r0, 0x227f, 0x0)
sendmmsg$auto(r0, 0x0, 0xb4c, 0x1)
r1 = socket(0x11, 0x80003, 0x300)
sendfile$auto(0x1, r1, 0x0, 0x8fb5)
dup2$auto(0x0, 0x3)
ioctl$auto(0x3, 0x5760, 0xfffffffffffff4e0)

902.595118ms ago: executing program 1 (id=6328):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
madvise$auto(0x0, 0x200007, 0x19)

569.395634ms ago: executing program 32 (id=6328):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
madvise$auto(0x0, 0x200007, 0x19)

551.193157ms ago: executing program 0 (id=6330):
r0 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
ustat$auto(0x801, 0x0)
sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0xb, 0x0, 0x1, 0x8}, 0x0)
close_range$auto(0x2, 0x8, 0x0)

247.63812ms ago: executing program 0 (id=6331):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
syz_genetlink_get_family_id$auto_nl80211(0x0, r0)

247.180981ms ago: executing program 3 (id=6332):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d)

245.304569ms ago: executing program 2 (id=6338):
readlink$auto(&(0x7f0000000040)='./file2/file0\x00', 0x0, 0x6)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x9}}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80805, 0x0)
socket(0x18, 0x3, 0x2)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@hci={0x1f, 0x2}, 0x55)

713.275µs ago: executing program 2 (id=6333):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
socket(0x29, 0x5, 0x0)
write$auto(0x3, 0x0, 0x100082)
write$auto(0x3, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)

0s ago: executing program 0 (id=6341):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
mkdir$auto(0x0, 0x353)

kernel console output (not intermixed with test programs):

	

		
	
	


	
		



	

	


	
	
	


	





	

	









	

	




			
	
			
	
			
	
			
	


				


			


				


			
		
	
	




	
				
	
	
	

	
		


	

	

	
		
		
	

	





		
		
	


	





	

	

	



		
	





	





		
		




			

	


		


	



	
		
	





	









	













	

	
	



	



	
	


	
	




	
	

	

	

	




	




	


	
		

		






	
	

	
	

	


	

		
	



				



	

	





	





	
		
	




	

	
			
	

	
		





	
	
	


	
	




	
	





		

	





	



		
		
	







	






	

		
	
	






		

			
	
	
		
		

		

	







	



		










	








	

			

		

	

		

	








	

	
		
	






	





	
	













	
		




	
		
	
	


	
			



			

	



	

		
	








	
	
	

				

	




	


	

	




	

	







	
			



	




		
	
		

	


	

	
		


	



	

	

	
		
	

	
		

	
	
	
	
	
	
	
	

	
		
	
	
	
		

	






		
	








	


		

	

	
		









				

	
	


			

	
	
	



		

	

	




	





	
				

			
	





	
		




	
	

	








		
	



	





	


	






		

	

	

	

		
		
	






	

	
		
	


		







	

		


				



		


	
	

	




		


	

	







	

	
	







	
	


			



	







	


						

	


		


	
	




	



	


	


	



	

		
	




	

	
		
	
	

	


	




	


	
			



	



		









		







		
	
		


	
		

	


	
	

		
	
		
	

	

	



			








	





	





	





	

	
	






	






	








		











syzkaller
syzkaller login: 
syzkaller
syzkaller login: [  461.743441][T14961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3619'.
[  461.839331][T14965] FAULT_INJECTION: forcing a failure.
[  461.839331][T14965] name failslab, interval 1, probability 0, space 0, times 0
[  461.853846][T14965] CPU: 0 UID: 0 PID: 14965 Comm: syz.3.3621 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  461.853903][T14965] Tainted: [U]=USER
[  461.853914][T14965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  461.853934][T14965] Call Trace:
[  461.853944][T14965]  <TASK>
[  461.853957][T14965]  dump_stack_lvl+0x16c/0x1f0
[  461.854017][T14965]  should_fail_ex+0x512/0x640
[  461.854065][T14965]  ? __kmalloc_noprof+0xbf/0x510
[  461.854116][T14965]  ? lsm_blob_alloc+0x68/0x90
[  461.854175][T14965]  should_failslab+0xc2/0x120
[  461.854206][T14965]  __kmalloc_noprof+0xd2/0x510
[  461.854267][T14965]  lsm_blob_alloc+0x68/0x90
[  461.854317][T14965]  security_prepare_creds+0x30/0x270
[  461.854368][T14965]  prepare_creds+0x56f/0x7d0
[  461.854417][T14965]  __sys_setfsuid+0xda/0x350
[  461.854452][T14965]  ? rcu_is_watching+0x12/0xc0
[  461.854488][T14965]  do_syscall_64+0xcd/0x490
[  461.854522][T14965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.854556][T14965] RIP: 0033:0x7f3e1438e929
[  461.854583][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.854616][T14965] RSP: 002b:00007f3e1529f038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[  461.854648][T14965] RAX: ffffffffffffffda RBX: 00007f3e145b5fa0 RCX: 00007f3e1438e929
[  461.854669][T14965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00
[  461.854687][T14965] RBP: 00007f3e14410b39 R08: 0000000000000000 R09: 0000000000000000
[  461.854706][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  461.854725][T14965] R13: 0000000000000000 R14: 00007f3e145b5fa0 R15: 00007ffc7b4bfd08
[  461.854767][T14965]  </TASK>
[  462.208801][T14972] FAULT_INJECTION: forcing a failure.
[  462.208801][T14972] name failslab, interval 1, probability 0, space 0, times 0
[  462.243967][T14972] CPU: 1 UID: 0 PID: 14972 Comm: syz.1.3624 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  462.244023][T14972] Tainted: [U]=USER
[  462.244034][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.244053][T14972] Call Trace:
[  462.244064][T14972]  <TASK>
[  462.244077][T14972]  dump_stack_lvl+0x16c/0x1f0
[  462.244136][T14972]  should_fail_ex+0x512/0x640
[  462.244184][T14972]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  462.244233][T14972]  should_failslab+0xc2/0x120
[  462.244266][T14972]  __kmalloc_cache_noprof+0x6a/0x3e0
[  462.244312][T14972]  ? snd_pcm_oss_change_params_locked+0x211/0x3a30
[  462.244355][T14972]  ? kasan_save_track+0x14/0x30
[  462.244420][T14972]  snd_pcm_oss_change_params_locked+0x211/0x3a30
[  462.244467][T14972]  ? rcu_is_watching+0x12/0xc0
[  462.244505][T14972]  ? __mutex_lock+0x1ca/0xb90
[  462.244540][T14972]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  462.244585][T14972]  ? __pfx___mutex_lock+0x10/0x10
[  462.244613][T14972]  ? kick_process+0xf6/0x1b0
[  462.244671][T14972]  ? __fsnotify_parent+0x24b/0xc40
[  462.244728][T14972]  snd_pcm_oss_make_ready+0xe6/0x1b0
[  462.244769][T14972]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  462.244807][T14972]  snd_pcm_oss_sync+0x1de/0x840
[  462.244852][T14972]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  462.244891][T14972]  snd_pcm_oss_release+0x28b/0x310
[  462.244933][T14972]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  462.244971][T14972]  __fput+0x3ff/0xb70
[  462.245014][T14972]  task_work_run+0x14d/0x240
[  462.245065][T14972]  ? __pfx_task_work_run+0x10/0x10
[  462.245116][T14972]  ? __pfx___do_sys_close_range+0x10/0x10
[  462.245175][T14972]  exit_to_user_mode_loop+0xeb/0x110
[  462.245228][T14972]  do_syscall_64+0x3f6/0x490
[  462.245262][T14972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.245296][T14972] RIP: 0033:0x7f43ca38e929
[  462.245322][T14972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.245356][T14972] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  462.245397][T14972] RAX: 0000000000000000 RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  462.245418][T14972] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000
[  462.245437][T14972] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  462.245457][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  462.245475][T14972] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  462.245516][T14972]  </TASK>
[  462.950901][T15001] FAULT_INJECTION: forcing a failure.
[  462.950901][T15001] name failslab, interval 1, probability 0, space 0, times 0
[  462.988068][T15001] CPU: 1 UID: 0 PID: 15001 Comm: syz.1.3634 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  462.988136][T15001] Tainted: [U]=USER
[  462.988147][T15001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.988166][T15001] Call Trace:
[  462.988177][T15001]  <TASK>
[  462.988190][T15001]  dump_stack_lvl+0x16c/0x1f0
[  462.988246][T15001]  should_fail_ex+0x512/0x640
[  462.988294][T15001]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  462.988355][T15001]  should_failslab+0xc2/0x120
[  462.988386][T15001]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  462.988435][T15001]  ? __pfx_map_id_range_down+0x10/0x10
[  462.988483][T15001]  ? prepare_creds+0x2c/0x7d0
[  462.988536][T15001]  prepare_creds+0x2c/0x7d0
[  462.988586][T15001]  __sys_setfsuid+0xda/0x350
[  462.988620][T15001]  ? rcu_is_watching+0x12/0xc0
[  462.988656][T15001]  do_syscall_64+0xcd/0x490
[  462.988689][T15001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.988723][T15001] RIP: 0033:0x7f43ca38e929
[  462.988749][T15001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.988783][T15001] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[  462.988814][T15001] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  462.988835][T15001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00
[  462.988854][T15001] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  462.988873][T15001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  462.988891][T15001] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  462.988932][T15001]  </TASK>
[  463.703415][T15017] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.982379][T15064] capability: warning: `syz.1.3658' uses deprecated v2 capabilities in a way that may be insecure
[  467.263132][T13666] Bluetooth: hci3: unexpected event 0x01 length: 440 > 1
[  467.626017][   T30] audit: type=1804 audit(4294967322.440:18): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3696" name=2F6E6577726F6F742F37302F22050820 dev="tmpfs" ino=371 res=1 errno=0
[  467.656107][   T30] audit: type=1800 audit(4294967322.440:19): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3696" name=22050820 dev="tmpfs" ino=371 res=0 errno=0
[  469.334769][T15210] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3719'.
[  471.102149][T15273] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19
[  472.198568][T15298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3752'.
[  473.155135][T15316] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[  475.522313][   T30] audit: type=1804 audit(4294967330.330:20): pid=15376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3779" name=22050820 dev="tmpfs" ino=698 res=1 errno=0
[  475.595256][   T30] audit: type=1800 audit(4294967330.330:21): pid=15376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3779" name=22050820 dev="tmpfs" ino=698 res=0 errno=0
[  478.439396][T15419] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3800'.
[  483.137492][T15535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3847'.
[  483.314235][T15541] FAULT_INJECTION: forcing a failure.
[  483.314235][T15541] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  483.422579][T15541] CPU: 1 UID: 0 PID: 15541 Comm: syz.1.3850 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  483.422636][T15541] Tainted: [U]=USER
[  483.422647][T15541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  483.422685][T15541] Call Trace:
[  483.422696][T15541]  <TASK>
[  483.422710][T15541]  dump_stack_lvl+0x16c/0x1f0
[  483.422771][T15541]  should_fail_ex+0x512/0x640
[  483.422827][T15541]  should_fail_alloc_page+0xe7/0x130
[  483.422864][T15541]  prepare_alloc_pages+0x3c2/0x610
[  483.422910][T15541]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  483.422965][T15541]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  483.423020][T15541]  ? kasan_save_stack+0x42/0x60
[  483.423066][T15541]  ? kasan_save_stack+0x33/0x60
[  483.423120][T15541]  ? kasan_save_track+0x14/0x30
[  483.423168][T15541]  ? __kasan_slab_alloc+0x89/0x90
[  483.423218][T15541]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  483.423267][T15541]  ? __pmd_alloc+0xbf/0x930
[  483.423302][T15541]  ? __handle_mm_fault+0xaac/0x5490
[  483.423343][T15541]  ? handle_mm_fault+0x589/0xd10
[  483.423384][T15541]  ? do_user_addr_fault+0x7a6/0x1370
[  483.423427][T15541]  ? exc_page_fault+0x5c/0xb0
[  483.423473][T15541]  ? asm_exc_page_fault+0x26/0x30
[  483.423508][T15541]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  483.423556][T15541]  ? __x64_sys_timer_create+0x199/0x1d0
[  483.423604][T15541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.423664][T15541]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  483.423718][T15541]  ? policy_nodemask+0xea/0x4e0
[  483.423777][T15541]  alloc_pages_mpol+0x1fb/0x550
[  483.423811][T15541]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  483.423844][T15541]  ? do_raw_spin_lock+0x12c/0x2b0
[  483.423893][T15541]  ? find_held_lock+0x2b/0x80
[  483.423930][T15541]  alloc_pages_noprof+0x131/0x390
[  483.423964][T15541]  pte_alloc_one+0x1c/0x3a0
[  483.424017][T15541]  __do_fault+0x320/0x490
[  483.424066][T15541]  ? __pfx_filemap_map_pages+0x10/0x10
[  483.424128][T15541]  __handle_mm_fault+0x374c/0x5490
[  483.424187][T15541]  ? __pfx___handle_mm_fault+0x10/0x10
[  483.424228][T15541]  ? __pfx_mt_find+0x10/0x10
[  483.424285][T15541]  ? find_vma+0xbf/0x140
[  483.424318][T15541]  ? __pfx_find_vma+0x10/0x10
[  483.424356][T15541]  handle_mm_fault+0x589/0xd10
[  483.424401][T15541]  ? __pkru_allows_pkey+0x41/0xb0
[  483.424449][T15541]  do_user_addr_fault+0x7a6/0x1370
[  483.424500][T15541]  ? rcu_is_watching+0x12/0xc0
[  483.424537][T15541]  exc_page_fault+0x5c/0xb0
[  483.424588][T15541]  asm_exc_page_fault+0x26/0x30
[  483.424620][T15541] RIP: 0010:rep_movs_alternative+0x11/0x90
[  483.424664][T15541] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f
[  483.424699][T15541] RSP: 0018:ffffc9000e8c7d20 EFLAGS: 00050202
[  483.424727][T15541] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000004
[  483.424747][T15541] RDX: fffff52001d18fbb RSI: ffffc9000e8c7dd8 RDI: 0000000000000000
[  483.424767][T15541] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52001d18fbb
[  483.424786][T15541] R10: 0000000000000003 R11: 0000000000000001 R12: ffffc9000e8c7dd8
[  483.424805][T15541] R13: 0000000000000004 R14: 00007ffffffff000 R15: 0000000000000000
[  483.424846][T15541]  _copy_to_user+0xbb/0xd0
[  483.424903][T15541]  do_timer_create+0x6dc/0x14e0
[  483.424956][T15541]  ? __pfx_do_timer_create+0x10/0x10
[  483.425000][T15541]  ? __pfx_do_futex+0x10/0x10
[  483.425055][T15541]  __x64_sys_timer_create+0x199/0x1d0
[  483.425116][T15541]  ? __pfx___x64_sys_timer_create+0x10/0x10
[  483.425162][T15541]  ? fput+0x70/0xf0
[  483.425195][T15541]  ? xfd_validate_state+0x61/0x180
[  483.425238][T15541]  ? __pfx_ksys_write+0x10/0x10
[  483.425298][T15541]  do_syscall_64+0xcd/0x490
[  483.425333][T15541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.425366][T15541] RIP: 0033:0x7f43ca38e929
[  483.425394][T15541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.425427][T15541] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[  483.425458][T15541] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  483.425479][T15541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  483.425497][T15541] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  483.425517][T15541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  483.425536][T15541] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  483.425579][T15541]  </TASK>
[  484.548390][T15550] netlink: 206 bytes leftover after parsing attributes in process `syz.2.3852'.
[  484.586060][T15549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3853'.
[  487.363197][T15598] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3873'.
[  487.956778][T15608] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input21
[  488.304067][T15614] netlink: set zone limit has 8 unknown bytes
[  490.634892][T15664] netlink: 130 bytes leftover after parsing attributes in process `syz.1.3898'.
[  490.961266][T15666] nbd: socks must be embedded in a SOCK_ITEM attr
[  490.968667][T15666] block nbd3: shutting down sockets
[  493.054942][T15704] sd 0:0:1:0: PR command failed: 1026
[  493.068113][T15704] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  493.098200][T15704] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  494.100504][T15720] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3923'.
[  494.472031][T15725] zswap: compressor 000 not available
[  495.235909][T15752] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  496.793135][T15802] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3955'.
[  496.989225][T15807] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3957'.
[  497.803429][T15826] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3963'.
[  498.401570][T15840] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3970'.
[  498.946675][T15852] netlink: 'syz.1.3975': attribute type 21 has an invalid length.
[  498.994019][T15852] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3975'.
[  499.191126][T15857] netlink: 'syz.2.3977': attribute type 1 has an invalid length.
[  499.293340][T15862] openvswitch: netlink: IP tunnel dst address not specified
[  499.340083][T15862] openvswitch: netlink: IP tunnel dst address not specified
[  500.803958][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3992'.
[  500.810570][T13666] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  500.812908][T13666] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  500.827982][T13666] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  500.828040][T13666] Bluetooth: hci2: adv larger than maximum supported
[  500.835499][T13666] Bluetooth: hci2: Malformed LE Event: 0x0d
[  500.863779][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3992'.
[  501.378881][T15914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4000'.
[  501.570842][T15922] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4004'.
[  501.858192][T15931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4008'.
[  502.579287][T15955] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4020'.
[  502.607343][T15958] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4019'.
[  503.372406][T15988] netlink: 'syz.0.4032': attribute type 15 has an invalid length.
[  503.380616][T15988] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4032'.
[  503.580535][T15997] netlink: 'syz.3.4034': attribute type 1 has an invalid length.
[  504.798177][T16029] zswap: compressor  not available
[  504.896839][T16041] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4054'.
[  505.638252][T16063] netlink: 'syz.0.4063': attribute type 11 has an invalid length.
[  505.715622][T16065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4064'.
[  505.732294][T16067] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4065'.
[  507.777019][T16129] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4090'.
[  509.051545][T16168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4109'.
[  509.596129][T16181] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4113'.
[  509.863997][T16192] cifs: Unknown parameter 'no+ 1����`��r�sFn)��a�H��ā��h`����9k�A}���1\D@��.��Z�Cg^�'
[  510.716211][T16217] FAULT_INJECTION: forcing a failure.
[  510.716211][T16217] name failslab, interval 1, probability 0, space 0, times 0
[  510.770940][T16217] CPU: 0 UID: 0 PID: 16217 Comm: syz.2.4128 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  510.770997][T16217] Tainted: [U]=USER
[  510.771007][T16217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  510.771026][T16217] Call Trace:
[  510.771037][T16217]  <TASK>
[  510.771049][T16217]  dump_stack_lvl+0x16c/0x1f0
[  510.771106][T16217]  should_fail_ex+0x512/0x640
[  510.771157][T16217]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  510.771206][T16217]  should_failslab+0xc2/0x120
[  510.771238][T16217]  __kmalloc_cache_noprof+0x6a/0x3e0
[  510.771286][T16217]  ? nci_allocate_device+0x105/0x430
[  510.771337][T16217]  nci_allocate_device+0x105/0x430
[  510.771386][T16217]  virtual_ncidev_open+0x6f/0x220
[  510.771427][T16217]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  510.771469][T16217]  misc_open+0x35d/0x420
[  510.771519][T16217]  ? __pfx_misc_open+0x10/0x10
[  510.771560][T16217]  chrdev_open+0x231/0x6a0
[  510.771614][T16217]  ? __pfx_apparmor_file_open+0x10/0x10
[  510.771656][T16217]  ? __pfx_chrdev_open+0x10/0x10
[  510.771712][T16217]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  510.771766][T16217]  do_dentry_open+0x744/0x1c10
[  510.771815][T16217]  ? __pfx_chrdev_open+0x10/0x10
[  510.771877][T16217]  vfs_open+0x82/0x3f0
[  510.771919][T16217]  path_openat+0x1de4/0x2cb0
[  510.771983][T16217]  ? __pfx_path_openat+0x10/0x10
[  510.772032][T16217]  ? __lock_acquire+0xb8a/0x1c90
[  510.772081][T16217]  do_filp_open+0x20b/0x470
[  510.772129][T16217]  ? __pfx_do_filp_open+0x10/0x10
[  510.772212][T16217]  ? alloc_fd+0x471/0x7d0
[  510.772268][T16217]  do_sys_openat2+0x11b/0x1d0
[  510.772305][T16217]  ? __pfx_do_sys_openat2+0x10/0x10
[  510.772360][T16217]  __x64_sys_openat+0x174/0x210
[  510.772398][T16217]  ? __pfx___x64_sys_openat+0x10/0x10
[  510.772455][T16217]  do_syscall_64+0xcd/0x490
[  510.772488][T16217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.772531][T16217] RIP: 0033:0x7f43ba78e929
[  510.772558][T16217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.772593][T16217] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  510.772626][T16217] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  510.772648][T16217] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  510.772668][T16217] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[  510.772687][T16217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  510.772706][T16217] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  510.772749][T16217]  </TASK>
[  511.046611][T16222] cifs: Unknown parameter 'no+ 1����`��r�sFn)��a�H��ā��h`����9k�A}���1\D@��.��Z�Cg^�'
[  511.942795][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  511.950069][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  512.063539][T16242] netlink: 'syz.2.4137': attribute type 64 has an invalid length.
[  512.080269][T16242] netlink: 74 bytes leftover after parsing attributes in process `syz.2.4137'.
[  512.257116][T16210] kexec: Could not allocate control_code_buffer
[  512.391175][T16253] cifs: Unknown parameter 'no+ 1����`��r�sFn)��a�H��ā��h`����9k�A}���1\D@��.��Z�Cg^�'
[  512.577535][T16258] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4144'.
[  512.761591][T16262] FAULT_INJECTION: forcing a failure.
[  512.761591][T16262] name failslab, interval 1, probability 0, space 0, times 0
[  512.778318][T16262] CPU: 1 UID: 0 PID: 16262 Comm: syz.2.4146 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  512.778384][T16262] Tainted: [U]=USER
[  512.778394][T16262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  512.778412][T16262] Call Trace:
[  512.778422][T16262]  <TASK>
[  512.778433][T16262]  dump_stack_lvl+0x16c/0x1f0
[  512.778491][T16262]  should_fail_ex+0x512/0x640
[  512.778537][T16262]  ? fs_reclaim_acquire+0xae/0x150
[  512.778578][T16262]  ? ima_alloc_init_template+0x19d/0x720
[  512.778609][T16262]  should_failslab+0xc2/0x120
[  512.778640][T16262]  __kmalloc_noprof+0xd2/0x510
[  512.778705][T16262]  ? __print_lock_name+0xb1/0xe0
[  512.778745][T16262]  ima_alloc_init_template+0x19d/0x720
[  512.778781][T16262]  ? take_dentry_name_snapshot+0x319/0x7d0
[  512.778823][T16262]  ima_store_measurement+0x1eb/0x5c0
[  512.778860][T16262]  ? __pfx_ima_store_measurement+0x10/0x10
[  512.778896][T16262]  ? vfs_getxattr_alloc+0xec/0x340
[  512.778953][T16262]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  512.779009][T16262]  process_measurement+0x1ddb/0x23e0
[  512.779076][T16262]  ? __pfx_process_measurement+0x10/0x10
[  512.779133][T16262]  ? alloc_empty_file+0x73/0x1e0
[  512.779167][T16262]  ? hugetlb_file_setup+0x4cd/0x620
[  512.779201][T16262]  ? ksys_mmap_pgoff+0x189/0x5c0
[  512.779239][T16262]  ? __x64_sys_mmap+0x125/0x190
[  512.779355][T16262]  ima_file_mmap+0x1b1/0x1d0
[  512.779405][T16262]  ? __pfx_ima_file_mmap+0x10/0x10
[  512.779468][T16262]  security_mmap_file+0x88c/0x990
[  512.779515][T16262]  vm_mmap_pgoff+0xec/0x450
[  512.779552][T16262]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  512.779582][T16262]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  512.779621][T16262]  ? hugetlbfs_get_inode+0x31f/0x730
[  512.779667][T16262]  ksys_mmap_pgoff+0x1c8/0x5c0
[  512.779711][T16262]  __x64_sys_mmap+0x125/0x190
[  512.779761][T16262]  do_syscall_64+0xcd/0x490
[  512.779795][T16262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.779827][T16262] RIP: 0033:0x7f43ba78e929
[  512.779855][T16262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.779889][T16262] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  512.779920][T16262] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  512.779941][T16262] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000
[  512.779960][T16262] RBP: 00007f43ba810b39 R08: 0000000000000401 R09: 0000300000000000
[  512.779981][T16262] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000
[  512.780000][T16262] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  512.780043][T16262]  </TASK>
[  512.781695][   T30] audit: type=1804 audit(4294967299.000:22): pid=16262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.4146" name="anon_hugepage" dev="hugetlbfs" ino=43274 res=0 errno=0
[  513.856572][T13666] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  514.128623][T16301] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4163'.
[  515.071053][T16324] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4172'.
[  515.086753][T16324] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4172'.
[  517.008826][T16364] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4188'.
[  517.111480][T16362] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4187'.
[  517.280279][T16372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4191'.
[  517.515311][T16380] netlink: 'syz.0.4193': attribute type 64 has an invalid length.
[  517.526405][T16380] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4193'.
[  517.881588][T16392] FAULT_INJECTION: forcing a failure.
[  517.881588][T16392] name failslab, interval 1, probability 0, space 0, times 0
[  517.896522][T16392] CPU: 0 UID: 0 PID: 16392 Comm: syz.2.4199 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  517.896576][T16392] Tainted: [U]=USER
[  517.896587][T16392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.896633][T16392] Call Trace:
[  517.896644][T16392]  <TASK>
[  517.896657][T16392]  dump_stack_lvl+0x16c/0x1f0
[  517.896713][T16392]  should_fail_ex+0x512/0x640
[  517.896761][T16392]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  517.896809][T16392]  should_failslab+0xc2/0x120
[  517.896842][T16392]  __kmalloc_cache_noprof+0x6a/0x3e0
[  517.896888][T16392]  ? snd_pcm_oss_change_params_locked+0x247/0x3a30
[  517.896929][T16392]  ? kasan_save_track+0x14/0x30
[  517.896982][T16392]  snd_pcm_oss_change_params_locked+0x247/0x3a30
[  517.897033][T16392]  ? rcu_is_watching+0x12/0xc0
[  517.897071][T16392]  ? __mutex_lock+0x1ca/0xb90
[  517.897099][T16392]  ? lockdep_hardirqs_on+0x7c/0x110
[  517.897155][T16392]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  517.897199][T16392]  ? __pfx___mutex_lock+0x10/0x10
[  517.897227][T16392]  ? tomoyo_path_number_perm+0x295/0x580
[  517.897281][T16392]  ? __lock_acquire+0xb8a/0x1c90
[  517.897337][T16392]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  517.897385][T16392]  snd_pcm_oss_get_formats+0x7e/0x340
[  517.897421][T16392]  ? find_held_lock+0x2b/0x80
[  517.897454][T16392]  ? __pfx_snd_pcm_oss_get_formats+0x10/0x10
[  517.897491][T16392]  ? __might_fault+0x13b/0x190
[  517.897551][T16392]  snd_pcm_oss_ioctl+0x2efb/0x37a0
[  517.897591][T16392]  ? find_held_lock+0x2b/0x80
[  517.897622][T16392]  ? hook_file_ioctl_common+0x145/0x410
[  517.897659][T16392]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  517.897704][T16392]  ? __fget_files+0x20e/0x3c0
[  517.897755][T16392]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  517.897803][T16392]  __x64_sys_ioctl+0x18b/0x210
[  517.897842][T16392]  do_syscall_64+0xcd/0x490
[  517.897876][T16392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.897910][T16392] RIP: 0033:0x7f43ba78e929
[  517.897938][T16392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.897971][T16392] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  517.898003][T16392] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  517.898037][T16392] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004
[  517.898057][T16392] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[  517.898076][T16392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  517.898097][T16392] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  517.898141][T16392]  </TASK>
[  519.278676][T16430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4211'.
[  519.410949][T16433] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4212'.
[  519.718129][T16446] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4218'.
[  519.896477][T16453] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4221'.
[  520.036501][T16457] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4223'.
[  520.129627][T16461] netlink: 'syz.2.4225': attribute type 13 has an invalid length.
[  520.649273][T16487] FAULT_INJECTION: forcing a failure.
[  520.649273][T16487] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  520.663787][T16487] CPU: 1 UID: 0 PID: 16487 Comm: syz.2.4236 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  520.663850][T16487] Tainted: [U]=USER
[  520.663861][T16487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  520.663880][T16487] Call Trace:
[  520.663890][T16487]  <TASK>
[  520.663902][T16487]  dump_stack_lvl+0x16c/0x1f0
[  520.663962][T16487]  should_fail_ex+0x512/0x640
[  520.664016][T16487]  core_sys_select+0x949/0xc10
[  520.664073][T16487]  ? __pfx_core_sys_select+0x10/0x10
[  520.664172][T16487]  ? set_user_sigmask+0x21b/0x2b0
[  520.664203][T16487]  ? __pfx_set_user_sigmask+0x10/0x10
[  520.664231][T16487]  ? find_held_lock+0x2b/0x80
[  520.664272][T16487]  do_pselect.constprop.0+0x19f/0x1e0
[  520.664320][T16487]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  520.664374][T16487]  ? __x64_sys_futex+0x1e0/0x4c0
[  520.664418][T16487]  __x64_sys_pselect6+0x182/0x240
[  520.664464][T16487]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  520.664521][T16487]  do_syscall_64+0xcd/0x490
[  520.664553][T16487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.664586][T16487] RIP: 0033:0x7f43ba78e929
[  520.664610][T16487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.664641][T16487] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  520.664671][T16487] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  520.664692][T16487] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  520.664712][T16487] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[  520.664730][T16487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  520.664747][T16487] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  520.664787][T16487]  </TASK>
[  521.209539][T16499] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4242'.
[  521.490148][T13666] Bluetooth: hci1: SCO packet for unknown connection handle 0
[  522.173126][T16531] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4255'.
[  522.297581][T16535] netlink: 206 bytes leftover after parsing attributes in process `syz.3.4257'.
[  522.503485][T16544] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  522.514524][T16544] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  523.193707][T16565] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4270'.
[  524.128280][T16593] netlink: 206 bytes leftover after parsing attributes in process `syz.3.4281'.
[  524.222981][T16595] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  524.763100][   T30] audit: type=1800 audit(4294967306.900:23): pid=16616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4293" name="file0" dev="tmpfs" ino=5593 res=0 errno=0
[  526.693642][T16689] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4322'.
[  527.350452][T16718] sctp: [Deprecated]: syz.1.4332 (pid 16718) Use of int in max_burst socket option deprecated.
[  527.350452][T16718] Use struct sctp_assoc_value instead
[  528.922422][T16763] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4353'.
[  529.243713][T16770] Invalid ELF header magic: != ELF
[  529.654594][T16787] netlink: 'syz.3.4364': attribute type 3 has an invalid length.
[  530.877056][T16829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4382'.
[  530.894638][T16829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4382'.
[  531.796725][T16850] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4392'.
[  532.687080][T16878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4402'.
[  532.702714][T16878] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4402'.
[  532.714353][T16879] netlink: 130 bytes leftover after parsing attributes in process `syz.3.4403'.
[  533.232911][T16896] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4411'.
[  533.264364][T16896] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4411'.
[  534.500204][T13666] Bluetooth: hci2: command 0x0406 tx timeout
[  534.882495][T16944] netlink: 'syz.3.4432': attribute type 1 has an invalid length.
[  535.398300][T16955] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4436'.
[  535.918710][T16970] Device name cannot be null; rc = [-22]
[  536.400221][T16978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4445'.
[  539.968279][T17061] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4476'.
[  540.284221][T17063] zswap: compressor  not available
[  541.984094][T17110] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4494'.
[  542.789600][T17129] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4502'.
[  542.975108][T17132] nbd: must specify at least one socket
[  544.362940][T17167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4517'.
[  544.417982][T17171] netlink: 206 bytes leftover after parsing attributes in process `syz.2.4521'.
[  545.557138][T17195] lo: entered allmulticast mode
[  545.725668][T17196] lo: left allmulticast mode
[  548.256848][T17251] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4552'.
[  548.364264][T17254] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4554'.
[  548.589493][T17259] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4556'.
[  548.691650][T17262] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4557'.
[  550.189790][T17300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4575'.
[  551.196001][T17335] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4590'.
[  551.328491][T17341] random: crng reseeded on system resumption
[  551.679177][T17354] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4598'.
[  551.736123][T17349] sctp: [Deprecated]: syz.3.4595 (pid 17349) Use of struct sctp_assoc_value in delayed_ack socket option.
[  551.736123][T17349] Use struct sctp_sack_info instead
[  552.429228][T17370] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4603'.
[  552.892596][T17387] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4610'.
[  553.787392][T17414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4620'.
[  553.824428][T17414] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4620'.
[  556.468478][T17489] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4650'.
[  556.593703][T17491] netlink: 346 bytes leftover after parsing attributes in process `syz.1.4652'.
[  556.988770][T17503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4657'.
[  557.364139][T17511] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4667'.
[  557.846771][T17522] netlink: 'syz.0.4664': attribute type 1 has an invalid length.
[  557.867582][T17522] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4664'.
[  557.889821][T17522] netlink: 'syz.0.4664': attribute type 1 has an invalid length.
[  557.908094][T17522] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4664'.
[  558.524174][T17534] GUP no longer grows the stack in syz.3.4671 (17534): 14000-401000 (4000)
[  558.544403][T17534] CPU: 0 UID: 0 PID: 17534 Comm: syz.3.4671 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  558.544461][T17534] Tainted: [U]=USER
[  558.544473][T17534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  558.544492][T17534] Call Trace:
[  558.544501][T17534]  <TASK>
[  558.544515][T17534]  dump_stack_lvl+0x16c/0x1f0
[  558.544574][T17534]  gup_vma_lookup+0x1d2/0x220
[  558.544610][T17534]  __get_user_pages+0x271/0x3b80
[  558.544662][T17534]  ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  558.544716][T17534]  ? kasan_save_stack+0x42/0x60
[  558.544765][T17534]  ? __pfx___get_user_pages+0x10/0x10
[  558.544800][T17534]  ? register_lock_class+0x41/0x4c0
[  558.544842][T17534]  ? __x64_sys_process_vm_readv+0xe2/0x1c0
[  558.544894][T17534]  ? do_syscall_64+0xcd/0x490
[  558.544936][T17534]  __gup_longterm_locked+0x20d/0x1850
[  558.544977][T17534]  ? __lock_acquire+0xb8a/0x1c90
[  558.545027][T17534]  ? __pfx___gup_longterm_locked+0x10/0x10
[  558.545088][T17534]  pin_user_pages_remote+0xed/0x140
[  558.545138][T17534]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  558.545174][T17534]  ? mm_access+0x22d/0x2e0
[  558.545228][T17534]  process_vm_rw_core.constprop.0+0x41b/0x9a0
[  558.545304][T17534]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  558.545363][T17534]  ? iovec_from_user+0xbb/0x140
[  558.545415][T17534]  ? iovec_from_user+0xbb/0x140
[  558.545451][T17534]  process_vm_rw+0x216/0x2c0
[  558.545505][T17534]  ? __pfx_process_vm_rw+0x10/0x10
[  558.545570][T17534]  ? task_mm_cid_work+0x37b/0x910
[  558.545642][T17534]  ? xfd_validate_state+0x61/0x180
[  558.545686][T17534]  ? __task_pid_nr_ns+0x17c/0x500
[  558.545736][T17534]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  558.545791][T17534]  ? do_syscall_64+0x91/0x490
[  558.545819][T17534]  ? lockdep_hardirqs_on+0x7c/0x110
[  558.545870][T17534]  do_syscall_64+0xcd/0x490
[  558.545903][T17534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.545937][T17534] RIP: 0033:0x7f3e1438e929
[  558.545964][T17534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.545999][T17534] RSP: 002b:00007f3e1529f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  558.546031][T17534] RAX: ffffffffffffffda RBX: 00007f3e145b5fa0 RCX: 00007f3e1438e929
[  558.546053][T17534] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000033a
[  558.546073][T17534] RBP: 00007f3e14410b39 R08: 0000000000000003 R09: 0000000000000000
[  558.546093][T17534] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  558.546123][T17534] R13: 0000000000000000 R14: 00007f3e145b5fa0 R15: 00007ffc7b4bfd08
[  558.546167][T17534]  </TASK>
[  558.958243][T17542] binder: 17541:17542 ioctl 600004 3 returned -22
[  559.798869][T17572] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4685'.
[  559.823785][T17572] gre0: entered promiscuous mode
[  559.834870][T17572] gre0: entered allmulticast mode
[  560.060735][T17577] FAULT_INJECTION: forcing a failure.
[  560.060735][T17577] name failslab, interval 1, probability 0, space 0, times 0
[  560.127908][T17577] CPU: 1 UID: 0 PID: 17577 Comm: syz.2.4688 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  560.127964][T17577] Tainted: [U]=USER
[  560.127974][T17577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  560.127994][T17577] Call Trace:
[  560.128013][T17577]  <TASK>
[  560.128027][T17577]  dump_stack_lvl+0x16c/0x1f0
[  560.128086][T17577]  should_fail_ex+0x512/0x640
[  560.128137][T17577]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  560.128185][T17577]  should_failslab+0xc2/0x120
[  560.128218][T17577]  __kmalloc_cache_noprof+0x6a/0x3e0
[  560.128262][T17577]  ? _raw_spin_unlock+0x28/0x50
[  560.128306][T17577]  ? snd_ctl_open+0x174/0x5e0
[  560.128359][T17577]  snd_ctl_open+0x174/0x5e0
[  560.128409][T17577]  ? __pfx_snd_ctl_open+0x10/0x10
[  560.128455][T17577]  snd_open+0x1fe/0x450
[  560.128488][T17577]  ? __pfx_snd_open+0x10/0x10
[  560.128518][T17577]  chrdev_open+0x231/0x6a0
[  560.128569][T17577]  ? __pfx_apparmor_file_open+0x10/0x10
[  560.128610][T17577]  ? __pfx_chrdev_open+0x10/0x10
[  560.128665][T17577]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  560.128717][T17577]  do_dentry_open+0x744/0x1c10
[  560.128766][T17577]  ? __pfx_chrdev_open+0x10/0x10
[  560.128825][T17577]  vfs_open+0x82/0x3f0
[  560.128866][T17577]  path_openat+0x1de4/0x2cb0
[  560.128925][T17577]  ? __pfx_path_openat+0x10/0x10
[  560.128976][T17577]  ? __lock_acquire+0xb8a/0x1c90
[  560.129032][T17577]  do_filp_open+0x20b/0x470
[  560.129081][T17577]  ? __pfx_do_filp_open+0x10/0x10
[  560.129158][T17577]  ? alloc_fd+0x471/0x7d0
[  560.129215][T17577]  do_sys_openat2+0x11b/0x1d0
[  560.129250][T17577]  ? __pfx_do_sys_openat2+0x10/0x10
[  560.129303][T17577]  __x64_sys_openat+0x174/0x210
[  560.129341][T17577]  ? __pfx___x64_sys_openat+0x10/0x10
[  560.129397][T17577]  do_syscall_64+0xcd/0x490
[  560.129430][T17577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.129464][T17577] RIP: 0033:0x7f43ba78e929
[  560.129490][T17577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.129520][T17577] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  560.129550][T17577] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  560.129572][T17577] RDX: 0000000000000080 RSI: 0000200000000280 RDI: ffffffffffffff9c
[  560.129592][T17577] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[  560.129612][T17577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  560.129631][T17577] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  560.129675][T17577]  </TASK>
[  563.304574][T17644] Device name cannot be null; rc = [-22]
[  563.924987][T17664] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4711'.
[  564.259623][T17673] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4715'.
[  565.218166][T13666] Bluetooth: hci3: command 0x0406 tx timeout
[  566.163342][T17717] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4732'.
[  566.326646][T17724] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4736'.
[  566.784928][T17739] netlink: 26 bytes leftover after parsing attributes in process `syz.1.4742'.
[  566.808101][T17739] openvswitch: netlink: IP tunnel dst address not specified
[  567.683012][T17772] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4757'.
[  567.982077][T14345] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11
[  568.486826][T17780] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4761'.
[  568.519754][T17780] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4761'.
[  569.657279][T17820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4775'.
[  570.077291][T17834] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4782'.
[  570.905598][T17854] HfR: entered promiscuous mode
[  570.922683][T17854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4789'.
[  570.932759][T17854] HfR: left promiscuous mode
[  572.881363][T17892] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4804'.
[  573.393418][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  573.400151][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  573.852012][T17924] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4815'.
[  574.133175][T17931] netlink: 'syz.0.4818': attribute type 35 has an invalid length.
[  574.565534][T17943] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4824'.
[  574.577142][T17943] mac80211_hwsim hwsim18 wlan1: entered allmulticast mode
[  576.409418][T17993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4844'.
[  577.768021][T18023] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4852'.
[  579.410123][T18051] netlink: 'syz.3.4862': attribute type 2 has an invalid length.
[  579.437041][T18051] netlink: 'syz.3.4862': attribute type 2 has an invalid length.
[  580.517029][T18076] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4873'.
[  581.107655][T18094] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4880'.
[  583.955785][T18155] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4902'.
[  584.218847][T18164] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4905'.
[  584.876697][T14345] Bluetooth: hci1: ISO packet too small
[  585.646206][T18195] syz.0.4916 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  587.377599][T18226] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4927'.
[  588.715293][T14345] Bluetooth: hci0: ISO packet too small
[  589.324445][T18258] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4940'.
[  589.866262][T18258] team0: Port device team_slave_1 removed
[  590.376020][T18277] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4948'.
[  591.006353][T18296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4962'.
[  593.005935][T18335] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4969'.
[  594.044741][T18360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4976'.
[  594.069009][T18360] veth0_vlan: entered allmulticast mode
[  594.193430][T18363] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4977'.
[  594.211091][T18363] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4977'.
[  595.240805][T18384] netlink: 'syz.1.4986': attribute type 2 has an invalid length.
[  595.276438][T18384] netlink: 'syz.1.4986': attribute type 2 has an invalid length.
[  595.365949][T18388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4988'.
[  595.581713][T18393] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4990'.
[  596.307424][T18407] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4996'.
[  596.848053][T18421] netlink: 'syz.2.4998': attribute type 2 has an invalid length.
[  596.889766][T18421] netlink: 'syz.2.4998': attribute type 2 has an invalid length.
[  597.229694][T18432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5004'.
[  597.335101][T18432] team0: Port device team_slave_1 removed
[  598.896798][T18479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5025'.
[  598.911897][T18479] hsr0: entered allmulticast mode
[  598.917926][T18479] hsr_slave_0: entered allmulticast mode
[  598.923834][T18479] hsr_slave_1: entered allmulticast mode
[  599.996753][T18512] netlink: 'syz.2.5036': attribute type 19 has an invalid length.
[  600.005053][T18512] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5036'.
[  601.400473][T18547] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5046'.
[  601.438676][T18547] vcan0: entered promiscuous mode
[  602.845520][T18562] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5052'.
[  603.972195][T18581] netlink: 'syz.2.5061': attribute type 4 has an invalid length.
[  603.991182][T18581] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5061'.
[  605.685517][T18609] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5071'.
[  606.663752][T18635] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5082'.
[  606.757516][T18637] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  607.558724][T18664] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5094'.
[  609.171930][T18717] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5116'.
[  609.344299][T18727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5120'.
[  609.359590][T18727] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  609.367237][T18727] batman_adv: batadv0: Removing interface: batadv_slave_0
[  609.378331][T18727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  609.385963][T18727] batman_adv: batadv0: Removing interface: batadv_slave_1
[  610.895853][T18773] netlink: 'syz.0.5138': attribute type 3 has an invalid length.
[  611.869855][T18812] netlink: 'syz.1.5155': attribute type 27 has an invalid length.
[  611.884569][T18812] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5155'.
[  612.583812][T18837] openvswitch: netlink: Unknown nsh attribute 0
[  613.775101][T18869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5177'.
[  613.817972][T18869] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.825503][T18869] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.872509][T18869] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  613.890236][T18869] batman_adv: batadv0: Removing interface: batadv_slave_1
[  614.364384][T14345] Bluetooth: hci0: Malformed LE Event: 0x1b
[  615.042235][T18906] FAULT_INJECTION: forcing a failure.
[  615.042235][T18906] name failslab, interval 1, probability 0, space 0, times 0
[  615.060598][T18906] CPU: 0 UID: 0 PID: 18906 Comm: syz.2.5192 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  615.060652][T18906] Tainted: [U]=USER
[  615.060662][T18906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  615.060682][T18906] Call Trace:
[  615.060692][T18906]  <TASK>
[  615.060704][T18906]  dump_stack_lvl+0x16c/0x1f0
[  615.060764][T18906]  should_fail_ex+0x512/0x640
[  615.060814][T18906]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  615.060863][T18906]  ? __pfx_blk_mq_debugfs_open+0x10/0x10
[  615.060900][T18906]  should_failslab+0xc2/0x120
[  615.060931][T18906]  __kmalloc_cache_noprof+0x6a/0x3e0
[  615.060975][T18906]  ? single_open+0x4d/0x1f0
[  615.061013][T18906]  ? __pfx_blk_mq_debugfs_open+0x10/0x10
[  615.061050][T18906]  ? __pfx_blk_mq_debugfs_show+0x10/0x10
[  615.061083][T18906]  single_open+0x4d/0x1f0
[  615.061119][T18906]  blk_mq_debugfs_open+0x14a/0x250
[  615.061160][T18906]  full_proxy_open_regular+0x1b9/0x360
[  615.061201][T18906]  do_dentry_open+0x744/0x1c10
[  615.061251][T18906]  ? __pfx_full_proxy_open_regular+0x10/0x10
[  615.061297][T18906]  vfs_open+0x82/0x3f0
[  615.061338][T18906]  path_openat+0x1de4/0x2cb0
[  615.061399][T18906]  ? __pfx_path_openat+0x10/0x10
[  615.061467][T18906]  ? __lock_acquire+0xb8a/0x1c90
[  615.061515][T18906]  do_filp_open+0x20b/0x470
[  615.061562][T18906]  ? __pfx_do_filp_open+0x10/0x10
[  615.061639][T18906]  ? alloc_fd+0x471/0x7d0
[  615.061693][T18906]  do_sys_openat2+0x11b/0x1d0
[  615.061729][T18906]  ? __pfx_do_sys_openat2+0x10/0x10
[  615.061784][T18906]  __x64_sys_openat+0x174/0x210
[  615.061823][T18906]  ? __pfx___x64_sys_openat+0x10/0x10
[  615.061878][T18906]  do_syscall_64+0xcd/0x490
[  615.061912][T18906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.061945][T18906] RIP: 0033:0x7f43ba78e929
[  615.061974][T18906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.062006][T18906] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  615.062038][T18906] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[  615.062060][T18906] RDX: 0000000000000001 RSI: 0000200000000280 RDI: ffffffffffffff9c
[  615.062080][T18906] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[  615.062099][T18906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  615.062119][T18906] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[  615.062159][T18906]  </TASK>
[  615.551550][T18912] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5194'.
[  615.581714][T18915] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5195'.
[  615.989759][T18925] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5199'.
[  616.010135][T18925] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5199'.
[  616.232332][T18931] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5202'.
[  616.496925][   T30] audit: type=1800 audit(4294967303.400:24): pid=18939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5205" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0
[  616.892576][T18948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5209'.
[  617.810838][T14345] Bluetooth: hci3: Malformed LE Event: 0x1b
[  620.010702][T19048] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5254'.
[  620.321298][T19061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  620.366911][T19066] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5262'.
[  620.932025][T19081] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5268'.
[  621.323094][T19089] netlink: 74 bytes leftover after parsing attributes in process `syz.1.5272'.
[  621.421946][T19097] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5275'.
[  621.705272][T19106] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5279'.
[  621.828252][T19115] netlink: 'syz.3.5281': attribute type 4 has an invalid length.
[  622.104961][T19125] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5286'.
[  622.748461][T19147] netlink: 'syz.0.5296': attribute type 28 has an invalid length.
[  622.777995][T19147] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5296'.
[  624.883252][T19171] ovs_: entered promiscuous mode
[  624.991156][T13666] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  625.008007][T13666] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  625.017287][T13666] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  625.030987][T13666] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  625.048204][T13666] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  625.612258][T19173] chnl_net:caif_netlink_parms(): no params data found
[  625.887937][T19190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  625.933356][T19173] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.958140][T19173] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.978050][T19173] bridge_slave_0: entered allmulticast mode
[  626.002837][T19173] bridge_slave_0: entered promiscuous mode
[  626.031587][T19173] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.048193][T19173] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.061120][T19173] bridge_slave_1: entered allmulticast mode
[  626.089529][T19173] bridge_slave_1: entered promiscuous mode
[  626.269610][T19173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  626.309866][T19173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  626.491122][T19173] team0: Port device team_slave_0 added
[  626.524026][T19173] team0: Port device team_slave_1 added
[  626.814225][T19173] batman_adv: batadv0: Adding interface: batadv_slave_0
[  626.821645][T19173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.887934][T19173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  626.912710][T19173] batman_adv: batadv0: Adding interface: batadv_slave_1
[  626.937833][T19173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  627.007477][T19173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  627.130600][T19173] hsr_slave_0: entered promiscuous mode
[  627.138255][T13666] Bluetooth: hci1: command tx timeout
[  627.175286][T19173] hsr_slave_1: entered promiscuous mode
[  627.191335][T19173] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  627.235326][T19173] Cannot create hsr debugfs directory
[  627.992521][T19173] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.262382][T19173] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.440597][T19173] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.664162][T19173] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.105721][T19173] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  629.185372][T19173] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  629.218284][T13666] Bluetooth: hci1: command tx timeout
[  629.242868][T19173] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  629.255093][T19173] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  629.581522][T19173] 8021q: adding VLAN 0 to HW filter on device bond0
[  629.644291][T19173] 8021q: adding VLAN 0 to HW filter on device team0
[  629.680083][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.687366][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[  629.754857][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.762210][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[  630.159319][T19254] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5333'.
[  630.202592][T19254] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5333'.
[  630.513636][T19173] 8021q: adding VLAN 0 to HW filter on device batadv0
[  630.640914][T19173] veth0_vlan: entered promiscuous mode
[  630.679568][T19173] veth1_vlan: entered promiscuous mode
[  630.773362][T19173] veth0_macvtap: entered promiscuous mode
[  630.804847][T19173] veth1_macvtap: entered promiscuous mode
[  630.861194][T19173] batman_adv: batadv0: Interface activated: batadv_slave_0
[  630.884257][T19173] batman_adv: batadv0: Interface activated: batadv_slave_1
[  630.966083][T19173] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  630.999477][T19173] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  631.019197][T19173] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  631.037390][T19173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  631.298032][T13666] Bluetooth: hci1: command tx timeout
[  631.351974][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.397963][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.519143][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.527270][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.915439][T19290] netlink: 'syz.1.5344': attribute type 4 has an invalid length.
[  631.954951][T19290] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5344'.
[  632.879076][T19314] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5354'.
[  633.378131][T13666] Bluetooth: hci1: command tx timeout
[  634.019844][T19335] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5362'.
[  634.301919][T19341] netlink: 'syz.0.5365': attribute type 4 has an invalid length.
[  634.639232][T19348] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5368'.
[  634.823817][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  634.830955][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  635.094088][T19358] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5372'.
[  635.579461][T19367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5375'.
[  635.603423][T19367] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5375'.
[  635.993683][T19374] netlink: 'syz.2.5379': attribute type 19 has an invalid length.
[  636.022334][T19374] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5379'.
[  636.082250][T19376] sctp: [Deprecated]: syz.0.5378 (pid 19376) Use of struct sctp_assoc_value in delayed_ack socket option.
[  636.082250][T19376] Use struct sctp_sack_info instead
[  637.475965][T19400] bridge0: port 3(macvlan0) entered blocking state
[  637.506005][T19400] bridge0: port 3(macvlan0) entered disabled state
[  637.546703][T19400] macvlan0: entered allmulticast mode
[  637.580208][T19400] veth1_vlan: entered allmulticast mode
[  637.610590][T19400] macvlan0: entered promiscuous mode
[  637.634665][T19400] bridge0: port 3(macvlan0) entered blocking state
[  637.641543][T19400] bridge0: port 3(macvlan0) entered forwarding state
[  638.617424][T19417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5395'.
[  638.627486][T19416] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5396'.
[  638.674668][T19417] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5395'.
[  639.193428][T19423] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5399'.
[  639.666682][T19432] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5402'.
[  640.134398][T19439] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5405'.
[  640.317096][T19441] netlink: 74 bytes leftover after parsing attributes in process `syz.2.5406'.
[  640.855578][T19449] netlink: 'syz.2.5408': attribute type 27 has an invalid length.
[  640.887434][T19449] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5408'.
[  641.045542][T19451] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5410'.
[  641.526280][T19465] FAULT_INJECTION: forcing a failure.
[  641.526280][T19465] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  641.591302][T19465] CPU: 0 UID: 0 PID: 19465 Comm: syz.1.5418 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  641.591362][T19465] Tainted: [U]=USER
[  641.591373][T19465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  641.591391][T19465] Call Trace:
[  641.591402][T19465]  <TASK>
[  641.591414][T19465]  dump_stack_lvl+0x16c/0x1f0
[  641.591475][T19465]  should_fail_ex+0x512/0x640
[  641.591533][T19465]  should_fail_alloc_page+0xe7/0x130
[  641.591569][T19465]  prepare_alloc_pages+0x3c2/0x610
[  641.591609][T19465]  ? rcu_is_watching+0x12/0xc0
[  641.591654][T19465]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  641.591709][T19465]  ? __lock_acquire+0xb8a/0x1c90
[  641.591774][T19465]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  641.591826][T19465]  ? do_raw_spin_lock+0x12c/0x2b0
[  641.591886][T19465]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  641.591937][T19465]  ? find_held_lock+0x2b/0x80
[  641.591983][T19465]  ? __lock_acquire+0xb8a/0x1c90
[  641.592025][T19465]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  641.592079][T19465]  ? policy_nodemask+0xea/0x4e0
[  641.592137][T19465]  alloc_pages_mpol+0x1fb/0x550
[  641.592170][T19465]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  641.592214][T19465]  folio_alloc_mpol_noprof+0x36/0x2f0
[  641.592255][T19465]  shmem_alloc_folio+0x135/0x160
[  641.592297][T19465]  shmem_alloc_and_add_folio+0x499/0xc20
[  641.592354][T19465]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  641.592407][T19465]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  641.592463][T19465]  shmem_get_folio_gfp+0x67f/0x1600
[  641.592519][T19465]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  641.592569][T19465]  ? __pfx___might_resched+0x10/0x10
[  641.592611][T19465]  shmem_fallocate+0x795/0xf50
[  641.592677][T19465]  ? __pfx_shmem_fallocate+0x10/0x10
[  641.592731][T19465]  ? aa_file_perm+0x4d6/0xfb0
[  641.592790][T19465]  ? __lock_acquire+0xb8a/0x1c90
[  641.592838][T19465]  ? __lock_acquire+0x622/0x1c90
[  641.592915][T19465]  ? __pfx_shmem_fallocate+0x10/0x10
[  641.592965][T19465]  vfs_fallocate+0x60b/0x10c0
[  641.593020][T19465]  ? __pfx_vfs_fallocate+0x10/0x10
[  641.593083][T19465]  __x64_sys_fallocate+0xd5/0x150
[  641.593137][T19465]  do_syscall_64+0xcd/0x490
[  641.593172][T19465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.593206][T19465] RIP: 0033:0x7f43ca38e929
[  641.593233][T19465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.593267][T19465] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  641.593300][T19465] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  641.593321][T19465] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003
[  641.593341][T19465] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  641.593360][T19465] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000
[  641.593379][T19465] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  641.593422][T19465]  </TASK>
[  642.156827][T19476] sd 0:0:1:0: PR command failed: 1026
[  642.162761][T19476] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  642.169887][T19476] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  643.136870][T19492] sg_write: data in/out 476/16086 bytes for SCSI command 0x0-- guessing data in;
[  643.136870][T19492]    program syz.1.5427 not setting count and/or reply_len properly
[  643.250633][T19497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5429'.
[  643.281714][T19497] netlink: 13 bytes leftover after parsing attributes in process `syz.0.5429'.
[  643.298250][T19497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5429'.
[  643.646934][T19509] netlink: 'syz.2.5434': attribute type 16 has an invalid length.
[  643.676590][T19509] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5434'.
[  643.792015][T19512] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5436'.
[  643.846803][T19514] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5435'.
[  643.954708][T19518] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5438'.
[  644.986396][T19540] netlink: 'syz.2.5447': attribute type 27 has an invalid length.
[  645.012551][T19540] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5447'.
[  646.358971][T19572] netlink: 'syz.3.5460': attribute type 4 has an invalid length.
[  646.715213][T19580] __nla_validate_parse: 3 callbacks suppressed
[  646.715240][T19580] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5462'.
[  646.760145][T19580] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5462'.
[  646.969857][T19585] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5464'.
[  647.060129][T19587] netlink: 'syz.0.5465': attribute type 1 has an invalid length.
[  647.068072][T19587] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5465'.
[  647.397914][T19598] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5469'.
[  647.604007][T19602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5470'.
[  647.769703][T19606] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5472'.
[  648.000452][T19606] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5472'.
[  648.611806][T19611] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5475'.
[  650.151873][T13666] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  650.563673][T19655] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5489'.
[  650.622260][T19638] netlink: 'syz.3.5484': attribute type 33 has an invalid length.
[  652.009439][T19682] __nla_validate_parse: 2 callbacks suppressed
[  652.009466][T19682] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5501'.
[  652.421969][T19693] netlink: 'syz.2.5504': attribute type 4 has an invalid length.
[  652.791673][T19700] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5506'.
[  655.603670][T19729] FAULT_INJECTION: forcing a failure.
[  655.603670][T19729] name failslab, interval 1, probability 0, space 0, times 0
[  655.648050][T19729] CPU: 1 UID: 0 PID: 19729 Comm: syz.1.5515 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  655.648109][T19729] Tainted: [U]=USER
[  655.648120][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.648139][T19729] Call Trace:
[  655.648149][T19729]  <TASK>
[  655.648162][T19729]  dump_stack_lvl+0x16c/0x1f0
[  655.648221][T19729]  should_fail_ex+0x512/0x640
[  655.648270][T19729]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  655.648318][T19729]  should_failslab+0xc2/0x120
[  655.648350][T19729]  __kmalloc_cache_noprof+0x6a/0x3e0
[  655.648394][T19729]  ? cec_open+0xdb/0x690
[  655.648445][T19729]  cec_open+0xdb/0x690
[  655.648505][T19729]  ? __pfx_cec_open+0x10/0x10
[  655.648556][T19729]  ? kobject_get_unless_zero+0x156/0x1e0
[  655.648589][T19729]  ? find_held_lock+0x2b/0x80
[  655.648624][T19729]  ? chrdev_open+0x10b/0x6a0
[  655.648679][T19729]  ? __pfx_cec_open+0x10/0x10
[  655.648723][T19729]  chrdev_open+0x231/0x6a0
[  655.648773][T19729]  ? __pfx_apparmor_file_open+0x10/0x10
[  655.648817][T19729]  ? __pfx_chrdev_open+0x10/0x10
[  655.648871][T19729]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  655.648924][T19729]  do_dentry_open+0x744/0x1c10
[  655.648975][T19729]  ? __pfx_chrdev_open+0x10/0x10
[  655.649034][T19729]  vfs_open+0x82/0x3f0
[  655.649074][T19729]  path_openat+0x1de4/0x2cb0
[  655.649144][T19729]  ? __pfx_path_openat+0x10/0x10
[  655.649194][T19729]  ? __lock_acquire+0xb8a/0x1c90
[  655.649242][T19729]  do_filp_open+0x20b/0x470
[  655.649297][T19729]  ? __pfx_do_filp_open+0x10/0x10
[  655.649376][T19729]  ? alloc_fd+0x471/0x7d0
[  655.649441][T19729]  do_sys_openat2+0x11b/0x1d0
[  655.649567][T19729]  ? __pfx_do_sys_openat2+0x10/0x10
[  655.649621][T19729]  __x64_sys_openat+0x174/0x210
[  655.649659][T19729]  ? __pfx___x64_sys_openat+0x10/0x10
[  655.649715][T19729]  do_syscall_64+0xcd/0x490
[  655.649749][T19729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.649782][T19729] RIP: 0033:0x7f43ca38e929
[  655.649810][T19729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.649843][T19729] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  655.649873][T19729] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  655.649894][T19729] RDX: 0000000000101901 RSI: 0000200000002c00 RDI: ffffffffffffff9c
[  655.649923][T19729] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  655.649943][T19729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.649962][T19729] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  655.650004][T19729]  </TASK>
[  656.869105][T19744] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5521'.
[  657.651136][T19751] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5524'.
[  657.952321][T19754] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5525'.
[  659.038334][T19770] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5533'.
[  659.385482][T19777] netlink: 'syz.3.5535': attribute type 8 has an invalid length.
[  659.419538][T19777] netlink: 'syz.3.5535': attribute type 8 has an invalid length.
[  659.956980][   T30] audit: type=1800 audit(4294967346.860:25): pid=19793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5544" name="dbroot" dev="configfs" ino=54634 res=0 errno=0
[  662.053695][T19836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5557'.
[  662.134092][T19832] netlink: 9 bytes leftover after parsing attributes in process `syz.1.5557'.
[  662.180757][T19832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5557'.
[  662.312740][T19841] netlink: 'syz.3.5561': attribute type 28 has an invalid length.
[  662.324313][T19841] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5561'.
[  662.368260][T19842] netlink: 'syz.3.5561': attribute type 28 has an invalid length.
[  662.376812][T19842] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5561'.
[  662.684878][T19850] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5563'.
[  663.553685][T19865] netlink: 122 bytes leftover after parsing attributes in process `syz.1.5570'.
[  663.591451][T19872] netlink: 'syz.2.5574': attribute type 14 has an invalid length.
[  663.691110][T19872] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5574'.
[  667.919716][T19947] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5602'.
[  669.051771][T19960] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  669.152605][T19963] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5609'.
[  669.316953][T19967] netlink: 322 bytes leftover after parsing attributes in process `syz.1.5610'.
[  670.215292][T19987] FAULT_INJECTION: forcing a failure.
[  670.215292][T19987] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  670.253513][T19988] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5620'.
[  670.265279][T19987] CPU: 0 UID: 0 PID: 19987 Comm: syz.1.5618 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  670.265335][T19987] Tainted: [U]=USER
[  670.265345][T19987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  670.265363][T19987] Call Trace:
[  670.265382][T19987]  <TASK>
[  670.265393][T19987]  dump_stack_lvl+0x16c/0x1f0
[  670.265463][T19987]  should_fail_ex+0x512/0x640
[  670.265511][T19987]  should_fail_alloc_page+0xe7/0x130
[  670.265542][T19987]  prepare_alloc_pages+0x3c2/0x610
[  670.265582][T19987]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  670.265631][T19987]  ? mas_next_slot+0x12d3/0x21b0
[  670.265662][T19987]  ? __up_read+0x1f8/0x750
[  670.265711][T19987]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  670.265755][T19987]  ? mas_find+0x2f6/0x530
[  670.265782][T19987]  ? validate_mm+0x40a/0x570
[  670.265824][T19987]  ? __pfx_validate_mm+0x10/0x10
[  670.265866][T19987]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  670.265911][T19987]  ? policy_nodemask+0xea/0x4e0
[  670.265957][T19987]  alloc_pages_mpol+0x1fb/0x550
[  670.265985][T19987]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  670.266021][T19987]  alloc_pages_noprof+0x131/0x390
[  670.266049][T19987]  __pud_alloc+0x3b/0x750
[  670.266083][T19987]  alloc_new_pud+0x267/0x320
[  670.266125][T19987]  move_page_tables+0x6b6/0x4070
[  670.266172][T19987]  ? __pfx_copy_vma+0x10/0x10
[  670.266212][T19987]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.266261][T19987]  ? __pfx_move_page_tables+0x10/0x10
[  670.266300][T19987]  ? register_lock_class+0x41/0x4c0
[  670.266338][T19987]  ? __schedule+0x1181/0x5de0
[  670.266421][T19987]  ? __lock_acquire+0x622/0x1c90
[  670.266464][T19987]  copy_vma_and_data+0x216/0x750
[  670.266510][T19987]  ? __pfx_copy_vma_and_data+0x10/0x10
[  670.266559][T19987]  ? __vma_enter_locked+0x163/0x3f0
[  670.266599][T19987]  ? find_held_lock+0x2b/0x80
[  670.266626][T19987]  ? move_vma+0x536/0x1740
[  670.266673][T19987]  move_vma+0x548/0x1740
[  670.266718][T19987]  ? __pfx_move_vma+0x10/0x10
[  670.266755][T19987]  ? mm_get_unmapped_area+0x95/0xe0
[  670.266788][T19987]  ? shmem_get_unmapped_area+0x170/0xa00
[  670.266823][T19987]  ? cap_mmap_addr+0x4b/0x120
[  670.266849][T19987]  ? bpf_lsm_mmap_addr+0x9/0x10
[  670.266877][T19987]  ? security_mmap_addr+0x6c/0x1e0
[  670.266912][T19987]  ? __get_unmapped_area+0x267/0x440
[  670.266947][T19987]  ? vrm_set_new_addr+0x208/0x290
[  670.266990][T19987]  __do_sys_mremap+0xe07/0x1590
[  670.267036][T19987]  ? __pfx___do_sys_mremap+0x10/0x10
[  670.267085][T19987]  ? __fget_files+0x204/0x3c0
[  670.267130][T19987]  ? __x64_sys_futex+0x1e0/0x4c0
[  670.267187][T19987]  do_syscall_64+0xcd/0x490
[  670.267215][T19987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.267244][T19987] RIP: 0033:0x7f43ca38e929
[  670.267267][T19987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  670.267295][T19987] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  670.267323][T19987] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  670.267343][T19987] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000
[  670.267360][T19987] RBP: 00007f43ca410b39 R08: 00007effffffb000 R09: 0000000000000000
[  670.267384][T19987] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  670.267402][T19987] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  670.267439][T19987]  </TASK>
[  670.338017][T19988] IPv6: NLM_F_CREATE should be specified when creating new route
[  670.937523][T19995] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5623'.
[  671.910443][T20008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5627'.
[  671.925105][T20008] netlink: 13 bytes leftover after parsing attributes in process `syz.1.5627'.
[  672.566524][T20035] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5640'.
[  673.944199][T20084] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5659'.
[  674.406246][T20098] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5665'.
[  675.542218][T20132] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5680'.
[  676.573090][T20154] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5690'.
[  678.211776][T20187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5702'.
[  678.860892][T20193] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5703'.
[  680.622887][T20231] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5719'.
[  680.862613][T20236] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5721'.
[  681.222646][T20242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  681.243247][T20244] netlink: 322 bytes leftover after parsing attributes in process `syz.3.5724'.
[  681.697523][T20252] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5727'.
[  682.410685][T20270] netlink: 86 bytes leftover after parsing attributes in process `syz.2.5734'.
[  684.794541][T20309] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5748'.
[  685.859544][T20328] netlink: 'syz.1.5757': attribute type 4 has an invalid length.
[  688.236668][T20378] netlink: 'syz.0.5772': attribute type 1 has an invalid length.
[  688.261422][T20378] netlink: 318 bytes leftover after parsing attributes in process `syz.0.5772'.
[  688.519290][T20383] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5774'.
[  688.604491][T20385] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5775'.
[  688.680695][T20385] bridge0: entered promiscuous mode
[  689.069332][T20397] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5780'.
[  689.501684][T20405] netlink: 'syz.1.5782': attribute type 21 has an invalid length.
[  689.541352][T20405] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5782'.
[  689.828663][T20412] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5785'.
[  690.259450][T20420] netlink: 'syz.1.5788': attribute type 4 has an invalid length.
[  690.267283][T20420] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5788'.
[  690.932966][T20440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5795'.
[  691.047809][T20442] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5796'.
[  691.288813][T20448] FAULT_INJECTION: forcing a failure.
[  691.288813][T20448] name failslab, interval 1, probability 0, space 0, times 0
[  691.321802][T20448] CPU: 1 UID: 0 PID: 20448 Comm: syz.1.5800 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  691.321857][T20448] Tainted: [U]=USER
[  691.321868][T20448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  691.321887][T20448] Call Trace:
[  691.321897][T20448]  <TASK>
[  691.321910][T20448]  dump_stack_lvl+0x16c/0x1f0
[  691.321976][T20448]  should_fail_ex+0x512/0x640
[  691.322030][T20448]  should_failslab+0xc2/0x120
[  691.322092][T20448]  __kmalloc_cache_noprof+0x6a/0x3e0
[  691.322138][T20448]  ? nfc_genl_rcv_nl_event+0xc1/0x2e0
[  691.322187][T20448]  nfc_genl_rcv_nl_event+0xc1/0x2e0
[  691.322228][T20448]  notifier_call_chain+0xb9/0x410
[  691.322265][T20448]  ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10
[  691.322314][T20448]  blocking_notifier_call_chain+0x69/0xa0
[  691.322358][T20448]  netlink_release+0x186b/0x2020
[  691.322403][T20448]  ? netlink_release+0x1de/0x2020
[  691.322445][T20448]  ? __pfx_netlink_release+0x10/0x10
[  691.322485][T20448]  ? __pfx_locks_remove_file+0x10/0x10
[  691.322527][T20448]  __sock_release+0xb0/0x270
[  691.322565][T20448]  ? __pfx_sock_close+0x10/0x10
[  691.322595][T20448]  sock_close+0x1c/0x30
[  691.322622][T20448]  __fput+0x3ff/0xb70
[  691.322666][T20448]  task_work_run+0x14d/0x240
[  691.322716][T20448]  ? __pfx_task_work_run+0x10/0x10
[  691.322766][T20448]  ? __pfx___do_sys_close_range+0x10/0x10
[  691.322825][T20448]  exit_to_user_mode_loop+0xeb/0x110
[  691.322877][T20448]  do_syscall_64+0x3f6/0x490
[  691.322911][T20448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.322945][T20448] RIP: 0033:0x7f43ca38e929
[  691.322971][T20448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.323003][T20448] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  691.323033][T20448] RAX: 0000000000000000 RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  691.323065][T20448] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000
[  691.323087][T20448] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  691.323106][T20448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  691.323125][T20448] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  691.323167][T20448]  </TASK>
[  692.069114][T20447] raw_sendmsg: syz.3.5798 forgot to set AF_INET. Fix it!
[  692.424081][T20475] FAULT_INJECTION: forcing a failure.
[  692.424081][T20475] name failslab, interval 1, probability 0, space 0, times 0
[  692.507654][T20475] CPU: 0 UID: 0 PID: 20475 Comm: syz.2.5808 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  692.507710][T20475] Tainted: [U]=USER
[  692.507725][T20475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  692.507744][T20475] Call Trace:
[  692.507754][T20475]  <TASK>
[  692.507766][T20475]  dump_stack_lvl+0x16c/0x1f0
[  692.507821][T20475]  should_fail_ex+0x512/0x640
[  692.507868][T20475]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  692.507916][T20475]  should_failslab+0xc2/0x120
[  692.507947][T20475]  __kmalloc_cache_noprof+0x6a/0x3e0
[  692.507990][T20475]  ? trace_kmalloc+0x2b/0xd0
[  692.508029][T20475]  ? snd_virmidi_input_open+0xc8/0x4a0
[  692.508074][T20475]  snd_virmidi_input_open+0xc8/0x4a0
[  692.508115][T20475]  open_substream+0x47b/0x9b0
[  692.508160][T20475]  rawmidi_open_priv+0x513/0x6e0
[  692.508211][T20475]  snd_rawmidi_open+0x4cc/0xbf0
[  692.508261][T20475]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  692.508310][T20475]  ? __pfx_default_wake_function+0x10/0x10
[  692.508349][T20475]  ? kobject_get_unless_zero+0x156/0x1e0
[  692.508389][T20475]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  692.508434][T20475]  snd_open+0x1fe/0x450
[  692.508467][T20475]  ? __pfx_snd_open+0x10/0x10
[  692.508498][T20475]  chrdev_open+0x231/0x6a0
[  692.508547][T20475]  ? __pfx_apparmor_file_open+0x10/0x10
[  692.508590][T20475]  ? __pfx_chrdev_open+0x10/0x10
[  692.508647][T20475]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  692.508699][T20475]  do_dentry_open+0x744/0x1c10
[  692.508749][T20475]  ? __pfx_chrdev_open+0x10/0x10
[  692.508808][T20475]  vfs_open+0x82/0x3f0
[  692.508849][T20475]  path_openat+0x1de4/0x2cb0
[  692.508910][T20475]  ? __pfx_path_openat+0x10/0x10
[  692.508961][T20475]  ? __lock_acquire+0xb8a/0x1c90
[  692.509018][T20475]  do_filp_open+0x20b/0x470
[  692.509068][T20475]  ? __pfx_do_filp_open+0x10/0x10
[  692.509147][T20475]  ? alloc_fd+0x471/0x7d0
[  692.509204][T20475]  do_sys_openat2+0x11b/0x1d0
[  692.509241][T20475]  ? __pfx_do_sys_openat2+0x10/0x10
[  692.509297][T20475]  __x64_sys_openat+0x174/0x210
[  692.509335][T20475]  ? __pfx___x64_sys_openat+0x10/0x10
[  692.509392][T20475]  do_syscall_64+0xcd/0x490
[  692.509424][T20475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.509458][T20475] RIP: 0033:0x7f3ab478e929
[  692.509485][T20475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.509518][T20475] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  692.509549][T20475] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[  692.509571][T20475] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  692.509591][T20475] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[  692.509610][T20475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.509628][T20475] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[  692.509670][T20475]  </TASK>
[  694.887014][T20516] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5824'.
[  695.005458][T20520] sock: sock_timestamping_bind_phc: sock not bind to device
[  696.205149][T20541] netlink: 'syz.1.5833': attribute type 19 has an invalid length.
[  696.270715][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  696.277124][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  696.297881][T20541] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5833'.
[  696.717435][T20553] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5840'.
[  698.175926][T20572] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5847'.
[  699.212890][T20592] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5855'.
[  700.970579][T20631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5872'.
[  700.994008][T20629] FAULT_INJECTION: forcing a failure.
[  700.994008][T20629] name failslab, interval 1, probability 0, space 0, times 0
[  701.010814][T20631] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5872'.
[  701.179830][T20629] CPU: 1 UID: 0 PID: 20629 Comm: syz.1.5871 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  701.179887][T20629] Tainted: [U]=USER
[  701.179898][T20629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  701.179917][T20629] Call Trace:
[  701.179928][T20629]  <TASK>
[  701.179942][T20629]  dump_stack_lvl+0x16c/0x1f0
[  701.179999][T20629]  should_fail_ex+0x512/0x640
[  701.180048][T20629]  ? __kmalloc_noprof+0xbf/0x510
[  701.180110][T20629]  ? get_modalias+0xbb/0x380
[  701.180144][T20629]  should_failslab+0xc2/0x120
[  701.180177][T20629]  __kmalloc_noprof+0xd2/0x510
[  701.180227][T20629]  ? get_modalias+0x20f/0x380
[  701.180271][T20629]  get_modalias+0xbb/0x380
[  701.180314][T20629]  ? __pfx_sys_dmi_modalias_show+0x10/0x10
[  701.180351][T20629]  sys_dmi_modalias_show+0x1f/0xb0
[  701.180390][T20629]  dev_attr_show+0x56/0xe0
[  701.180426][T20629]  ? __pfx_dev_attr_show+0x10/0x10
[  701.180455][T20629]  sysfs_kf_seq_show+0x213/0x3e0
[  701.180505][T20629]  seq_read_iter+0x509/0x12c0
[  701.180564][T20629]  kernfs_fop_read_iter+0x40f/0x5a0
[  701.180598][T20629]  ? rw_verify_area+0xcf/0x680
[  701.180643][T20629]  vfs_read+0x8bf/0xc60
[  701.180694][T20629]  ? __pfx___mutex_lock+0x10/0x10
[  701.180724][T20629]  ? __pfx_vfs_read+0x10/0x10
[  701.180802][T20629]  ksys_read+0x12a/0x250
[  701.180846][T20629]  ? __pfx_ksys_read+0x10/0x10
[  701.180905][T20629]  do_syscall_64+0xcd/0x490
[  701.180937][T20629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.180972][T20629] RIP: 0033:0x7f43ca38e929
[  701.180998][T20629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.181032][T20629] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  701.181062][T20629] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  701.181082][T20629] RDX: 0000000000001016 RSI: 0000200000000000 RDI: 0000000000000003
[  701.181110][T20629] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  701.181129][T20629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  701.181148][T20629] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  701.181190][T20629]  </TASK>
[  702.032496][T20645] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5879'.
[  702.059995][T20645] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5879'.
[  702.079709][T20646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5877'.
[  702.259268][T20649] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5880'.
[  702.510271][T20653] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5877'.
[  703.690911][T20671] netlink: 'syz.3.5888': attribute type 1 has an invalid length.
[  703.758061][T20671] netlink: 230 bytes leftover after parsing attributes in process `syz.3.5888'.
[  703.827991][T20673] bridge0: port 3(netdevsim1) entered blocking state
[  703.888041][T20673] bridge0: port 3(netdevsim1) entered disabled state
[  703.908596][T20673] netdevsim netdevsim0 netdevsim1: entered allmulticast mode
[  703.932965][T20673] netdevsim netdevsim0 netdevsim1: entered promiscuous mode
[  703.950481][T20673] bridge0: port 3(netdevsim1) entered blocking state
[  703.957441][T20673] bridge0: port 3(netdevsim1) entered listening state
[  704.569130][T20687] FAULT_INJECTION: forcing a failure.
[  704.569130][T20687] name failslab, interval 1, probability 0, space 0, times 0
[  704.607934][T20687] CPU: 1 UID: 0 PID: 20687 Comm: syz.2.5895 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  704.607997][T20687] Tainted: [U]=USER
[  704.608008][T20687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  704.608028][T20687] Call Trace:
[  704.608038][T20687]  <TASK>
[  704.608051][T20687]  dump_stack_lvl+0x16c/0x1f0
[  704.608109][T20687]  should_fail_ex+0x512/0x640
[  704.608157][T20687]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  704.608215][T20687]  should_failslab+0xc2/0x120
[  704.608247][T20687]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  704.608299][T20687]  ? alloc_inode+0xc3/0x240
[  704.608339][T20687]  alloc_inode+0xc3/0x240
[  704.608373][T20687]  path_from_stashed+0x2be/0xb00
[  704.608429][T20687]  ? __pfx_path_from_stashed+0x10/0x10
[  704.608491][T20687]  open_namespace+0x8d/0x190
[  704.608535][T20687]  ? __pfx_open_namespace+0x10/0x10
[  704.608591][T20687]  ns_ioctl+0x496/0xe50
[  704.608634][T20687]  ? __pfx_ns_ioctl+0x10/0x10
[  704.608676][T20687]  ? __fget_files+0x20e/0x3c0
[  704.608728][T20687]  ? __pfx_ns_ioctl+0x10/0x10
[  704.608786][T20687]  __x64_sys_ioctl+0x18b/0x210
[  704.608829][T20687]  do_syscall_64+0xcd/0x490
[  704.608864][T20687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.608897][T20687] RIP: 0033:0x7f3ab478e929
[  704.608924][T20687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  704.608959][T20687] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  704.608991][T20687] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[  704.609014][T20687] RDX: 0000000000000000 RSI: 000000000000b701 RDI: 0000000000000003
[  704.609033][T20687] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[  704.609053][T20687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  704.609071][T20687] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[  704.609113][T20687]  </TASK>
[  705.116784][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[  705.167018][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[  705.190545][T20690] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc2-syzkaller-00162-g41687a5c6f8b/regulatory.db failed with error -74
[  705.210868][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[  705.227402][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[  705.247625][T20690] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74
[  705.283161][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[  705.321309][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[  705.334060][T20690] platform regulatory.0: loading /lib/firmware/6.16.0-rc2-syzkaller-00162-g41687a5c6f8b/regulatory.db failed with error -74
[  705.358768][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[  705.386503][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[  705.402756][T20690] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74
[  705.422542][T20690] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74
[  705.457922][T20690] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  706.813804][T20714] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5905'.
[  707.733418][T20733] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5913'.
[  707.984674][T20739] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5915'.
[  708.965828][T20757] netlink: 74 bytes leftover after parsing attributes in process `syz.3.5919'.
[  709.284123][T20759] FAULT_INJECTION: forcing a failure.
[  709.284123][T20759] name failslab, interval 1, probability 0, space 0, times 0
[  709.316688][T20759] CPU: 0 UID: 0 PID: 20759 Comm: syz.1.5922 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  709.316746][T20759] Tainted: [U]=USER
[  709.316758][T20759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  709.316778][T20759] Call Trace:
[  709.316788][T20759]  <TASK>
[  709.316801][T20759]  dump_stack_lvl+0x16c/0x1f0
[  709.316861][T20759]  should_fail_ex+0x512/0x640
[  709.316907][T20759]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  709.316956][T20759]  should_failslab+0xc2/0x120
[  709.316990][T20759]  __kmalloc_cache_noprof+0x6a/0x3e0
[  709.317035][T20759]  ? lockdep_init_map_type+0x5c/0x280
[  709.317077][T20759]  ? dummy_hrtimer_create+0x45/0x170
[  709.317127][T20759]  dummy_hrtimer_create+0x45/0x170
[  709.317170][T20759]  ? __pfx_dummy_hrtimer_create+0x10/0x10
[  709.317210][T20759]  dummy_pcm_open+0xd4/0x5b0
[  709.317252][T20759]  snd_pcm_open_substream+0xa60/0x17f0
[  709.317302][T20759]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  709.317359][T20759]  ? rcu_is_watching+0x12/0xc0
[  709.317401][T20759]  snd_pcm_open+0x29e/0x730
[  709.317453][T20759]  ? __pfx_snd_pcm_open+0x10/0x10
[  709.317505][T20759]  ? __pfx_default_wake_function+0x10/0x10
[  709.317553][T20759]  ? __pfx_snd_pcm_capture_open+0x10/0x10
[  709.317598][T20759]  snd_pcm_capture_open+0x89/0xe0
[  709.317643][T20759]  snd_open+0x1fe/0x450
[  709.317676][T20759]  ? __pfx_snd_open+0x10/0x10
[  709.317711][T20759]  chrdev_open+0x231/0x6a0
[  709.317759][T20759]  ? __pfx_apparmor_file_open+0x10/0x10
[  709.317801][T20759]  ? __pfx_chrdev_open+0x10/0x10
[  709.317854][T20759]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  709.317904][T20759]  do_dentry_open+0x744/0x1c10
[  709.317954][T20759]  ? __pfx_chrdev_open+0x10/0x10
[  709.318015][T20759]  vfs_open+0x82/0x3f0
[  709.318056][T20759]  path_openat+0x1de4/0x2cb0
[  709.318119][T20759]  ? __pfx_path_openat+0x10/0x10
[  709.318192][T20759]  ? __lock_acquire+0xb8a/0x1c90
[  709.318241][T20759]  do_filp_open+0x20b/0x470
[  709.318292][T20759]  ? __pfx_do_filp_open+0x10/0x10
[  709.318381][T20759]  ? alloc_fd+0x471/0x7d0
[  709.318441][T20759]  do_sys_openat2+0x11b/0x1d0
[  709.318479][T20759]  ? __pfx_do_sys_openat2+0x10/0x10
[  709.318533][T20759]  __x64_sys_openat+0x174/0x210
[  709.318573][T20759]  ? __pfx___x64_sys_openat+0x10/0x10
[  709.318631][T20759]  do_syscall_64+0xcd/0x490
[  709.318666][T20759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.318700][T20759] RIP: 0033:0x7f43ca38e929
[  709.318727][T20759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  709.318761][T20759] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  709.318794][T20759] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[  709.318817][T20759] RDX: 0000000000001200 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  709.318838][T20759] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[  709.318857][T20759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  709.318876][T20759] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[  709.318918][T20759]  </TASK>
[  709.412372][T20749] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  709.638312][T20749] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  709.645006][T20749] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  709.835254][T20749] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  709.848099][T20749] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  709.909322][T20749] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  710.041447][T20749] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  710.059794][T20749] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  710.145690][T20749] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  710.988573][T14345] Bluetooth: hci0: command 0x0c1a tx timeout
[  711.697944][T14345] Bluetooth: hci2: command 0x0406 tx timeout
[  711.858140][T14345] Bluetooth: hci3: command 0x0406 tx timeout
[  712.106778][T14345] Bluetooth: hci1: command 0x0c1a tx timeout
[  713.257004][T20846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5954'.
[  713.287896][T20846] hsr_slave_0: left promiscuous mode
[  713.339247][T20846] hsr_slave_1: left promiscuous mode
[  713.781174][T14345] Bluetooth: hci2: command 0x0406 tx timeout
[  713.938023][T14345] Bluetooth: hci3: command 0x0406 tx timeout
[  714.113947][T20857] workqueue: max_active 105682534 requested for writeback is out of range, clamping between 1 and 2048
[  714.183381][T13666] Bluetooth: hci1: command 0x0c1a tx timeout
[  715.546020][T20887] FAULT_INJECTION: forcing a failure.
[  715.546020][T20887] name failslab, interval 1, probability 0, space 0, times 0
[  715.596909][T20887] CPU: 1 UID: 0 PID: 20887 Comm: syz.2.5967 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  715.596967][T20887] Tainted: [U]=USER
[  715.596979][T20887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  715.596999][T20887] Call Trace:
[  715.597011][T20887]  <TASK>
[  715.597027][T20887]  dump_stack_lvl+0x16c/0x1f0
[  715.597089][T20887]  should_fail_ex+0x512/0x640
[  715.597138][T20887]  ? __kmalloc_noprof+0xbf/0x510
[  715.597190][T20887]  ? lsm_blob_alloc+0x68/0x90
[  715.597239][T20887]  should_failslab+0xc2/0x120
[  715.597271][T20887]  __kmalloc_noprof+0xd2/0x510
[  715.597329][T20887]  lsm_blob_alloc+0x68/0x90
[  715.597382][T20887]  security_sk_alloc+0x30/0x270
[  715.597420][T20887]  sk_prot_alloc+0xfb/0x2a0
[  715.597462][T20887]  sk_alloc+0x36/0xc20
[  715.597512][T20887]  inet_create+0x3a1/0x1090
[  715.597598][T20887]  ? inet_create+0x93/0x1090
[  715.597653][T20887]  __sock_create+0x338/0x8d0
[  715.597703][T20887]  smc_create_clcsk+0x37/0xd0
[  715.597745][T20887]  ? __pfx_smc_inet_init_sock+0x10/0x10
[  715.597779][T20887]  inet_create+0x936/0x1090
[  715.597832][T20887]  ? inet_create+0x93/0x1090
[  715.597885][T20887]  __sock_create+0x338/0x8d0
[  715.597935][T20887]  __sys_socket+0x14d/0x260
[  715.597977][T20887]  ? __pfx___sys_socket+0x10/0x10
[  715.598020][T20887]  ? xfd_validate_state+0x61/0x180
[  715.598063][T20887]  ? __pfx_do_writev+0x10/0x10
[  715.598117][T20887]  __x64_sys_socket+0x72/0xb0
[  715.598157][T20887]  ? lockdep_hardirqs_on+0x7c/0x110
[  715.598208][T20887]  do_syscall_64+0xcd/0x490
[  715.598242][T20887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.598277][T20887] RIP: 0033:0x7f3ab478e929
[  715.598305][T20887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.598340][T20887] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  715.598373][T20887] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[  715.598394][T20887] RDX: 0000000000000100 RSI: 0000000000000801 RDI: 0000000000000002
[  715.598415][T20887] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[  715.598435][T20887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  715.598455][T20887] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[  715.598498][T20887]  </TASK>
[  716.105950][T13666] Bluetooth: hci3: command 0x0406 tx timeout
[  716.263398][T13666] Bluetooth: hci1: command 0x0c1a tx timeout
[  716.644339][T20898] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5972'.
[  717.632463][T20918] netlink: 'syz.1.5981': attribute type 22 has an invalid length.
[  717.688228][T20918] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5981'.
[  719.298646][    C0] bridge0: port 3(netdevsim1) entered learning state
[  720.162763][T20963] delete_channel: no stack
[  720.218515][T20965] netlink: 'syz.1.5996': attribute type 29 has an invalid length.
[  720.226431][T20965] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5996'.
[  720.624510][T20967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5999'.
[  726.265314][T21060] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6032'.
[  727.023496][T21073] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6039'.
[  728.296680][T21091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6044'.
[  728.713190][T21100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6048'.
[  728.746263][T21100] netlink: 5 bytes leftover after parsing attributes in process `syz.1.6048'.
[  728.782487][T21105] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6049'.
[  728.803305][T21100] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6048'.
[  729.597070][T21129] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6062'.
[  730.376599][T21160] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6074'.
[  731.395056][T21190] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6088'.
[  731.602399][T21196] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6091'.
[  731.653350][T21199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6093'.
[  732.532274][T21227] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6104'.
[  734.227985][T21269] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6124'.
[  734.659385][    C0] bridge0: port 3(netdevsim1) entered forwarding state
[  734.666372][    C0] bridge0: topology change detected, propagating
[  735.504912][T21302] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6135'.
[  735.789574][T21308] ima: policy update failed
[  735.794982][   T30] audit: type=1802 audit(4294967422.700:26): pid=21308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.6140" res=0 errno=0
[  735.820933][T21312] : renamed from gre0 (while UP)
[  737.140986][T21337] netlink: 'syz.3.6147': attribute type 22 has an invalid length.
[  737.157961][T21337] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6147'.
[  740.136388][T21411] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6175'.
[  740.301682][T21414] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6176'.
[  741.542407][T21446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6189'.
[  741.569835][T21446] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6189'.
[  741.775379][T21450] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6192'.
[  742.254407][T21462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6196'.
[  743.278180][T21486] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6204'.
[  744.283584][T21522] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6218'.
[  744.293854][T21522] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6218'.
[  745.133940][T21541] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6226'.
[  746.714854][T21569] netlink: 322 bytes leftover after parsing attributes in process `syz.1.6236'.
[  746.973425][T21574] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6239'.
[  747.409712][T21592] netlink: 'syz.0.6246': attribute type 27 has an invalid length.
[  747.438439][T21592] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6246'.
[  748.502007][T21612] netlink: 'syz.0.6254': attribute type 16 has an invalid length.
[  748.529507][T21612] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6254'.
[  748.548105][T21614] i2c i2c-0: new_device: Instantiated device card: at 0x01
[  749.591534][T21643] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6266'.
[  750.002770][T21653] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6269'.
[  750.165832][T21657] netlink: 146 bytes leftover after parsing attributes in process `syz.0.6280'.
[  750.169627][T21660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6273'.
[  751.973381][T21702] netlink: 186 bytes leftover after parsing attributes in process `syz.1.6288'.
[  751.998958][T21702] netlink: 186 bytes leftover after parsing attributes in process `syz.1.6288'.
[  753.868804][T21727] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  754.406059][   T30] audit: type=1800 audit(4294967450.307:27): pid=21738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6298" name="lu_gp_id" dev="configfs" ino=61420 res=0 errno=0
[  754.428057][T21738] ALUA lu_gp_id: 654336 exceeds maximum: 0x0000ffff
[  755.344775][T21761] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6309'.
[  755.479999][T21765] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6311'.
[  755.499182][T21765] veth1_macvtap: left promiscuous mode
[  755.588780][T21767] mkiss: ax0: crc mode is auto.
[  755.883199][T21774] netlink: 110 bytes leftover after parsing attributes in process `syz.3.6314'.
[  756.212237][T21786] netlink: 202 bytes leftover after parsing attributes in process `syz.0.6319'.
[  757.707362][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  757.713867][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  757.892788][T21821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  757.902608][T21821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  757.911833][T21821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  757.922903][T21821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  757.936781][T21821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  758.500133][T21818] chnl_net:caif_netlink_parms(): no params data found
[  758.910635][T13892] ------------[ cut here ]------------
[  758.916188][T13892] ODEBUG: free active (active state 0) object: ffff8880337792d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0
[  758.932194][T13892] WARNING: CPU: 0 PID: 13892 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[  758.942572][T13892] Modules linked in:
[  758.946547][T13892] CPU: 0 UID: 0 PID: 13892 Comm: syz.0.3217 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  758.960364][T13892] Tainted: [U]=USER
[  758.964222][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  758.974593][T13892] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  758.980626][T13892] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 50 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  759.000743][T13892] RSP: 0018:ffffc900025cf768 EFLAGS: 00010286
[  759.006892][T13892] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[  759.015021][T13892] RDX: ffff88807be78000 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[  759.016028][T21818] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.023849][T13892] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  759.039446][T13892] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0
[  759.047482][T13892] R13: ffffffff8bafe740 R14: ffffffff8a87a810 R15: ffffc900025cf868
[  759.047989][T21818] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.055877][T13892] FS:  0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000
[  759.068347][T21818] bridge_slave_0: entered allmulticast mode
[  759.071765][T13892] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  759.084202][T13892] CR2: 0000564ee7116cb8 CR3: 0000000034bc2000 CR4: 00000000003526f0
[  759.085440][T21818] bridge_slave_0: entered promiscuous mode
[  759.092290][T13892] Call Trace:
[  759.092305][T13892]  <TASK>
[  759.092317][T13892]  ? __pfx_hci_devcd_timeout+0x10/0x10
[  759.092370][T13892]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  759.092423][T13892]  debug_check_no_obj_freed+0x4b7/0x600
[  759.092471][T13892]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  759.092508][T13892]  ? rcu_is_watching+0x12/0xc0
[  759.133722][T13892]  ? kmem_cache_free+0x2d1/0x4d0
[  759.139376][T13892]  kfree+0x28f/0x4d0
[  759.143354][T13892]  ? hci_release_dev+0x4d8/0x600
[  759.148761][T13892]  hci_release_dev+0x4d8/0x600
[  759.153618][T13892]  ? __pfx_hci_release_dev+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  759.159331][T13892]  ? rcu_is_watching+0x12/0xc0
[  759.164178][T13892]  ? kfree+0x24f/0x4d0
[  759.168369][T13892]  bt_host_release+0x6a/0xb0
[  759.170435][T21818] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.172993][T13892]  ? __pfx_bt_host_release+0x10/0x10
[  759.185858][T13892]  device_release+0xa1/0x240
[  759.190986][T13892]  kobject_put+0x1e7/0x5a0
[  759.195504][T13892]  ? __pfx_vhci_release+0x10/0x10
[  759.200680][T13892]  put_device+0x1f/0x30
[  759.201329][T21818] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.205115][T13892]  vhci_release+0x81/0xf0
[  759.216489][T13892]  __fput+0x3ff/0xb70
[  759.220664][T13892]  task_work_run+0x14d/0x240
[  759.225340][T13892]  ? __pfx_task_work_run+0x10/0x10
[  759.231305][T13892]  do_exit+0x864/0x2bd0
[  759.235558][T13892]  ? __pfx_do_exit+0x10/0x10
[  759.240755][T13892]  ? cgroup_update_frozen_flag+0x107/0x210
[  759.247134][T13892]  ? find_held_lock+0x2b/0x80
[  759.252157][T21818] bridge_slave_1: entered allmulticast mode
[  759.254530][T21818] bridge_slave_1: entered promiscuous mode
[  759.258166][T13892]  do_group_exit+0xd3/0x2a0
[  759.268666][T13892]  get_signal+0x2673/0x26d0
[  759.273251][T13892]  ? hrtimer_nanosleep+0x187/0x380
[  759.278484][T13892]  ? __pfx_get_signal+0x10/0x10
[  759.283413][T13892]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  759.288739][T13892]  arch_do_signal_or_restart+0x8f/0x790
[  759.294374][T13892]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  759.300704][T13892]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  759.307181][T13892]  exit_to_user_mode_loop+0x84/0x110
[  759.312685][T13892]  do_syscall_64+0x3f6/0x490
[  759.317346][T13892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.323400][T13892] RIP: 0033:0x7fca085c11e5
[  759.327917][T13892] Code: Unable to access opcode bytes at 0x7fca085c11bb.
[  759.335718][T13892] RSP: 002b:00007fca09352f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  759.345153][T13892] RAX: fffffffffffffdfc RBX: 00007fca087b5fa0 RCX: 00007fca085c11e5
[  759.353567][T13892] RDX: 00007fca09352fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  759.361674][T13892] RBP: 00007fca08610b39 R08: 0000000000000000 R09: 0000000000000000
[  759.369752][T13892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  759.377936][T13892] R13: 0000000000000001 R14: 00007fca087b5fa0 R15: 00007ffea35bea58
[  759.385994][T13892]  </TASK>
[  759.389137][T13892] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  759.396479][T13892] CPU: 0 UID: 0 PID: 13892 Comm: syz.0.3217 Tainted: G     U              6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) 
[  759.410186][T13892] Tainted: [U]=USER
[  759.414026][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  759.424123][T13892] Call Trace:
[  759.427425][T13892]  <TASK>
[  759.430387][T13892]  dump_stack_lvl+0x3d/0x1f0
[  759.435035][T13892]  panic+0x71c/0x800
[  759.438985][T13892]  ? __pfx_panic+0x10/0x10
[  759.443452][T13892]  ? show_trace_log_lvl+0x29b/0x3e0
[  759.448756][T13892]  ? check_panic_on_warn+0x1f/0xb0
[  759.454026][T13892]  ? debug_print_object+0x1a2/0x2b0
[  759.459267][T13892]  check_panic_on_warn+0xab/0xb0
[  759.464254][T13892]  __warn+0xf6/0x3c0
[  759.468199][T13892]  ? debug_print_object+0x1a2/0x2b0
[  759.473448][T13892]  report_bug+0x3c3/0x580
[  759.477835][T13892]  ? debug_print_object+0x1a2/0x2b0
[  759.483074][T13892]  handle_bug+0x184/0x210
[  759.487463][T13892]  exc_invalid_op+0x17/0x50
[  759.492009][T13892]  asm_exc_invalid_op+0x1a/0x20
[  759.496893][T13892] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  759.502737][T13892] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 50 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  759.522413][T13892] RSP: 0018:ffffc900025cf768 EFLAGS: 00010286
[  759.528527][T13892] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[  759.536543][T13892] RDX: ffff88807be78000 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[  759.544556][T13892] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  759.552565][T13892] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0
[  759.560573][T13892] R13: ffffffff8bafe740 R14: ffffffff8a87a810 R15: ffffc900025cf868
[  759.568584][T13892]  ? __pfx_hci_devcd_timeout+0x10/0x10
[  759.574103][T13892]  ? __warn_printk+0x198/0x350
[  759.578916][T13892]  ? __warn_printk+0x1a5/0x350
[  759.583732][T13892]  ? debug_print_object+0x1a1/0x2b0
[  759.588961][T13892]  ? __pfx_hci_devcd_timeout+0x10/0x10
[  759.594464][T13892]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  759.600327][T13892]  debug_check_no_obj_freed+0x4b7/0x600
[  759.605925][T13892]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  759.612039][T13892]  ? rcu_is_watching+0x12/0xc0
[  759.616849][T13892]  ? kmem_cache_free+0x2d1/0x4d0
[  759.621925][T13892]  kfree+0x28f/0x4d0
[  759.625863][T13892]  ? hci_release_dev+0x4d8/0x600
[  759.630851][T13892]  hci_release_dev+0x4d8/0x600
[  759.635665][T13892]  ? __pfx_hci_release_dev+0x10/0x10
[  759.641000][T13892]  ? rcu_is_watching+0x12/0xc0
[  759.645803][T13892]  ? kfree+0x24f/0x4d0
[  759.649921][T13892]  bt_host_release+0x6a/0xb0
[  759.654552][T13892]  ? __pfx_bt_host_release+0x10/0x10
[  759.659886][T13892]  device_release+0xa1/0x240
[  759.664527][T13892]  kobject_put+0x1e7/0x5a0
[  759.669008][T13892]  ? __pfx_vhci_release+0x10/0x10
[  759.674084][T13892]  put_device+0x1f/0x30
[  759.678312][T13892]  vhci_release+0x81/0xf0
[  759.682698][T13892]  __fput+0x3ff/0xb70
[  759.686734][T13892]  task_work_run+0x14d/0x240
[  759.691372][T13892]  ? __pfx_task_work_run+0x10/0x10
[  759.696543][T13892]  do_exit+0x864/0x2bd0
[  759.700753][T13892]  ? __pfx_do_exit+0x10/0x10
[  759.705387][T13892]  ? cgroup_update_frozen_flag+0x107/0x210
[  759.711252][T13892]  ? find_held_lock+0x2b/0x80
[  759.715977][T13892]  do_group_exit+0xd3/0x2a0
[  759.720533][T13892]  get_signal+0x2673/0x26d0
[  759.725085][T13892]  ? hrtimer_nanosleep+0x187/0x380
[  759.730242][T13892]  ? __pfx_get_signal+0x10/0x10
[  759.735139][T13892]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  759.740405][T13892]  arch_do_signal_or_restart+0x8f/0x790
[  759.746027][T13892]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  759.752231][T13892]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  759.758455][T13892]  exit_to_user_mode_loop+0x84/0x110
[  759.763811][T13892]  do_syscall_64+0x3f6/0x490
[  759.768441][T13892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.774428][T13892] RIP: 0033:0x7fca085c11e5
[  759.778891][T13892] Code: Unable to access opcode bytes at 0x7fca085c11bb.
[  759.785945][T13892] RSP: 002b:00007fca09352f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  759.794399][T13892] RAX: fffffffffffffdfc RBX: 00007fca087b5fa0 RCX: 00007fca085c11e5
[  759.802484][T13892] RDX: 00007fca09352fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  759.810502][T13892] RBP: 00007fca08610b39 R08: 0000000000000000 R09: 0000000000000000
[  759.818557][T13892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  759.826558][T13892] R13: 0000000000000001 R14: 00007fca087b5fa0 R15: 00007ffea35bea58
[  759.834607][T13892]  </TASK>
[  759.838036][T13892] Kernel Offset: disabled
[  759.842390][T13892] Rebooting in 86400 seconds..