last executing test programs:
4.456790106s ago: executing program 3 (id=4394):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x400000f2, 0x400, 0x9}]})
3.882958175s ago: executing program 3 (id=4399):
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x10000000000048, 0x0)
r0 = fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0x4020aeb2, r0)
3.433011817s ago: executing program 3 (id=4402):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffffd, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
r0 = socket(0x29, 0x2, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r0, 0x89f2, 0x24)
3.397472726s ago: executing program 1 (id=4403):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0xa, 0x801, 0x84)
capget$auto(0x0, 0xfffffffffffffffe)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
getsockopt$auto(r0, 0x84, 0x72, 0x0, 0x0)
3.124643116s ago: executing program 1 (id=4405):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syncfs$auto(r0)
2.551611009s ago: executing program 2 (id=4408):
mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x73)
io_uring_setup$auto(0x6, 0x0)
getsockopt$auto(0x6, 0x40000000029, 0x49, 0x0, 0x0)
2.345467903s ago: executing program 2 (id=4409):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/dev_mcast\x00', 0x40280, 0x0)
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/devices\x00', 0x2000, 0x0)
pread64$auto(r0, &(0x7f0000000040)='veth1\x00', 0x200000000004, 0xfc)
2.250874363s ago: executing program 3 (id=4410):
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
ioctl$auto(0x3, 0x4020aea5, 0x38)
2.080046853s ago: executing program 2 (id=4411):
r0 = gettid()
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
io_uring_setup$auto(0xc, 0x0)
socket(0xa, 0x801, 0x84)
io_uring_setup$auto(0x4, 0x0)
io_uring_enter$auto(0x3, 0x0, 0x5, 0x3, 0x0, 0x2)
kill$auto(r0, 0x11)
1.71935969s ago: executing program 0 (id=4413):
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, 0x0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef)
1.714167509s ago: executing program 2 (id=4414):
r0 = socket(0x10, 0x2, 0x4)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x21}, 0x1, 0x0, 0x0, 0x28044810}, 0x800)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="149c1400", @ANYRES16=r0, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x4000)
bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x0, 0x10014, 0x10001, 0x2, 0x5f, 0x20000000000803, 0x2000000000000006}, 0x2)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
1.511106754s ago: executing program 0 (id=4415):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x3, 0x6)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
1.466648421s ago: executing program 2 (id=4416):
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40102, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
read$auto(0x3, 0x0, 0x7)
1.457645429s ago: executing program 1 (id=4424):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0xc)
setsockopt$auto(0x5, 0x104000000000010e, 0x2, 0x0, 0x16)
1.330332294s ago: executing program 3 (id=4417):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x5, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
sendfile$auto(0x6, 0x3, 0x0, 0xfdef)
1.276468142s ago: executing program 0 (id=4418):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000008080003000000000008000100", @ANYRES8=r0], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
1.07676658s ago: executing program 1 (id=4419):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/ext4/sda1/last_error_block\x00', 0x20880, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0)
ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d, 0x1, [0x0]})
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/17, 0x11)
1.075937989s ago: executing program 0 (id=4428):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x2, 0x1)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
808.085809ms ago: executing program 2 (id=4420):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x300000}, 0x8)
655.330973ms ago: executing program 1 (id=4421):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x572, 0x400, 0x9}]})
416.488669ms ago: executing program 0 (id=4422):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x64842, 0x0)
socket(0x15, 0x5, 0x0)
socket(0x2, 0x1, 0x106)
getsockopt$auto(0x4, 0x6, 0x4, 0x0, 0x0)
135.698284ms ago: executing program 0 (id=4423):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
timer_create$auto(0x9, 0x0, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0)
read$auto_l2cap_debugfs_fops_(r0, &(0x7f0000000240)=""/177, 0xb1)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0)
94.481387ms ago: executing program 1 (id=4425):
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
r0 = io_uring_setup$auto(0x4, 0x0)
close_range$auto(0x2, r0, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$auto(0x3, 0x80046f46, r1)
0s ago: executing program 3 (id=4426):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYBLOB="01002dbd7000f9dbdf2501000000060002000100000005000700570000000800090108000000050004000300000014001f00fe88000000000000000000000000000114002000ff010000000000000000000000000001"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
set_mempolicy$auto(0x2, 0x0, 0x4)
move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
write$auto(r0, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587)
read$auto(0x3, 0x0, 0x30)
kernel console output (not intermixed with test programs):
][ T9929] bridge_slave_1: entered promiscuous mode
[ 274.508811][ T9957] binder: 9955:9957 ioctl 4030582b 6 returned -22
[ 274.522954][ T9929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 274.536812][ T9929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 274.672266][ T9929] team0: Port device team_slave_0 added
[ 274.707978][ T9929] team0: Port device team_slave_1 added
[ 274.855723][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 274.862740][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 274.929183][ T9929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 274.966576][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 274.984010][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 275.024279][ T9929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 275.111787][ T9929] hsr_slave_0: entered promiscuous mode
[ 275.119385][ T9929] hsr_slave_1: entered promiscuous mode
[ 275.146541][ T9929] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 275.154561][ T9929] Cannot create hsr debugfs directory
[ 275.174217][ T5149] Bluetooth: hci2: command tx timeout
[ 275.482595][ T9983] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1560'.
[ 275.629966][ T9929] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 275.752345][ T9929] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 275.861041][ T9929] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 276.046080][ T9929] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 276.509834][ T9929] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 276.551510][ T9929] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 276.577538][ T9929] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 276.668231][ T9929] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 276.988374][ T9929] 8021q: adding VLAN 0 to HW filter on device bond0
[ 277.041353][ T9929] 8021q: adding VLAN 0 to HW filter on device team0
[ 277.069860][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 277.077130][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 277.162343][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 277.169615][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 277.253511][ T5149] Bluetooth: hci2: command tx timeout
[ 277.257430][ T9929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 277.423408][T10018] program syz.1.1575 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 277.728670][ T9929] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 277.853127][ T9929] veth0_vlan: entered promiscuous mode
[ 277.898492][ T9929] veth1_vlan: entered promiscuous mode
[ 278.008773][ T9929] veth0_macvtap: entered promiscuous mode
[ 278.050144][ T9929] veth1_macvtap: entered promiscuous mode
[ 278.127533][ T9929] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 278.171213][ T9929] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 278.198800][ T9929] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 278.243517][ T9929] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 278.262534][ T9929] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 278.289681][ T9929] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 278.527276][T10052] netlink: 294 bytes leftover after parsing attributes in process `syz.2.1588'.
[ 278.599279][ T209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 278.632163][ T209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 278.752823][ T209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 278.768294][ T209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 279.335654][ T5149] Bluetooth: hci2: command tx timeout
[ 279.391493][T10077] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1596'.
[ 280.764580][T10097] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 280.778653][T10097] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 280.805449][T10097] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 280.814916][T10097] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 280.841301][T10097] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 280.856281][T10097] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 280.870358][T10097] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 280.888263][T10097] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 280.898154][T10097] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 280.909843][T10097] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 281.665053][T10141] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1623'.
[ 282.064505][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout
[ 282.307695][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1631'.
[ 282.853701][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout
[ 282.853929][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout
[ 282.933752][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout
[ 284.946394][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout
[ 284.946480][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout
[ 285.023557][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout
[ 285.554983][T10194] kexec: Could not allocate control_code_buffer
[ 287.017693][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout
[ 287.017704][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout
[ 287.093518][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout
[ 287.982851][T10280] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1676'.
[ 288.207868][T10285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1678'.
[ 288.226493][T10285] ipvlan0: entered allmulticast mode
[ 288.231852][T10285] veth0_vlan: entered allmulticast mode
[ 289.805132][ T30] audit: type=1800 audit(1748690776.056:11): pid=10312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1688" name="dmabuf" dev="dmabuf" ino=6 res=0 errno=0
[ 289.915293][ T5149] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[ 292.511966][T10375] FAULT_INJECTION: forcing a failure.
[ 292.511966][T10375] name failslab, interval 1, probability 0, space 0, times 0
[ 292.543051][T10375] CPU: 1 UID: 0 PID: 10375 Comm: syz.1.1715 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 292.543106][T10375] Tainted: [U]=USER
[ 292.543118][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 292.543139][T10375] Call Trace:
[ 292.543149][T10375]
[ 292.543161][T10375] dump_stack_lvl+0x16c/0x1f0
[ 292.543212][T10375] should_fail_ex+0x512/0x640
[ 292.543257][T10375] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 292.543299][T10375] should_failslab+0xc2/0x120
[ 292.543341][T10375] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 292.543385][T10375] ? trace_cap_capable+0x18d/0x200
[ 292.543436][T10375] ? create_new_namespaces+0x30/0xa90
[ 292.543492][T10375] create_new_namespaces+0x30/0xa90
[ 292.543540][T10375] ? bpf_lsm_capable+0x9/0x10
[ 292.543571][T10375] ? security_capable+0x7e/0x260
[ 292.543627][T10375] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 292.543680][T10375] ksys_unshare+0x45b/0xa40
[ 292.543714][T10375] ? __pfx_ksys_unshare+0x10/0x10
[ 292.543749][T10375] ? xfd_validate_state+0x61/0x180
[ 292.543795][T10375] __x64_sys_unshare+0x31/0x40
[ 292.543828][T10375] do_syscall_64+0xcd/0x490
[ 292.543870][T10375] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 292.543902][T10375] RIP: 0033:0x7fb28e98e969
[ 292.543927][T10375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 292.543957][T10375] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 292.543987][T10375] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 292.544008][T10375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400
[ 292.544026][T10375] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 292.544044][T10375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 292.544059][T10375] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 292.544089][T10375]
[ 294.615475][T10417] FAULT_INJECTION: forcing a failure.
[ 294.615475][T10417] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 294.641099][T10417] CPU: 0 UID: 0 PID: 10417 Comm: syz.1.1732 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 294.641149][T10417] Tainted: [U]=USER
[ 294.641159][T10417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 294.641177][T10417] Call Trace:
[ 294.641187][T10417]
[ 294.641198][T10417] dump_stack_lvl+0x16c/0x1f0
[ 294.641241][T10417] should_fail_ex+0x512/0x640
[ 294.641293][T10417] should_fail_alloc_page+0xe7/0x130
[ 294.641336][T10417] prepare_alloc_pages+0x3c2/0x610
[ 294.641391][T10417] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 294.641427][T10417] ? stack_trace_save+0x8e/0xc0
[ 294.641472][T10417] ? __pfx_stack_trace_save+0x10/0x10
[ 294.641517][T10417] ? stack_depot_save_flags+0x28/0xa40
[ 294.641567][T10417] ? kasan_save_stack+0x42/0x60
[ 294.641598][T10417] ? kasan_save_stack+0x33/0x60
[ 294.641628][T10417] ? kasan_save_track+0x14/0x30
[ 294.641661][T10417] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 294.641697][T10417] ? __handle_mm_fault+0xaac/0x5450
[ 294.641726][T10417] ? __get_user_pages+0x570/0x3bb0
[ 294.641770][T10417] ? __mm_populate+0x1d8/0x380
[ 294.641793][T10417] ? vm_mmap_pgoff+0x362/0x450
[ 294.641833][T10417] ? ksys_mmap_pgoff+0x7d/0x5c0
[ 294.641874][T10417] ? __x64_sys_mmap+0x125/0x190
[ 294.641902][T10417] ? do_syscall_64+0xcd/0x490
[ 294.641944][T10417] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 294.641991][T10417] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 294.642030][T10417] ? policy_nodemask+0xea/0x4e0
[ 294.642072][T10417] alloc_pages_mpol+0x1fb/0x550
[ 294.642113][T10417] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 294.642162][T10417] alloc_pages_noprof+0x131/0x390
[ 294.642202][T10417] pte_alloc_one+0x19/0x380
[ 294.642240][T10417] __pte_alloc+0x6d/0x3c0
[ 294.642280][T10417] ? __pfx___pte_alloc+0x10/0x10
[ 294.642321][T10417] ? _raw_spin_unlock+0x28/0x50
[ 294.642349][T10417] ? __pmd_alloc+0x3fa/0x910
[ 294.642398][T10417] __handle_mm_fault+0x45c8/0x5450
[ 294.642439][T10417] ? __pfx___handle_mm_fault+0x10/0x10
[ 294.642503][T10417] handle_mm_fault+0x3fe/0xad0
[ 294.642542][T10417] __get_user_pages+0x570/0x3bb0
[ 294.642599][T10417] ? __pfx_mt_find+0x10/0x10
[ 294.642639][T10417] ? __pfx___get_user_pages+0x10/0x10
[ 294.642702][T10417] populate_vma_page_range+0x278/0x3a0
[ 294.642734][T10417] ? __pfx_populate_vma_page_range+0x10/0x10
[ 294.642762][T10417] ? __pfx_find_vma_intersection+0x10/0x10
[ 294.642811][T10417] ? do_mmap+0x69c/0x11b0
[ 294.642860][T10417] __mm_populate+0x1d8/0x380
[ 294.642890][T10417] ? __pfx___mm_populate+0x10/0x10
[ 294.642920][T10417] ? up_write+0x1b2/0x520
[ 294.642970][T10417] vm_mmap_pgoff+0x362/0x450
[ 294.643017][T10417] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 294.643069][T10417] ? __x64_sys_futex+0x1e0/0x4c0
[ 294.643094][T10417] ? __x64_sys_futex+0x1e9/0x4c0
[ 294.643126][T10417] ksys_mmap_pgoff+0x7d/0x5c0
[ 294.643171][T10417] ? __pfx_ksys_write+0x10/0x10
[ 294.643210][T10417] __x64_sys_mmap+0x125/0x190
[ 294.643247][T10417] do_syscall_64+0xcd/0x490
[ 294.643287][T10417] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 294.643317][T10417] RIP: 0033:0x7fb28e98e969
[ 294.643341][T10417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 294.643370][T10417] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 294.643399][T10417] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 294.643418][T10417] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[ 294.643437][T10417] RBP: 00007fb28ea10ab1 R08: 0000000000000002 R09: 0000000000008000
[ 294.643455][T10417] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[ 294.643472][T10417] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 294.643510][T10417]
[ 294.815116][ T5149] Bluetooth: hci3: Malformed Event: 0x02
[ 294.820180][ C0] vkms_vblank_simulate: vblank timer overrun
[ 298.402930][ T1112] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 298.569631][ T1112] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 298.779451][ T1112] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 298.982491][ T1112] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 299.490400][ T1112] bridge_slave_1: left allmulticast mode
[ 299.513350][ T1112] bridge_slave_1: left promiscuous mode
[ 299.519260][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 299.564154][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 299.573579][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 299.581530][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 299.598672][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 299.606582][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 299.675381][ T1112] bridge_slave_0: left allmulticast mode
[ 299.681115][ T1112] bridge_slave_0: left promiscuous mode
[ 299.691636][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 301.002257][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 301.022006][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 301.035307][ T1112] bond0 (unregistering): Released all slaves
[ 301.065761][ T5149] Bluetooth: hci0: Malformed Event: 0x02
[ 301.653678][ T5149] Bluetooth: hci1: command tx timeout
[ 301.680440][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1786'.
[ 302.135839][ T1112] hsr_slave_0: left promiscuous mode
[ 302.161528][ T1112] hsr_slave_1: left promiscuous mode
[ 302.174148][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 302.202115][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 302.274972][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 302.282452][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 302.353555][ T1112] veth1_macvtap: left promiscuous mode
[ 302.359293][ T1112] veth0_macvtap: left promiscuous mode
[ 302.374940][ T1112] veth1_vlan: left promiscuous mode
[ 302.387348][ T1112] veth0_vlan: left promiscuous mode
[ 303.462320][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 303.531530][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 303.743923][ T5149] Bluetooth: hci1: command tx timeout
[ 304.335248][T10525] chnl_net:caif_netlink_parms(): no params data found
[ 304.850002][T10635] bridge0: port 3(vlan1) entered blocking state
[ 304.868419][T10635] bridge0: port 3(vlan1) entered disabled state
[ 304.886851][T10635] vlan1: entered allmulticast mode
[ 304.894482][T10635] vlan1: entered promiscuous mode
[ 304.900643][T10635] bridge0: port 3(vlan1) entered blocking state
[ 304.908277][T10635] bridge0: port 3(vlan1) entered forwarding state
[ 304.989669][T10525] bridge0: port 1(bridge_slave_0) entered blocking state
[ 304.997150][T10525] bridge0: port 1(bridge_slave_0) entered disabled state
[ 305.004877][T10525] bridge_slave_0: entered allmulticast mode
[ 305.023059][T10525] bridge_slave_0: entered promiscuous mode
[ 305.143728][T10525] bridge0: port 2(bridge_slave_1) entered blocking state
[ 305.150946][T10525] bridge0: port 2(bridge_slave_1) entered disabled state
[ 305.161194][T10525] bridge_slave_1: entered allmulticast mode
[ 305.178030][T10525] bridge_slave_1: entered promiscuous mode
[ 305.321110][T10525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 305.369513][T10525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 305.772405][T10525] team0: Port device team_slave_0 added
[ 305.813511][ T5149] Bluetooth: hci1: command tx timeout
[ 305.891971][T10525] team0: Port device team_slave_1 added
[ 306.071426][T10525] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 306.089397][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 306.147079][T10656] sock: sock_set_timeout: `syz.3.1805' (pid 10656) tries to set negative timeout
[ 306.223508][T10525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 306.264182][T10525] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 306.271194][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 306.323348][T10525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 306.542847][T10525] hsr_slave_0: entered promiscuous mode
[ 306.578353][T10525] hsr_slave_1: entered promiscuous mode
[ 306.579375][T10667] netlink: 'syz.3.1809': attribute type 9 has an invalid length.
[ 306.604248][T10525] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 306.611870][T10525] Cannot create hsr debugfs directory
[ 306.628653][T10667] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1809'.
[ 307.893824][ T5149] Bluetooth: hci1: command tx timeout
[ 308.148840][T10525] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 308.176082][T10700] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1818'.
[ 308.190301][T10525] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 308.223584][T10525] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 308.264047][T10525] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 308.540791][T10525] 8021q: adding VLAN 0 to HW filter on device bond0
[ 308.601311][T10525] 8021q: adding VLAN 0 to HW filter on device team0
[ 308.656338][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 308.663622][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 308.717317][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 308.724592][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 309.219610][T10726] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1825'.
[ 309.501945][T10525] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 309.699806][T10525] veth0_vlan: entered promiscuous mode
[ 309.726672][T10525] veth1_vlan: entered promiscuous mode
[ 309.840943][T10525] veth0_macvtap: entered promiscuous mode
[ 309.872132][T10525] veth1_macvtap: entered promiscuous mode
[ 309.945638][T10525] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 309.981826][T10525] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 310.029145][T10525] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 310.055852][T10525] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 310.082316][T10525] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 310.122297][T10525] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 310.323029][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1835'.
[ 310.375931][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1835'.
[ 310.400579][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 310.440907][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 310.551981][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 310.587344][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 311.130339][T10777] ptrace attach of "./syz-executor exec"[5837] was attempted by ""[10777]
[ 312.186351][T10810] netlink: 130 bytes leftover after parsing attributes in process `syz.2.1852'.
[ 313.325564][T10848] batman_adv: batadv0: adding TT local entry 00:00:01:00:00:00 to non-existent VLAN 16
[ 318.098213][T10991] sctp: [Deprecated]: syz.2.1905 (pid 10991) Use of int in max_burst socket option deprecated.
[ 318.098213][T10991] Use struct sctp_assoc_value instead
[ 318.457018][T11001] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1909'.
[ 319.297354][T11026] netlink: 'syz.0.1921': attribute type 1 has an invalid length.
[ 319.320937][T11026] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1921'.
[ 321.694937][T11054] kexec: Could not allocate control_code_buffer
[ 322.285063][T11095] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1947'.
[ 322.303711][T11095] vlan1: entered allmulticast mode
[ 322.326312][T11095] veth0_vlan: entered allmulticast mode
[ 322.385102][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 322.406375][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 326.741979][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1991'.
[ 328.221145][T11254] netlink: 'syz.2.2010': attribute type 5 has an invalid length.
[ 329.353987][T11284] nbd: socks must be embedded in a SOCK_ITEM attr
[ 329.372144][T11284] block nbd2: shutting down sockets
[ 331.664024][T11330] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 334.128716][T11398] qrtr: Invalid version 0
[ 335.395293][T11435] =======================================================
[ 335.395293][T11435] WARNING: The mand mount option has been deprecated and
[ 335.395293][T11435] and is ignored by this kernel. Remove the mand
[ 335.395293][T11435] option from the mount to silence this warning.
[ 335.395293][T11435] =======================================================
[ 338.127712][T11493] CIFS: VFS: Unsupported security flags: 0x10
[ 338.428761][T11502] netlink: 280 bytes leftover after parsing attributes in process `syz.1.2113'.
[ 338.830784][ T5149] Bluetooth: hci3: Malformed Event: 0x2f
[ 340.900674][T11563] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2140'.
[ 343.952107][T11656] overlayfs: missing 'lowerdir'
[ 346.760082][T11734] netlink: 'syz.3.2208': attribute type 1 has an invalid length.
[ 347.538379][T11758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2219'.
[ 347.635506][T11758] team0: Port device team_slave_0 removed
[ 348.449416][T11777] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2225'.
[ 348.693827][T11740] kexec: Could not allocate control_code_buffer
[ 349.440419][T11806] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2238'.
[ 349.871043][T11823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2245'.
[ 351.203583][T11862] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2260'.
[ 351.215332][T11863] netlink: 194 bytes leftover after parsing attributes in process `syz.0.2268'.
[ 352.292562][T11892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2271'.
[ 352.427523][T11892] team0: Port device team_slave_0 removed
[ 353.102088][T11912] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2281'.
[ 355.278011][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2298'.
[ 355.298093][T11956] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2298'.
[ 355.682357][T11969] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2305'.
[ 357.149431][T12016] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2323'.
[ 357.308349][T12020] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2326'.
[ 357.498330][T12026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2328'.
[ 357.881355][T12026] team0: Port device team_slave_0 removed
[ 358.397022][T12036] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2332'.
[ 360.003161][T12077] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2350'.
[ 360.028928][T12077] vcan0: entered promiscuous mode
[ 360.868982][T12098] svc: failed to register nfsdv3 RPC service (errno 111).
[ 360.884398][T12098] svc: failed to register nfsaclv3 RPC service (errno 111).
[ 361.384167][T12118] netlink: 'syz.2.2368': attribute type 1 has an invalid length.
[ 362.147034][T12135] netlink: 'syz.3.2376': attribute type 16 has an invalid length.
[ 362.177335][T12135] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2376'.
[ 363.000929][T12163] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2388'.
[ 363.524850][T12174] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2393'.
[ 363.638660][T12176] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2394'.
[ 363.856672][T12179] lo: entered promiscuous mode
[ 363.880452][T12179] lo: left promiscuous mode
[ 364.578782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[ 364.684492][T12209] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2408'.
[ 365.795077][T12234] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2415'.
[ 365.870921][T12235] netlink: 74 bytes leftover after parsing attributes in process `syz.1.2423'.
[ 366.265633][T12247] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2419'.
[ 366.618216][T12256] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2424'.
[ 366.656564][T12256] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[ 367.619490][T12276] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2428'.
[ 368.107673][T12288] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2433'.
[ 368.266906][T12284] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2433'.
[ 369.184614][T12313] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2447'.
[ 369.228690][T12313] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2447'.
[ 370.796963][T12346] netlink: 'syz.0.2459': attribute type 1 has an invalid length.
[ 370.845001][T12348] nbd: must specify at least one socket
[ 371.922438][T12372] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2469'.
[ 372.749873][T12379] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 372.906905][T12392] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2477'.
[ 374.513693][ T30] audit: type=1800 audit(4294967304.496:12): pid=12427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2491" name="dbroot" dev="configfs" ino=31027 res=0 errno=0
[ 375.864396][T12461] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2506'.
[ 376.760674][T12467] sctp: [Deprecated]: syz.3.2507 (pid 12467) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 376.760674][T12467] Use struct sctp_sack_info instead
[ 379.202288][T12537] Invalid ELF header magic: != ELF
[ 379.259249][T12542] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2535'.
[ 380.189648][T12566] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2544'.
[ 381.535298][T12617] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2560'.
[ 381.926098][T12629] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2563'.
[ 383.771797][T12670] FAULT_INJECTION: forcing a failure.
[ 383.771797][T12670] name failslab, interval 1, probability 0, space 0, times 0
[ 383.805031][T12670] CPU: 0 UID: 0 PID: 12670 Comm: syz.1.2575 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 383.805091][T12670] Tainted: [U]=USER
[ 383.805102][T12670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 383.805123][T12670] Call Trace:
[ 383.805135][T12670]
[ 383.805148][T12670] dump_stack_lvl+0x16c/0x1f0
[ 383.805195][T12670] should_fail_ex+0x512/0x640
[ 383.805243][T12670] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 383.805282][T12670] should_failslab+0xc2/0x120
[ 383.805325][T12670] __kmalloc_cache_noprof+0x6a/0x3e0
[ 383.805361][T12670] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30
[ 383.805423][T12670] snd_pcm_oss_change_params_locked+0x1db/0x3a30
[ 383.805490][T12670] ? rcu_is_watching+0x12/0xc0
[ 383.805541][T12670] ? __mutex_lock+0x1ca/0xb90
[ 383.805585][T12670] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 383.805643][T12670] ? __pfx___mutex_lock+0x10/0x10
[ 383.805698][T12670] ? __fsnotify_parent+0x24b/0xc40
[ 383.805766][T12670] snd_pcm_oss_make_ready+0xe6/0x1b0
[ 383.805820][T12670] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 383.805871][T12670] snd_pcm_oss_sync+0x1de/0x840
[ 383.805928][T12670] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 383.805981][T12670] snd_pcm_oss_release+0x28b/0x310
[ 383.806037][T12670] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 383.806087][T12670] __fput+0x402/0xb70
[ 383.806141][T12670] task_work_run+0x150/0x240
[ 383.806184][T12670] ? __pfx_task_work_run+0x10/0x10
[ 383.806227][T12670] ? __pfx___do_sys_close_range+0x10/0x10
[ 383.806275][T12670] exit_to_user_mode_loop+0xeb/0x110
[ 383.806319][T12670] do_syscall_64+0x3f6/0x490
[ 383.806362][T12670] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 383.806396][T12670] RIP: 0033:0x7fb28e98e969
[ 383.806422][T12670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 383.806463][T12670] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 383.806495][T12670] RAX: 0000000000000000 RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 383.806516][T12670] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000
[ 383.806536][T12670] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 383.806557][T12670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 383.806577][T12670] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 383.806620][T12670]
[ 384.215755][T12674] openvswitch: netlink: Unknown nsh attribute 0
[ 384.236067][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 384.242538][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 384.733344][T12691] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2586'.
[ 388.900932][T12808] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2630'.
[ 389.138554][T12820] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2635'.
[ 389.414659][T12829] [U] �
[ 389.417833][T12829] [U]
[ 389.420606][T12829] [U]
[ 389.423369][T12829] [U]
[ 389.448115][T12829] [U]
[ 389.450931][T12829] [U]
[ 389.453698][T12829] [U]
[ 389.456458][T12829] [U]
[ 389.507300][T12829] [U]
[ 389.510103][T12829] [U]
[ 389.512875][T12829] [U]
[ 389.515638][T12829] [U]
[ 389.553237][T12829] [U]
[ 390.816950][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 390.837043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 390.855230][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 390.864053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[ 391.836172][T12891] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2663'.
[ 392.043038][T12873] kexec: Could not allocate control_code_buffer
[ 394.258046][T12946] binder: 12945:12946 ioctl 4030582b 6 returned -22
[ 394.266802][T12946] binder: 12945:12946 ioctl c0306201 2000000000c0 returned -11
[ 394.463246][T12955] netlink: 'syz.0.2689': attribute type 4 has an invalid length.
[ 394.483237][T12955] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2689'.
[ 394.724206][T12966] cifs: Unknown parameter 'no�+ 1�`r�sFn)��aHāh`9k�A}�1\D@�.ZC�g^��'
[ 394.972851][T12974] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2696'.
[ 395.159904][T12979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2699'.
[ 395.753759][T12999] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2707'.
[ 395.935212][T13007] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2711'.
[ 396.428062][T13026] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2717'.
[ 396.545040][T13030] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2720'.
[ 397.514144][T13052] netlink: 'syz.0.2729': attribute type 11 has an invalid length.
[ 397.836684][T13065] netlink: 'syz.1.2734': attribute type 35 has an invalid length.
[ 397.993989][T13064] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2735'.
[ 398.218491][T13079] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2739'.
[ 398.476200][ T5149] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 399.704155][T13104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2750'.
[ 399.910240][T13106] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2752'.
[ 400.042318][T13106] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 400.056880][T13106] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 400.100162][T13106] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 400.129032][T13106] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 401.201200][T13142] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2774'.
[ 401.235617][T13145] lo: entered allmulticast mode
[ 401.296654][T13148] lo: left allmulticast mode
[ 402.284833][T13180] netlink: 'syz.1.2780': attribute type 13 has an invalid length.
[ 402.315389][T13179] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2781'.
[ 402.444035][ T5149] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 404.156472][T13220] Device name cannot be null; rc = [-22]
[ 404.302190][T13226] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2799'.
[ 404.328127][T13230] lo: entered allmulticast mode
[ 404.338240][T13226] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 404.356403][T13226] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 404.375876][T13226] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 404.388256][T13226] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 404.459646][T13233] lo: left allmulticast mode
[ 404.642442][T13235] GUP no longer grows the stack in syz.2.2802 (13235): 14000-401000 (4000)
[ 404.670692][T13235] CPU: 1 UID: 0 PID: 13235 Comm: syz.2.2802 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 404.670749][T13235] Tainted: [U]=USER
[ 404.670759][T13235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 404.670776][T13235] Call Trace:
[ 404.670785][T13235]
[ 404.670796][T13235] dump_stack_lvl+0x16c/0x1f0
[ 404.670836][T13235] gup_vma_lookup+0x1d2/0x220
[ 404.670881][T13235] __get_user_pages+0x250/0x3bb0
[ 404.670936][T13235] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[ 404.670976][T13235] ? kasan_save_stack+0x42/0x60
[ 404.671007][T13235] ? __pfx___get_user_pages+0x10/0x10
[ 404.671051][T13235] ? register_lock_class+0x41/0x4c0
[ 404.671078][T13235] ? __x64_sys_process_vm_readv+0xe2/0x1c0
[ 404.671115][T13235] ? do_syscall_64+0xcd/0x490
[ 404.671158][T13235] __gup_longterm_locked+0x20d/0x1850
[ 404.671205][T13235] ? __lock_acquire+0xb8a/0x1c90
[ 404.671239][T13235] ? __pfx___gup_longterm_locked+0x10/0x10
[ 404.671306][T13235] pin_user_pages_remote+0xed/0x140
[ 404.671356][T13235] ? __pfx_pin_user_pages_remote+0x10/0x10
[ 404.671404][T13235] ? mm_access+0x22d/0x2e0
[ 404.671449][T13235] process_vm_rw_core.constprop.0+0x41b/0x9a0
[ 404.671504][T13235] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[ 404.671546][T13235] ? iovec_from_user+0xbb/0x140
[ 404.671607][T13235] ? iovec_from_user+0xbb/0x140
[ 404.671654][T13235] process_vm_rw+0x216/0x2c0
[ 404.671695][T13235] ? __pfx_process_vm_rw+0x10/0x10
[ 404.671740][T13235] ? up_write+0x1b2/0x520
[ 404.671803][T13235] ? xfd_validate_state+0x61/0x180
[ 404.671829][T13235] ? __task_pid_nr_ns+0x17c/0x500
[ 404.671862][T13235] __x64_sys_process_vm_readv+0xe2/0x1c0
[ 404.671900][T13235] ? do_syscall_64+0x91/0x490
[ 404.671932][T13235] ? lockdep_hardirqs_on+0x7c/0x110
[ 404.671962][T13235] do_syscall_64+0xcd/0x490
[ 404.671998][T13235] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 404.672026][T13235] RIP: 0033:0x7f332198e969
[ 404.672048][T13235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 404.672076][T13235] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[ 404.672104][T13235] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 404.672122][T13235] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000226
[ 404.672140][T13235] RBP: 00007f3321a10ab1 R08: 0000000000000003 R09: 0000000000000000
[ 404.672157][T13235] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[ 404.672175][T13235] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 404.672211][T13235]
[ 405.468924][T13260] RDS: rds_bind could not find a transport for fe80::465:4157:bc30:9bbd, load rds_tcp or rds_rdma?
[ 405.562103][T13262] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2811'.
[ 405.899937][T13270] lo: entered allmulticast mode
[ 405.963751][T13273] lo: left allmulticast mode
[ 407.056291][T13308] lo: entered allmulticast mode
[ 407.145138][T13313] lo: left allmulticast mode
[ 407.219328][T13315] ERROR: Out of memory at tomoyo_memory_ok.
[ 407.231690][T13315] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/457/file0' not defined.
[ 407.636495][T13329] FAULT_INJECTION: forcing a failure.
[ 407.636495][T13329] name failslab, interval 1, probability 0, space 0, times 0
[ 407.650850][T13329] CPU: 0 UID: 0 PID: 13329 Comm: syz.3.2839 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 407.650909][T13329] Tainted: [U]=USER
[ 407.650921][T13329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 407.650941][T13329] Call Trace:
[ 407.650951][T13329]
[ 407.650964][T13329] dump_stack_lvl+0x16c/0x1f0
[ 407.651012][T13329] should_fail_ex+0x512/0x640
[ 407.651061][T13329] ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 407.651113][T13329] should_failslab+0xc2/0x120
[ 407.651166][T13329] __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 407.651212][T13329] ? __pfx__proc_mkdir+0x10/0x10
[ 407.651255][T13329] ? nf_lwtunnel_net_init+0x38/0xf0
[ 407.651308][T13329] ? __pfx_nf_lwtunnel_net_init+0x10/0x10
[ 407.651362][T13329] kmemdup_noprof+0x29/0x60
[ 407.651406][T13329] nf_lwtunnel_net_init+0x38/0xf0
[ 407.651457][T13329] ops_init+0x1e2/0x5f0
[ 407.651507][T13329] setup_net+0x1ff/0x510
[ 407.651549][T13329] ? lockdep_init_map_type+0x5c/0x280
[ 407.651585][T13329] ? __pfx_setup_net+0x10/0x10
[ 407.651632][T13329] ? debug_mutex_init+0x37/0x70
[ 407.651683][T13329] copy_net_ns+0x2a6/0x5f0
[ 407.651736][T13329] create_new_namespaces+0x3ea/0xa90
[ 407.651798][T13329] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 407.651853][T13329] ksys_unshare+0x45b/0xa40
[ 407.651890][T13329] ? __pfx_ksys_unshare+0x10/0x10
[ 407.651927][T13329] ? xfd_validate_state+0x61/0x180
[ 407.651975][T13329] __x64_sys_unshare+0x31/0x40
[ 407.652014][T13329] do_syscall_64+0xcd/0x490
[ 407.652058][T13329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 407.652092][T13329] RIP: 0033:0x7ff6ca18e969
[ 407.652119][T13329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 407.652159][T13329] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 407.652191][T13329] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 407.652214][T13329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 407.652233][T13329] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 407.652253][T13329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 407.652273][T13329] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 407.652316][T13329]
[ 408.752823][T13347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2843'.
[ 409.060410][T13356] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2844'.
[ 409.317610][T13363] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2847'.
[ 409.789017][T13372] lo: entered allmulticast mode
[ 409.922333][T13378] FAULT_INJECTION: forcing a failure.
[ 409.922333][T13378] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 409.938342][T13378] CPU: 1 UID: 0 PID: 13378 Comm: syz.2.2851 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 409.938396][T13378] Tainted: [U]=USER
[ 409.938408][T13378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 409.938428][T13378] Call Trace:
[ 409.938438][T13378]
[ 409.938450][T13378] dump_stack_lvl+0x16c/0x1f0
[ 409.938496][T13378] should_fail_ex+0x512/0x640
[ 409.938548][T13378] _copy_to_iter+0x29f/0x16f0
[ 409.938605][T13378] ? chacha_block_generic+0x211/0x330
[ 409.938653][T13378] ? __pfx__copy_to_iter+0x10/0x10
[ 409.938711][T13378] ? __pfx___might_resched+0x10/0x10
[ 409.938755][T13378] ? crng_make_state+0x48e/0x6d0
[ 409.938794][T13378] get_random_bytes_user+0x17f/0x3c0
[ 409.938832][T13378] ? __pfx_get_random_bytes_user+0x10/0x10
[ 409.938864][T13378] ? do_writev+0x218/0x340
[ 409.938961][T13378] ? do_futex+0x122/0x350
[ 409.938999][T13378] ? import_ubuf+0x1b6/0x220
[ 409.939051][T13378] __x64_sys_getrandom+0x183/0x290
[ 409.939088][T13378] ? __pfx___x64_sys_getrandom+0x10/0x10
[ 409.939144][T13378] do_syscall_64+0xcd/0x490
[ 409.939186][T13378] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 409.939219][T13378] RIP: 0033:0x7f332198e969
[ 409.939245][T13378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 409.939277][T13378] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
[ 409.939308][T13378] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 409.939330][T13378] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000
[ 409.939349][T13378] RBP: 00007f3321a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 409.939369][T13378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 409.939388][T13378] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 409.939428][T13378]
[ 410.217485][T13376] lo: left allmulticast mode
[ 410.721005][T13388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2853'.
[ 412.722814][T13435] netlink: 'syz.3.2870': attribute type 15 has an invalid length.
[ 412.888740][T13435] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2870'.
[ 413.179727][ T5149] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11
[ 413.634454][T13445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2874'.
[ 414.306216][T13456] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[ 415.167263][T13476] FAULT_INJECTION: forcing a failure.
[ 415.167263][T13476] name failslab, interval 1, probability 0, space 0, times 0
[ 415.228565][T13476] CPU: 1 UID: 0 PID: 13476 Comm: syz.2.2882 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 415.228623][T13476] Tainted: [U]=USER
[ 415.228636][T13476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 415.228656][T13476] Call Trace:
[ 415.228666][T13476]
[ 415.228679][T13476] dump_stack_lvl+0x16c/0x1f0
[ 415.228725][T13476] should_fail_ex+0x512/0x640
[ 415.228773][T13476] ? __kmalloc_noprof+0xbf/0x510
[ 415.228815][T13476] ? snd_midi_event_new+0xa1/0x210
[ 415.228857][T13476] should_failslab+0xc2/0x120
[ 415.228900][T13476] __kmalloc_noprof+0xd2/0x510
[ 415.228947][T13476] snd_midi_event_new+0xa1/0x210
[ 415.228993][T13476] snd_virmidi_output_open+0x106/0x670
[ 415.229047][T13476] open_substream+0x478/0x9b0
[ 415.229104][T13476] rawmidi_open_priv+0x543/0x6e0
[ 415.229143][T13476] snd_rawmidi_open+0x4cc/0xbf0
[ 415.229185][T13476] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 415.229222][T13476] ? __pfx_default_wake_function+0x10/0x10
[ 415.229273][T13476] ? do_raw_spin_lock+0x12c/0x2b0
[ 415.229317][T13476] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 415.229350][T13476] snd_open+0x201/0x450
[ 415.229395][T13476] ? __pfx_snd_open+0x10/0x10
[ 415.229448][T13476] chrdev_open+0x231/0x6a0
[ 415.229489][T13476] ? __pfx_chrdev_open+0x10/0x10
[ 415.229532][T13476] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 415.229596][T13476] do_dentry_open+0x744/0x1c10
[ 415.229634][T13476] ? __pfx_chrdev_open+0x10/0x10
[ 415.229682][T13476] vfs_open+0x82/0x3f0
[ 415.229733][T13476] path_openat+0x1de4/0x2cb0
[ 415.229783][T13476] ? __pfx_path_openat+0x10/0x10
[ 415.229822][T13476] ? __lock_acquire+0xb8a/0x1c90
[ 415.229859][T13476] do_filp_open+0x20b/0x470
[ 415.229895][T13476] ? __pfx_do_filp_open+0x10/0x10
[ 415.229963][T13476] ? alloc_fd+0x471/0x7d0
[ 415.230007][T13476] do_sys_openat2+0x11b/0x1d0
[ 415.230054][T13476] ? __pfx_do_sys_openat2+0x10/0x10
[ 415.230119][T13476] __x64_sys_openat+0x174/0x210
[ 415.230174][T13476] ? __pfx___x64_sys_openat+0x10/0x10
[ 415.230241][T13476] do_syscall_64+0xcd/0x490
[ 415.230285][T13476] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 415.230318][T13476] RIP: 0033:0x7f332198e969
[ 415.230346][T13476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 415.230379][T13476] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 415.230411][T13476] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 415.230439][T13476] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 415.230460][T13476] RBP: 00007f3321a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 415.230481][T13476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 415.230500][T13476] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 415.230543][T13476]
[ 416.285940][T13497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2888'.
[ 416.523671][T13503] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2889'.
[ 418.579626][T13540] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2900'.
[ 419.151974][T13550] batman_adv: batadv0: adding TT local entry 00:00:01:00:00:00 to non-existent VLAN 16
[ 419.702600][T13562] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2910'.
[ 421.392508][T13627] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2928'.
[ 421.791697][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[ 421.835599][T13646] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2933'.
[ 422.102508][T13653] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2936'.
[ 422.363345][T13661] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2939'.
[ 422.396773][T13661] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2939'.
[ 424.338080][T13701] FAULT_INJECTION: forcing a failure.
[ 424.338080][T13701] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 424.414032][T13701] CPU: 1 UID: 0 PID: 13701 Comm: syz.1.2953 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 424.414090][T13701] Tainted: [U]=USER
[ 424.414102][T13701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 424.414123][T13701] Call Trace:
[ 424.414134][T13701]
[ 424.414146][T13701] dump_stack_lvl+0x16c/0x1f0
[ 424.414191][T13701] should_fail_ex+0x512/0x640
[ 424.414247][T13701] should_fail_alloc_page+0xe7/0x130
[ 424.414294][T13701] prepare_alloc_pages+0x3c2/0x610
[ 424.414346][T13701] ? rcu_is_watching+0x12/0xc0
[ 424.414396][T13701] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 424.414447][T13701] ? __lock_acquire+0x622/0x1c90
[ 424.414484][T13701] ? xas_create+0x1d7/0x1460
[ 424.414538][T13701] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 424.414581][T13701] ? css_rstat_updated+0x9d/0xd30
[ 424.414629][T13701] ? lock_acquire+0x179/0x350
[ 424.414677][T13701] ? __lock_acquire+0x622/0x1c90
[ 424.414708][T13701] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 424.414751][T13701] ? policy_nodemask+0xea/0x4e0
[ 424.414796][T13701] alloc_pages_mpol+0x1fb/0x550
[ 424.414841][T13701] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 424.414887][T13701] ? filemap_get_entry+0x1a7/0x3b0
[ 424.414939][T13701] folio_alloc_noprof+0x20/0x2d0
[ 424.414988][T13701] filemap_alloc_folio_noprof+0x3a1/0x470
[ 424.415027][T13701] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[ 424.415075][T13701] __filemap_get_folio+0x5e9/0xc10
[ 424.415131][T13701] ioctx_alloc+0x761/0x2120
[ 424.415182][T13701] ? __pfx_ioctx_alloc+0x10/0x10
[ 424.415209][T13701] ? __might_fault+0x13b/0x190
[ 424.415259][T13701] __x64_sys_io_setup+0xc9/0x210
[ 424.415293][T13701] do_syscall_64+0xcd/0x490
[ 424.415337][T13701] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 424.415370][T13701] RIP: 0033:0x7fb28e98e969
[ 424.415396][T13701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 424.415430][T13701] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[ 424.415461][T13701] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 424.415483][T13701] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe
[ 424.415530][T13701] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 424.415550][T13701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 424.415570][T13701] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 424.415613][T13701]
[ 425.372188][ T5149] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[ 425.372236][ T5149] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[ 425.387618][ T5149] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[ 425.387677][ T5149] Bluetooth: hci2: adv larger than maximum supported
[ 425.395770][ T5149] Bluetooth: hci2: Malformed LE Event: 0x0d
[ 426.665529][ T30] audit: type=1800 audit(4294967356.600:13): pid=13745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2970" name="file0" dev="tmpfs" ino=1597 res=0 errno=0
[ 428.265385][T13784] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2986'.
[ 431.140065][T13867] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3016'.
[ 431.688375][T13886] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3024'.
[ 433.341999][T13923] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3038'.
[ 435.263708][T13975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3058'.
[ 435.274507][T13975] veth0_vlan: entered allmulticast mode
[ 435.885615][T13993] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3066'.
[ 436.173444][T14000] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3067'.
[ 436.559556][T14012] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3072'.
[ 438.486428][T14053] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3088'.
[ 439.853597][T14087] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3099'.
[ 440.227205][T14094] netlink: 206 bytes leftover after parsing attributes in process `syz.3.3101'.
[ 441.700452][T14131] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3118'.
[ 442.223078][T14147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3125'.
[ 442.435909][T14152] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 443.428298][T14177] FAULT_INJECTION: forcing a failure.
[ 443.428298][T14177] name failslab, interval 1, probability 0, space 0, times 0
[ 443.510085][T14177] CPU: 0 UID: 0 PID: 14177 Comm: syz.2.3136 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 443.510175][T14177] Tainted: [U]=USER
[ 443.510192][T14177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 443.510225][T14177] Call Trace:
[ 443.510242][T14177]
[ 443.510262][T14177] dump_stack_lvl+0x16c/0x1f0
[ 443.510310][T14177] should_fail_ex+0x512/0x640
[ 443.510359][T14177] ? fs_reclaim_acquire+0xae/0x150
[ 443.510417][T14177] should_failslab+0xc2/0x120
[ 443.510462][T14177] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 443.510504][T14177] ? security_inode_alloc+0x3b/0x2b0
[ 443.510546][T14177] security_inode_alloc+0x3b/0x2b0
[ 443.510582][T14177] inode_init_always_gfp+0xce4/0x1030
[ 443.510625][T14177] alloc_inode+0x86/0x240
[ 443.510683][T14177] path_from_stashed+0x2be/0xb00
[ 443.510719][T14177] ? do_raw_spin_lock+0x12c/0x2b0
[ 443.510772][T14177] ? __pfx_path_from_stashed+0x10/0x10
[ 443.510811][T14177] ? do_raw_spin_unlock+0x172/0x230
[ 443.510859][T14177] ns_get_path+0x5f/0x80
[ 443.510891][T14177] proc_ns_get_link+0x121/0x260
[ 443.510927][T14177] ? __pfx_proc_ns_get_link+0x10/0x10
[ 443.510966][T14177] ? atime_needs_update+0x8b/0x710
[ 443.511016][T14177] ? __pfx_proc_ns_get_link+0x10/0x10
[ 443.511052][T14177] step_into+0x1a2c/0x2270
[ 443.511090][T14177] ? __pfx_step_into+0x10/0x10
[ 443.511123][T14177] ? find_held_lock+0x2b/0x80
[ 443.511179][T14177] path_openat+0x6db/0x2cb0
[ 443.511227][T14177] ? __pfx_path_openat+0x10/0x10
[ 443.511266][T14177] ? __lock_acquire+0xb8a/0x1c90
[ 443.511302][T14177] do_filp_open+0x20b/0x470
[ 443.511339][T14177] ? __pfx_do_filp_open+0x10/0x10
[ 443.511404][T14177] ? alloc_fd+0x471/0x7d0
[ 443.511445][T14177] do_sys_openat2+0x11b/0x1d0
[ 443.511492][T14177] ? __pfx_do_sys_openat2+0x10/0x10
[ 443.511556][T14177] __x64_sys_openat+0x174/0x210
[ 443.511606][T14177] ? __pfx___x64_sys_openat+0x10/0x10
[ 443.511690][T14177] do_syscall_64+0xcd/0x490
[ 443.511742][T14177] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 443.511779][T14177] RIP: 0033:0x7f332198d2d0
[ 443.511807][T14177] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 443.511841][T14177] RSP: 002b:00007f3322777f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 443.511873][T14177] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f332198d2d0
[ 443.511895][T14177] RDX: 0000000000000002 RSI: 00007f3322777fa0 RDI: 00000000ffffff9c
[ 443.511918][T14177] RBP: 00007f3322777fa0 R08: 0000000000000000 R09: 0000000000000000
[ 443.511939][T14177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 443.511959][T14177] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 443.512003][T14177]
[ 444.161153][T14185] netlink: 'syz.3.3141': attribute type 1 has an invalid length.
[ 444.180480][T14185] netlink: 322 bytes leftover after parsing attributes in process `syz.3.3141'.
[ 444.261237][T14190] netlink: 'syz.3.3141': attribute type 1 has an invalid length.
[ 444.280580][T14190] netlink: 322 bytes leftover after parsing attributes in process `syz.3.3141'.
[ 445.311789][T14216] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3150'.
[ 445.341448][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 445.347843][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 445.582302][T14219] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3152'.
[ 446.107732][T14231] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3157'.
[ 446.581231][T14245] FAULT_INJECTION: forcing a failure.
[ 446.581231][T14245] name failslab, interval 1, probability 0, space 0, times 0
[ 446.611076][T14245] CPU: 1 UID: 0 PID: 14245 Comm: syz.2.3163 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 446.611136][T14245] Tainted: [U]=USER
[ 446.611147][T14245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 446.611168][T14245] Call Trace:
[ 446.611179][T14245]
[ 446.611193][T14245] dump_stack_lvl+0x16c/0x1f0
[ 446.611240][T14245] should_fail_ex+0x512/0x640
[ 446.611290][T14245] ? fs_reclaim_acquire+0xae/0x150
[ 446.611348][T14245] should_failslab+0xc2/0x120
[ 446.611392][T14245] __kmalloc_cache_noprof+0x6a/0x3e0
[ 446.611438][T14245] ? tomoyo_write_log2+0x33d/0xc10
[ 446.611490][T14245] tomoyo_write_log2+0x33d/0xc10
[ 446.611539][T14245] tomoyo_supervisor+0x15e/0x13b0
[ 446.611607][T14245] ? __pfx_tomoyo_supervisor+0x10/0x10
[ 446.611679][T14245] ? lockdep_hardirqs_on+0x7c/0x110
[ 446.611725][T14245] ? tomoyo_check_path_acl+0xad/0x210
[ 446.611763][T14245] ? tomoyo_check_acl+0x1f7/0x410
[ 446.611826][T14245] tomoyo_path_permission+0x270/0x3b0
[ 446.611869][T14245] tomoyo_check_open_permission+0x37b/0x3c0
[ 446.611910][T14245] ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 446.611994][T14245] ? do_raw_spin_lock+0x12c/0x2b0
[ 446.612049][T14245] tomoyo_file_open+0x6b/0x90
[ 446.612102][T14245] security_file_open+0x84/0x1e0
[ 446.612146][T14245] do_dentry_open+0x596/0x1c10
[ 446.612199][T14245] vfs_open+0x82/0x3f0
[ 446.612253][T14245] path_openat+0x1de4/0x2cb0
[ 446.612304][T14245] ? __pfx_path_openat+0x10/0x10
[ 446.612343][T14245] ? __lock_acquire+0xb8a/0x1c90
[ 446.612382][T14245] do_filp_open+0x20b/0x470
[ 446.612427][T14245] ? __pfx_do_filp_open+0x10/0x10
[ 446.612496][T14245] ? alloc_fd+0x471/0x7d0
[ 446.612542][T14245] do_sys_openat2+0x11b/0x1d0
[ 446.612592][T14245] ? __pfx_do_sys_openat2+0x10/0x10
[ 446.612659][T14245] __x64_sys_openat+0x174/0x210
[ 446.612712][T14245] ? __pfx___x64_sys_openat+0x10/0x10
[ 446.612780][T14245] do_syscall_64+0xcd/0x490
[ 446.612825][T14245] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 446.612860][T14245] RIP: 0033:0x7f332198e969
[ 446.612888][T14245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 446.612925][T14245] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 446.612958][T14245] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 446.612981][T14245] RDX: 0000000000129c00 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 446.613003][T14245] RBP: 00007f3321a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 446.613024][T14245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 446.613045][T14245] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 446.613089][T14245]
[ 449.470507][T14299] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3184'.
[ 449.486525][T14281] ERROR: Out of memory at tomoyo_memory_ok.
[ 450.141342][T14307] Process accounting resumed
[ 450.713979][T14322] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3192'.
[ 451.047499][T14326] sd 0:0:1:0: device reset
[ 453.295943][T14369] netlink: 'syz.2.3208': attribute type 21 has an invalid length.
[ 453.327282][T14369] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3208'.
[ 454.176649][T14385] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3213'.
[ 455.997972][T14417] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3224'.
[ 460.833520][T14500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3259'.
[ 460.910781][T14500] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3259'.
[ 461.303364][T14508] FAULT_INJECTION: forcing a failure.
[ 461.303364][T14508] name failslab, interval 1, probability 0, space 0, times 0
[ 461.363062][T14508] CPU: 1 UID: 0 PID: 14508 Comm: syz.3.3264 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 461.363120][T14508] Tainted: [U]=USER
[ 461.363132][T14508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 461.363153][T14508] Call Trace:
[ 461.363164][T14508]
[ 461.363176][T14508] dump_stack_lvl+0x16c/0x1f0
[ 461.363222][T14508] should_fail_ex+0x512/0x640
[ 461.363279][T14508] ? fs_reclaim_acquire+0xae/0x150
[ 461.363335][T14508] should_failslab+0xc2/0x120
[ 461.363379][T14508] __kmalloc_cache_noprof+0x6a/0x3e0
[ 461.363415][T14508] ? tomoyo_init_log+0x197/0x2140
[ 461.363465][T14508] tomoyo_init_log+0x197/0x2140
[ 461.363506][T14508] ? format_decode+0x1ad/0xd40
[ 461.363563][T14508] ? __pfx_format_decode+0x10/0x10
[ 461.363632][T14508] ? __pfx_tomoyo_init_log+0x10/0x10
[ 461.363689][T14508] tomoyo_write_log2+0x2f7/0xc10
[ 461.363741][T14508] tomoyo_supervisor+0x15e/0x13b0
[ 461.363801][T14508] ? __pfx_tomoyo_supervisor+0x10/0x10
[ 461.363874][T14508] ? tomoyo_realpath_from_path+0x19f/0x6e0
[ 461.363927][T14508] ? tomoyo_check_path_number_acl+0xa6/0x2f0
[ 461.363979][T14508] tomoyo_path_number_perm+0x448/0x580
[ 461.364021][T14508] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 461.364101][T14508] ? d_alloc_parallel+0x979/0x12e0
[ 461.364154][T14508] ? current_check_access_path+0x33c/0x460
[ 461.364215][T14508] tomoyo_path_mknod+0x10c/0x190
[ 461.364273][T14508] ? __pfx_tomoyo_path_mknod+0x10/0x10
[ 461.364328][T14508] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 461.364377][T14508] security_path_mknod+0x161/0x310
[ 461.364418][T14508] lookup_open.isra.0+0xc17/0x1580
[ 461.364481][T14508] ? __pfx_lookup_open.isra.0+0x10/0x10
[ 461.364559][T14508] ? __pfx_down_write+0x10/0x10
[ 461.364601][T14508] ? mnt_get_write_access+0x20c/0x300
[ 461.364655][T14508] path_openat+0x893/0x2cb0
[ 461.364707][T14508] ? __pfx_path_openat+0x10/0x10
[ 461.364747][T14508] ? __lock_acquire+0xb8a/0x1c90
[ 461.364786][T14508] do_filp_open+0x20b/0x470
[ 461.364823][T14508] ? __pfx_do_filp_open+0x10/0x10
[ 461.364893][T14508] ? alloc_fd+0x471/0x7d0
[ 461.364938][T14508] do_sys_openat2+0x11b/0x1d0
[ 461.364986][T14508] ? __pfx_do_sys_openat2+0x10/0x10
[ 461.365054][T14508] __x64_sys_openat+0x174/0x210
[ 461.365103][T14508] ? __pfx___x64_sys_openat+0x10/0x10
[ 461.365173][T14508] do_syscall_64+0xcd/0x490
[ 461.365217][T14508] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 461.365251][T14508] RIP: 0033:0x7ff6ca18e969
[ 461.365284][T14508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 461.365322][T14508] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 461.365355][T14508] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 461.365378][T14508] RDX: 000000000010b142 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 461.365400][T14508] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 461.365421][T14508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 461.365442][T14508] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 461.365487][T14508]
[ 462.236716][T14517] netlink: 'syz.2.3267': attribute type 1 has an invalid length.
[ 465.810970][T14606] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3301'.
[ 465.947383][T14611] netlink: 'syz.2.3303': attribute type 2 has an invalid length.
[ 465.967931][T14611] netlink: 'syz.2.3303': attribute type 2 has an invalid length.
[ 466.520393][T14620] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3307'.
[ 467.325374][T14638] netlink: 'syz.2.3313': attribute type 3 has an invalid length.
[ 467.407448][T14640] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3315'.
[ 467.408358][T14640] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3315'.
[ 467.920353][T14651] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3319'.
[ 468.614269][T14666] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3326'.
[ 468.850994][T14668] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3327'.
[ 469.531816][T14686] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3333'.
[ 470.484242][T14717] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 470.512934][T14717] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 471.617226][T14748] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3359'.
[ 473.071881][T14792] netlink: 346 bytes leftover after parsing attributes in process `syz.3.3377'.
[ 473.396241][T14804] netlink: 'syz.2.3381': attribute type 64 has an invalid length.
[ 473.425028][T14804] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3381'.
[ 475.074474][T14840] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3395'.
[ 475.426909][T14849] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3399'.
[ 475.746786][T14864] sctp: [Deprecated]: syz.1.3402 (pid 14864) Use of int in max_burst socket option deprecated.
[ 475.746786][T14864] Use struct sctp_assoc_value instead
[ 476.072850][T14873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3407'.
[ 476.075430][T14872] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3405'.
[ 476.172920][T14873] bond0: (slave bond_slave_1): Releasing backup interface
[ 476.724512][T14889] FAULT_INJECTION: forcing a failure.
[ 476.724512][T14889] name failslab, interval 1, probability 0, space 0, times 0
[ 476.766977][T14889] CPU: 0 UID: 0 PID: 14889 Comm: syz.3.3413 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 476.767047][T14889] Tainted: [U]=USER
[ 476.767058][T14889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 476.767079][T14889] Call Trace:
[ 476.767089][T14889]
[ 476.767102][T14889] dump_stack_lvl+0x16c/0x1f0
[ 476.767147][T14889] should_fail_ex+0x512/0x640
[ 476.767193][T14889] ? __kvmalloc_node_noprof+0x122/0x620
[ 476.767233][T14889] should_failslab+0xc2/0x120
[ 476.767275][T14889] __kvmalloc_node_noprof+0x135/0x620
[ 476.767314][T14889] ? v4l2_ctrl_new+0x97d/0x2180
[ 476.767354][T14889] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 476.767399][T14889] ? v4l2_ctrl_new+0x97d/0x2180
[ 476.767440][T14889] v4l2_ctrl_new+0x97d/0x2180
[ 476.767496][T14889] ? __pfx_v4l2_ctrl_new+0x10/0x10
[ 476.767536][T14889] ? __kasan_kmalloc+0xaa/0xb0
[ 476.767570][T14889] ? v4l2_ctrl_new_std+0x1be/0x290
[ 476.767621][T14889] ? __mutex_trylock_common+0xe9/0x250
[ 476.767657][T14889] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 476.767699][T14889] v4l2_ctrl_new_std+0x1be/0x290
[ 476.767753][T14889] ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[ 476.767806][T14889] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 476.767854][T14889] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 476.767892][T14889] ? __asan_memcpy+0x3c/0x60
[ 476.767923][T14889] ? find_ref+0x20b/0x420
[ 476.767965][T14889] handler_new_ref+0x827/0xc60
[ 476.768017][T14889] v4l2_ctrl_new+0x1963/0x2180
[ 476.768074][T14889] ? __pfx_v4l2_ctrl_new+0x10/0x10
[ 476.768128][T14889] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 476.768170][T14889] v4l2_ctrl_new_std+0x1be/0x290
[ 476.768226][T14889] ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[ 476.768274][T14889] ? rcu_is_watching+0x12/0xc0
[ 476.768317][T14889] ? trace_kmalloc+0x2b/0xd0
[ 476.768360][T14889] ? __kvmalloc_node_noprof+0x296/0x620
[ 476.768398][T14889] ? v4l2_ctrl_handler_init_class+0x1fc/0x340
[ 476.768445][T14889] ? media_request_object_init+0x100/0x180
[ 476.768483][T14889] vicodec_open+0x1d0/0xf90
[ 476.768547][T14889] v4l2_open+0x225/0x490
[ 476.768603][T14889] ? __pfx_v4l2_open+0x10/0x10
[ 476.768640][T14889] chrdev_open+0x231/0x6a0
[ 476.768681][T14889] ? __pfx_apparmor_file_open+0x10/0x10
[ 476.768722][T14889] ? __pfx_chrdev_open+0x10/0x10
[ 476.768765][T14889] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 476.768830][T14889] do_dentry_open+0x744/0x1c10
[ 476.768869][T14889] ? __pfx_chrdev_open+0x10/0x10
[ 476.768918][T14889] vfs_open+0x82/0x3f0
[ 476.768970][T14889] path_openat+0x1de4/0x2cb0
[ 476.769020][T14889] ? __pfx_path_openat+0x10/0x10
[ 476.769060][T14889] ? __lock_acquire+0xb8a/0x1c90
[ 476.769098][T14889] do_filp_open+0x20b/0x470
[ 476.769134][T14889] ? __pfx_do_filp_open+0x10/0x10
[ 476.769199][T14889] ? alloc_fd+0x471/0x7d0
[ 476.769244][T14889] do_sys_openat2+0x11b/0x1d0
[ 476.769292][T14889] ? __pfx_do_sys_openat2+0x10/0x10
[ 476.769359][T14889] __x64_sys_openat+0x174/0x210
[ 476.769408][T14889] ? __pfx___x64_sys_openat+0x10/0x10
[ 476.769475][T14889] do_syscall_64+0xcd/0x490
[ 476.769520][T14889] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 476.769553][T14889] RIP: 0033:0x7ff6ca18e969
[ 476.769588][T14889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 476.769622][T14889] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 476.769656][T14889] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 476.769678][T14889] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 476.769700][T14889] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 476.769720][T14889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 476.769740][T14889] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 476.769783][T14889]
[ 477.659253][T14911] netlink: 130 bytes leftover after parsing attributes in process `syz.3.3421'.
[ 478.988850][T14936] FAULT_INJECTION: forcing a failure.
[ 478.988850][T14936] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 479.005897][T14936] CPU: 0 UID: 0 PID: 14936 Comm: syz.3.3433 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 479.005951][T14936] Tainted: [U]=USER
[ 479.005963][T14936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 479.005981][T14936] Call Trace:
[ 479.005992][T14936]
[ 479.006004][T14936] dump_stack_lvl+0x16c/0x1f0
[ 479.006049][T14936] should_fail_ex+0x512/0x640
[ 479.006104][T14936] should_fail_alloc_page+0xe7/0x130
[ 479.006151][T14936] prepare_alloc_pages+0x3c2/0x610
[ 479.006205][T14936] ? rcu_is_watching+0x12/0xc0
[ 479.006259][T14936] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 479.006301][T14936] ? should_fail_alloc_page+0xee/0x130
[ 479.006351][T14936] ? rcu_is_watching+0x12/0xc0
[ 479.006409][T14936] ? trace_mm_page_alloc+0x11f/0x1a0
[ 479.006463][T14936] ? __alloc_frozen_pages_noprof+0x294/0x23f0
[ 479.006505][T14936] ? stack_trace_save+0x8e/0xc0
[ 479.006558][T14936] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 479.006615][T14936] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 479.006657][T14936] ? __get_vm_area_node+0x1ca/0x330
[ 479.006708][T14936] ? __vmalloc_node_noprof+0xad/0xf0
[ 479.006739][T14936] ? pcpu_mem_zalloc+0x54/0xb0
[ 479.006768][T14936] ? pcpu_create_chunk+0x432/0x730
[ 479.006802][T14936] ? pcpu_alloc_noprof+0x11e1/0x1470
[ 479.006838][T14936] ? bpf_map_alloc_percpu+0x9a/0x4b0
[ 479.006875][T14936] ? htab_map_alloc+0x10ca/0x1570
[ 479.006915][T14936] ? map_create+0x58f/0x1db0
[ 479.006969][T14936] alloc_pages_bulk_noprof+0x71c/0x1410
[ 479.007010][T14936] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 479.007065][T14936] ? policy_nodemask+0xea/0x4e0
[ 479.007111][T14936] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 479.007154][T14936] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 479.007214][T14936] kasan_populate_vmalloc+0xf1/0x1f0
[ 479.007259][T14936] alloc_vmap_area+0x963/0x28f0
[ 479.007326][T14936] ? __pfx_alloc_vmap_area+0x10/0x10
[ 479.007394][T14936] __get_vm_area_node+0x1ca/0x330
[ 479.007476][T14936] __vmalloc_node_range_noprof+0x277/0x1520
[ 479.007511][T14936] ? pcpu_mem_zalloc+0x54/0xb0
[ 479.007558][T14936] ? pcpu_mem_zalloc+0x54/0xb0
[ 479.007612][T14936] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 479.007660][T14936] ? pcpu_mem_zalloc+0x54/0xb0
[ 479.007692][T14936] __vmalloc_node_noprof+0xad/0xf0
[ 479.007722][T14936] ? pcpu_mem_zalloc+0x54/0xb0
[ 479.007757][T14936] pcpu_mem_zalloc+0x54/0xb0
[ 479.007789][T14936] pcpu_create_chunk+0x432/0x730
[ 479.007826][T14936] pcpu_alloc_noprof+0x11e1/0x1470
[ 479.007883][T14936] bpf_map_alloc_percpu+0x9a/0x4b0
[ 479.007925][T14936] htab_map_alloc+0x10ca/0x1570
[ 479.007977][T14936] ? ns_capable+0xd7/0x110
[ 479.008027][T14936] map_create+0x58f/0x1db0
[ 479.008080][T14936] ? __pfx_map_create+0x10/0x10
[ 479.008116][T14936] ? __might_fault+0xe3/0x190
[ 479.008168][T14936] ? __might_fault+0xe3/0x190
[ 479.008204][T14936] ? __might_fault+0x13b/0x190
[ 479.008258][T14936] __sys_bpf+0x47cc/0x4d80
[ 479.008307][T14936] ? __pfx___sys_bpf+0x10/0x10
[ 479.008352][T14936] ? do_writev+0x218/0x340
[ 479.008402][T14936] ? do_futex+0x122/0x350
[ 479.008433][T14936] ? __pfx_do_futex+0x10/0x10
[ 479.008505][T14936] ? fput+0x70/0xf0
[ 479.008550][T14936] ? xfd_validate_state+0x61/0x180
[ 479.008584][T14936] ? __pfx_do_writev+0x10/0x10
[ 479.008624][T14936] __x64_sys_bpf+0x78/0xc0
[ 479.008681][T14936] ? lockdep_hardirqs_on+0x7c/0x110
[ 479.008718][T14936] do_syscall_64+0xcd/0x490
[ 479.008761][T14936] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 479.008794][T14936] RIP: 0033:0x7ff6ca18e969
[ 479.008821][T14936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 479.008854][T14936] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 479.008884][T14936] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 479.008907][T14936] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000
[ 479.008927][T14936] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 479.008947][T14936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 479.008967][T14936] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 479.009009][T14936]
[ 479.844857][T14946] netlink: 'syz.0.3435': attribute type 19 has an invalid length.
[ 479.852874][T14946] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3435'.
[ 480.208829][T14959] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3444'.
[ 480.287323][T14959] Process accounting paused
[ 481.372729][T14988] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3453'.
[ 481.773135][T15001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3458'.
[ 481.809779][T15001] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3458'.
[ 481.839172][T15001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3458'.
[ 482.198121][T15014] netlink: 'syz.1.3465': attribute type 4 has an invalid length.
[ 482.917448][T15038] �: renamed from gre0
[ 484.148871][T15059] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3484'.
[ 484.650110][T15070] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3489'.
[ 485.876436][T15115] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3507'.
[ 485.985693][T15118] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3508'.
[ 485.995248][T15118] bridge0: entered promiscuous mode
[ 486.382294][T15128] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3512'.
[ 486.910279][T15148] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3521'.
[ 486.981964][T15148] bond0: (slave bond_slave_1): Releasing backup interface
[ 487.523003][ T5149] Bluetooth: hci1: ISO packet for unknown connection handle 0
[ 487.578525][T15167] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3528'.
[ 488.376269][T15198] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3542'.
[ 488.389220][T15198] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3542'.
[ 489.010178][T15212] FAULT_INJECTION: forcing a failure.
[ 489.010178][T15212] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 489.026255][T15212] CPU: 0 UID: 0 PID: 15212 Comm: syz.1.3549 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 489.026311][T15212] Tainted: [U]=USER
[ 489.026323][T15212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 489.026344][T15212] Call Trace:
[ 489.026354][T15212]
[ 489.026367][T15212] dump_stack_lvl+0x16c/0x1f0
[ 489.026412][T15212] should_fail_ex+0x512/0x640
[ 489.026468][T15212] should_fail_alloc_page+0xe7/0x130
[ 489.026515][T15212] prepare_alloc_pages+0x3c2/0x610
[ 489.026569][T15212] ? rcu_is_watching+0x12/0xc0
[ 489.026621][T15212] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 489.026669][T15212] ? should_fail_alloc_page+0xee/0x130
[ 489.026715][T15212] ? rcu_is_watching+0x12/0xc0
[ 489.026762][T15212] ? trace_mm_page_alloc+0x11f/0x1a0
[ 489.026814][T15212] ? __alloc_frozen_pages_noprof+0x294/0x23f0
[ 489.026862][T15212] ? stack_trace_save+0x8e/0xc0
[ 489.026910][T15212] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 489.026963][T15212] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 489.027001][T15212] ? __get_vm_area_node+0x1ca/0x330
[ 489.027048][T15212] ? __vmalloc_node_noprof+0xad/0xf0
[ 489.027075][T15212] ? pcpu_mem_zalloc+0x54/0xb0
[ 489.027102][T15212] ? pcpu_create_chunk+0x432/0x730
[ 489.027133][T15212] ? pcpu_alloc_noprof+0x11e1/0x1470
[ 489.027165][T15212] ? bpf_map_alloc_percpu+0x9a/0x4b0
[ 489.027200][T15212] ? htab_map_alloc+0x10ca/0x1570
[ 489.027237][T15212] ? map_create+0x58f/0x1db0
[ 489.027287][T15212] alloc_pages_bulk_noprof+0x71c/0x1410
[ 489.027324][T15212] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 489.027364][T15212] ? policy_nodemask+0xea/0x4e0
[ 489.027409][T15212] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 489.027451][T15212] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 489.027513][T15212] kasan_populate_vmalloc+0xf1/0x1f0
[ 489.027557][T15212] alloc_vmap_area+0x963/0x28f0
[ 489.027624][T15212] ? __pfx_alloc_vmap_area+0x10/0x10
[ 489.027688][T15212] __get_vm_area_node+0x1ca/0x330
[ 489.027741][T15212] __vmalloc_node_range_noprof+0x277/0x1520
[ 489.027772][T15212] ? pcpu_mem_zalloc+0x54/0xb0
[ 489.027811][T15212] ? pcpu_mem_zalloc+0x54/0xb0
[ 489.027846][T15212] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 489.027889][T15212] ? pcpu_mem_zalloc+0x54/0xb0
[ 489.027915][T15212] __vmalloc_node_noprof+0xad/0xf0
[ 489.027942][T15212] ? pcpu_mem_zalloc+0x54/0xb0
[ 489.027973][T15212] pcpu_mem_zalloc+0x54/0xb0
[ 489.028001][T15212] pcpu_create_chunk+0x432/0x730
[ 489.028036][T15212] pcpu_alloc_noprof+0x11e1/0x1470
[ 489.028091][T15212] bpf_map_alloc_percpu+0x9a/0x4b0
[ 489.028129][T15212] htab_map_alloc+0x10ca/0x1570
[ 489.028175][T15212] ? ns_capable+0xd7/0x110
[ 489.028219][T15212] map_create+0x58f/0x1db0
[ 489.028266][T15212] ? __pfx_map_create+0x10/0x10
[ 489.028298][T15212] ? __might_fault+0xe3/0x190
[ 489.028330][T15212] ? __might_fault+0xe3/0x190
[ 489.028360][T15212] ? __might_fault+0x13b/0x190
[ 489.028406][T15212] __sys_bpf+0x47cc/0x4d80
[ 489.028456][T15212] ? __pfx___sys_bpf+0x10/0x10
[ 489.028501][T15212] ? do_writev+0x218/0x340
[ 489.028541][T15212] ? do_futex+0x122/0x350
[ 489.028570][T15212] ? __pfx_do_futex+0x10/0x10
[ 489.028639][T15212] ? fput+0x70/0xf0
[ 489.028702][T15212] ? xfd_validate_state+0x61/0x180
[ 489.028733][T15212] ? __pfx_do_writev+0x10/0x10
[ 489.028770][T15212] __x64_sys_bpf+0x78/0xc0
[ 489.028813][T15212] ? lockdep_hardirqs_on+0x7c/0x110
[ 489.028848][T15212] do_syscall_64+0xcd/0x490
[ 489.028889][T15212] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 489.028921][T15212] RIP: 0033:0x7fb28e98e969
[ 489.028946][T15212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 489.028978][T15212] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 489.029007][T15212] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 489.029029][T15212] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000
[ 489.029049][T15212] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 489.029068][T15212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 489.029087][T15212] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 489.029132][T15212]
[ 489.934444][T15231] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3555'.
[ 490.344002][T15249] netlink: 'syz.3.3561': attribute type 14 has an invalid length.
[ 490.352123][T15249] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3561'.
[ 490.803056][T15253] FAULT_INJECTION: forcing a failure.
[ 490.803056][T15253] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 490.823753][T15253] CPU: 1 UID: 0 PID: 15253 Comm: syz.3.3563 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 490.823793][T15253] Tainted: [U]=USER
[ 490.823800][T15253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 490.823814][T15253] Call Trace:
[ 490.823822][T15253]
[ 490.823830][T15253] dump_stack_lvl+0x16c/0x1f0
[ 490.823862][T15253] should_fail_ex+0x512/0x640
[ 490.823900][T15253] should_fail_alloc_page+0xe7/0x130
[ 490.823934][T15253] prepare_alloc_pages+0x3c2/0x610
[ 490.823970][T15253] ? rcu_is_watching+0x12/0xc0
[ 490.824005][T15253] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 490.824035][T15253] ? __lock_acquire+0xb8a/0x1c90
[ 490.824068][T15253] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 490.824097][T15253] ? do_raw_spin_lock+0x12c/0x2b0
[ 490.824125][T15253] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 490.824153][T15253] ? find_held_lock+0x2b/0x80
[ 490.824195][T15253] ? __lock_acquire+0xb8a/0x1c90
[ 490.824217][T15253] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 490.824245][T15253] ? policy_nodemask+0xea/0x4e0
[ 490.824277][T15253] alloc_pages_mpol+0x1fb/0x550
[ 490.824308][T15253] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 490.824346][T15253] folio_alloc_mpol_noprof+0x36/0x2f0
[ 490.824382][T15253] shmem_alloc_folio+0x135/0x160
[ 490.824405][T15253] shmem_alloc_and_add_folio+0x499/0xc20
[ 490.824445][T15253] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 490.824475][T15253] ? shmem_allowable_huge_orders+0xcb/0x2f0
[ 490.824508][T15253] shmem_get_folio_gfp+0x67f/0x1600
[ 490.824542][T15253] ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 490.824572][T15253] ? __pfx___might_resched+0x10/0x10
[ 490.824610][T15253] shmem_fallocate+0x795/0xf50
[ 490.824650][T15253] ? __pfx_shmem_fallocate+0x10/0x10
[ 490.824676][T15253] ? aa_file_perm+0x4d6/0xfb0
[ 490.824714][T15253] ? __lock_acquire+0xb8a/0x1c90
[ 490.824739][T15253] ? __lock_acquire+0x622/0x1c90
[ 490.824778][T15253] ? __pfx_shmem_fallocate+0x10/0x10
[ 490.824806][T15253] vfs_fallocate+0x608/0x10c0
[ 490.824836][T15253] ? __pfx_vfs_fallocate+0x10/0x10
[ 490.824870][T15253] __x64_sys_fallocate+0xd5/0x150
[ 490.824900][T15253] do_syscall_64+0xcd/0x490
[ 490.824930][T15253] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 490.824954][T15253] RIP: 0033:0x7ff6ca18e969
[ 490.824972][T15253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 490.824995][T15253] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 490.825018][T15253] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 490.825033][T15253] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003
[ 490.825048][T15253] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 490.825062][T15253] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000
[ 490.825077][T15253] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 490.825106][T15253]
[ 491.124761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2ca!!!
[ 491.355481][T15258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3566'.
[ 491.366914][T15258] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3566'.
[ 492.017788][T15283] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3578'.
[ 492.041275][T15283] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3578'.
[ 492.258209][T15288] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3579'.
[ 492.280973][T15288] bridge0: entered promiscuous mode
[ 493.538200][T15322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3590'.
[ 494.069433][T15322] bond0: (slave bond_slave_1): Releasing backup interface
[ 494.812213][T15348] netlink: 'syz.3.3602': attribute type 4 has an invalid length.
[ 494.859021][T15348] netlink: 314 bytes leftover after parsing attributes in process `syz.3.3602'.
[ 495.095579][T15353] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3604'.
[ 496.291150][T15383] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3617'.
[ 496.315367][T15383] hsr_slave_0: left promiscuous mode
[ 496.324608][T15383] hsr_slave_1: left promiscuous mode
[ 497.410801][T15412] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3628'.
[ 499.131602][T15454] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3643'.
[ 499.257932][T15459] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3645'.
[ 499.423369][T15466] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3648'.
[ 500.969609][T15515] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3666'.
[ 501.190289][T15519] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 501.217407][T15521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3670'.
[ 501.237229][T15521] ipvlan1: entered allmulticast mode
[ 502.801469][T15561] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3687'.
[ 503.018304][T15564] zswap: compressor not available
[ 503.064893][T15571] netlink: 306 bytes leftover after parsing attributes in process `syz.0.3689'.
[ 503.814335][T15591] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3698'.
[ 503.862483][T15594] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3699'.
[ 504.085281][T15602] FAULT_INJECTION: forcing a failure.
[ 504.085281][T15602] name failslab, interval 1, probability 0, space 0, times 0
[ 504.106043][T15602] CPU: 0 UID: 0 PID: 15602 Comm: syz.1.3704 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 504.106099][T15602] Tainted: [U]=USER
[ 504.106111][T15602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 504.106134][T15602] Call Trace:
[ 504.106144][T15602]
[ 504.106158][T15602] dump_stack_lvl+0x16c/0x1f0
[ 504.106205][T15602] should_fail_ex+0x512/0x640
[ 504.106255][T15602] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 504.106295][T15602] should_failslab+0xc2/0x120
[ 504.106340][T15602] __kmalloc_cache_noprof+0x6a/0x3e0
[ 504.106375][T15602] ? percpu_ref_init+0xec/0x410
[ 504.106420][T15602] ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[ 504.106473][T15602] percpu_ref_init+0xec/0x410
[ 504.106520][T15602] io_uring_setup+0x453/0x2080
[ 504.106568][T15602] ? __pfx_io_uring_setup+0x10/0x10
[ 504.106610][T15602] ? do_futex+0x122/0x350
[ 504.106641][T15602] ? __pfx_do_futex+0x10/0x10
[ 504.106696][T15602] ? fd_install+0x225/0x750
[ 504.106749][T15602] ? xfd_validate_state+0x61/0x180
[ 504.106783][T15602] ? __pfx_do_writev+0x10/0x10
[ 504.106824][T15602] __x64_sys_io_uring_setup+0xc2/0x170
[ 504.106871][T15602] do_syscall_64+0xcd/0x490
[ 504.106914][T15602] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 504.106960][T15602] RIP: 0033:0x7fb28e98e969
[ 504.106994][T15602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 504.107026][T15602] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 504.107059][T15602] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 504.107081][T15602] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001
[ 504.107101][T15602] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 504.107122][T15602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 504.107142][T15602] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 504.107183][T15602]
[ 505.216270][T15621] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3711'.
[ 505.925591][T15634] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3717'.
[ 506.798075][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 506.804653][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 506.859094][T15666] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3729'.
[ 507.138259][T15673] netlink: 'syz.2.3732': attribute type 19 has an invalid length.
[ 507.158006][T15673] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3732'.
[ 507.364046][T15679] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3735'.
[ 508.181650][T15703] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3745'.
[ 509.746116][T15743] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3763'.
[ 510.376038][T15763] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3768'.
[ 510.409535][T15763] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3768'.
[ 510.437968][T15761] Process accounting resumed
[ 511.626211][T15780] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3775'.
[ 511.654435][T15780] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3775'.
[ 513.783840][T15825] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3790'.
[ 514.167071][T15836] netlink: 86 bytes leftover after parsing attributes in process `syz.0.3792'.
[ 518.437398][T15913] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3821'.
[ 518.566672][T15916] bridge0: port 4(netdevsim1) entered blocking state
[ 518.574061][T15916] bridge0: port 4(netdevsim1) entered disabled state
[ 518.610229][T15916] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[ 518.645253][T15916] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[ 518.685068][T15916] bridge0: port 4(netdevsim1) entered blocking state
[ 518.692104][T15916] bridge0: port 4(netdevsim1) entered forwarding state
[ 518.948151][ T30] audit: type=1800 audit(4294967457.851:14): pid=15924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3824" name="trigger" dev="tracefs" ino=19680823 res=0 errno=0
[ 518.978281][T15923] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3825'.
[ 520.243137][T15940] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3831'.
[ 520.262853][T15940] IPv6: NLM_F_CREATE should be specified when creating new route
[ 522.769802][T15986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3847'.
[ 522.844017][T15985] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3849'.
[ 523.788020][T16000] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3854'.
[ 524.270367][T16008] netlink: 'syz.3.3858': attribute type 22 has an invalid length.
[ 524.301786][T16008] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3858'.
[ 524.571163][ T30] audit: type=1800 audit(4294967463.481:15): pid=16016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3860" name="dbroot" dev="configfs" ino=44368 res=0 errno=0
[ 525.238161][T16029] netlink: 'syz.3.3866': attribute type 1 has an invalid length.
[ 525.257527][T16029] netlink: 230 bytes leftover after parsing attributes in process `syz.3.3866'.
[ 525.466495][T16037] netlink: 'syz.3.3870': attribute type 22 has an invalid length.
[ 525.477548][T16037] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3870'.
[ 526.301584][T16057] netlink: 'syz.3.3878': attribute type 28 has an invalid length.
[ 526.312946][T16057] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3878'.
[ 526.892120][T16071] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3883'.
[ 527.470255][T16085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3889'.
[ 527.486428][T16085] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3889'.
[ 527.815062][T16095] netlink: 'syz.0.3894': attribute type 4 has an invalid length.
[ 528.258329][T16102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3896'.
[ 528.269475][T16102] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3896'.
[ 528.722205][T16114] ERROR: Out of memory at tomoyo_memory_ok.
[ 528.750624][T16117] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3902'.
[ 530.753179][T16164] FAULT_INJECTION: forcing a failure.
[ 530.753179][T16164] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 530.787849][T16164] CPU: 0 UID: 0 PID: 16164 Comm: syz.1.3921 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 530.787907][T16164] Tainted: [U]=USER
[ 530.787918][T16164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 530.787938][T16164] Call Trace:
[ 530.787949][T16164]
[ 530.787961][T16164] dump_stack_lvl+0x16c/0x1f0
[ 530.788009][T16164] should_fail_ex+0x512/0x640
[ 530.788063][T16164] should_fail_alloc_page+0xe7/0x130
[ 530.788123][T16164] prepare_alloc_pages+0x3c2/0x610
[ 530.788175][T16164] ? rcu_is_watching+0x12/0xc0
[ 530.788227][T16164] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 530.788270][T16164] ? kasan_save_stack+0x33/0x60
[ 530.788304][T16164] ? kasan_save_track+0x14/0x30
[ 530.788337][T16164] ? __kasan_slab_alloc+0x89/0x90
[ 530.788376][T16164] ? css_rstat_updated+0x9d/0xd30
[ 530.788432][T16164] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 530.788476][T16164] ? __asan_memcpy+0x3c/0x60
[ 530.788513][T16164] ? __pfx_interleave_nid+0x10/0x10
[ 530.788552][T16164] ? __lock_acquire+0x622/0x1c90
[ 530.788588][T16164] ? policy_nodemask+0xea/0x4e0
[ 530.788637][T16164] alloc_pages_mpol+0x1fb/0x550
[ 530.788681][T16164] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 530.788735][T16164] folio_alloc_mpol_noprof+0x36/0x2f0
[ 530.788788][T16164] vma_alloc_folio_noprof+0xed/0x1e0
[ 530.788837][T16164] ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 530.788883][T16164] ? find_held_lock+0x2b/0x80
[ 530.788927][T16164] ? __handle_mm_fault+0x1092/0x5450
[ 530.788967][T16164] __handle_mm_fault+0x2fac/0x5450
[ 530.789013][T16164] ? __pfx___handle_mm_fault+0x10/0x10
[ 530.789047][T16164] ? __pte_offset_map_lock+0x174/0x310
[ 530.789094][T16164] ? find_held_lock+0x2b/0x80
[ 530.789135][T16164] ? find_held_lock+0x2b/0x80
[ 530.789205][T16164] handle_mm_fault+0x3fe/0xad0
[ 530.789247][T16164] __get_user_pages+0x570/0x3bb0
[ 530.789309][T16164] ? __pfx_mt_find+0x10/0x10
[ 530.789353][T16164] ? __pfx___get_user_pages+0x10/0x10
[ 530.789420][T16164] populate_vma_page_range+0x278/0x3a0
[ 530.789454][T16164] ? __pfx_populate_vma_page_range+0x10/0x10
[ 530.789484][T16164] ? __pfx_find_vma_intersection+0x10/0x10
[ 530.789537][T16164] ? do_mmap+0x69c/0x11b0
[ 530.789590][T16164] __mm_populate+0x1d8/0x380
[ 530.789634][T16164] ? __pfx___mm_populate+0x10/0x10
[ 530.789670][T16164] ? up_write+0x1b2/0x520
[ 530.789712][T16164] vm_mmap_pgoff+0x362/0x450
[ 530.789765][T16164] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 530.789813][T16164] ? do_set_mempolicy+0x220/0x480
[ 530.789861][T16164] ? __x64_sys_futex+0x1e0/0x4c0
[ 530.789888][T16164] ? __x64_sys_futex+0x1e9/0x4c0
[ 530.789944][T16164] ksys_mmap_pgoff+0x7d/0x5c0
[ 530.789991][T16164] ? xfd_validate_state+0x61/0x180
[ 530.790024][T16164] ? __pfx_kernel_set_mempolicy+0x10/0x10
[ 530.790075][T16164] __x64_sys_mmap+0x125/0x190
[ 530.790117][T16164] do_syscall_64+0xcd/0x490
[ 530.790161][T16164] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 530.790196][T16164] RIP: 0033:0x7fb28e98e969
[ 530.790224][T16164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 530.790258][T16164] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 530.790289][T16164] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 530.790312][T16164] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[ 530.790332][T16164] RBP: 00007fb28ea10ab1 R08: 0000000000000002 R09: 0000000000008000
[ 530.790353][T16164] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[ 530.790374][T16164] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 530.790418][T16164]
[ 531.913008][T16176] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3926'.
[ 532.219180][T16190] sctp: [Deprecated]: syz.1.3932 (pid 16190) Use of int in maxseg socket option.
[ 532.219180][T16190] Use struct sctp_assoc_value instead
[ 532.234209][T16188] ERROR: Out of memory at tomoyo_memory_ok.
[ 532.674383][T16195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3934'.
[ 532.726029][T16195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3934'.
[ 534.199839][ T30] audit: type=1326 audit(4294967473.111:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3945" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb28e98e969 code=0x0
[ 534.684882][T16236] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3950'.
[ 535.086194][T16246] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3953'.
[ 535.635171][T16262] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3959'.
[ 535.736161][T16260] netlink: 322 bytes leftover after parsing attributes in process `syz.1.3960'.
[ 536.091763][T16276] delete_channel: no stack
[ 536.490474][T16285] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3968'.
[ 536.772344][T16293] FAULT_INJECTION: forcing a failure.
[ 536.772344][T16293] name failslab, interval 1, probability 0, space 0, times 0
[ 536.787568][T16293] CPU: 1 UID: 0 PID: 16293 Comm: syz.3.3972 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 536.787626][T16293] Tainted: [U]=USER
[ 536.787638][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 536.787658][T16293] Call Trace:
[ 536.787668][T16293]
[ 536.787680][T16293] dump_stack_lvl+0x16c/0x1f0
[ 536.787724][T16293] should_fail_ex+0x512/0x640
[ 536.787773][T16293] ? fs_reclaim_acquire+0xae/0x150
[ 536.787831][T16293] should_failslab+0xc2/0x120
[ 536.787875][T16293] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 536.787926][T16293] ? security_inode_alloc+0x3b/0x2b0
[ 536.787967][T16293] security_inode_alloc+0x3b/0x2b0
[ 536.788003][T16293] inode_init_always_gfp+0xce4/0x1030
[ 536.788046][T16293] alloc_inode+0x86/0x240
[ 536.788091][T16293] alloc_anon_inode+0x28/0x3e0
[ 536.788128][T16293] secretmem_file_create.constprop.0+0x4d/0x2c0
[ 536.788181][T16293] __x64_sys_memfd_secret+0xc5/0x1a0
[ 536.788226][T16293] do_syscall_64+0xcd/0x490
[ 536.788270][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 536.788304][T16293] RIP: 0033:0x7ff6ca18e969
[ 536.788330][T16293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 536.788365][T16293] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf
[ 536.788397][T16293] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 536.788420][T16293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 536.788440][T16293] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 536.788461][T16293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 536.788482][T16293] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 536.788524][T16293]
[ 537.352857][T16304] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3976'.
[ 537.664263][T16311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3978'.
[ 537.706258][T16311] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3978'.
[ 538.454534][T16336] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3989'.
[ 538.658113][T16338] netlink: 'syz.3.3990': attribute type 1 has an invalid length.
[ 538.671446][T16338] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3990'.
[ 538.742671][T16342] netlink: 122 bytes leftover after parsing attributes in process `syz.0.3992'.
[ 540.425823][T16375] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4004'.
[ 540.582156][T16377] Process accounting paused
[ 540.740733][T16385] FAULT_INJECTION: forcing a failure.
[ 540.740733][T16385] name failslab, interval 1, probability 0, space 0, times 0
[ 540.807291][T16385] CPU: 1 UID: 0 PID: 16385 Comm: syz.3.4008 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 540.807349][T16385] Tainted: [U]=USER
[ 540.807359][T16385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 540.807380][T16385] Call Trace:
[ 540.807390][T16385]
[ 540.807403][T16385] dump_stack_lvl+0x16c/0x1f0
[ 540.807448][T16385] should_fail_ex+0x512/0x640
[ 540.807495][T16385] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 540.807535][T16385] should_failslab+0xc2/0x120
[ 540.807577][T16385] __kmalloc_cache_noprof+0x6a/0x3e0
[ 540.807613][T16385] ? snd_pcm_oss_change_params_locked+0x211/0x3a30
[ 540.807676][T16385] ? kasan_save_track+0x14/0x30
[ 540.807720][T16385] snd_pcm_oss_change_params_locked+0x211/0x3a30
[ 540.807779][T16385] ? rcu_is_watching+0x12/0xc0
[ 540.807831][T16385] ? __mutex_lock+0x1ca/0xb90
[ 540.807877][T16385] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 540.807935][T16385] ? __pfx___mutex_lock+0x10/0x10
[ 540.807987][T16385] ? __fsnotify_parent+0x24b/0xc40
[ 540.808054][T16385] snd_pcm_oss_make_ready+0xe6/0x1b0
[ 540.808108][T16385] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 540.808160][T16385] snd_pcm_oss_sync+0x1de/0x840
[ 540.808217][T16385] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 540.808269][T16385] snd_pcm_oss_release+0x28b/0x310
[ 540.808335][T16385] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 540.808384][T16385] __fput+0x402/0xb70
[ 540.808437][T16385] task_work_run+0x150/0x240
[ 540.808499][T16385] ? __pfx_task_work_run+0x10/0x10
[ 540.808542][T16385] ? __pfx___do_sys_close_range+0x10/0x10
[ 540.808579][T16385] ? syscall_user_dispatch+0x78/0x140
[ 540.808630][T16385] exit_to_user_mode_loop+0xeb/0x110
[ 540.808689][T16385] do_syscall_64+0x3f6/0x490
[ 540.808732][T16385] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 540.808767][T16385] RIP: 0033:0x7ff6ca18e969
[ 540.808794][T16385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 540.808828][T16385] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 540.808861][T16385] RAX: 0000000000000000 RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 540.808883][T16385] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000
[ 540.808904][T16385] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 540.808925][T16385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 540.808944][T16385] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 540.808987][T16385]
[ 542.306565][T16427] netlink: 322 bytes leftover after parsing attributes in process `syz.2.4025'.
[ 542.812754][T16439] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4030'.
[ 543.502721][T16457] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4037'.
[ 543.665483][T16465] ovs_: entered promiscuous mode
[ 545.733032][T16497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4052'.
[ 546.156853][T16511] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4057'.
[ 549.218943][T16562] netlink: 86 bytes leftover after parsing attributes in process `syz.2.4076'.
[ 549.389229][T16555] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4070'.
[ 549.440128][T16555] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4070'.
[ 551.694369][T16596] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4087'.
[ 551.858297][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4089'.
[ 552.051336][T16605] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4088'.
[ 552.739408][T16620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4098'.
[ 553.176689][T16632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4103'.
[ 553.708354][T16645] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4107'.
[ 553.738667][T16644] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4108'.
[ 554.191676][T16655] FAULT_INJECTION: forcing a failure.
[ 554.191676][T16655] name failslab, interval 1, probability 0, space 0, times 0
[ 554.283868][T16655] CPU: 0 UID: 0 PID: 16655 Comm: syz.3.4111 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 554.283924][T16655] Tainted: [U]=USER
[ 554.283937][T16655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 554.283957][T16655] Call Trace:
[ 554.283968][T16655]
[ 554.283981][T16655] dump_stack_lvl+0x16c/0x1f0
[ 554.284027][T16655] should_fail_ex+0x512/0x640
[ 554.284075][T16655] ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 554.284125][T16655] should_failslab+0xc2/0x120
[ 554.284177][T16655] __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 554.284223][T16655] ? proc_create_reg+0xe3/0x180
[ 554.284267][T16655] ? fib_notifier_ops_register+0x32/0x270
[ 554.284327][T16655] ? __pfx_ipmr_net_init+0x10/0x10
[ 554.284376][T16655] kmemdup_noprof+0x29/0x60
[ 554.284419][T16655] fib_notifier_ops_register+0x32/0x270
[ 554.284464][T16655] ? __pfx_ipmr_net_init+0x10/0x10
[ 554.284512][T16655] ipmr_net_init+0x57/0x4e0
[ 554.284559][T16655] ? __pfx_ipmr_net_init+0x10/0x10
[ 554.284605][T16655] ops_init+0x1e2/0x5f0
[ 554.284651][T16655] setup_net+0x1ff/0x510
[ 554.284691][T16655] ? lockdep_init_map_type+0x5c/0x280
[ 554.284726][T16655] ? __pfx_setup_net+0x10/0x10
[ 554.284774][T16655] ? debug_mutex_init+0x37/0x70
[ 554.284823][T16655] copy_net_ns+0x2a6/0x5f0
[ 554.284873][T16655] create_new_namespaces+0x3ea/0xa90
[ 554.284933][T16655] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 554.284987][T16655] ksys_unshare+0x45b/0xa40
[ 554.285021][T16655] ? __pfx_ksys_unshare+0x10/0x10
[ 554.285057][T16655] ? xfd_validate_state+0x61/0x180
[ 554.285102][T16655] __x64_sys_unshare+0x31/0x40
[ 554.285135][T16655] do_syscall_64+0xcd/0x490
[ 554.285185][T16655] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 554.285218][T16655] RIP: 0033:0x7ff6ca18e969
[ 554.285244][T16655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 554.285277][T16655] RSP: 002b:00007ff6caf8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 554.285310][T16655] RAX: ffffffffffffffda RBX: 00007ff6ca3b5fa0 RCX: 00007ff6ca18e969
[ 554.285332][T16655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 554.285352][T16655] RBP: 00007ff6ca210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 554.285372][T16655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 554.285392][T16655] R13: 0000000000000000 R14: 00007ff6ca3b5fa0 R15: 00007ffd0cc46228
[ 554.285434][T16655]
[ 555.179658][T16671] FAULT_INJECTION: forcing a failure.
[ 555.179658][T16671] name failslab, interval 1, probability 0, space 0, times 0
[ 555.249962][T16671] CPU: 0 UID: 0 PID: 16671 Comm: syz.2.4126 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 555.250018][T16671] Tainted: [U]=USER
[ 555.250030][T16671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 555.250049][T16671] Call Trace:
[ 555.250059][T16671]
[ 555.250072][T16671] dump_stack_lvl+0x16c/0x1f0
[ 555.250124][T16671] should_fail_ex+0x512/0x640
[ 555.250171][T16671] ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 555.250220][T16671] should_failslab+0xc2/0x120
[ 555.250262][T16671] __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 555.250307][T16671] ? proc_create_reg+0xe3/0x180
[ 555.250349][T16671] ? fib_notifier_ops_register+0x32/0x270
[ 555.250397][T16671] ? __pfx_ipmr_net_init+0x10/0x10
[ 555.250446][T16671] kmemdup_noprof+0x29/0x60
[ 555.250489][T16671] fib_notifier_ops_register+0x32/0x270
[ 555.250534][T16671] ? __pfx_ipmr_net_init+0x10/0x10
[ 555.250581][T16671] ipmr_net_init+0x57/0x4e0
[ 555.250628][T16671] ? __pfx_ipmr_net_init+0x10/0x10
[ 555.250675][T16671] ops_init+0x1e2/0x5f0
[ 555.250722][T16671] setup_net+0x1ff/0x510
[ 555.250763][T16671] ? lockdep_init_map_type+0x5c/0x280
[ 555.250798][T16671] ? __pfx_setup_net+0x10/0x10
[ 555.250844][T16671] ? debug_mutex_init+0x37/0x70
[ 555.250893][T16671] copy_net_ns+0x2a6/0x5f0
[ 555.250945][T16671] create_new_namespaces+0x3ea/0xa90
[ 555.251022][T16671] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 555.251077][T16671] ksys_unshare+0x45b/0xa40
[ 555.251120][T16671] ? __pfx_ksys_unshare+0x10/0x10
[ 555.251158][T16671] ? xfd_validate_state+0x61/0x180
[ 555.251207][T16671] __x64_sys_unshare+0x31/0x40
[ 555.251242][T16671] do_syscall_64+0xcd/0x490
[ 555.251287][T16671] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 555.251322][T16671] RIP: 0033:0x7f332198e969
[ 555.251348][T16671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 555.251383][T16671] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 555.251416][T16671] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 555.251440][T16671] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 555.251461][T16671] RBP: 00007f3321a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 555.251481][T16671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 555.251502][T16671] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 555.251545][T16671]
[ 556.459666][T16698] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4127'.
[ 556.460895][T16697] HfR: entered promiscuous mode
[ 556.474111][T16699] raw_sendmsg: syz.1.4125 forgot to set AF_INET. Fix it!
[ 556.491240][T16698] HfR: left promiscuous mode
[ 557.315114][T16722] FAULT_INJECTION: forcing a failure.
[ 557.315114][T16722] name failslab, interval 1, probability 0, space 0, times 0
[ 557.331818][T16722] CPU: 0 UID: 0 PID: 16722 Comm: syz.1.4132 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 557.331875][T16722] Tainted: [U]=USER
[ 557.331888][T16722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 557.331915][T16722] Call Trace:
[ 557.331926][T16722]
[ 557.331939][T16722] dump_stack_lvl+0x16c/0x1f0
[ 557.331987][T16722] should_fail_ex+0x512/0x640
[ 557.332035][T16722] ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 557.332085][T16722] should_failslab+0xc2/0x120
[ 557.332129][T16722] __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 557.332176][T16722] ? proc_create_reg+0xe3/0x180
[ 557.332218][T16722] ? fib_notifier_ops_register+0x32/0x270
[ 557.332266][T16722] ? __pfx_ipmr_net_init+0x10/0x10
[ 557.332316][T16722] kmemdup_noprof+0x29/0x60
[ 557.332359][T16722] fib_notifier_ops_register+0x32/0x270
[ 557.332405][T16722] ? __pfx_ipmr_net_init+0x10/0x10
[ 557.332454][T16722] ipmr_net_init+0x57/0x4e0
[ 557.332503][T16722] ? __pfx_ipmr_net_init+0x10/0x10
[ 557.332551][T16722] ops_init+0x1e2/0x5f0
[ 557.332600][T16722] setup_net+0x1ff/0x510
[ 557.332641][T16722] ? lockdep_init_map_type+0x5c/0x280
[ 557.332677][T16722] ? __pfx_setup_net+0x10/0x10
[ 557.332725][T16722] ? debug_mutex_init+0x37/0x70
[ 557.332776][T16722] copy_net_ns+0x2a6/0x5f0
[ 557.332838][T16722] create_new_namespaces+0x3ea/0xa90
[ 557.332896][T16722] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 557.332963][T16722] ksys_unshare+0x45b/0xa40
[ 557.332998][T16722] ? __pfx_ksys_unshare+0x10/0x10
[ 557.333033][T16722] ? xfd_validate_state+0x61/0x180
[ 557.333078][T16722] __x64_sys_unshare+0x31/0x40
[ 557.333111][T16722] do_syscall_64+0xcd/0x490
[ 557.333153][T16722] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 557.333187][T16722] RIP: 0033:0x7fb28e98e969
[ 557.333213][T16722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 557.333246][T16722] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 557.333278][T16722] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 557.333299][T16722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 557.333319][T16722] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 557.333339][T16722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 557.333358][T16722] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 557.333400][T16722]
[ 557.972208][T16737] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4141'.
[ 558.132768][T16733] ima: policy update failed
[ 558.155197][ T30] audit: type=1802 audit(4294967497.061:17): pid=16733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4140" res=0 errno=0
[ 558.313353][T16746] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4147'.
[ 558.479736][T16752] FAULT_INJECTION: forcing a failure.
[ 558.479736][T16752] name failslab, interval 1, probability 0, space 0, times 0
[ 558.541748][T16752] CPU: 0 UID: 0 PID: 16752 Comm: syz.2.4150 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 558.541809][T16752] Tainted: [U]=USER
[ 558.541820][T16752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 558.541839][T16752] Call Trace:
[ 558.541850][T16752]
[ 558.541861][T16752] dump_stack_lvl+0x16c/0x1f0
[ 558.541902][T16752] should_fail_ex+0x512/0x640
[ 558.541945][T16752] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 558.541985][T16752] should_failslab+0xc2/0x120
[ 558.542023][T16752] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 558.542059][T16752] ? __proc_create+0xc3/0x8c0
[ 558.542094][T16752] ? __proc_create+0x2ce/0x8c0
[ 558.542137][T16752] __proc_create+0x2ce/0x8c0
[ 558.542176][T16752] ? __pfx___proc_create+0x10/0x10
[ 558.542214][T16752] ? _raw_spin_unlock+0x28/0x50
[ 558.542255][T16752] proc_create_reg+0x7d/0x180
[ 558.542299][T16752] proc_create_net_data+0x8e/0x1b0
[ 558.542341][T16752] ? __pfx_proc_create_net_data+0x10/0x10
[ 558.542381][T16752] ? mptcp_net_init+0x4d0/0x620
[ 558.542425][T16752] ? udp_pernet_init+0x6d3/0x910
[ 558.542465][T16752] ? __pfx_udplite4_proc_init_net+0x10/0x10
[ 558.542493][T16752] udplite4_proc_init_net+0x57/0x80
[ 558.542521][T16752] ops_init+0x1e2/0x5f0
[ 558.542571][T16752] setup_net+0x1ff/0x510
[ 558.542609][T16752] ? lockdep_init_map_type+0x5c/0x280
[ 558.542641][T16752] ? __pfx_setup_net+0x10/0x10
[ 558.542684][T16752] ? debug_mutex_init+0x37/0x70
[ 558.542749][T16752] copy_net_ns+0x2a6/0x5f0
[ 558.542806][T16752] create_new_namespaces+0x3ea/0xa90
[ 558.542862][T16752] unshare_nsproxy_namespaces+0xc0/0x1f0
[ 558.542910][T16752] ksys_unshare+0x45b/0xa40
[ 558.542941][T16752] ? __pfx_ksys_unshare+0x10/0x10
[ 558.542973][T16752] ? xfd_validate_state+0x61/0x180
[ 558.543015][T16752] __x64_sys_unshare+0x31/0x40
[ 558.543047][T16752] do_syscall_64+0xcd/0x490
[ 558.543087][T16752] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 558.543118][T16752] RIP: 0033:0x7f332198e969
[ 558.543142][T16752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 558.543173][T16752] RSP: 002b:00007f3322778038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 558.543203][T16752] RAX: ffffffffffffffda RBX: 00007f3321bb5fa0 RCX: 00007f332198e969
[ 558.543224][T16752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 558.543243][T16752] RBP: 00007f3321a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 558.543262][T16752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 558.543281][T16752] R13: 0000000000000000 R14: 00007f3321bb5fa0 R15: 00007ffe908eca88
[ 558.543321][T16752]
[ 559.147056][T16769] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4158'.
[ 559.212633][T16772] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4159'.
[ 559.385305][T16779] netlink: 'syz.3.4163': attribute type 27 has an invalid length.
[ 559.393564][T16779] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4163'.
[ 559.410022][T16778] netlink: 'syz.2.4161': attribute type 2 has an invalid length.
[ 559.451446][T16778] netlink: 'syz.2.4161': attribute type 2 has an invalid length.
[ 560.102801][T16802] netlink: 146 bytes leftover after parsing attributes in process `syz.2.4170'.
[ 560.228567][T16807] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4172'.
[ 561.094460][T16837] netlink: 'syz.0.4185': attribute type 16 has an invalid length.
[ 561.116108][T16837] netlink: 306 bytes leftover after parsing attributes in process `syz.0.4185'.
[ 561.233912][T16841] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4187'.
[ 561.639898][T16850] ima: policy update failed
[ 561.646832][ T30] audit: type=1802 audit(4294967500.551:18): pid=16850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4191" res=0 errno=0
[ 562.250707][T16873] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4200'.
[ 562.310520][T16875] HfR: entered promiscuous mode
[ 562.325724][T16875] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4201'.
[ 562.356988][T16875] HfR: left promiscuous mode
[ 562.386735][T16877] netlink: 'syz.3.4204': attribute type 29 has an invalid length.
[ 562.395536][T16877] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4204'.
[ 567.282054][T16980] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4240'.
[ 568.242821][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 568.249280][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 569.231130][T17019] netlink: 'syz.1.4255': attribute type 27 has an invalid length.
[ 569.239508][T17019] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4255'.
[ 569.558602][T17022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4253'.
[ 570.621310][T17039] Process accounting resumed
[ 573.256431][T17083] ERROR: Out of memory at tomoyo_memory_ok.
[ 573.740852][T17089] FAULT_INJECTION: forcing a failure.
[ 573.740852][T17089] name failslab, interval 1, probability 0, space 0, times 0
[ 573.767249][T17089] CPU: 1 UID: 0 PID: 17089 Comm: syz.1.4284 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 573.767305][T17089] Tainted: [U]=USER
[ 573.767317][T17089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 573.767337][T17089] Call Trace:
[ 573.767347][T17089]
[ 573.767360][T17089] dump_stack_lvl+0x16c/0x1f0
[ 573.767406][T17089] should_fail_ex+0x512/0x640
[ 573.767452][T17089] ? fs_reclaim_acquire+0xae/0x150
[ 573.767508][T17089] should_failslab+0xc2/0x120
[ 573.767557][T17089] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 573.767598][T17089] ? security_inode_alloc+0x3b/0x2b0
[ 573.767639][T17089] security_inode_alloc+0x3b/0x2b0
[ 573.767673][T17089] inode_init_always_gfp+0xce4/0x1030
[ 573.767715][T17089] alloc_inode+0x86/0x240
[ 573.767759][T17089] alloc_anon_inode+0x28/0x3e0
[ 573.767795][T17089] secretmem_file_create.constprop.0+0x4d/0x2c0
[ 573.767844][T17089] __x64_sys_memfd_secret+0xc5/0x1a0
[ 573.767888][T17089] do_syscall_64+0xcd/0x490
[ 573.767930][T17089] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 573.767963][T17089] RIP: 0033:0x7fb28e98e969
[ 573.767990][T17089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 573.768023][T17089] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf
[ 573.768055][T17089] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 573.768077][T17089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 573.768097][T17089] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 573.768117][T17089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 573.768136][T17089] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 573.768175][T17089]
[ 574.217659][T17098] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4285'.
[ 575.008358][T17114] ERROR: Out of memory at tomoyo_memory_ok.
[ 575.315657][T17124] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4296'.
[ 576.267442][T17138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4302'.
[ 576.306722][T17147] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4304'.
[ 576.656711][T17157] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4308'.
[ 576.676635][T17161] netlink: 'syz.3.4310': attribute type 4 has an invalid length.
[ 577.903968][T17191] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4318'.
[ 577.959829][T17193] netlink: 'syz.3.4319': attribute type 4 has an invalid length.
[ 577.997443][T17193] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4319'.
[ 578.411618][T17202] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4333'.
[ 579.862484][T17237] ERROR: Out of memory at tomoyo_memory_ok.
[ 581.001508][T17253] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4342'.
[ 582.217878][T17269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4349'.
[ 585.054812][T17316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4368'.
[ 585.222696][T17319] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4370'.
[ 585.311749][T17321] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4369'.
[ 585.989249][T17337] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4375'.
[ 586.215021][T17343] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4376'.
[ 586.517609][T17344] netlink: 'syz.0.4377': attribute type 33 has an invalid length.
[ 586.525516][T17344] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4377'.
[ 588.839765][T17394] netlink: 'syz.0.4396': attribute type 28 has an invalid length.
[ 588.847795][T17394] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4396'.
[ 588.859592][T17394] netlink: 'syz.0.4396': attribute type 28 has an invalid length.
[ 588.887253][T17394] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4396'.
[ 591.010856][T17433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4413'.
[ 591.042800][T17433] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4413'.
[ 591.157737][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 591.481385][T17444] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4418'.
[ 592.711935][T17467] ==================================================================
[ 592.720074][T17467] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[ 592.727863][T17467] Read of size 8 at addr ffff88802a5c0018 by task syz.1.4425/17467
[ 592.735805][T17467]
[ 592.738176][T17467] CPU: 1 UID: 0 PID: 17467 Comm: syz.1.4425 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 592.738230][T17467] Tainted: [U]=USER
[ 592.738243][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 592.738265][T17467] Call Trace:
[ 592.738276][T17467]
[ 592.738289][T17467] dump_stack_lvl+0x116/0x1f0
[ 592.738334][T17467] print_report+0xcd/0x680
[ 592.738377][T17467] ? __virt_addr_valid+0x81/0x610
[ 592.738426][T17467] ? __phys_addr+0xe8/0x180
[ 592.738476][T17467] ? dvb_device_open+0x36a/0x3b0
[ 592.738530][T17467] kasan_report+0xe0/0x110
[ 592.738580][T17467] ? dvb_device_open+0x36a/0x3b0
[ 592.738625][T17467] ? __pfx_dvb_device_open+0x10/0x10
[ 592.738669][T17467] dvb_device_open+0x36a/0x3b0
[ 592.738711][T17467] ? __pfx_dvb_device_open+0x10/0x10
[ 592.738755][T17467] chrdev_open+0x231/0x6a0
[ 592.738793][T17467] ? __pfx_apparmor_file_open+0x10/0x10
[ 592.738833][T17467] ? __pfx_chrdev_open+0x10/0x10
[ 592.738875][T17467] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 592.738935][T17467] do_dentry_open+0x744/0x1c10
[ 592.738973][T17467] ? __pfx_chrdev_open+0x10/0x10
[ 592.739016][T17467] vfs_open+0x82/0x3f0
[ 592.739063][T17467] path_openat+0x1de4/0x2cb0
[ 592.739123][T17467] ? __pfx_path_openat+0x10/0x10
[ 592.739160][T17467] ? __lock_acquire+0xb8a/0x1c90
[ 592.739196][T17467] do_filp_open+0x20b/0x470
[ 592.739232][T17467] ? __pfx_do_filp_open+0x10/0x10
[ 592.739284][T17467] ? alloc_fd+0x471/0x7d0
[ 592.739321][T17467] do_sys_openat2+0x11b/0x1d0
[ 592.739370][T17467] ? __pfx_do_sys_openat2+0x10/0x10
[ 592.739418][T17467] ? __pfx_do_sys_openat2+0x10/0x10
[ 592.739485][T17467] ? __pfx___might_resched+0x10/0x10
[ 592.739539][T17467] __x64_sys_openat+0x174/0x210
[ 592.739596][T17467] ? __pfx___x64_sys_openat+0x10/0x10
[ 592.739656][T17467] do_syscall_64+0xcd/0x490
[ 592.739699][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 592.739735][T17467] RIP: 0033:0x7fb28e98e969
[ 592.739762][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 592.739797][T17467] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 592.739831][T17467] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 592.739854][T17467] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 592.739877][T17467] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 592.739899][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 592.739921][T17467] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 592.739956][T17467]
[ 592.739967][T17467]
[ 593.003794][T17467] Allocated by task 1:
[ 593.007876][T17467] kasan_save_stack+0x33/0x60
[ 593.012580][T17467] kasan_save_track+0x14/0x30
[ 593.017283][T17467] __kasan_kmalloc+0xaa/0xb0
[ 593.021905][T17467] dvb_register_device+0x1e4/0x2370
[ 593.027135][T17467] dvb_register_frontend+0x5a6/0x880
[ 593.032450][T17467] vidtv_bridge_probe+0x459/0xa90
[ 593.037502][T17467] platform_probe+0xff/0x1f0
[ 593.042119][T17467] really_probe+0x241/0xa90
[ 593.046653][T17467] __driver_probe_device+0x1de/0x440
[ 593.051974][T17467] driver_probe_device+0x4c/0x1b0
[ 593.057033][T17467] __driver_attach+0x283/0x580
[ 593.061851][T17467] bus_for_each_dev+0x13b/0x1d0
[ 593.067790][T17467] bus_add_driver+0x2e9/0x690
[ 593.072516][T17467] driver_register+0x15c/0x4b0
[ 593.077327][T17467] vidtv_bridge_init+0x45/0x80
[ 593.082140][T17467] do_one_initcall+0x120/0x6e0
[ 593.086926][T17467] kernel_init_freeable+0x5c2/0x900
[ 593.092158][T17467] kernel_init+0x1c/0x2b0
[ 593.096529][T17467] ret_from_fork+0x5d4/0x6f0
[ 593.101145][T17467] ret_from_fork_asm+0x1a/0x30
[ 593.105927][T17467]
[ 593.108260][T17467] Freed by task 16933:
[ 593.112342][T17467] kasan_save_stack+0x33/0x60
[ 593.117047][T17467] kasan_save_track+0x14/0x30
[ 593.121764][T17467] kasan_save_free_info+0x3b/0x60
[ 593.126847][T17467] __kasan_slab_free+0x51/0x70
[ 593.131654][T17467] kfree+0x2b4/0x4d0
[ 593.135584][T17467] dvb_device_put.part.0+0x60/0x90
[ 593.140738][T17467] dvb_device_open+0x2a4/0x3b0
[ 593.145537][T17467] chrdev_open+0x231/0x6a0
[ 593.150029][T17467] do_dentry_open+0x744/0x1c10
[ 593.154817][T17467] vfs_open+0x82/0x3f0
[ 593.158922][T17467] path_openat+0x1de4/0x2cb0
[ 593.163532][T17467] do_filp_open+0x20b/0x470
[ 593.168060][T17467] do_sys_openat2+0x11b/0x1d0
[ 593.172772][T17467] __x64_sys_openat+0x174/0x210
[ 593.177659][T17467] do_syscall_64+0xcd/0x490
[ 593.182190][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 593.188108][T17467]
[ 593.190443][T17467] The buggy address belongs to the object at ffff88802a5c0000
[ 593.190443][T17467] which belongs to the cache kmalloc-256 of size 256
[ 593.204522][T17467] The buggy address is located 24 bytes inside of
[ 593.204522][T17467] freed 256-byte region [ffff88802a5c0000, ffff88802a5c0100)
[ 593.218265][T17467]
[ 593.220602][T17467] The buggy address belongs to the physical page:
[ 593.227030][T17467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a5c0000 pfn:0x2a5c0
[ 593.237150][T17467] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 593.245686][T17467] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 593.254210][T17467] page_type: f5(slab)
[ 593.258221][T17467] raw: 00fff00000000240 ffff88801b441b40 ffffea000183b590 ffffea0000c97290
[ 593.266831][T17467] raw: ffff88802a5c0000 000000000010000f 00000000f5000000 0000000000000000
[ 593.275436][T17467] head: 00fff00000000240 ffff88801b441b40 ffffea000183b590 ffffea0000c97290
[ 593.284129][T17467] head: ffff88802a5c0000 000000000010000f 00000000f5000000 0000000000000000
[ 593.292909][T17467] head: 00fff00000000001 ffffea0000a97001 00000000ffffffff 00000000ffffffff
[ 593.301601][T17467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 593.310284][T17467] page dumped because: kasan: bad access detected
[ 593.316716][T17467] page_owner tracks the page as allocated
[ 593.322446][T17467] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25250754795, free_ts 0
[ 593.342193][T17467] post_alloc_hook+0x1c0/0x230
[ 593.346988][T17467] get_page_from_freelist+0x135c/0x3950
[ 593.352571][T17467] __alloc_frozen_pages_noprof+0x261/0x23f0
[ 593.358506][T17467] alloc_pages_mpol+0x1fb/0x550
[ 593.363382][T17467] new_slab+0x23b/0x330
[ 593.367555][T17467] ___slab_alloc+0xd9c/0x1940
[ 593.372247][T17467] __slab_alloc.constprop.0+0x56/0xb0
[ 593.377638][T17467] __kmalloc_cache_noprof+0xfb/0x3e0
[ 593.382940][T17467] dvb_register_device+0x1e4/0x2370
[ 593.388169][T17467] dvb_register_frontend+0x5a6/0x880
[ 593.393487][T17467] vidtv_bridge_probe+0x459/0xa90
[ 593.398537][T17467] platform_probe+0xff/0x1f0
[ 593.403151][T17467] really_probe+0x241/0xa90
[ 593.407701][T17467] __driver_probe_device+0x1de/0x440
[ 593.413069][T17467] driver_probe_device+0x4c/0x1b0
[ 593.418171][T17467] __driver_attach+0x283/0x580
[ 593.422977][T17467] page_owner free stack trace missing
[ 593.428357][T17467]
[ 593.430697][T17467] Memory state around the buggy address:
[ 593.436339][T17467] ffff88802a5bff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 593.444426][T17467] ffff88802a5bff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 593.452507][T17467] >ffff88802a5c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 593.460590][T17467] ^
[ 593.465454][T17467] ffff88802a5c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 593.473534][T17467] ffff88802a5c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 593.481605][T17467] ==================================================================
[ 593.536023][T17467] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 593.543304][T17467] CPU: 0 UID: 0 PID: 17467 Comm: syz.1.4425 Tainted: G U 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full)
[ 593.556684][T17467] Tainted: [U]=USER
[ 593.560531][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 593.570651][T17467] Call Trace:
[ 593.573968][T17467]
[ 593.576933][T17467] dump_stack_lvl+0x3d/0x1f0
[ 593.581587][T17467] panic+0x71c/0x800
[ 593.585547][T17467] ? __pfx_panic+0x10/0x10
[ 593.590013][T17467] ? mark_held_locks+0x49/0x80
[ 593.594812][T17467] ? preempt_schedule_thunk+0x16/0x30
[ 593.600216][T17467] ? dvb_device_open+0x36a/0x3b0
[ 593.605186][T17467] ? preempt_schedule_common+0x44/0xc0
[ 593.610681][T17467] ? dvb_device_open+0x36a/0x3b0
[ 593.615659][T17467] check_panic_on_warn+0xab/0xb0
[ 593.620647][T17467] end_report+0x107/0x170
[ 593.625014][T17467] kasan_report+0xee/0x110
[ 593.629463][T17467] ? dvb_device_open+0x36a/0x3b0
[ 593.634436][T17467] ? __pfx_dvb_device_open+0x10/0x10
[ 593.639751][T17467] dvb_device_open+0x36a/0x3b0
[ 593.644550][T17467] ? __pfx_dvb_device_open+0x10/0x10
[ 593.649864][T17467] chrdev_open+0x231/0x6a0
[ 593.654331][T17467] ? __pfx_apparmor_file_open+0x10/0x10
[ 593.659908][T17467] ? __pfx_chrdev_open+0x10/0x10
[ 593.664877][T17467] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 593.671683][T17467] do_dentry_open+0x744/0x1c10
[ 593.676472][T17467] ? __pfx_chrdev_open+0x10/0x10
[ 593.681444][T17467] vfs_open+0x82/0x3f0
[ 593.685546][T17467] path_openat+0x1de4/0x2cb0
[ 593.690165][T17467] ? __pfx_path_openat+0x10/0x10
[ 593.695126][T17467] ? __lock_acquire+0xb8a/0x1c90
[ 593.700089][T17467] do_filp_open+0x20b/0x470
[ 593.704635][T17467] ? __pfx_do_filp_open+0x10/0x10
[ 593.709706][T17467] ? alloc_fd+0x471/0x7d0
[ 593.714073][T17467] do_sys_openat2+0x11b/0x1d0
[ 593.718796][T17467] ? __pfx_do_sys_openat2+0x10/0x10
[ 593.724034][T17467] ? __pfx_do_sys_openat2+0x10/0x10
[ 593.729269][T17467] ? __pfx___might_resched+0x10/0x10
[ 593.734592][T17467] __x64_sys_openat+0x174/0x210
[ 593.739480][T17467] ? __pfx___x64_sys_openat+0x10/0x10
[ 593.744895][T17467] do_syscall_64+0xcd/0x490
[ 593.749431][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 593.755349][T17467] RIP: 0033:0x7fb28e98e969
[ 593.759788][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 593.779421][T17467] RSP: 002b:00007fb28f7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 593.787861][T17467] RAX: ffffffffffffffda RBX: 00007fb28ebb5fa0 RCX: 00007fb28e98e969
[ 593.795848][T17467] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 593.803866][T17467] RBP: 00007fb28ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 593.811866][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 593.819866][T17467] R13: 0000000000000000 R14: 00007fb28ebb5fa0 R15: 00007ffd94912e98
[ 593.827870][T17467]
[ 593.831219][T17467] Kernel Offset: disabled
[ 593.835553][T17467] Rebooting in 86400 seconds..