last executing test programs: 2m16.737965802s ago: executing program 2 (id=3786): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0x10000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x80000541b, 0x38) 2m16.401574664s ago: executing program 2 (id=3789): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='U'], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 2m15.934628325s ago: executing program 2 (id=3793): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) r0 = creat$auto(&(0x7f0000000040)='./file0\x00', 0x81) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x301, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) splice$auto(r1, 0x0, r0, 0x0, 0xb, 0xf) close_range$auto(0x2, 0x8, 0x0) 2m15.589616759s ago: executing program 2 (id=3796): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 2m14.726457894s ago: executing program 2 (id=3803): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000300)={0x48, 0x0, "c292b0bcc2136c38e30baae6690e8d7c8506ba8f41a3e671f2d166cf15d22ee3c1e3b6ae574fb04763b2f8e35d0690ace6f82bcac5ba0ce1978d0f93165fbfd4afcecb85145b6e29"}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1100af"], 0x1ac}, 0x1, 0x0, 0x0, 0x26004814}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m13.377216939s ago: executing program 2 (id=3813): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045017, &(0x7f0000000c00)) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) read$auto(0xffffffffffffffff, 0x0, 0x6) 2m13.024248676s ago: executing program 32 (id=3813): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045017, &(0x7f0000000c00)) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) read$auto(0xffffffffffffffff, 0x0, 0x6) 4.180009765s ago: executing program 4 (id=4728): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x1, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084}, 0x1fe, 0x200d) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.467160034s ago: executing program 4 (id=4732): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 3.412100366s ago: executing program 3 (id=4733): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000000c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0x91) 3.232444676s ago: executing program 3 (id=4735): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0x7fffffff) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r2, 0x0, 0x39b8) 2.590733139s ago: executing program 1 (id=4737): socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socketpair$auto(0x3, 0x8, 0x7, 0x0) ioctl$auto(0x1, 0x8983, 0x4) 2.408670036s ago: executing program 1 (id=4738): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, r0, 0x2) r1 = landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x9, 0x0) r2 = ioctl$auto_TUNGETIFF2(r1, 0x800454d2, 0x0) getsockopt$auto_SO_OOBINLINE(r2, 0x7, 0xa, 0x0, &(0x7f0000000100)=0x10000) landlock_restrict_self$auto(r0, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) shutdown$auto(0x200000003, 0x2) 2.252518597s ago: executing program 1 (id=4739): r0 = socket(0x2, 0x2, 0x88) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x1d, 0x2, 0x7) socket(0x10, 0x2, 0xc) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r3}, 0x18) 2.074352442s ago: executing program 1 (id=4741): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x2b, 0xa, 0xf11) unshare$auto(0x8000000) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) mknod$auto(0x0, 0x402, 0x7fffffff) 1.259382584s ago: executing program 4 (id=4742): r0 = socket(0x18, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r2 = socket(0x18, 0x5, 0x1) connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x80487436, 0x0) 1.257788878s ago: executing program 3 (id=4743): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x2, 0x0) fsopen$auto(0x0, 0x1) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 1.081507496s ago: executing program 3 (id=4744): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) quotactl_fd$auto(r0, 0x4, 0xffffffffffffffff, 0x0) setpgid$auto(0x0, 0x0) getdents64$auto(0xffffffffffffffff, 0x0, 0x400) ioctl$auto_VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) capget$auto(0x0, 0xfffffffffffffffe) 1.06185018s ago: executing program 0 (id=4746): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rt_sigprocmask$auto(0x0, 0x0, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x0, 0x2, 0x1000002) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40010) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 955.155746ms ago: executing program 4 (id=4747): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x280, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) 931.69852ms ago: executing program 0 (id=4748): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/query\x00', 0x88001, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, 0xffffffffffffffff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffdfffffff, 0x3, 0x62, 0x84000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, 0x0, 0x100000a3d9) close_range$auto(0x2, 0xa, 0x0) 881.352634ms ago: executing program 3 (id=4749): mmap$auto(0x0, 0xd, 0x3, 0xeb1, 0xfffffffffffffffe, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x6}, 0xc) 742.966967ms ago: executing program 3 (id=4750): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend\x00', 0x1a1942, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) read$auto(0x3, 0x0, 0x80) read$auto(0xffffffffffffffff, 0x0, 0x7) write$auto(r0, 0x0, 0x9) 610.010697ms ago: executing program 0 (id=4751): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7) madvise$auto(0xfffffffffffffffe, 0x2, 0x7) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) ioctl$auto_RTC_RD_TIME(r0, 0x80247009, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x4601, 0x0) ioctl$auto(0x3, 0x40044620, 0x400000000000004) 560.047719ms ago: executing program 4 (id=4752): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x40090) setresuid$auto(0x0, 0x7, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x7fffffff, 0x0, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x804}, 0x4, 0xfff) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 413.572137ms ago: executing program 1 (id=4753): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x101040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2400, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x28) 371.175069ms ago: executing program 0 (id=4754): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xe) mmap$auto(0x0, 0xda32, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffe, 0xff, 0x7, 0x1f, 0x7181, 0x1ffde, 0xb099, 0x3, 0x9, 0x9, 0x3, 0x84, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x81, 0x4, 0x0, 0xa, 0x22004, 0x200, 0x1, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0, 0x0, 0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x0, 0x0, 0xad3, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='r'], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 223.613849ms ago: executing program 4 (id=4755): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) writev$auto(r0, 0x0, 0x7) clone$auto(0x20003b46, 0x100000000000005, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0xf, 0x0, 0x6) read$auto(0x3, 0x0, 0x8080) 218.863846ms ago: executing program 1 (id=4756): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x6d, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008801}, 0x24000802) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf251bee05ba000000000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 166.961641ms ago: executing program 0 (id=4757): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) unshare$auto(0x200) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) umount2$auto(&(0x7f0000000080)='.\x00', 0x3) 0s ago: executing program 0 (id=4758): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/smaps_rollup\x00', 0x60102, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x1004da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_NAPI_GET(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x44004}, 0x0) close_range$auto(r0, 0x8, 0x0) kernel console output (not intermixed with test programs): 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 495.733899][T15715] [ 496.022073][ C1] vkms_vblank_simulate: vblank timer overrun [ 496.605022][T15724] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3972'. [ 496.721454][T15726] FAULT_INJECTION: forcing a failure. [ 496.721454][T15726] name failslab, interval 1, probability 0, space 0, times 0 [ 496.750491][T15726] CPU: 1 UID: 0 PID: 15726 Comm: syz.3.3973 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 496.750517][T15726] Tainted: [I]=FIRMWARE_WORKAROUND [ 496.750523][T15726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 496.750531][T15726] Call Trace: [ 496.750536][T15726] [ 496.750542][T15726] dump_stack_lvl+0x16c/0x1f0 [ 496.750566][T15726] should_fail_ex+0x512/0x640 [ 496.750585][T15726] ? __kmalloc_noprof+0xbf/0x510 [ 496.750603][T15726] ? net_alloc_generic+0x1e/0x70 [ 496.750618][T15726] should_failslab+0xc2/0x120 [ 496.750634][T15726] __kmalloc_noprof+0xd2/0x510 [ 496.750648][T15726] ? inc_ucount+0x240/0x2f0 [ 496.750667][T15726] net_alloc_generic+0x1e/0x70 [ 496.750682][T15726] copy_net_ns+0xc6/0x5f0 [ 496.750697][T15726] ? copy_cgroup_ns+0xa4/0x6f0 [ 496.750711][T15726] create_new_namespaces+0x3ea/0xad0 [ 496.750729][T15726] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 496.750745][T15726] ksys_unshare+0x45b/0xa40 [ 496.750762][T15726] ? __pfx_ksys_unshare+0x10/0x10 [ 496.750778][T15726] ? xfd_validate_state+0x5d/0x180 [ 496.750814][T15726] ? rcu_is_watching+0x12/0xc0 [ 496.750832][T15726] __x64_sys_unshare+0x31/0x40 [ 496.750854][T15726] do_syscall_64+0xcd/0x230 [ 496.750874][T15726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.750889][T15726] RIP: 0033:0x7ff08378e969 [ 496.750902][T15726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.750915][T15726] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 496.750928][T15726] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 496.750936][T15726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 496.750944][T15726] RBP: 00007ff083810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 496.750954][T15726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.750962][T15726] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 496.750979][T15726] [ 496.962277][ C1] vkms_vblank_simulate: vblank timer overrun [ 497.025331][T15728] [U]  [ 497.028219][T15728] [U] [ 497.030892][T15728] [U] [ 497.033563][T15728] [U] [ 497.036737][T15728] [U] [ 497.039419][T15728] [U] [ 497.042092][T15728] [U] [ 497.044759][T15728] [U] [ 497.048389][T15728] [U] [ 497.051074][T15728] [U] [ 497.053745][T15728] [U] [ 497.056415][T15728] [U] [ 497.059415][T15728] [U] [ 497.062092][T15728] [U] [ 497.064762][T15728] [U] [ 497.067435][T15728] [U] [ 497.070334][T15728] [U] [ 497.073021][T15728] [U] [ 497.075689][T15728] [U] [ 497.078358][T15728] [U] [ 497.081203][T15728] [U] [ 497.083877][T15728] [U] [ 497.086551][T15728] [U] [ 497.089219][T15728] [U] [ 497.092186][T15728] [U] [ 497.094863][T15728] [U] [ 497.097532][T15728] [U] [ 497.100207][T15728] [U] [ 497.103105][T15728] [U] [ 497.105778][T15728] [U] [ 497.108447][T15728] [U] [ 497.111122][T15728] [U] [ 497.113997][T15728] [U] [ 497.116675][T15728] [U] [ 497.119346][T15728] [U] [ 497.122017][T15728] [U] [ 497.124844][T15728] [U] [ 497.127689][T15728] [U] [ 497.130363][T15728] [U] [ 497.133033][T15728] [U] [ 497.136281][T15728] [U] [ 497.138960][T15728] [U] [ 497.141629][T15728] [U] [ 497.144302][T15728] [U] [ 497.147817][T15728] [U] [ 497.150498][T15728] [U] [ 497.153169][T15728] [U] [ 497.155844][T15728] [U] [ 497.158725][T15728] [U] [ 497.161402][T15728] [U] [ 497.164075][T15728] [U] [ 497.166745][T15728] [U] [ 497.169551][T15728] [U] [ 497.172225][T15728] [U] [ 497.174893][T15728] [U] [ 497.177565][T15728] [U] [ 497.182052][T15728] [U] [ 497.184744][T15728] [U] [ 497.187419][T15728] [U] [ 497.190092][T15728] [U] [ 497.194491][T15728] [U] [ 497.197187][T15728] [U] [ 497.199861][T15728] [U] [ 497.202531][T15728] [U] [ 497.212447][T15728] [U] [ 497.215146][T15728] [U] [ 497.217833][T15728] [U] [ 497.220507][T15728] [U] [ 497.225982][T15728] [U] [ 497.228669][T15728] [U] [ 497.231340][T15728] [U] [ 497.234012][T15728] [U] [ 497.261699][T15728] [U] [ 497.264409][T15728] [U] [ 497.267082][T15728] [U] [ 497.269754][T15728] [U] [ 497.290803][T15728] [U] [ 497.293513][T15728] [U] [ 497.296185][T15728] [U] [ 497.298858][T15728] [U] [ 497.313638][T15728] [U] [ 497.316346][T15728] [U] [ 497.319017][T15728] [U] [ 497.321687][T15728] [U] [ 497.339791][T15728] [U] [ 497.342500][T15728] [U] [ 497.345173][T15728] [U] [ 497.347841][T15728] [U] [ 497.370980][T15728] [U] [ 497.373690][T15728] [U] [ 497.376360][T15728] [U] [ 497.379032][T15728] [U] [ 497.397919][T15728] [U] [ 497.400633][T15728] [U] [ 497.403305][T15728] [U] [ 497.405975][T15728] [U] [ 497.426453][T15728] [U] [ 497.429166][T15728] [U] [ 497.431838][T15728] [U] [ 497.434511][T15728] [U] [ 497.450889][T15728] [U] [ 497.453612][T15728] [U] [ 497.456286][T15728] [U] [ 497.458955][T15728] [U] [ 497.481884][T15728] [U] [ 497.484598][T15728] [U] [ 497.487270][T15728] [U] [ 497.489945][T15728] [U] [ 497.501730][T15728] [U] [ 497.504442][T15728] [U] [ 497.507116][T15728] [U] [ 497.509785][T15728] [U] [ 497.545790][T15728] [U] [ 497.548513][T15728] [U] [ 497.551184][T15728] [U] [ 497.553852][T15728] [U] [ 497.680773][T15728] [U] [ 498.655898][T15753] KVM: debugfs: duplicate directory 15753-4 [ 498.723445][T15755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3984'. [ 499.963581][T15780] syz.3.3994(15780): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 500.925496][T15805] sctp: [Deprecated]: syz.1.4002 (pid 15805) Use of struct sctp_assoc_value in delayed_ack socket option. [ 500.925496][T15805] Use struct sctp_sack_info instead [ 501.658550][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.668257][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.999493][T15832] mkiss: ax0: crc mode is auto. [ 503.055372][T15859] netlink: 346 bytes leftover after parsing attributes in process `syz.4.4022'. [ 504.297408][T15882] FAULT_INJECTION: forcing a failure. [ 504.297408][T15882] name failslab, interval 1, probability 0, space 0, times 0 [ 504.456630][T15882] CPU: 1 UID: 0 PID: 15882 Comm: syz.0.4031 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 504.456657][T15882] Tainted: [I]=FIRMWARE_WORKAROUND [ 504.456662][T15882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 504.456671][T15882] Call Trace: [ 504.456676][T15882] [ 504.456682][T15882] dump_stack_lvl+0x16c/0x1f0 [ 504.456706][T15882] should_fail_ex+0x512/0x640 [ 504.456727][T15882] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 504.456744][T15882] should_failslab+0xc2/0x120 [ 504.456761][T15882] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 504.456776][T15882] ? security_file_alloc+0x34/0x2b0 [ 504.456796][T15882] security_file_alloc+0x34/0x2b0 [ 504.456812][T15882] init_file+0x93/0x4c0 [ 504.456828][T15882] alloc_empty_file+0x73/0x1e0 [ 504.456844][T15882] dentry_open+0x46/0xd0 [ 504.456861][T15882] vfs_open_tree+0x1ca/0x910 [ 504.456875][T15882] ? __pfx_vfs_open_tree+0x10/0x10 [ 504.456888][T15882] ? rcu_is_watching+0x12/0xc0 [ 504.456903][T15882] __x64_sys_open_tree+0x84/0x130 [ 504.456918][T15882] do_syscall_64+0xcd/0x230 [ 504.456937][T15882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.456950][T15882] RIP: 0033:0x7facdfb8e969 [ 504.456961][T15882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.456974][T15882] RSP: 002b:00007facdd9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 504.456987][T15882] RAX: ffffffffffffffda RBX: 00007facdfdb5fa0 RCX: 00007facdfb8e969 [ 504.456997][T15882] RDX: 0000000000000000 RSI: 0000200000001100 RDI: ffffffffffffff9c [ 504.457006][T15882] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 504.457013][T15882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.457021][T15882] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 504.457038][T15882] [ 506.291830][T15913] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4043'. [ 506.344803][T15915] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4044'. [ 506.908204][T15930] kvm: kvm [15929]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x2 [ 507.308919][T15939] ima: policy update failed [ 507.335936][ T30] audit: type=1802 audit(4294969648.693:17): pid=15939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.4054" res=0 errno=0 [ 508.246222][T15954] erspan0: entered allmulticast mode [ 508.872399][T15969] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4065'. [ 510.095889][T15996] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4075'. [ 510.374240][T16001] mkiss: ax0: crc mode is auto. [ 511.428647][T16033] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 511.723382][T16043] netlink: 130 bytes leftover after parsing attributes in process `syz.1.4091'. [ 512.031091][T16049] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 512.543772][T16064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4100'. [ 512.594370][T16064] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4100'. [ 512.641590][T16070] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4103'. [ 513.021215][T16084] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4109'. [ 513.111017][T16084] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4109'. [ 513.166008][T16084] netlink: 210 bytes leftover after parsing attributes in process `syz.4.4109'. [ 514.275737][T16107] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4117'. [ 514.311875][T16111] blk_print_req_error: 24 callbacks suppressed [ 514.311889][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 514.348159][T16112] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4117'. [ 514.534542][T16111] buffer_io_error: 23 callbacks suppressed [ 514.534558][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 514.756710][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 514.815477][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 514.865190][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 514.913926][T16120] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4121'. [ 514.924001][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 514.968465][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 514.978770][T16120] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4121'. [ 515.003977][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.032526][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.085924][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.214413][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.268951][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.330797][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.355209][T16128] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4123'. [ 515.375496][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.405353][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.453267][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.492186][T16111] ldm_validate_partition_table(): Disk read failed. [ 515.522726][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.562553][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.602499][T16111] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 515.640792][T16111] Buffer I/O error on dev nbd0, logical block 0, async page read [ 515.674479][T16111] Dev nbd0: unable to read RDB block 0 [ 515.721499][T16111] nbd0: unable to read partition table [ 515.820805][T16131] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4125'. [ 517.475949][T16167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4136'. [ 518.059785][T16179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4142'. [ 518.390458][T16189] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4145'. [ 518.919330][T16195] FAULT_INJECTION: forcing a failure. [ 518.919330][T16195] name failslab, interval 1, probability 0, space 0, times 0 [ 518.963738][T16195] CPU: 1 UID: 0 PID: 16195 Comm: syz.0.4148 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 518.963766][T16195] Tainted: [I]=FIRMWARE_WORKAROUND [ 518.963771][T16195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 518.963780][T16195] Call Trace: [ 518.963785][T16195] [ 518.963792][T16195] dump_stack_lvl+0x16c/0x1f0 [ 518.963815][T16195] should_fail_ex+0x512/0x640 [ 518.963834][T16195] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 518.963852][T16195] should_failslab+0xc2/0x120 [ 518.963869][T16195] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 518.963883][T16195] ? acpi_ut_create_thread_state+0x63/0x170 [ 518.963900][T16195] acpi_ut_create_thread_state+0x63/0x170 [ 518.963914][T16195] acpi_ps_parse_aml+0x79/0xcb0 [ 518.963932][T16195] acpi_ps_execute_method+0x55a/0xb30 [ 518.963950][T16195] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 518.963970][T16195] acpi_ns_evaluate+0x76c/0xca0 [ 518.963990][T16195] ? kasan_save_track+0x14/0x30 [ 518.964005][T16195] acpi_evaluate_object+0x1fa/0xa90 [ 518.964020][T16195] ? do_syscall_64+0xcd/0x230 [ 518.964037][T16195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.964052][T16195] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 518.964066][T16195] ? __mutex_trylock_common+0xe9/0x250 [ 518.964086][T16195] acpi_evaluate_integer+0xdd/0x200 [ 518.964107][T16195] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 518.964135][T16195] ? __pfx_status_show+0x10/0x10 [ 518.964149][T16195] status_show+0xa0/0x120 [ 518.964163][T16195] ? __pfx_status_show+0x10/0x10 [ 518.964182][T16195] dev_attr_show+0x53/0xe0 [ 518.964200][T16195] ? __pfx_dev_attr_show+0x10/0x10 [ 518.964215][T16195] sysfs_kf_seq_show+0x213/0x3e0 [ 518.964237][T16195] seq_read_iter+0x506/0x12c0 [ 518.964264][T16195] kernfs_fop_read_iter+0x40f/0x5a0 [ 518.964280][T16195] ? rw_verify_area+0xcf/0x680 [ 518.964300][T16195] vfs_read+0x8c8/0xc70 [ 518.964314][T16195] ? __pfx___mutex_lock+0x10/0x10 [ 518.964332][T16195] ? __pfx_vfs_read+0x10/0x10 [ 518.964356][T16195] ksys_read+0x12a/0x240 [ 518.964368][T16195] ? __pfx_ksys_read+0x10/0x10 [ 518.964379][T16195] ? rcu_is_watching+0x12/0xc0 [ 518.964397][T16195] do_syscall_64+0xcd/0x230 [ 518.964416][T16195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.964429][T16195] RIP: 0033:0x7facdfb8e969 [ 518.964441][T16195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.964453][T16195] RSP: 002b:00007facdd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 518.964466][T16195] RAX: ffffffffffffffda RBX: 00007facdfdb5fa0 RCX: 00007facdfb8e969 [ 518.964475][T16195] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 518.964483][T16195] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 518.964491][T16195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.964499][T16195] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 518.964517][T16195] [ 518.964585][T16195] ACPI Error: [ 519.535828][T16179] bond0: (slave bond_slave_1): Releasing backup interface [ 519.781936][T16195] ffff888024f29000 walk still has a scope list (20240827/dswstate-694) [ 520.098409][T16212] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4156'. [ 520.153481][T16212] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4156'. [ 520.197228][T16212] netlink: 170 bytes leftover after parsing attributes in process `syz.4.4156'. [ 521.403589][T16239] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4168'. [ 521.519404][T16238] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4167'. [ 521.868597][T16250] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4173'. [ 521.916041][T16250] veth1_macvtap: entered allmulticast mode [ 522.004827][ T5141] Bluetooth: hci2: unexpected subevent 0x01 length: 5 < 18 [ 522.239306][T16257] netlink: 'syz.4.4176': attribute type 15 has an invalid length. [ 522.277073][T16257] netlink: 'syz.4.4176': attribute type 16 has an invalid length. [ 522.316936][T16257] netlink: 'syz.4.4176': attribute type 17 has an invalid length. [ 522.368947][T16257] netlink: 'syz.4.4176': attribute type 19 has an invalid length. [ 522.409676][T16257] netlink: 'syz.4.4176': attribute type 27 has an invalid length. [ 522.454848][T16257] netlink: 'syz.4.4176': attribute type 28 has an invalid length. [ 522.507828][T16257] netlink: 'syz.4.4176': attribute type 29 has an invalid length. [ 522.542682][T16257] netlink: 'syz.4.4176': attribute type 30 has an invalid length. [ 522.553504][T16267] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4180'. [ 522.583799][T16257] netlink: 18 bytes leftover after parsing attributes in process `syz.4.4176'. [ 522.595518][T16267] unsupported nlmsg_type 40 [ 522.844995][T16273] netlink: 2 bytes leftover after parsing attributes in process `syz.4.4182'. [ 522.998638][T16277] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4184'. [ 523.830431][T16296] mkiss: ax0: crc mode is auto. [ 526.682939][T16363] FAULT_INJECTION: forcing a failure. [ 526.682939][T16363] name failslab, interval 1, probability 0, space 0, times 0 [ 526.811373][T16363] CPU: 1 UID: 0 PID: 16363 Comm: syz.3.4214 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 526.811399][T16363] Tainted: [I]=FIRMWARE_WORKAROUND [ 526.811405][T16363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 526.811413][T16363] Call Trace: [ 526.811418][T16363] [ 526.811423][T16363] dump_stack_lvl+0x16c/0x1f0 [ 526.811446][T16363] should_fail_ex+0x512/0x640 [ 526.811466][T16363] ? fs_reclaim_acquire+0xae/0x150 [ 526.811487][T16363] should_failslab+0xc2/0x120 [ 526.811504][T16363] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 526.811519][T16363] ? security_inode_alloc+0x3b/0x2b0 [ 526.811536][T16363] security_inode_alloc+0x3b/0x2b0 [ 526.811551][T16363] inode_init_always_gfp+0xce4/0x1030 [ 526.811574][T16363] alloc_inode+0x86/0x240 [ 526.811589][T16363] new_inode+0x22/0x1c0 [ 526.811603][T16363] ? trace_cap_capable+0x18d/0x200 [ 526.811616][T16363] shmem_get_inode+0x19a/0xfb0 [ 526.811637][T16363] ? __vm_enough_memory+0x184/0x3f0 [ 526.811657][T16363] __shmem_file_setup+0x16f/0x300 [ 526.811672][T16363] shmem_zero_setup+0x93/0x1a0 [ 526.811688][T16363] __mmap_region+0x2036/0x27c0 [ 526.811705][T16363] ? __pfx___mmap_region+0x10/0x10 [ 526.811719][T16363] ? trace_sched_exit_tp+0xde/0x130 [ 526.811747][T16363] ? __pfx___schedule+0x10/0x10 [ 526.811791][T16363] ? trace_cap_capable+0x18d/0x200 [ 526.811805][T16363] ? cap_capable+0xb3/0x250 [ 526.811821][T16363] mmap_region+0x1ab/0x3f0 [ 526.811840][T16363] do_mmap+0xd8e/0x11b0 [ 526.811863][T16363] ? __pfx_do_mmap+0x10/0x10 [ 526.811882][T16363] ? __pfx_down_write_killable+0x10/0x10 [ 526.811900][T16363] ? percpu_counter_add_batch+0xb8/0x1f0 [ 526.811919][T16363] vm_mmap_pgoff+0x281/0x450 [ 526.811940][T16363] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 526.811962][T16363] ? __x64_sys_futex+0x1e0/0x4c0 [ 526.811975][T16363] ? __x64_sys_futex+0x1e9/0x4c0 [ 526.811991][T16363] ksys_mmap_pgoff+0x7d/0x5c0 [ 526.812009][T16363] ? rcu_is_watching+0x12/0xc0 [ 526.812023][T16363] __x64_sys_mmap+0x125/0x190 [ 526.812039][T16363] do_syscall_64+0xcd/0x230 [ 526.812058][T16363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.812071][T16363] RIP: 0033:0x7ff08378e969 [ 526.812083][T16363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.812097][T16363] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 526.812111][T16363] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 526.812120][T16363] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 526.812128][T16363] RBP: 00007ff083810ab1 R08: fffffffffffffffa R09: 0000000000008000 [ 526.812136][T16363] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 526.812144][T16363] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 526.812167][T16363] [ 527.158788][T16367] FAULT_INJECTION: forcing a failure. [ 527.158788][T16367] name failslab, interval 1, probability 0, space 0, times 0 [ 527.171677][T16367] CPU: 1 UID: 0 PID: 16367 Comm: syz.0.4217 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 527.171704][T16367] Tainted: [I]=FIRMWARE_WORKAROUND [ 527.171710][T16367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 527.171718][T16367] Call Trace: [ 527.171723][T16367] [ 527.171733][T16367] dump_stack_lvl+0x116/0x1f0 [ 527.171758][T16367] should_fail_ex+0x512/0x640 [ 527.171780][T16367] should_failslab+0xc2/0x120 [ 527.171798][T16367] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 527.171814][T16367] ? __send_signal_locked+0x159/0x12c0 [ 527.171838][T16367] __send_signal_locked+0x159/0x12c0 [ 527.171859][T16367] ? __lock_task_sighand+0x146/0x340 [ 527.171880][T16367] do_send_specific+0x1e8/0x370 [ 527.171896][T16367] ? __pfx_do_send_specific+0x10/0x10 [ 527.171910][T16367] ? __task_pid_nr_ns+0x17c/0x500 [ 527.171932][T16367] do_rt_tgsigqueueinfo+0xa9/0x100 [ 527.171949][T16367] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 527.171968][T16367] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 527.171987][T16367] ? xfd_validate_state+0x5d/0x180 [ 527.172014][T16367] do_syscall_64+0xcd/0x230 [ 527.172033][T16367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.172047][T16367] RIP: 0033:0x7facdfb8e969 [ 527.172059][T16367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.172072][T16367] RSP: 002b:00007facdd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 527.172086][T16367] RAX: ffffffffffffffda RBX: 00007facdfdb5fa0 RCX: 00007facdfb8e969 [ 527.172094][T16367] RDX: 0000000000000021 RSI: 0000000000000a11 RDI: 0000000000000a10 [ 527.172102][T16367] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 527.172110][T16367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 527.172117][T16367] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 527.172134][T16367] [ 527.799083][T16378] sd 0:0:1:0: PR command failed: 1026 [ 527.804579][T16378] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 527.811596][T16378] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 528.095887][T16384] __nla_validate_parse: 3 callbacks suppressed [ 528.095901][T16384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4224'. [ 528.223271][T16384] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4224'. [ 529.462887][T16418] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4233'. [ 529.969668][T16418] bond0: (slave bond_slave_1): Releasing backup interface [ 530.967180][T16449] netlink: 'syz.0.4240': attribute type 33 has an invalid length. [ 531.011834][T16449] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4240'. [ 531.517435][T16471] netlink: 'syz.0.4245': attribute type 21 has an invalid length. [ 531.581646][T16471] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4245'. [ 532.367769][T16485] FAULT_INJECTION: forcing a failure. [ 532.367769][T16485] name failslab, interval 1, probability 0, space 0, times 0 [ 532.435750][T16485] CPU: 1 UID: 0 PID: 16485 Comm: syz.1.4250 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 532.435776][T16485] Tainted: [I]=FIRMWARE_WORKAROUND [ 532.435782][T16485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 532.435791][T16485] Call Trace: [ 532.435796][T16485] [ 532.435801][T16485] dump_stack_lvl+0x16c/0x1f0 [ 532.435826][T16485] should_fail_ex+0x512/0x640 [ 532.435845][T16485] ? fs_reclaim_acquire+0xae/0x150 [ 532.435867][T16485] should_failslab+0xc2/0x120 [ 532.435884][T16485] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 532.435898][T16485] ? security_inode_alloc+0x3b/0x2b0 [ 532.435916][T16485] security_inode_alloc+0x3b/0x2b0 [ 532.435930][T16485] inode_init_always_gfp+0xce4/0x1030 [ 532.435953][T16485] alloc_inode+0x86/0x240 [ 532.435969][T16485] new_inode+0x22/0x1c0 [ 532.435983][T16485] ? trace_cap_capable+0x18d/0x200 [ 532.435997][T16485] shmem_get_inode+0x19a/0xfb0 [ 532.436018][T16485] ? __vm_enough_memory+0x184/0x3f0 [ 532.436037][T16485] __shmem_file_setup+0x16f/0x300 [ 532.436053][T16485] shmem_zero_setup+0x93/0x1a0 [ 532.436069][T16485] __mmap_region+0x2036/0x27c0 [ 532.436086][T16485] ? __pfx___mmap_region+0x10/0x10 [ 532.436100][T16485] ? trace_sched_exit_tp+0xde/0x130 [ 532.436128][T16485] ? __pfx___schedule+0x10/0x10 [ 532.436163][T16485] ? trace_cap_capable+0x18d/0x200 [ 532.436185][T16485] ? cap_capable+0xb3/0x250 [ 532.436201][T16485] mmap_region+0x1ab/0x3f0 [ 532.436220][T16485] do_mmap+0xd8e/0x11b0 [ 532.436243][T16485] ? __pfx_do_mmap+0x10/0x10 [ 532.436262][T16485] ? __pfx_down_write_killable+0x10/0x10 [ 532.436280][T16485] ? percpu_counter_add_batch+0xb8/0x1f0 [ 532.436299][T16485] vm_mmap_pgoff+0x281/0x450 [ 532.436320][T16485] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 532.436342][T16485] ? __x64_sys_futex+0x1e0/0x4c0 [ 532.436356][T16485] ? __x64_sys_futex+0x1e9/0x4c0 [ 532.436372][T16485] ksys_mmap_pgoff+0x7d/0x5c0 [ 532.436390][T16485] ? rcu_is_watching+0x12/0xc0 [ 532.436404][T16485] __x64_sys_mmap+0x125/0x190 [ 532.436420][T16485] do_syscall_64+0xcd/0x230 [ 532.436439][T16485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.436453][T16485] RIP: 0033:0x7f5174d8e969 [ 532.436465][T16485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.436477][T16485] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 532.436490][T16485] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 532.436498][T16485] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 532.436506][T16485] RBP: 00007f5174e10ab1 R08: fffffffffffffffa R09: 0000000000008000 [ 532.436514][T16485] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 532.436522][T16485] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 532.436540][T16485] [ 533.820496][T16506] FAULT_INJECTION: forcing a failure. [ 533.820496][T16506] name failslab, interval 1, probability 0, space 0, times 0 [ 533.864077][T16506] CPU: 1 UID: 0 PID: 16506 Comm: syz.4.4267 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 533.864104][T16506] Tainted: [I]=FIRMWARE_WORKAROUND [ 533.864109][T16506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 533.864118][T16506] Call Trace: [ 533.864123][T16506] [ 533.864129][T16506] dump_stack_lvl+0x16c/0x1f0 [ 533.864153][T16506] should_fail_ex+0x512/0x640 [ 533.864173][T16506] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 533.864190][T16506] should_failslab+0xc2/0x120 [ 533.864207][T16506] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 533.864221][T16506] ? __pfx___might_resched+0x10/0x10 [ 533.864236][T16506] ? __anon_vma_prepare+0xae/0x5e0 [ 533.864253][T16506] __anon_vma_prepare+0xae/0x5e0 [ 533.864265][T16506] ? __pfx___pte_alloc+0x10/0x10 [ 533.864284][T16506] __vmf_anon_prepare+0x11c/0x240 [ 533.864304][T16506] do_pte_missing+0x1194/0x3fb0 [ 533.864319][T16506] ? _raw_spin_unlock+0x28/0x50 [ 533.864334][T16506] ? __pmd_alloc+0x3c2/0x870 [ 533.864353][T16506] __handle_mm_fault+0x103d/0x2a40 [ 533.864372][T16506] ? __pfx___handle_mm_fault+0x10/0x10 [ 533.864400][T16506] handle_mm_fault+0x3fe/0xad0 [ 533.864416][T16506] __get_user_pages+0x771/0x36f0 [ 533.864441][T16506] ? __pfx_mt_find+0x10/0x10 [ 533.864459][T16506] ? __pfx___get_user_pages+0x10/0x10 [ 533.864485][T16506] populate_vma_page_range+0x278/0x3a0 [ 533.864499][T16506] ? __pfx_populate_vma_page_range+0x10/0x10 [ 533.864511][T16506] ? __pfx_find_vma_intersection+0x10/0x10 [ 533.864530][T16506] ? do_mmap+0x69c/0x11b0 [ 533.864550][T16506] __mm_populate+0x1d8/0x380 [ 533.864563][T16506] ? __pfx___mm_populate+0x10/0x10 [ 533.864577][T16506] ? up_write+0x1b2/0x520 [ 533.864597][T16506] vm_mmap_pgoff+0x362/0x450 [ 533.864618][T16506] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 533.864640][T16506] ? __x64_sys_futex+0x1e0/0x4c0 [ 533.864653][T16506] ? __x64_sys_futex+0x1e9/0x4c0 [ 533.864669][T16506] ksys_mmap_pgoff+0x7d/0x5c0 [ 533.864690][T16506] ? rcu_is_watching+0x12/0xc0 [ 533.864705][T16506] __x64_sys_mmap+0x125/0x190 [ 533.864721][T16506] do_syscall_64+0xcd/0x230 [ 533.864741][T16506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.864755][T16506] RIP: 0033:0x7f17e758e969 [ 533.864767][T16506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.864780][T16506] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 533.864793][T16506] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 533.864802][T16506] RDX: 00800000000000df RSI: 0000000000400005 RDI: 0000000000000000 [ 533.864809][T16506] RBP: 00007f17e7610ab1 R08: 0000000000000002 R09: 0000000000008000 [ 533.864817][T16506] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 533.864825][T16506] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 533.864843][T16506] [ 534.395500][T16509] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4259'. [ 534.978847][T16509] bond0: (slave bond_slave_1): Releasing backup interface [ 535.028626][T16502] erspan0: entered allmulticast mode [ 535.890749][T16527] FAULT_INJECTION: forcing a failure. [ 535.890749][T16527] name failslab, interval 1, probability 0, space 0, times 0 [ 535.937927][T16527] CPU: 1 UID: 0 PID: 16527 Comm: syz.4.4265 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 535.937954][T16527] Tainted: [I]=FIRMWARE_WORKAROUND [ 535.937959][T16527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 535.937967][T16527] Call Trace: [ 535.937972][T16527] [ 535.937977][T16527] dump_stack_lvl+0x16c/0x1f0 [ 535.938002][T16527] should_fail_ex+0x512/0x640 [ 535.938021][T16527] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 535.938039][T16527] should_failslab+0xc2/0x120 [ 535.938055][T16527] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 535.938070][T16527] ? find_held_lock+0x2b/0x80 [ 535.938083][T16527] ? pidfs_alloc_inode+0x25/0x80 [ 535.938099][T16527] ? stashed_dentry_get+0xec/0x2a0 [ 535.938113][T16527] ? __pfx_pidfs_alloc_inode+0x10/0x10 [ 535.938128][T16527] pidfs_alloc_inode+0x25/0x80 [ 535.938145][T16527] alloc_inode+0x61/0x240 [ 535.938161][T16527] path_from_stashed+0x2be/0xb00 [ 535.938176][T16527] ? __pfx_path_from_stashed+0x10/0x10 [ 535.938187][T16527] ? find_held_lock+0x2b/0x80 [ 535.938200][T16527] ? alloc_fd+0x471/0x7d0 [ 535.938221][T16527] pidfs_alloc_file+0xf8/0x320 [ 535.938238][T16527] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 535.938260][T16527] ? find_get_pid+0x19b/0x310 [ 535.938279][T16527] pidfd_prepare+0xa8/0x130 [ 535.938297][T16527] __x64_sys_pidfd_open+0x105/0x1a0 [ 535.938316][T16527] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 535.938337][T16527] ? rcu_is_watching+0x12/0xc0 [ 535.938351][T16527] do_syscall_64+0xcd/0x230 [ 535.938370][T16527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.938384][T16527] RIP: 0033:0x7f17e758e969 [ 535.938395][T16527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.938408][T16527] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 535.938421][T16527] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 535.938429][T16527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000010d [ 535.938437][T16527] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 535.938444][T16527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 535.938451][T16527] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 535.938468][T16527] [ 536.681501][T16533] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4268'. [ 536.757472][ T5141] Bluetooth: hci3: unexpected event 0x03 length: 18 > 11 [ 537.356844][ T5141] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 538.434291][T16574] FAULT_INJECTION: forcing a failure. [ 538.434291][T16574] name failslab, interval 1, probability 0, space 0, times 0 [ 538.600920][T16574] CPU: 1 UID: 0 PID: 16574 Comm: syz.4.4280 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 538.600946][T16574] Tainted: [I]=FIRMWARE_WORKAROUND [ 538.600952][T16574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 538.600960][T16574] Call Trace: [ 538.600965][T16574] [ 538.600971][T16574] dump_stack_lvl+0x16c/0x1f0 [ 538.600994][T16574] should_fail_ex+0x512/0x640 [ 538.601013][T16574] ? fs_reclaim_acquire+0xae/0x150 [ 538.601036][T16574] should_failslab+0xc2/0x120 [ 538.601052][T16574] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 538.601068][T16574] ? security_inode_alloc+0x3b/0x2b0 [ 538.601085][T16574] security_inode_alloc+0x3b/0x2b0 [ 538.601099][T16574] inode_init_always_gfp+0xce4/0x1030 [ 538.601122][T16574] alloc_inode+0x86/0x240 [ 538.601137][T16574] sock_alloc+0x40/0x280 [ 538.601155][T16574] sock_create_lite+0x82/0x120 [ 538.601172][T16574] __netlink_kernel_create+0xbd/0x750 [ 538.601188][T16574] ? __kvmalloc_node_noprof+0x296/0x600 [ 538.601203][T16574] ? __pfx___netlink_kernel_create+0x10/0x10 [ 538.601224][T16574] fib_net_init+0x26d/0x3f0 [ 538.601238][T16574] ? __pfx___register_sysctl_table+0x10/0x10 [ 538.601253][T16574] ? __pfx_fib_net_init+0x10/0x10 [ 538.601271][T16574] ? lockdep_init_map_type+0x5c/0x280 [ 538.601289][T16574] ? __pfx_nl_fib_input+0x10/0x10 [ 538.601306][T16574] ? devinet_init_net+0x5c2/0x910 [ 538.601324][T16574] ? __pfx_fib_net_init+0x10/0x10 [ 538.601337][T16574] ops_init+0x1df/0x5f0 [ 538.601354][T16574] setup_net+0x21e/0x850 [ 538.601371][T16574] ? __pfx_setup_net+0x10/0x10 [ 538.601385][T16574] ? lockdep_init_map_type+0x5c/0x280 [ 538.601401][T16574] ? __pfx_down_read_killable+0x10/0x10 [ 538.601423][T16574] ? debug_mutex_init+0x37/0x70 [ 538.601437][T16574] copy_net_ns+0x2a6/0x5f0 [ 538.601455][T16574] create_new_namespaces+0x3ea/0xad0 [ 538.601474][T16574] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 538.601490][T16574] ksys_unshare+0x45b/0xa40 [ 538.601511][T16574] ? __pfx_ksys_unshare+0x10/0x10 [ 538.601528][T16574] ? xfd_validate_state+0x5d/0x180 [ 538.601549][T16574] ? rcu_is_watching+0x12/0xc0 [ 538.601573][T16574] __x64_sys_unshare+0x31/0x40 [ 538.601591][T16574] do_syscall_64+0xcd/0x230 [ 538.601611][T16574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.601626][T16574] RIP: 0033:0x7f17e758e969 [ 538.601637][T16574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.601650][T16574] RSP: 002b:00007f17e8312038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 538.601663][T16574] RAX: ffffffffffffffda RBX: 00007f17e77b6080 RCX: 00007f17e758e969 [ 538.601671][T16574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 538.601679][T16574] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 538.601687][T16574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 538.601695][T16574] R13: 0000000000000000 R14: 00007f17e77b6080 R15: 00007ffe68ec3868 [ 538.601713][T16574] [ 539.567411][T16590] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4287'. [ 540.996110][T16606] could not allocate digest TFM handle [ 541.328913][T16624] netlink: 'syz.1.4299': attribute type 4 has an invalid length. [ 541.385246][T16624] netlink: 314 bytes leftover after parsing attributes in process `syz.1.4299'. [ 541.426834][T16624] IPv6: Can't replace route, no match found [ 541.638897][T16634] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4303'. [ 541.883770][T16635] FAULT_INJECTION: forcing a failure. [ 541.883770][T16635] name failslab, interval 1, probability 0, space 0, times 0 [ 541.941241][T16635] CPU: 1 UID: 0 PID: 16635 Comm: syz.4.4304 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 541.941266][T16635] Tainted: [I]=FIRMWARE_WORKAROUND [ 541.941272][T16635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 541.941280][T16635] Call Trace: [ 541.941285][T16635] [ 541.941291][T16635] dump_stack_lvl+0x16c/0x1f0 [ 541.941315][T16635] should_fail_ex+0x512/0x640 [ 541.941335][T16635] ? fs_reclaim_acquire+0xae/0x150 [ 541.941357][T16635] should_failslab+0xc2/0x120 [ 541.941373][T16635] __kmalloc_cache_noprof+0x6a/0x3e0 [ 541.941396][T16635] ? tomoyo_write_log2+0x33d/0xc10 [ 541.941416][T16635] tomoyo_write_log2+0x33d/0xc10 [ 541.941435][T16635] tomoyo_supervisor+0x15e/0x13b0 [ 541.941459][T16635] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 541.941486][T16635] ? lockdep_hardirqs_on+0x7c/0x110 [ 541.941505][T16635] ? tomoyo_check_path_acl+0xad/0x210 [ 541.941529][T16635] ? tomoyo_check_acl+0x1f7/0x410 [ 541.941545][T16635] tomoyo_path_permission+0x270/0x3b0 [ 541.941562][T16635] tomoyo_check_open_permission+0x349/0x3c0 [ 541.941578][T16635] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 541.941613][T16635] ? do_raw_spin_lock+0x12c/0x2b0 [ 541.941638][T16635] tomoyo_file_open+0x6b/0x90 [ 541.941658][T16635] security_file_open+0x84/0x1e0 [ 541.941675][T16635] do_dentry_open+0x596/0x1c10 [ 541.941694][T16635] vfs_open+0x82/0x3f0 [ 541.941713][T16635] path_openat+0x1e5e/0x2d40 [ 541.941732][T16635] ? __pfx_path_openat+0x10/0x10 [ 541.941749][T16635] do_filp_open+0x20b/0x470 [ 541.941762][T16635] ? __pfx_do_filp_open+0x10/0x10 [ 541.941788][T16635] ? alloc_fd+0x471/0x7d0 [ 541.941812][T16635] do_sys_openat2+0x11b/0x1d0 [ 541.941828][T16635] ? __pfx_do_sys_openat2+0x10/0x10 [ 541.941852][T16635] __x64_sys_openat+0x174/0x210 [ 541.941869][T16635] ? __pfx___x64_sys_openat+0x10/0x10 [ 541.941887][T16635] ? rcu_is_watching+0x12/0xc0 [ 541.941904][T16635] do_syscall_64+0xcd/0x230 [ 541.941923][T16635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.941937][T16635] RIP: 0033:0x7f17e758e969 [ 541.941948][T16635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.941961][T16635] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 541.941974][T16635] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 541.941982][T16635] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 541.941990][T16635] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 541.941998][T16635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.942006][T16635] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 541.942025][T16635] [ 542.375750][T16648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4310'. [ 542.386066][T16648] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4310'. [ 543.452922][T16644] netlink: 'syz.3.4307': attribute type 21 has an invalid length. [ 543.461446][T16644] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4307'. [ 543.522886][T16644] IPv6: NLM_F_CREATE should be specified when creating new route [ 543.651030][T16682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4323'. [ 543.663079][T16684] netlink: 266 bytes leftover after parsing attributes in process `syz.1.4324'. [ 543.719603][T16682] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4323'. [ 544.533566][T16705] FAULT_INJECTION: forcing a failure. [ 544.533566][T16705] name failslab, interval 1, probability 0, space 0, times 0 [ 544.568984][T16705] CPU: 1 UID: 0 PID: 16705 Comm: syz.4.4333 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 544.569011][T16705] Tainted: [I]=FIRMWARE_WORKAROUND [ 544.569016][T16705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 544.569025][T16705] Call Trace: [ 544.569030][T16705] [ 544.569035][T16705] dump_stack_lvl+0x16c/0x1f0 [ 544.569059][T16705] should_fail_ex+0x512/0x640 [ 544.569078][T16705] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 544.569101][T16705] should_failslab+0xc2/0x120 [ 544.569121][T16705] __kmalloc_cache_noprof+0x6a/0x3e0 [ 544.569142][T16705] ? __asan_memset+0x23/0x50 [ 544.569161][T16705] ? snd_pcm_oss_change_params_locked+0x6f4/0x3b40 [ 544.569183][T16705] snd_pcm_oss_change_params_locked+0x6f4/0x3b40 [ 544.569204][T16705] ? rcu_is_watching+0x12/0xc0 [ 544.569223][T16705] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 544.569243][T16705] ? __pfx___mutex_lock+0x10/0x10 [ 544.569273][T16705] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 544.569291][T16705] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 544.569309][T16705] snd_pcm_oss_sync+0x1de/0x840 [ 544.569330][T16705] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 544.569347][T16705] snd_pcm_oss_release+0x28b/0x310 [ 544.569366][T16705] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 544.569383][T16705] __fput+0x3ff/0xb70 [ 544.569402][T16705] task_work_run+0x14d/0x240 [ 544.569422][T16705] ? __pfx_task_work_run+0x10/0x10 [ 544.569441][T16705] ? __pfx___do_sys_close_range+0x10/0x10 [ 544.569453][T16705] ? rcu_is_watching+0x12/0xc0 [ 544.569468][T16705] syscall_exit_to_user_mode+0x27b/0x2a0 [ 544.569487][T16705] do_syscall_64+0xda/0x230 [ 544.569506][T16705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.569519][T16705] RIP: 0033:0x7f17e758e969 [ 544.569530][T16705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.569542][T16705] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 544.569555][T16705] RAX: 0000000000000000 RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 544.569563][T16705] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 544.569571][T16705] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 544.569579][T16705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.569586][T16705] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 544.569603][T16705] [ 545.463895][T16714] could not allocate digest TFM handle [ 545.880778][T16731] sp0: Synchronizing with TNC [ 546.146357][T16738] FAULT_INJECTION: forcing a failure. [ 546.146357][T16738] name failslab, interval 1, probability 0, space 0, times 0 [ 546.160713][T16741] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4346'. [ 546.177466][T16740] FAULT_INJECTION: forcing a failure. [ 546.177466][T16740] name failslab, interval 1, probability 0, space 0, times 0 [ 546.222512][T16741] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4346'. [ 546.231917][T16738] CPU: 1 UID: 0 PID: 16738 Comm: syz.0.4345 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 546.231941][T16738] Tainted: [I]=FIRMWARE_WORKAROUND [ 546.231946][T16738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 546.231955][T16738] Call Trace: [ 546.231959][T16738] [ 546.231965][T16738] dump_stack_lvl+0x16c/0x1f0 [ 546.231988][T16738] should_fail_ex+0x512/0x640 [ 546.232008][T16738] ? __kmalloc_noprof+0xbf/0x510 [ 546.232024][T16738] ? __register_sysctl_table+0xb3/0x1900 [ 546.232039][T16738] should_failslab+0xc2/0x120 [ 546.232055][T16738] __kmalloc_noprof+0xd2/0x510 [ 546.232073][T16738] __register_sysctl_table+0xb3/0x1900 [ 546.232087][T16738] ? is_module_address+0x5f/0xf0 [ 546.232107][T16738] ? __pfx___register_sysctl_table+0x10/0x10 [ 546.232121][T16738] ? is_module_address+0x69/0xf0 [ 546.232145][T16738] ? register_net_sysctl_sz+0x228/0x3e0 [ 546.232168][T16738] ? __asan_memcpy+0x3c/0x60 [ 546.232181][T16738] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 546.232198][T16738] nf_lwtunnel_net_init+0x60/0xf0 [ 546.232213][T16738] ops_init+0x1df/0x5f0 [ 546.232231][T16738] setup_net+0x21e/0x850 [ 546.232248][T16738] ? __pfx_setup_net+0x10/0x10 [ 546.232262][T16738] ? lockdep_init_map_type+0x5c/0x280 [ 546.232280][T16738] ? __pfx_down_read_killable+0x10/0x10 [ 546.232302][T16738] ? debug_mutex_init+0x37/0x70 [ 546.232316][T16738] copy_net_ns+0x2a6/0x5f0 [ 546.232334][T16738] create_new_namespaces+0x3ea/0xad0 [ 546.232353][T16738] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 546.232369][T16738] ksys_unshare+0x45b/0xa40 [ 546.232387][T16738] ? __pfx_ksys_unshare+0x10/0x10 [ 546.232402][T16738] ? xfd_validate_state+0x5d/0x180 [ 546.232423][T16738] ? rcu_is_watching+0x12/0xc0 [ 546.232439][T16738] __x64_sys_unshare+0x31/0x40 [ 546.232455][T16738] do_syscall_64+0xcd/0x230 [ 546.232474][T16738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.232488][T16738] RIP: 0033:0x7facdfb8e969 [ 546.232500][T16738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.232512][T16738] RSP: 002b:00007facdd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 546.232525][T16738] RAX: ffffffffffffffda RBX: 00007facdfdb5fa0 RCX: 00007facdfb8e969 [ 546.232533][T16738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 546.232541][T16738] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 546.232548][T16738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 546.232556][T16738] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 546.232573][T16738] [ 546.496152][T16740] CPU: 1 UID: 0 PID: 16740 Comm: syz.1.4344 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 546.496178][T16740] Tainted: [I]=FIRMWARE_WORKAROUND [ 546.496183][T16740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 546.496191][T16740] Call Trace: [ 546.496196][T16740] [ 546.496202][T16740] dump_stack_lvl+0x16c/0x1f0 [ 546.496226][T16740] should_fail_ex+0x512/0x640 [ 546.496244][T16740] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 546.496262][T16740] should_failslab+0xc2/0x120 [ 546.496279][T16740] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 546.496294][T16740] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 546.496312][T16740] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 546.496326][T16740] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 546.496340][T16740] alloc_inode+0x61/0x240 [ 546.496356][T16740] new_inode+0x22/0x1c0 [ 546.496373][T16740] hugetlbfs_get_inode+0x354/0x730 [ 546.496391][T16740] hugetlb_file_setup+0x15b/0x620 [ 546.496408][T16740] ksys_mmap_pgoff+0x189/0x5c0 [ 546.496427][T16740] ? rcu_is_watching+0x12/0xc0 [ 546.496441][T16740] __x64_sys_mmap+0x125/0x190 [ 546.496457][T16740] do_syscall_64+0xcd/0x230 [ 546.496475][T16740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.496489][T16740] RIP: 0033:0x7f5174d8e969 [ 546.496501][T16740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.496513][T16740] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 546.496526][T16740] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 546.496535][T16740] RDX: 00004000000000df RSI: 0000000000200004 RDI: 0000000000000000 [ 546.496543][T16740] RBP: 00007f5174e10ab1 R08: ffffffffffffffff R09: 0000300004000000 [ 546.496551][T16740] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 546.496558][T16740] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 546.496575][T16740] [ 547.006310][T16749] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4350'. [ 547.148985][T16749] hsr_slave_1 (unregistering): left promiscuous mode [ 547.222458][T16753] FAULT_INJECTION: forcing a failure. [ 547.222458][T16753] name failslab, interval 1, probability 0, space 0, times 0 [ 547.263722][T16753] CPU: 1 UID: 0 PID: 16753 Comm: syz.4.4352 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 547.263750][T16753] Tainted: [I]=FIRMWARE_WORKAROUND [ 547.263755][T16753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 547.263763][T16753] Call Trace: [ 547.263768][T16753] [ 547.263774][T16753] dump_stack_lvl+0x16c/0x1f0 [ 547.263797][T16753] should_fail_ex+0x512/0x640 [ 547.263816][T16753] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 547.263840][T16753] should_failslab+0xc2/0x120 [ 547.263856][T16753] __kmalloc_cache_noprof+0x6a/0x3e0 [ 547.263877][T16753] ? __pfx___might_resched+0x10/0x10 [ 547.263891][T16753] ? snd_card_file_add+0x52/0x330 [ 547.263908][T16753] ? rcu_is_watching+0x12/0xc0 [ 547.263924][T16753] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 547.263947][T16753] snd_card_file_add+0x52/0x330 [ 547.263964][T16753] ? snd_lookup_minor_data+0xc7/0x180 [ 547.263980][T16753] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 547.264000][T16753] snd_pcm_open+0xf1/0x730 [ 547.264022][T16753] ? __pfx_snd_pcm_open+0x10/0x10 [ 547.264049][T16753] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 547.264069][T16753] snd_pcm_playback_open+0x86/0xe0 [ 547.264089][T16753] snd_open+0x1fe/0x450 [ 547.264104][T16753] ? __pfx_snd_open+0x10/0x10 [ 547.264119][T16753] chrdev_open+0x231/0x6a0 [ 547.264132][T16753] ? __pfx_apparmor_file_open+0x10/0x10 [ 547.264149][T16753] ? __pfx_chrdev_open+0x10/0x10 [ 547.264163][T16753] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 547.264186][T16753] do_dentry_open+0x741/0x1c10 [ 547.264199][T16753] ? __pfx_chrdev_open+0x10/0x10 [ 547.264216][T16753] vfs_open+0x82/0x3f0 [ 547.264234][T16753] path_openat+0x1e5e/0x2d40 [ 547.264254][T16753] ? __pfx_path_openat+0x10/0x10 [ 547.264271][T16753] do_filp_open+0x20b/0x470 [ 547.264283][T16753] ? __pfx_do_filp_open+0x10/0x10 [ 547.264308][T16753] ? alloc_fd+0x471/0x7d0 [ 547.264332][T16753] do_sys_openat2+0x11b/0x1d0 [ 547.264349][T16753] ? __pfx_do_sys_openat2+0x10/0x10 [ 547.264372][T16753] __x64_sys_openat+0x174/0x210 [ 547.264389][T16753] ? __pfx___x64_sys_openat+0x10/0x10 [ 547.264406][T16753] ? rcu_is_watching+0x12/0xc0 [ 547.264423][T16753] do_syscall_64+0xcd/0x230 [ 547.264443][T16753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.264457][T16753] RIP: 0033:0x7f17e758e969 [ 547.264469][T16753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.264481][T16753] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 547.264494][T16753] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 547.264503][T16753] RDX: 000000000016b042 RSI: 0000200000005480 RDI: ffffffffffffff9c [ 547.264511][T16753] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 547.264519][T16753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.264527][T16753] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 547.264545][T16753] [ 548.761420][T16774] type: 4278190080 invalid [ 549.223803][T16783] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4362'. [ 550.259080][T16803] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4369'. [ 550.363462][T16806] netlink: 298 bytes leftover after parsing attributes in process `syz.1.4369'. [ 550.995787][T16821] i2c i2c-0: new_device: Extra parameters [ 552.417012][T16853] netlink: 'syz.0.4387': attribute type 4 has an invalid length. [ 552.455799][T16853] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4387'. [ 552.516991][T16855] netlink: 'syz.0.4387': attribute type 4 has an invalid length. [ 552.571874][T16855] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4387'. [ 553.395431][T16878] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4395'. [ 553.767472][T16885] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4398'. [ 555.357920][T16930] FAULT_INJECTION: forcing a failure. [ 555.357920][T16930] name failslab, interval 1, probability 0, space 0, times 0 [ 555.376499][T16930] CPU: 1 UID: 0 PID: 16930 Comm: syz.1.4416 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 555.376527][T16930] Tainted: [I]=FIRMWARE_WORKAROUND [ 555.376532][T16930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 555.376541][T16930] Call Trace: [ 555.376546][T16930] [ 555.376552][T16930] dump_stack_lvl+0x16c/0x1f0 [ 555.376577][T16930] should_fail_ex+0x512/0x640 [ 555.376597][T16930] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 555.376615][T16930] should_failslab+0xc2/0x120 [ 555.376631][T16930] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 555.376644][T16930] ? acpi_evaluate_integer+0xdd/0x200 [ 555.376664][T16930] ? status_show+0xa0/0x120 [ 555.376677][T16930] ? dev_attr_show+0x53/0xe0 [ 555.376692][T16930] ? acpi_ps_alloc_op+0x25f/0x310 [ 555.376710][T16930] acpi_ps_alloc_op+0x25f/0x310 [ 555.376724][T16930] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 555.376742][T16930] acpi_ps_create_op+0x3dc/0xc20 [ 555.376759][T16930] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 555.376780][T16930] acpi_ps_parse_loop+0xdd8/0x1d00 [ 555.376811][T16930] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 555.376826][T16930] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 555.376841][T16930] ? acpi_ut_create_thread_state+0x63/0x170 [ 555.376860][T16930] acpi_ps_parse_aml+0x3c1/0xcb0 [ 555.376879][T16930] acpi_ps_execute_method+0x55a/0xb30 [ 555.376897][T16930] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 555.376917][T16930] acpi_ns_evaluate+0x76c/0xca0 [ 555.376935][T16930] ? kasan_save_track+0x14/0x30 [ 555.376950][T16930] acpi_evaluate_object+0x1fa/0xa90 [ 555.376965][T16930] ? do_syscall_64+0xcd/0x230 [ 555.376982][T16930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.376997][T16930] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 555.377011][T16930] ? __mutex_trylock_common+0xe9/0x250 [ 555.377033][T16930] acpi_evaluate_integer+0xdd/0x200 [ 555.377052][T16930] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 555.377080][T16930] ? __pfx_status_show+0x10/0x10 [ 555.377094][T16930] status_show+0xa0/0x120 [ 555.377108][T16930] ? __pfx_status_show+0x10/0x10 [ 555.377127][T16930] dev_attr_show+0x53/0xe0 [ 555.377144][T16930] ? __pfx_dev_attr_show+0x10/0x10 [ 555.377158][T16930] sysfs_kf_seq_show+0x213/0x3e0 [ 555.377180][T16930] seq_read_iter+0x506/0x12c0 [ 555.377207][T16930] kernfs_fop_read_iter+0x40f/0x5a0 [ 555.377223][T16930] ? rw_verify_area+0xcf/0x680 [ 555.377243][T16930] vfs_read+0x8c8/0xc70 [ 555.377257][T16930] ? __pfx___mutex_lock+0x10/0x10 [ 555.377275][T16930] ? __pfx_vfs_read+0x10/0x10 [ 555.377299][T16930] ksys_read+0x12a/0x240 [ 555.377311][T16930] ? __pfx_ksys_read+0x10/0x10 [ 555.377322][T16930] ? rcu_is_watching+0x12/0xc0 [ 555.377339][T16930] do_syscall_64+0xcd/0x230 [ 555.377358][T16930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.377371][T16930] RIP: 0033:0x7f5174d8e969 [ 555.377383][T16930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.377395][T16930] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 555.377408][T16930] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 555.377417][T16930] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 555.377424][T16930] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 555.377432][T16930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.377440][T16930] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 555.377459][T16930] [ 555.377471][T16930] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20240827/psparse-529) [ 557.507412][T16971] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4431'. [ 557.544470][T16971] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.551781][T16971] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.614462][T16971] bridge0: left promiscuous mode [ 557.799640][T16973] program syz.1.4432 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 558.172241][T16986] FAULT_INJECTION: forcing a failure. [ 558.172241][T16986] name failslab, interval 1, probability 0, space 0, times 0 [ 558.231826][T16986] CPU: 1 UID: 0 PID: 16986 Comm: syz.3.4437 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 558.231852][T16986] Tainted: [I]=FIRMWARE_WORKAROUND [ 558.231858][T16986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 558.231866][T16986] Call Trace: [ 558.231871][T16986] [ 558.231877][T16986] dump_stack_lvl+0x16c/0x1f0 [ 558.231900][T16986] should_fail_ex+0x512/0x640 [ 558.231919][T16986] ? fs_reclaim_acquire+0xae/0x150 [ 558.231942][T16986] should_failslab+0xc2/0x120 [ 558.231958][T16986] __kmalloc_cache_noprof+0x6a/0x3e0 [ 558.231981][T16986] ? tomoyo_init_log+0x197/0x2140 [ 558.232001][T16986] tomoyo_init_log+0x197/0x2140 [ 558.232016][T16986] ? format_decode+0x1ad/0xd40 [ 558.232031][T16986] ? __pfx_format_decode+0x10/0x10 [ 558.232051][T16986] ? __pfx_tomoyo_init_log+0x10/0x10 [ 558.232072][T16986] tomoyo_write_log2+0x2f7/0xc10 [ 558.232092][T16986] tomoyo_supervisor+0x15e/0x13b0 [ 558.232115][T16986] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 558.232142][T16986] ? lockdep_hardirqs_on+0x7c/0x110 [ 558.232162][T16986] ? tomoyo_check_path_acl+0xad/0x210 [ 558.232177][T16986] ? tomoyo_check_acl+0x1f7/0x410 [ 558.232193][T16986] tomoyo_path_permission+0x270/0x3b0 [ 558.232209][T16986] tomoyo_check_open_permission+0x37b/0x3c0 [ 558.232225][T16986] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 558.232258][T16986] ? do_raw_spin_lock+0x12c/0x2b0 [ 558.232283][T16986] tomoyo_file_open+0x6b/0x90 [ 558.232303][T16986] security_file_open+0x84/0x1e0 [ 558.232320][T16986] do_dentry_open+0x596/0x1c10 [ 558.232339][T16986] vfs_open+0x82/0x3f0 [ 558.232357][T16986] path_openat+0x1e5e/0x2d40 [ 558.232377][T16986] ? __pfx_path_openat+0x10/0x10 [ 558.232394][T16986] do_filp_open+0x20b/0x470 [ 558.232407][T16986] ? __pfx_do_filp_open+0x10/0x10 [ 558.232432][T16986] ? alloc_fd+0x471/0x7d0 [ 558.232456][T16986] do_sys_openat2+0x11b/0x1d0 [ 558.232473][T16986] ? __pfx_do_sys_openat2+0x10/0x10 [ 558.232496][T16986] __x64_sys_openat+0x174/0x210 [ 558.232513][T16986] ? __pfx___x64_sys_openat+0x10/0x10 [ 558.232531][T16986] ? rcu_is_watching+0x12/0xc0 [ 558.232556][T16986] do_syscall_64+0xcd/0x230 [ 558.232576][T16986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.232590][T16986] RIP: 0033:0x7ff08378e969 [ 558.232601][T16986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.232613][T16986] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 558.232626][T16986] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 558.232635][T16986] RDX: 0000000000000002 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 558.232643][T16986] RBP: 00007ff083810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 558.232650][T16986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.232658][T16986] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 558.232676][T16986] [ 558.899156][T17002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4443'. [ 558.947249][T16998] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 559.143999][T17010] FAULT_INJECTION: forcing a failure. [ 559.143999][T17010] name failslab, interval 1, probability 0, space 0, times 0 [ 559.190357][T17010] CPU: 1 UID: 0 PID: 17010 Comm: syz.3.4446 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 559.190384][T17010] Tainted: [I]=FIRMWARE_WORKAROUND [ 559.190389][T17010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 559.190405][T17010] Call Trace: [ 559.190410][T17010] [ 559.190416][T17010] dump_stack_lvl+0x16c/0x1f0 [ 559.190440][T17010] should_fail_ex+0x512/0x640 [ 559.190459][T17010] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 559.190476][T17010] should_failslab+0xc2/0x120 [ 559.190493][T17010] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 559.190508][T17010] ? sock_alloc_inode+0x25/0x1c0 [ 559.190528][T17010] ? __pfx_sock_alloc_inode+0x10/0x10 [ 559.190543][T17010] sock_alloc_inode+0x25/0x1c0 [ 559.190559][T17010] alloc_inode+0x61/0x240 [ 559.190575][T17010] sock_alloc+0x40/0x280 [ 559.190591][T17010] __sock_create+0xc1/0x8d0 [ 559.190612][T17010] __sys_socketpair+0x25c/0x5a0 [ 559.190632][T17010] ? __pfx___sys_socketpair+0x10/0x10 [ 559.190650][T17010] ? xfd_validate_state+0x5d/0x180 [ 559.190672][T17010] ? rcu_is_watching+0x12/0xc0 [ 559.190687][T17010] __x64_sys_socketpair+0x96/0x100 [ 559.190705][T17010] ? lockdep_hardirqs_on+0x7c/0x110 [ 559.190722][T17010] do_syscall_64+0xcd/0x230 [ 559.190741][T17010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.190755][T17010] RIP: 0033:0x7ff08378e969 [ 559.190766][T17010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.190779][T17010] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 559.190791][T17010] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 559.190800][T17010] RDX: 8000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 559.190808][T17010] RBP: 00007ff083810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 559.190815][T17010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.190823][T17010] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 559.190839][T17010] [ 559.190846][T17010] socket: no more sockets [ 559.529332][T17017] FAULT_INJECTION: forcing a failure. [ 559.529332][T17017] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 559.562845][T17017] CPU: 1 UID: 0 PID: 17017 Comm: syz.0.4448 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 559.562871][T17017] Tainted: [I]=FIRMWARE_WORKAROUND [ 559.562876][T17017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 559.562884][T17017] Call Trace: [ 559.562889][T17017] [ 559.562895][T17017] dump_stack_lvl+0x16c/0x1f0 [ 559.562919][T17017] should_fail_ex+0x512/0x640 [ 559.562941][T17017] should_fail_alloc_page+0xe7/0x130 [ 559.562959][T17017] prepare_alloc_pages+0x3c2/0x610 [ 559.562979][T17017] ? rcu_is_watching+0x12/0xc0 [ 559.562994][T17017] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 559.563009][T17017] ? __kernel_text_address+0xd/0x40 [ 559.563030][T17017] ? unwind_get_return_address+0x59/0xa0 [ 559.563045][T17017] ? arch_stack_walk+0xa6/0x100 [ 559.563066][T17017] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 559.563080][T17017] ? stack_trace_save+0x8e/0xc0 [ 559.563094][T17017] ? __pfx_stack_trace_save+0x10/0x10 [ 559.563106][T17017] ? stack_depot_save_flags+0x28/0xa50 [ 559.563124][T17017] ? find_held_lock+0x2b/0x80 [ 559.563139][T17017] ? kasan_save_stack+0x42/0x60 [ 559.563154][T17017] ? __lock_acquire+0xaa4/0x1ba0 [ 559.563169][T17017] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 559.563187][T17017] ? policy_nodemask+0xea/0x4e0 [ 559.563203][T17017] alloc_pages_mpol+0x1fb/0x550 [ 559.563219][T17017] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 559.563233][T17017] ? __page_table_check_ptes_set+0x1ae/0x420 [ 559.563249][T17017] ? find_held_lock+0x2b/0x80 [ 559.563264][T17017] alloc_pages_noprof+0x131/0x390 [ 559.563279][T17017] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 559.563292][T17017] get_free_pages_noprof+0xc/0x40 [ 559.563307][T17017] kasan_populate_vmalloc_pte+0x2d/0x160 [ 559.563321][T17017] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 559.563333][T17017] __apply_to_page_range+0x617/0xd60 [ 559.563354][T17017] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 559.563369][T17017] ? __pfx___apply_to_page_range+0x10/0x10 [ 559.563388][T17017] ? alloc_vmap_area+0x872/0x2970 [ 559.563420][T17017] alloc_vmap_area+0x919/0x2970 [ 559.563445][T17017] ? __pfx_alloc_vmap_area+0x10/0x10 [ 559.563468][T17017] __get_vm_area_node+0x1a7/0x300 [ 559.563491][T17017] __vmalloc_node_range_noprof+0x277/0x1540 [ 559.563512][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 559.563536][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 559.563557][T17017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 559.563584][T17017] __kvmalloc_node_noprof+0x2ff/0x600 [ 559.563598][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 559.563616][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 559.563636][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 559.563652][T17017] __do_sys_listmount+0x1c2/0xed0 [ 559.563673][T17017] ? __x64_sys_futex+0x1e0/0x4c0 [ 559.563686][T17017] ? __x64_sys_futex+0x1e9/0x4c0 [ 559.563700][T17017] ? __pfx___do_sys_listmount+0x10/0x10 [ 559.563718][T17017] ? xfd_validate_state+0x5d/0x180 [ 559.563744][T17017] do_syscall_64+0xcd/0x230 [ 559.563764][T17017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.563777][T17017] RIP: 0033:0x7facdfb8e969 [ 559.563789][T17017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.563802][T17017] RSP: 002b:00007facdd9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 559.563815][T17017] RAX: ffffffffffffffda RBX: 00007facdfdb6080 RCX: 00007facdfb8e969 [ 559.563823][T17017] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 559.563831][T17017] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 559.563839][T17017] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 559.563846][T17017] R13: 0000000000000000 R14: 00007facdfdb6080 R15: 00007fff9068b038 [ 559.563863][T17017] [ 559.563914][T17017] syz.0.4448: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 560.249317][T17025] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4453'. [ 561.364700][T17017] ,cpuset=/,mems_allowed=0-1 [ 561.394728][T17017] CPU: 1 UID: 0 PID: 17017 Comm: syz.0.4448 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 561.394755][T17017] Tainted: [I]=FIRMWARE_WORKAROUND [ 561.394760][T17017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 561.394768][T17017] Call Trace: [ 561.394773][T17017] [ 561.394778][T17017] dump_stack_lvl+0x16c/0x1f0 [ 561.394802][T17017] warn_alloc+0x248/0x3a0 [ 561.394819][T17017] ? __pfx_warn_alloc+0x10/0x10 [ 561.394835][T17017] ? kfree+0x2b6/0x4d0 [ 561.394851][T17017] ? __get_vm_area_node+0x1e5/0x300 [ 561.394875][T17017] __vmalloc_node_range_noprof+0xd31/0x1540 [ 561.394901][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 561.394925][T17017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 561.394953][T17017] __kvmalloc_node_noprof+0x2ff/0x600 [ 561.394966][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 561.394985][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 561.395006][T17017] ? __do_sys_listmount+0x1c2/0xed0 [ 561.395023][T17017] __do_sys_listmount+0x1c2/0xed0 [ 561.395045][T17017] ? __x64_sys_futex+0x1e0/0x4c0 [ 561.395059][T17017] ? __x64_sys_futex+0x1e9/0x4c0 [ 561.395073][T17017] ? __pfx___do_sys_listmount+0x10/0x10 [ 561.395092][T17017] ? xfd_validate_state+0x5d/0x180 [ 561.395120][T17017] do_syscall_64+0xcd/0x230 [ 561.395140][T17017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.395154][T17017] RIP: 0033:0x7facdfb8e969 [ 561.395166][T17017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.395179][T17017] RSP: 002b:00007facdd9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 561.395192][T17017] RAX: ffffffffffffffda RBX: 00007facdfdb6080 RCX: 00007facdfb8e969 [ 561.395201][T17017] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 561.395209][T17017] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 561.395216][T17017] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 561.395224][T17017] R13: 0000000000000000 R14: 00007facdfdb6080 R15: 00007fff9068b038 [ 561.395241][T17017] [ 561.395246][T17017] Mem-Info: [ 561.775057][T17045] program syz.4.4460 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 561.962818][T17017] active_anon:12266 inactive_anon:0 isolated_anon:0 [ 561.962818][T17017] active_file:13847 inactive_file:42531 isolated_file:0 [ 561.962818][T17017] unevictable:1639 dirty:574 writeback:0 [ 561.962818][T17017] slab_reclaimable:10569 slab_unreclaimable:97246 [ 561.962818][T17017] mapped:23826 shmem:2935 pagetables:1017 [ 561.962818][T17017] sec_pagetables:0 bounce:0 [ 561.962818][T17017] kernel_misc_reclaimable:0 [ 561.962818][T17017] free:1314914 free_pcp:17744 free_cma:0 [ 562.148733][T17017] Node 0 active_anon:48952kB inactive_anon:0kB active_file:55388kB inactive_file:170028kB unevictable:5028kB isolated(anon):0kB isolated(file):0kB mapped:95244kB dirty:2300kB writeback:0kB shmem:10212kB shmem_thp:6144kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:10544kB pagetables:3888kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 562.210036][T17052] FAULT_INJECTION: forcing a failure. [ 562.210036][T17052] name failslab, interval 1, probability 0, space 0, times 0 [ 562.248003][T17052] CPU: 1 UID: 0 PID: 17052 Comm: syz.1.4463 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 562.248030][T17052] Tainted: [I]=FIRMWARE_WORKAROUND [ 562.248035][T17052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 562.248044][T17052] Call Trace: [ 562.248049][T17052] [ 562.248055][T17052] dump_stack_lvl+0x16c/0x1f0 [ 562.248078][T17052] should_fail_ex+0x512/0x640 [ 562.248098][T17052] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 562.248131][T17052] should_failslab+0xc2/0x120 [ 562.248148][T17052] __kmalloc_cache_noprof+0x6a/0x3e0 [ 562.248169][T17052] ? ww_mutex_lock+0x37/0x160 [ 562.248186][T17052] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 562.248205][T17052] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 562.248219][T17052] drm_atomic_get_crtc_state+0x16e/0x450 [ 562.248239][T17052] drm_atomic_get_plane_state+0x436/0x590 [ 562.248257][T17052] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 562.248276][T17052] ? __pfx___might_resched+0x10/0x10 [ 562.248295][T17052] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 562.248332][T17052] drm_client_modeset_commit_locked+0x14d/0x580 [ 562.248351][T17052] drm_client_modeset_commit+0x4f/0x80 [ 562.248368][T17052] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 562.248385][T17052] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 562.248405][T17052] drm_fbdev_client_restore+0x2c/0x40 [ 562.248423][T17052] drm_client_dev_restore+0x1f3/0x2a0 [ 562.248442][T17052] drm_release+0x2c4/0x360 [ 562.248458][T17052] ? __pfx_drm_release+0x10/0x10 [ 562.248472][T17052] __fput+0x3ff/0xb70 [ 562.248492][T17052] task_work_run+0x14d/0x240 [ 562.248512][T17052] ? __pfx_task_work_run+0x10/0x10 [ 562.248531][T17052] ? __pfx___do_sys_close_range+0x10/0x10 [ 562.248543][T17052] ? rcu_is_watching+0x12/0xc0 [ 562.248560][T17052] syscall_exit_to_user_mode+0x27b/0x2a0 [ 562.248579][T17052] do_syscall_64+0xda/0x230 [ 562.248598][T17052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.248612][T17052] RIP: 0033:0x7f5174d8e969 [ 562.248624][T17052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.248636][T17052] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 562.248649][T17052] RAX: 0000000000000000 RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 562.248658][T17052] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 562.248665][T17052] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 562.248674][T17052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.248681][T17052] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 562.248700][T17052] [ 562.539356][T17017] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 562.570622][T17017] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 562.597777][T17017] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 562.603822][T17017] Node 0 DMA32 free:1402668kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:50988kB inactive_anon:0kB active_file:55388kB inactive_file:167936kB unevictable:5340kB writepending:2300kB present:3129332kB managed:2544168kB mlocked:3804kB bounce:0kB free_pcp:316kB local_pcp:316kB free_cma:0kB [ 562.635118][T17017] lowmem_reserve[]: 0 0 1 1 1 [ 562.640146][T17017] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1832kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 562.667667][T17017] lowmem_reserve[]: 0 0 0 0 0 [ 562.672397][T17017] Node 1 Normal free:3843032kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:67840kB local_pcp:67840kB free_cma:0kB [ 562.701954][T17017] lowmem_reserve[]: 0 0 0 0 0 [ 562.706912][T17017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 562.720284][T17017] Node 0 DMA32: 2924*4kB (ME) 2144*8kB (UME) 1660*16kB (UME) 1269*32kB (UME) 800*64kB (UME) 484*128kB (UM) 283*256kB (UM) 101*512kB (UM) 54*1024kB (UM) 5*2048kB (UME) 245*4096kB (UM) = 1402384kB [ 562.739863][T17017] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 562.751833][T17017] Node 1 Normal: 6*4kB (ME) 4*8kB (ME) 2*16kB (M) 78*32kB (UME) 91*64kB (UME) 38*128kB (UME) 18*256kB (UM) 7*512kB (UME) 6*1024kB (UM) 5*2048kB (UME) 929*4096kB (M) = 3843032kB [ 562.769497][T17017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 562.779096][T17017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 562.788441][T17017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 562.798037][T17017] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 562.807596][T17017] 59900 total pagecache pages [ 562.812891][T17017] 0 pages in swap cache [ 562.817369][T17017] Free swap = 124996kB [ 562.821542][T17017] Total swap = 124996kB [ 562.825755][T17017] 2097051 pages RAM [ 562.829577][T17017] 0 pages HighMem/MovableOnly [ 562.834299][T17017] 428903 pages reserved [ 562.838500][T17017] 0 pages cma reserved [ 563.161731][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.169041][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.472755][T17073] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4471'. [ 564.530123][T17091] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 564.632135][T17091] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 564.717323][T17096] FAULT_INJECTION: forcing a failure. [ 564.717323][T17096] name failslab, interval 1, probability 0, space 0, times 0 [ 564.803383][T17096] CPU: 1 UID: 0 PID: 17096 Comm: syz.1.4481 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 564.803410][T17096] Tainted: [I]=FIRMWARE_WORKAROUND [ 564.803416][T17096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 564.803425][T17096] Call Trace: [ 564.803430][T17096] [ 564.803436][T17096] dump_stack_lvl+0x16c/0x1f0 [ 564.803460][T17096] should_fail_ex+0x512/0x640 [ 564.803480][T17096] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 564.803498][T17096] should_failslab+0xc2/0x120 [ 564.803515][T17096] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 564.803529][T17096] ? __d_alloc+0x31/0xaa0 [ 564.803545][T17096] __d_alloc+0x31/0xaa0 [ 564.803561][T17096] path_from_stashed+0x500/0xb00 [ 564.803577][T17096] ? __pfx_path_from_stashed+0x10/0x10 [ 564.803590][T17096] ? do_raw_spin_unlock+0x172/0x230 [ 564.803613][T17096] ns_get_path+0x5f/0x80 [ 564.803632][T17096] proc_ns_get_link+0x121/0x260 [ 564.803652][T17096] ? __pfx_proc_ns_get_link+0x10/0x10 [ 564.803671][T17096] ? __pfx___might_resched+0x10/0x10 [ 564.803691][T17096] ? __pfx_proc_ns_get_link+0x10/0x10 [ 564.803711][T17096] step_into+0x1b22/0x2270 [ 564.803734][T17096] ? __pfx_step_into+0x10/0x10 [ 564.803752][T17096] ? find_held_lock+0x2b/0x80 [ 564.803771][T17096] path_openat+0x749/0x2d40 [ 564.803791][T17096] ? __pfx_path_openat+0x10/0x10 [ 564.803808][T17096] do_filp_open+0x20b/0x470 [ 564.803841][T17096] ? __pfx_do_filp_open+0x10/0x10 [ 564.803868][T17096] ? alloc_fd+0x471/0x7d0 [ 564.803893][T17096] do_sys_openat2+0x11b/0x1d0 [ 564.803910][T17096] ? __pfx_do_sys_openat2+0x10/0x10 [ 564.803933][T17096] __x64_sys_openat+0x174/0x210 [ 564.803950][T17096] ? __pfx___x64_sys_openat+0x10/0x10 [ 564.803968][T17096] ? rcu_is_watching+0x12/0xc0 [ 564.803985][T17096] do_syscall_64+0xcd/0x230 [ 564.804004][T17096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.804018][T17096] RIP: 0033:0x7f5174d8d2d0 [ 564.804030][T17096] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 564.804042][T17096] RSP: 002b:00007f5175bfdf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 564.804055][T17096] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5174d8d2d0 [ 564.804063][T17096] RDX: 0000000000000002 RSI: 00007f5175bfdfa0 RDI: 00000000ffffff9c [ 564.804071][T17096] RBP: 00007f5175bfdfa0 R08: 0000000000000000 R09: 0000000000000000 [ 564.804078][T17096] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.804085][T17096] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 564.804101][T17096] [ 565.799878][T17105] tipc: Started in network mode [ 565.804764][T17105] tipc: Node identity ffffffff, cluster identity 4711 [ 565.838673][T17105] tipc: Node number set to 4294967295 [ 565.994188][T17111] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4485'. [ 566.038275][T17098] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 566.084567][T17098] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 566.178277][T17098] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 566.222984][T17098] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 566.269079][T17098] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 566.333697][T17098] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 566.566620][T17098] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 566.749766][T17098] CPU0 is offline. [ 567.438835][T17134] netlink: 'syz.0.4495': attribute type 16 has an invalid length. [ 567.500303][T17134] netlink: 50 bytes leftover after parsing attributes in process `syz.0.4495'. [ 567.555633][T17136] FAULT_INJECTION: forcing a failure. [ 567.555633][T17136] name failslab, interval 1, probability 0, space 0, times 0 [ 567.652164][T17136] CPU: 1 UID: 0 PID: 17136 Comm: syz.4.4496 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 567.652191][T17136] Tainted: [I]=FIRMWARE_WORKAROUND [ 567.652196][T17136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 567.652204][T17136] Call Trace: [ 567.652209][T17136] [ 567.652216][T17136] dump_stack_lvl+0x16c/0x1f0 [ 567.652240][T17136] should_fail_ex+0x512/0x640 [ 567.652260][T17136] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 567.652278][T17136] should_failslab+0xc2/0x120 [ 567.652294][T17136] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 567.652309][T17136] ? __kernfs_new_node+0xd2/0x8a0 [ 567.652333][T17136] __kernfs_new_node+0xd2/0x8a0 [ 567.652355][T17136] ? __pfx___kernfs_new_node+0x10/0x10 [ 567.652379][T17136] ? find_held_lock+0x2b/0x80 [ 567.652392][T17136] ? kernfs_root+0xee/0x2a0 [ 567.652408][T17136] kernfs_new_node+0x13c/0x1e0 [ 567.652426][T17136] __kernfs_create_file+0x53/0x350 [ 567.652445][T17136] sysfs_add_file_mode_ns+0x207/0x3c0 [ 567.652468][T17136] internal_create_group+0x578/0xf30 [ 567.652486][T17136] ? __pfx_internal_create_group+0x10/0x10 [ 567.652501][T17136] ? kernfs_create_link+0x1bd/0x240 [ 567.652521][T17136] internal_create_groups+0x9d/0x150 [ 567.652535][T17136] device_add+0x6d1/0x1a70 [ 567.652562][T17136] ? __pfx_device_add+0x10/0x10 [ 567.652580][T17136] ? lockdep_init_map_type+0x5c/0x280 [ 567.652598][T17136] ? __init_waitqueue_head+0xca/0x150 [ 567.652623][T17136] netdev_register_kobject+0x182/0x3a0 [ 567.652644][T17136] register_netdevice+0x13dc/0x2270 [ 567.652665][T17136] ? __pfx_register_netdevice+0x10/0x10 [ 567.652681][T17136] ? alloc_netdev_mqs+0xe7e/0x1570 [ 567.652698][T17136] ? __pfx_loopback_net_init+0x10/0x10 [ 567.652715][T17136] register_netdev+0x34/0x50 [ 567.652730][T17136] loopback_net_init+0x7a/0x170 [ 567.652746][T17136] ? __pfx_loopback_net_init+0x10/0x10 [ 567.652760][T17136] ops_init+0x1df/0x5f0 [ 567.652778][T17136] setup_net+0x21e/0x850 [ 567.652795][T17136] ? __pfx_setup_net+0x10/0x10 [ 567.652809][T17136] ? lockdep_init_map_type+0x5c/0x280 [ 567.652825][T17136] ? __pfx_down_read_killable+0x10/0x10 [ 567.652847][T17136] ? debug_mutex_init+0x37/0x70 [ 567.652861][T17136] copy_net_ns+0x2a6/0x5f0 [ 567.652879][T17136] create_new_namespaces+0x3ea/0xad0 [ 567.652898][T17136] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 567.652915][T17136] ksys_unshare+0x45b/0xa40 [ 567.652932][T17136] ? __pfx_ksys_unshare+0x10/0x10 [ 567.652948][T17136] ? xfd_validate_state+0x5d/0x180 [ 567.652969][T17136] ? rcu_is_watching+0x12/0xc0 [ 567.652986][T17136] __x64_sys_unshare+0x31/0x40 [ 567.653002][T17136] do_syscall_64+0xcd/0x230 [ 567.653021][T17136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.653035][T17136] RIP: 0033:0x7f17e758e969 [ 567.653047][T17136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.653061][T17136] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 567.653074][T17136] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 567.653083][T17136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 567.653092][T17136] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 567.653100][T17136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 567.653108][T17136] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 567.653127][T17136] [ 568.117917][ T5141] Bluetooth: hci0: command 0x0c1a tx timeout [ 568.223347][T17149] FAULT_INJECTION: forcing a failure. [ 568.223347][T17149] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 568.237291][T17149] CPU: 1 UID: 0 PID: 17149 Comm: syz.1.4502 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 568.237314][T17149] Tainted: [I]=FIRMWARE_WORKAROUND [ 568.237320][T17149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 568.237328][T17149] Call Trace: [ 568.237333][T17149] [ 568.237338][T17149] dump_stack_lvl+0x16c/0x1f0 [ 568.237362][T17149] should_fail_ex+0x512/0x640 [ 568.237380][T17149] ? page_copy_sane+0xcd/0x2d0 [ 568.237399][T17149] copy_page_from_iter_atomic+0x3ad/0x1950 [ 568.237428][T17149] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 568.237448][T17149] ? shmem_write_begin+0x176/0x300 [ 568.237463][T17149] ? __pfx_fault_in_readable+0x10/0x10 [ 568.237481][T17149] ? __pfx_shmem_write_begin+0x10/0x10 [ 568.237497][T17149] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 568.237530][T17149] generic_perform_write+0x22c/0x930 [ 568.237552][T17149] ? __pfx_generic_perform_write+0x10/0x10 [ 568.237569][T17149] ? inode_needs_update_time.part.0+0x191/0x270 [ 568.237591][T17149] shmem_file_write_iter+0x10e/0x140 [ 568.237612][T17149] vfs_write+0x5ba/0x1180 [ 568.237625][T17149] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 568.237643][T17149] ? __pfx___mutex_lock+0x10/0x10 [ 568.237660][T17149] ? __pfx_vfs_write+0x10/0x10 [ 568.237684][T17149] ksys_write+0x12a/0x240 [ 568.237696][T17149] ? __pfx_ksys_write+0x10/0x10 [ 568.237707][T17149] ? rcu_is_watching+0x12/0xc0 [ 568.237725][T17149] do_syscall_64+0xcd/0x230 [ 568.237744][T17149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.237758][T17149] RIP: 0033:0x7f5174d8e969 [ 568.237769][T17149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.237783][T17149] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 568.237796][T17149] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 568.237805][T17149] RDX: 000000000000b8c5 RSI: 0000200000000440 RDI: 0000000000000005 [ 568.237813][T17149] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 568.237820][T17149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 568.237828][T17149] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 568.237846][T17149] [ 568.709588][ T5141] Bluetooth: hci2: command 0x0c1a tx timeout [ 568.717171][ T5141] Bluetooth: hci1: command 0x0c1a tx timeout [ 568.725049][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout [ 569.161992][T17164] FAULT_INJECTION: forcing a failure. [ 569.161992][T17164] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 569.318787][T17164] CPU: 1 UID: 0 PID: 17164 Comm: syz.4.4506 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 569.318814][T17164] Tainted: [I]=FIRMWARE_WORKAROUND [ 569.318820][T17164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 569.318828][T17164] Call Trace: [ 569.318834][T17164] [ 569.318840][T17164] dump_stack_lvl+0x16c/0x1f0 [ 569.318864][T17164] should_fail_ex+0x512/0x640 [ 569.318886][T17164] should_fail_alloc_page+0xe7/0x130 [ 569.318905][T17164] prepare_alloc_pages+0x3c2/0x610 [ 569.318925][T17164] ? rcu_is_watching+0x12/0xc0 [ 569.318940][T17164] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 569.318955][T17164] ? __kernel_text_address+0xd/0x40 [ 569.318975][T17164] ? unwind_get_return_address+0x59/0xa0 [ 569.318991][T17164] ? arch_stack_walk+0xa6/0x100 [ 569.319011][T17164] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 569.319026][T17164] ? stack_trace_save+0x8e/0xc0 [ 569.319040][T17164] ? __pfx_stack_trace_save+0x10/0x10 [ 569.319053][T17164] ? stack_depot_save_flags+0x28/0xa50 [ 569.319070][T17164] ? find_held_lock+0x2b/0x80 [ 569.319085][T17164] ? kasan_save_stack+0x42/0x60 [ 569.319101][T17164] ? __lock_acquire+0xaa4/0x1ba0 [ 569.319115][T17164] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 569.319134][T17164] ? policy_nodemask+0xea/0x4e0 [ 569.319151][T17164] alloc_pages_mpol+0x1fb/0x550 [ 569.319167][T17164] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 569.319181][T17164] ? __page_table_check_ptes_set+0x1ae/0x420 [ 569.319196][T17164] ? find_held_lock+0x2b/0x80 [ 569.319211][T17164] alloc_pages_noprof+0x131/0x390 [ 569.319227][T17164] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 569.319239][T17164] get_free_pages_noprof+0xc/0x40 [ 569.319255][T17164] kasan_populate_vmalloc_pte+0x2d/0x160 [ 569.319269][T17164] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 569.319281][T17164] __apply_to_page_range+0x617/0xd60 [ 569.319302][T17164] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 569.319318][T17164] ? __pfx___apply_to_page_range+0x10/0x10 [ 569.319337][T17164] ? alloc_vmap_area+0x872/0x2970 [ 569.319367][T17164] alloc_vmap_area+0x919/0x2970 [ 569.319394][T17164] ? __pfx_alloc_vmap_area+0x10/0x10 [ 569.319418][T17164] __get_vm_area_node+0x1a7/0x300 [ 569.319441][T17164] __vmalloc_node_range_noprof+0x277/0x1540 [ 569.319461][T17164] ? __do_sys_listmount+0x1c2/0xed0 [ 569.319485][T17164] ? __do_sys_listmount+0x1c2/0xed0 [ 569.319506][T17164] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 569.319533][T17164] __kvmalloc_node_noprof+0x2ff/0x600 [ 569.319547][T17164] ? __do_sys_listmount+0x1c2/0xed0 [ 569.319565][T17164] ? __do_sys_listmount+0x1c2/0xed0 [ 569.319585][T17164] ? __do_sys_listmount+0x1c2/0xed0 [ 569.319601][T17164] __do_sys_listmount+0x1c2/0xed0 [ 569.319622][T17164] ? __x64_sys_futex+0x1e0/0x4c0 [ 569.319635][T17164] ? __x64_sys_futex+0x1e9/0x4c0 [ 569.319649][T17164] ? __pfx___do_sys_listmount+0x10/0x10 [ 569.319667][T17164] ? xfd_validate_state+0x5d/0x180 [ 569.319693][T17164] do_syscall_64+0xcd/0x230 [ 569.319714][T17164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.319727][T17164] RIP: 0033:0x7f17e758e969 [ 569.319740][T17164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.319752][T17164] RSP: 002b:00007f17e8312038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 569.319765][T17164] RAX: ffffffffffffffda RBX: 00007f17e77b6080 RCX: 00007f17e758e969 [ 569.319774][T17164] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 569.319783][T17164] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 569.319794][T17164] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 569.319802][T17164] R13: 0000000000000000 R14: 00007f17e77b6080 R15: 00007ffe68ec3868 [ 569.319818][T17164] [ 569.806707][T17166] FAULT_INJECTION: forcing a failure. [ 569.806707][T17166] name failslab, interval 1, probability 0, space 0, times 0 [ 569.819558][T17166] CPU: 1 UID: 0 PID: 17166 Comm: syz.3.4509 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 569.819582][T17166] Tainted: [I]=FIRMWARE_WORKAROUND [ 569.819587][T17166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 569.819595][T17166] Call Trace: [ 569.819600][T17166] [ 569.819606][T17166] dump_stack_lvl+0x16c/0x1f0 [ 569.819630][T17166] should_fail_ex+0x512/0x640 [ 569.819648][T17166] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 569.819666][T17166] should_failslab+0xc2/0x120 [ 569.819684][T17166] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 569.819698][T17166] ? __kernfs_new_node+0xd2/0x8a0 [ 569.819722][T17166] __kernfs_new_node+0xd2/0x8a0 [ 569.819743][T17166] ? __pfx___kernfs_new_node+0x10/0x10 [ 569.819767][T17166] ? find_held_lock+0x2b/0x80 [ 569.819781][T17166] ? kernfs_root+0xee/0x2a0 [ 569.819796][T17166] kernfs_new_node+0x13c/0x1e0 [ 569.819814][T17166] __kernfs_create_file+0x53/0x350 [ 569.819835][T17166] sysfs_add_file_mode_ns+0x207/0x3c0 [ 569.819858][T17166] internal_create_group+0x578/0xf30 [ 569.819876][T17166] ? __pfx_internal_create_group+0x10/0x10 [ 569.819892][T17166] ? kernfs_create_link+0x1bd/0x240 [ 569.819911][T17166] internal_create_groups+0x9d/0x150 [ 569.819926][T17166] device_add+0xf30/0x1a70 [ 569.819945][T17166] ? __pfx_device_add+0x10/0x10 [ 569.819961][T17166] ? lockdep_init_map_type+0x5c/0x280 [ 569.819978][T17166] ? __init_waitqueue_head+0xca/0x150 [ 569.820002][T17166] netdev_register_kobject+0x182/0x3a0 [ 569.820022][T17166] register_netdevice+0x13dc/0x2270 [ 569.820041][T17166] ? __pfx_register_netdevice+0x10/0x10 [ 569.820063][T17166] internal_dev_create+0x2d3/0x520 [ 569.820084][T17166] ovs_vport_add+0x144/0x4d0 [ 569.820104][T17166] new_vport+0x16/0x1d0 [ 569.820119][T17166] ovs_dp_cmd_new+0x6ba/0xe60 [ 569.820140][T17166] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 569.820161][T17166] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 569.820180][T17166] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 569.820202][T17166] genl_family_rcv_msg_doit+0x206/0x2f0 [ 569.820222][T17166] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 569.820240][T17166] ? trace_cap_capable+0x18d/0x200 [ 569.820258][T17166] ? bpf_lsm_capable+0x9/0x10 [ 569.820271][T17166] ? security_capable+0x7e/0x260 [ 569.820285][T17166] ? ns_capable+0xd7/0x110 [ 569.820301][T17166] genl_rcv_msg+0x55c/0x800 [ 569.820321][T17166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 569.820337][T17166] ? __pfx___dev_queue_xmit+0x10/0x10 [ 569.820357][T17166] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 569.820375][T17166] ? __lock_acquire+0xaa4/0x1ba0 [ 569.820394][T17166] netlink_rcv_skb+0x16a/0x440 [ 569.820419][T17166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 569.820439][T17166] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 569.820465][T17166] ? __pfx_down_read+0x10/0x10 [ 569.820486][T17166] ? netlink_deliver_tap+0x1ae/0xd30 [ 569.820504][T17166] genl_rcv+0x28/0x40 [ 569.820519][T17166] netlink_unicast+0x53a/0x7f0 [ 569.820537][T17166] ? __pfx_netlink_unicast+0x10/0x10 [ 569.820552][T17166] ? __lock_acquire+0xaa4/0x1ba0 [ 569.820573][T17166] netlink_sendmsg+0x8d1/0xdd0 [ 569.820592][T17166] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.820615][T17166] ____sys_sendmsg+0xa95/0xc70 [ 569.820633][T17166] ? copy_msghdr_from_user+0x10a/0x160 [ 569.820648][T17166] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.820674][T17166] ___sys_sendmsg+0x134/0x1d0 [ 569.820689][T17166] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.820727][T17166] __sys_sendmsg+0x16d/0x220 [ 569.820741][T17166] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.820755][T17166] ? __x64_sys_futex+0x1e0/0x4c0 [ 569.820774][T17166] ? rcu_is_watching+0x12/0xc0 [ 569.820792][T17166] do_syscall_64+0xcd/0x230 [ 569.820811][T17166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.820825][T17166] RIP: 0033:0x7ff08378e969 [ 569.820838][T17166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.820850][T17166] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 569.820863][T17166] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 569.820872][T17166] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 569.820881][T17166] RBP: 00007ff083810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 569.820889][T17166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.820896][T17166] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 569.820914][T17166] [ 570.525309][T17174] FAULT_INJECTION: forcing a failure. [ 570.525309][T17174] name failslab, interval 1, probability 0, space 0, times 0 [ 570.538017][T17174] CPU: 1 UID: 0 PID: 17174 Comm: syz.0.4511 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 570.538042][T17174] Tainted: [I]=FIRMWARE_WORKAROUND [ 570.538048][T17174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 570.538056][T17174] Call Trace: [ 570.538062][T17174] [ 570.538068][T17174] dump_stack_lvl+0x16c/0x1f0 [ 570.538092][T17174] should_fail_ex+0x512/0x640 [ 570.538110][T17174] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 570.538128][T17174] should_failslab+0xc2/0x120 [ 570.538145][T17174] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 570.538160][T17174] ? security_file_alloc+0x34/0x2b0 [ 570.538179][T17174] security_file_alloc+0x34/0x2b0 [ 570.538196][T17174] init_file+0x93/0x4c0 [ 570.538212][T17174] alloc_empty_file+0x73/0x1e0 [ 570.538228][T17174] path_openat+0xe0/0x2d40 [ 570.538239][T17174] ? __x64_sys_openat+0x174/0x210 [ 570.538255][T17174] ? do_syscall_64+0xcd/0x230 [ 570.538358][T17174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.538383][T17174] ? __pfx_path_openat+0x10/0x10 [ 570.538401][T17174] do_filp_open+0x20b/0x470 [ 570.538415][T17174] ? __pfx_do_filp_open+0x10/0x10 [ 570.538441][T17174] ? alloc_fd+0x471/0x7d0 [ 570.538466][T17174] do_sys_openat2+0x11b/0x1d0 [ 570.538483][T17174] ? __pfx_do_sys_openat2+0x10/0x10 [ 570.538507][T17174] __x64_sys_openat+0x174/0x210 [ 570.538524][T17174] ? __pfx___x64_sys_openat+0x10/0x10 [ 570.538542][T17174] ? rcu_is_watching+0x12/0xc0 [ 570.538560][T17174] do_syscall_64+0xcd/0x230 [ 570.538579][T17174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.538592][T17174] RIP: 0033:0x7facdfb8d2d0 [ 570.538604][T17174] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 570.538617][T17174] RSP: 002b:00007facdd9f5f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 570.538630][T17174] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007facdfb8d2d0 [ 570.538639][T17174] RDX: 0000000000000002 RSI: 00007facdd9f5fa0 RDI: 00000000ffffff9c [ 570.538647][T17174] RBP: 00007facdd9f5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 570.538655][T17174] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 570.538663][T17174] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 570.538680][T17174] [ 570.903530][T15326] Bluetooth: hci0: command 0x0c1a tx timeout [ 570.910525][T15326] Bluetooth: hci3: command 0x0c1a tx timeout [ 571.087736][T17182] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4513'. [ 571.107744][T17182] ›: renamed from hsr0 (while UP) [ 572.282542][T17212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4525'. [ 572.660316][T17219] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4527'. [ 572.971754][ T5141] Bluetooth: hci3: command 0x0c1a tx timeout [ 572.993008][T17224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4530'. [ 573.063890][T17224] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4530'. [ 573.308876][T17225] WARNING! power/level is deprecated; use power/control instead [ 574.135585][ T5141] Bluetooth: hci3: unexpected subevent 0x19 length: 252 > 28 [ 574.144123][ T5141] Bluetooth: hci3: Unable to find connection with handle 0xc3d2 [ 574.688432][T17261] openvswitch: netlink: IP tunnel dst address not specified [ 575.761321][T17273] FAULT_INJECTION: forcing a failure. [ 575.761321][T17273] name failslab, interval 1, probability 0, space 0, times 0 [ 575.840176][T17273] CPU: 1 UID: 0 PID: 17273 Comm: syz.0.4546 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 575.840203][T17273] Tainted: [I]=FIRMWARE_WORKAROUND [ 575.840209][T17273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 575.840217][T17273] Call Trace: [ 575.840222][T17273] [ 575.840228][T17273] dump_stack_lvl+0x16c/0x1f0 [ 575.840253][T17273] should_fail_ex+0x512/0x640 [ 575.840273][T17273] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 575.840291][T17273] should_failslab+0xc2/0x120 [ 575.840308][T17273] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 575.840324][T17273] ? __kernfs_new_node+0xd2/0x8a0 [ 575.840347][T17273] __kernfs_new_node+0xd2/0x8a0 [ 575.840369][T17273] ? __pfx___kernfs_new_node+0x10/0x10 [ 575.840393][T17273] ? find_held_lock+0x2b/0x80 [ 575.840408][T17273] ? kernfs_root+0xee/0x2a0 [ 575.840423][T17273] kernfs_new_node+0x13c/0x1e0 [ 575.840440][T17273] __kernfs_create_file+0x53/0x350 [ 575.840459][T17273] sysfs_add_file_mode_ns+0x207/0x3c0 [ 575.840483][T17273] internal_create_group+0x578/0xf30 [ 575.840500][T17273] ? __pfx_internal_create_group+0x10/0x10 [ 575.840516][T17273] ? kernfs_create_link+0x1bd/0x240 [ 575.840535][T17273] internal_create_groups+0x9d/0x150 [ 575.840549][T17273] device_add+0x6d1/0x1a70 [ 575.840569][T17273] ? __pfx_device_add+0x10/0x10 [ 575.840585][T17273] ? lockdep_init_map_type+0x5c/0x280 [ 575.840602][T17273] ? __init_waitqueue_head+0xca/0x150 [ 575.840627][T17273] netdev_register_kobject+0x182/0x3a0 [ 575.840647][T17273] register_netdevice+0x13dc/0x2270 [ 575.840667][T17273] ? __pfx_register_netdevice+0x10/0x10 [ 575.840684][T17273] ? alloc_netdev_mqs+0xe7e/0x1570 [ 575.840701][T17273] ? __pfx_loopback_net_init+0x10/0x10 [ 575.840717][T17273] register_netdev+0x34/0x50 [ 575.840733][T17273] loopback_net_init+0x7a/0x170 [ 575.840749][T17273] ? __pfx_loopback_net_init+0x10/0x10 [ 575.840763][T17273] ops_init+0x1df/0x5f0 [ 575.840790][T17273] setup_net+0x21e/0x850 [ 575.840809][T17273] ? __pfx_setup_net+0x10/0x10 [ 575.840825][T17273] ? lockdep_init_map_type+0x5c/0x280 [ 575.840842][T17273] ? __pfx_down_read_killable+0x10/0x10 [ 575.840864][T17273] ? debug_mutex_init+0x37/0x70 [ 575.840878][T17273] copy_net_ns+0x2a6/0x5f0 [ 575.840896][T17273] create_new_namespaces+0x3ea/0xad0 [ 575.840915][T17273] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 575.840931][T17273] ksys_unshare+0x45b/0xa40 [ 575.840949][T17273] ? __pfx_ksys_unshare+0x10/0x10 [ 575.840965][T17273] ? xfd_validate_state+0x5d/0x180 [ 575.840986][T17273] ? rcu_is_watching+0x12/0xc0 [ 575.841003][T17273] __x64_sys_unshare+0x31/0x40 [ 575.841019][T17273] do_syscall_64+0xcd/0x230 [ 575.841038][T17273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.841052][T17273] RIP: 0033:0x7facdfb8e969 [ 575.841064][T17273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.841077][T17273] RSP: 002b:00007facdd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 575.841090][T17273] RAX: ffffffffffffffda RBX: 00007facdfdb5fa0 RCX: 00007facdfb8e969 [ 575.841099][T17273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 575.841107][T17273] RBP: 00007facdfc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 575.841115][T17273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.841123][T17273] R13: 0000000000000000 R14: 00007facdfdb5fa0 R15: 00007fff9068b038 [ 575.841140][T17273] [ 576.618293][T17276] netlink: 'syz.1.4547': attribute type 19 has an invalid length. [ 576.712626][T17276] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4547'. [ 577.242763][T17282] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4550'. [ 577.578663][T17282] ›: renamed from hsr0 (while UP) [ 578.082498][T17289] netlink: 504 bytes leftover after parsing attributes in process `syz.1.4552'. [ 578.247445][T17297] netlink: 350 bytes leftover after parsing attributes in process `syz.1.4552'. [ 578.543511][T17303] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4558'. [ 579.890236][T17329] netlink: 158 bytes leftover after parsing attributes in process `syz.4.4569'. [ 581.663785][T17359] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4579'. [ 581.760047][T17359] netlink: 302 bytes leftover after parsing attributes in process `syz.0.4579'. [ 582.177069][T17366] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4583'. [ 584.122869][T17392] netlink: 158 bytes leftover after parsing attributes in process `syz.0.4591'. [ 585.326590][T17410] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 586.005464][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 586.130573][T17426] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4602'. [ 586.226754][T17426] netlink: 98 bytes leftover after parsing attributes in process `syz.4.4602'. [ 586.650404][T17431] FAULT_INJECTION: forcing a failure. [ 586.650404][T17431] name failslab, interval 1, probability 0, space 0, times 0 [ 586.790603][T17431] CPU: 1 UID: 0 PID: 17431 Comm: syz.4.4604 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 586.790635][T17431] Tainted: [I]=FIRMWARE_WORKAROUND [ 586.790640][T17431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 586.790649][T17431] Call Trace: [ 586.790654][T17431] [ 586.790660][T17431] dump_stack_lvl+0x16c/0x1f0 [ 586.790683][T17431] should_fail_ex+0x512/0x640 [ 586.790701][T17431] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 586.790719][T17431] should_failslab+0xc2/0x120 [ 586.790736][T17431] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 586.790749][T17431] ? __proc_create+0xc3/0x8c0 [ 586.790764][T17431] ? __proc_create+0x2ce/0x8c0 [ 586.790780][T17431] __proc_create+0x2ce/0x8c0 [ 586.790795][T17431] ? __pfx___proc_create+0x10/0x10 [ 586.790807][T17431] ? proc_register+0x30f/0x5f0 [ 586.790824][T17431] ? _raw_write_unlock+0x28/0x50 [ 586.790843][T17431] proc_create_reg+0x7d/0x180 [ 586.790859][T17431] proc_create_net_data+0x8e/0x1b0 [ 586.790875][T17431] ? __pfx_proc_create_net_data+0x10/0x10 [ 586.790889][T17431] ? __pfx___netlink_kernel_create+0x10/0x10 [ 586.790910][T17431] fib_proc_init+0xf4/0x1b0 [ 586.790925][T17431] fib_net_init+0x2af/0x3f0 [ 586.790939][T17431] ? __pfx___register_sysctl_table+0x10/0x10 [ 586.790955][T17431] ? __pfx_fib_net_init+0x10/0x10 [ 586.790969][T17431] ? lockdep_init_map_type+0x5c/0x280 [ 586.790986][T17431] ? __pfx_nl_fib_input+0x10/0x10 [ 586.791003][T17431] ? devinet_init_net+0x5c2/0x910 [ 586.791021][T17431] ? __pfx_fib_net_init+0x10/0x10 [ 586.791034][T17431] ops_init+0x1df/0x5f0 [ 586.791052][T17431] setup_net+0x21e/0x850 [ 586.791069][T17431] ? __pfx_setup_net+0x10/0x10 [ 586.791083][T17431] ? lockdep_init_map_type+0x5c/0x280 [ 586.791099][T17431] ? __pfx_down_read_killable+0x10/0x10 [ 586.791120][T17431] ? debug_mutex_init+0x37/0x70 [ 586.791135][T17431] copy_net_ns+0x2a6/0x5f0 [ 586.791153][T17431] create_new_namespaces+0x3ea/0xad0 [ 586.791172][T17431] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 586.791188][T17431] ksys_unshare+0x45b/0xa40 [ 586.791205][T17431] ? __pfx_ksys_unshare+0x10/0x10 [ 586.791221][T17431] ? xfd_validate_state+0x5d/0x180 [ 586.791242][T17431] ? rcu_is_watching+0x12/0xc0 [ 586.791259][T17431] __x64_sys_unshare+0x31/0x40 [ 586.791275][T17431] do_syscall_64+0xcd/0x230 [ 586.791294][T17431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.791308][T17431] RIP: 0033:0x7f17e758e969 [ 586.791320][T17431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.791332][T17431] RSP: 002b:00007f17e8333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 586.791345][T17431] RAX: ffffffffffffffda RBX: 00007f17e77b5fa0 RCX: 00007f17e758e969 [ 586.791354][T17431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 586.791363][T17431] RBP: 00007f17e7610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 586.791371][T17431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.791378][T17431] R13: 0000000000000000 R14: 00007f17e77b5fa0 R15: 00007ffe68ec3868 [ 586.791396][T17431] [ 587.098881][ C1] vkms_vblank_simulate: vblank timer overrun [ 588.467674][T17414] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 589.072303][T17443] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4607'. [ 589.298081][T17445] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 589.518397][T17443] geneve1: entered allmulticast mode [ 590.007441][ T30] audit: type=1800 audit(4294970754.313:18): pid=17454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4611" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 590.948787][T17467] FAULT_INJECTION: forcing a failure. [ 590.948787][T17467] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 591.028825][T17467] CPU: 1 UID: 0 PID: 17467 Comm: syz.3.4615 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 591.028851][T17467] Tainted: [I]=FIRMWARE_WORKAROUND [ 591.028857][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 591.028865][T17467] Call Trace: [ 591.028870][T17467] [ 591.028876][T17467] dump_stack_lvl+0x16c/0x1f0 [ 591.028898][T17467] should_fail_ex+0x512/0x640 [ 591.028920][T17467] should_fail_alloc_page+0xe7/0x130 [ 591.028939][T17467] prepare_alloc_pages+0x3c2/0x610 [ 591.028958][T17467] ? find_held_lock+0x2b/0x80 [ 591.028973][T17467] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 591.028990][T17467] ? page_table_check_set+0x979/0xb50 [ 591.029008][T17467] ? __page_table_check_ptes_set+0x1ae/0x420 [ 591.029023][T17467] ? find_held_lock+0x2b/0x80 [ 591.029034][T17467] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 591.029058][T17467] ? __handle_mm_fault+0x1010/0x2a40 [ 591.029073][T17467] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.029091][T17467] ? policy_nodemask+0xea/0x4e0 [ 591.029109][T17467] alloc_pages_mpol+0x1fb/0x550 [ 591.029125][T17467] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 591.029146][T17467] folio_alloc_mpol_noprof+0x36/0x2f0 [ 591.029173][T17467] shmem_alloc_folio+0x135/0x160 [ 591.029189][T17467] shmem_alloc_and_add_folio+0x499/0xc20 [ 591.029210][T17467] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 591.029228][T17467] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 591.029247][T17467] shmem_get_folio_gfp+0x687/0x1530 [ 591.029267][T17467] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 591.029288][T17467] shmem_write_begin+0x160/0x300 [ 591.029306][T17467] ? __pfx_shmem_write_begin+0x10/0x10 [ 591.029323][T17467] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 591.029347][T17467] generic_perform_write+0x3cd/0x930 [ 591.029365][T17467] ? __mark_inode_dirty+0x620/0xe50 [ 591.029383][T17467] ? __pfx_generic_perform_write+0x10/0x10 [ 591.029401][T17467] ? generic_update_time+0xcf/0xf0 [ 591.029414][T17467] ? mnt_put_write_access_file+0x45/0xf0 [ 591.029436][T17467] shmem_file_write_iter+0x10e/0x140 [ 591.029455][T17467] vfs_write+0x5ba/0x1180 [ 591.029468][T17467] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 591.029486][T17467] ? __pfx___mutex_lock+0x10/0x10 [ 591.029504][T17467] ? __pfx_vfs_write+0x10/0x10 [ 591.029529][T17467] ksys_write+0x12a/0x240 [ 591.029541][T17467] ? __pfx_ksys_write+0x10/0x10 [ 591.029552][T17467] ? rcu_is_watching+0x12/0xc0 [ 591.029570][T17467] do_syscall_64+0xcd/0x230 [ 591.029589][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.029602][T17467] RIP: 0033:0x7ff08378e969 [ 591.029614][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.029628][T17467] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 591.029641][T17467] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 591.029650][T17467] RDX: 000000000000b8c5 RSI: 0000200000000440 RDI: 0000000000000006 [ 591.029657][T17467] RBP: 00007ff083810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 591.029665][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.029672][T17467] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 591.029689][T17467] [ 592.852219][T17483] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4621'. [ 592.881747][T17484] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4622'. [ 592.953713][T17485] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4621'. 1 [ 594.295383][T17508] netlink: 206 bytes leftover after parsing attributes in process `syz.0.4629'. [ 597.043360][T17570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4655'. [ 597.101070][T17574] netlink: 306 bytes leftover after parsing attributes in process `syz.4.4657'. [ 597.119419][T17570] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4655'. [ 597.182826][T17574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4657'. [ 597.228476][T17574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4657'. [ 597.816535][T17593] QAT: failed to copy from user. [ 598.622922][T17613] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4671'. [ 599.750407][T17639] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 599.775493][T17639] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 600.037219][T17643] FAULT_INJECTION: forcing a failure. [ 600.037219][T17643] name failslab, interval 1, probability 0, space 0, times 0 [ 600.068211][T17643] CPU: 1 UID: 0 PID: 17643 Comm: syz.3.4682 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 600.068237][T17643] Tainted: [I]=FIRMWARE_WORKAROUND [ 600.068242][T17643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 600.068250][T17643] Call Trace: [ 600.068256][T17643] [ 600.068262][T17643] dump_stack_lvl+0x16c/0x1f0 [ 600.068286][T17643] should_fail_ex+0x512/0x640 [ 600.068313][T17643] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 600.068338][T17643] should_failslab+0xc2/0x120 [ 600.068354][T17643] __kmalloc_cache_noprof+0x6a/0x3e0 [ 600.068375][T17643] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 600.068391][T17643] ? ktime_get_coarse_real_ts64_mg+0x200/0x320 [ 600.068406][T17643] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 600.068423][T17643] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 600.068437][T17643] hugetlb_reserve_pages+0x149/0xd90 [ 600.068459][T17643] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 600.068478][T17643] ? atime_needs_update+0x8b/0x710 [ 600.068500][T17643] hugetlbfs_file_mmap+0x4a1/0x730 [ 600.068519][T17643] __mmap_region+0x1485/0x27c0 [ 600.068537][T17643] ? __pfx___mmap_region+0x10/0x10 [ 600.068550][T17643] ? kernel_text_address+0x8d/0x100 [ 600.068583][T17643] ? stack_depot_save_flags+0x28/0xa50 [ 600.068623][T17643] ? rcu_is_watching+0x12/0xc0 [ 600.068641][T17643] mmap_region+0x32b/0x3f0 [ 600.068659][T17643] do_mmap+0xd8e/0x11b0 [ 600.068681][T17643] ? __pfx_do_mmap+0x10/0x10 [ 600.068699][T17643] ? __pfx_down_write_killable+0x10/0x10 [ 600.068722][T17643] vm_mmap_pgoff+0x281/0x450 [ 600.068744][T17643] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 600.068760][T17643] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 600.068778][T17643] ? hugetlbfs_get_inode+0x31f/0x730 [ 600.068799][T17643] ksys_mmap_pgoff+0x1c8/0x5c0 [ 600.068817][T17643] ? rcu_is_watching+0x12/0xc0 [ 600.068830][T17643] __x64_sys_mmap+0x125/0x190 [ 600.068846][T17643] do_syscall_64+0xcd/0x230 [ 600.068866][T17643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.068880][T17643] RIP: 0033:0x7ff08378e969 [ 600.068892][T17643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.068905][T17643] RSP: 002b:00007ff084571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 600.068919][T17643] RAX: ffffffffffffffda RBX: 00007ff0839b5fa0 RCX: 00007ff08378e969 [ 600.068928][T17643] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 600.068936][T17643] RBP: 00007ff083810ab1 R08: 0000000000000602 R09: 0000300000000000 [ 600.068945][T17643] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 600.068954][T17643] R13: 0000000000000000 R14: 00007ff0839b5fa0 R15: 00007ffe820b50e8 [ 600.068971][T17643] [ 600.068978][T17643] HugeTLB: unable to allocate vma specific lock [ 600.785993][T17655] FAULT_INJECTION: forcing a failure. [ 600.785993][T17655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 600.820878][T17655] CPU: 1 UID: 0 PID: 17655 Comm: syz.1.4687 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 600.820904][T17655] Tainted: [I]=FIRMWARE_WORKAROUND [ 600.820910][T17655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 600.820918][T17655] Call Trace: [ 600.820923][T17655] [ 600.820929][T17655] dump_stack_lvl+0x16c/0x1f0 [ 600.820953][T17655] should_fail_ex+0x512/0x640 [ 600.820975][T17655] should_fail_alloc_page+0xe7/0x130 [ 600.820994][T17655] prepare_alloc_pages+0x3c2/0x610 [ 600.821014][T17655] ? find_held_lock+0x2b/0x80 [ 600.821028][T17655] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 600.821046][T17655] ? page_table_check_set+0x979/0xb50 [ 600.821063][T17655] ? __page_table_check_ptes_set+0x1ae/0x420 [ 600.821079][T17655] ? find_held_lock+0x2b/0x80 [ 600.821090][T17655] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 600.821114][T17655] ? __handle_mm_fault+0x1010/0x2a40 [ 600.821129][T17655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 600.821148][T17655] ? policy_nodemask+0xea/0x4e0 [ 600.821173][T17655] alloc_pages_mpol+0x1fb/0x550 [ 600.821190][T17655] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 600.821212][T17655] folio_alloc_mpol_noprof+0x36/0x2f0 [ 600.821233][T17655] shmem_alloc_folio+0x135/0x160 [ 600.821248][T17655] shmem_alloc_and_add_folio+0x499/0xc20 [ 600.821267][T17655] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 600.821285][T17655] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 600.821303][T17655] shmem_get_folio_gfp+0x687/0x1530 [ 600.821323][T17655] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 600.821344][T17655] shmem_write_begin+0x160/0x300 [ 600.821361][T17655] ? __pfx_shmem_write_begin+0x10/0x10 [ 600.821377][T17655] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 600.821401][T17655] generic_perform_write+0x3cd/0x930 [ 600.821422][T17655] ? __pfx_generic_perform_write+0x10/0x10 [ 600.821439][T17655] ? inode_needs_update_time.part.0+0x191/0x270 [ 600.821458][T17655] shmem_file_write_iter+0x10e/0x140 [ 600.821478][T17655] vfs_write+0x5ba/0x1180 [ 600.821492][T17655] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 600.821510][T17655] ? __pfx___mutex_lock+0x10/0x10 [ 600.821527][T17655] ? __pfx_vfs_write+0x10/0x10 [ 600.821552][T17655] ksys_write+0x12a/0x240 [ 600.821564][T17655] ? __pfx_ksys_write+0x10/0x10 [ 600.821575][T17655] ? rcu_is_watching+0x12/0xc0 [ 600.821593][T17655] do_syscall_64+0xcd/0x230 [ 600.821612][T17655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.821627][T17655] RIP: 0033:0x7f5174d8e969 [ 600.821638][T17655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.821650][T17655] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 600.821663][T17655] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 600.821672][T17655] RDX: 000000000000b8c5 RSI: 0000200000000440 RDI: 0000000000000006 [ 600.821679][T17655] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 600.821687][T17655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.821694][T17655] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 600.821712][T17655] [ 601.659844][T17671] sp0: Synchronizing with TNC [ 601.711765][T17671] sp0: Found TNC [ 602.000446][T17681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4697'. [ 602.382259][T17682] mkiss: ax0: crc mode is auto. [ 602.505528][ T30] audit: type=1806 audit(4294967302.029:19): xattr="0" res=-22 [ 603.095762][T17707] netlink: 18 bytes leftover after parsing attributes in process `syz.4.4706'. [ 603.238040][T17712] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4708'. [ 604.675946][T17756] netlink: 158 bytes leftover after parsing attributes in process `syz.1.4722'. [ 606.482337][T17777] random: crng reseeded on system resumption [ 606.906030][ T30] audit: type=1326 audit(4294967306.429:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17782 comm="syz.0.4729" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7facdfb8e969 code=0x0 [ 606.931818][T17781] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4728'. [ 607.029488][T17781] netlink: 302 bytes leftover after parsing attributes in process `syz.4.4728'. [ 607.273385][T17786] could not allocate digest TFM handle [ 608.828654][T17825] FAULT_INJECTION: forcing a failure. [ 608.828654][T17825] name failslab, interval 1, probability 0, space 0, times 0 [ 608.890161][T17825] CPU: 1 UID: 0 PID: 17825 Comm: syz.1.4741 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 608.890189][T17825] Tainted: [I]=FIRMWARE_WORKAROUND [ 608.890195][T17825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 608.890204][T17825] Call Trace: [ 608.890209][T17825] [ 608.890215][T17825] dump_stack_lvl+0x16c/0x1f0 [ 608.890240][T17825] should_fail_ex+0x512/0x640 [ 608.890261][T17825] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 608.890279][T17825] should_failslab+0xc2/0x120 [ 608.890295][T17825] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 608.890310][T17825] ? ptlock_alloc+0x1f/0x70 [ 608.890327][T17825] ptlock_alloc+0x1f/0x70 [ 608.890339][T17825] pte_alloc_one+0x6d/0x380 [ 608.890355][T17825] __pte_alloc+0x6d/0x3c0 [ 608.890372][T17825] ? __pfx___pte_alloc+0x10/0x10 [ 608.890397][T17825] ? __pfx___might_resched+0x10/0x10 [ 608.890412][T17825] ? copy_page_range+0x197d/0x5fe0 [ 608.890435][T17825] copy_page_range+0x3a29/0x5fe0 [ 608.890475][T17825] ? __pfx_copy_page_range+0x10/0x10 [ 608.890500][T17825] ? __pfx___might_resched+0x10/0x10 [ 608.890513][T17825] ? __pfx_mas_store+0x10/0x10 [ 608.890530][T17825] ? __vma_enter_locked+0x163/0x3f0 [ 608.890548][T17825] ? copy_process+0x85dd/0x91a0 [ 608.890563][T17825] ? down_write+0x14d/0x200 [ 608.890583][T17825] ? up_write+0x1b2/0x520 [ 608.890603][T17825] copy_process+0x862b/0x91a0 [ 608.890633][T17825] ? __pfx_copy_process+0x10/0x10 [ 608.890647][T17825] ? __pfx___futex_wait+0x10/0x10 [ 608.890680][T17825] kernel_clone+0xfc/0x960 [ 608.890701][T17825] ? __pfx_kernel_clone+0x10/0x10 [ 608.890728][T17825] __do_sys_clone+0xce/0x120 [ 608.890744][T17825] ? __pfx___do_sys_clone+0x10/0x10 [ 608.890759][T17825] ? ksys_unshare+0x687/0xa40 [ 608.890784][T17825] ? rcu_is_watching+0x12/0xc0 [ 608.890801][T17825] do_syscall_64+0xcd/0x230 [ 608.890821][T17825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.890836][T17825] RIP: 0033:0x7f5174d8e969 [ 608.890848][T17825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.890860][T17825] RSP: 002b:00007f5175bfdfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 608.890874][T17825] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 608.890883][T17825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 608.890892][T17825] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 608.890900][T17825] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 608.890908][T17825] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 608.890926][T17825] [ 610.518399][T17856] netlink: 346 bytes leftover after parsing attributes in process `syz.0.4754'. [ 610.784071][T17861] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4756'. [ 610.870462][T17861] [ 610.873165][T17861] ============================= [ 610.878102][T17861] WARNING: suspicious RCU usage [ 610.883046][T17861] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Tainted: G I [ 610.891748][T17861] ----------------------------- [ 610.896595][T17861] net/mpls/af_mpls.c:84 suspicious rcu_dereference_check() usage! [ 610.904523][T17861] [ 610.904523][T17861] other info that might help us debug this: [ 610.904523][T17861] [ 610.914800][T17861] [ 610.914800][T17861] rcu_scheduler_active = 2, debug_locks = 1 [ 610.923003][T17861] 1 lock held by syz.1.4756/17861: [ 610.928099][T17861] #0: ffffffff901265e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 610.937566][T17861] [ 610.937566][T17861] stack backtrace: [ 610.943485][T17861] CPU: 1 UID: 0 PID: 17861 Comm: syz.1.4756 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 610.943508][T17861] Tainted: [I]=FIRMWARE_WORKAROUND [ 610.943514][T17861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 610.943522][T17861] Call Trace: [ 610.943528][T17861] [ 610.943535][T17861] dump_stack_lvl+0x16c/0x1f0 [ 610.943558][T17861] lockdep_rcu_suspicious+0x166/0x260 [ 610.943578][T17861] mpls_route_input_rcu+0x1d4/0x200 [ 610.943598][T17861] mpls_getroute+0x621/0x1ea0 [ 610.943619][T17861] ? __lock_acquire+0xaa4/0x1ba0 [ 610.943637][T17861] ? __pfx_mpls_getroute+0x10/0x10 [ 610.943655][T17861] ? bpf_ksym_find+0x40/0x1c0 [ 610.943674][T17861] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 610.943696][T17861] ? rcu_is_watching+0x12/0xc0 [ 610.943726][T17861] ? __pfx_mpls_getroute+0x10/0x10 [ 610.943744][T17861] rtnetlink_rcv_msg+0x3c6/0xe90 [ 610.943762][T17861] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.943786][T17861] netlink_rcv_skb+0x16a/0x440 [ 610.943802][T17861] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.943818][T17861] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 610.943842][T17861] ? netlink_deliver_tap+0x1ae/0xd30 [ 610.943860][T17861] netlink_unicast+0x53a/0x7f0 [ 610.943877][T17861] ? __pfx_netlink_unicast+0x10/0x10 [ 610.943891][T17861] ? __lock_acquire+0xaa4/0x1ba0 [ 610.943911][T17861] netlink_sendmsg+0x8d1/0xdd0 [ 610.943929][T17861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.943952][T17861] ____sys_sendmsg+0xa95/0xc70 [ 610.943970][T17861] ? copy_msghdr_from_user+0x10a/0x160 [ 610.943984][T17861] ? __pfx_____sys_sendmsg+0x10/0x10 [ 610.944001][T17861] ? __pfx___schedule+0x10/0x10 [ 610.944018][T17861] ? kfree+0x252/0x4d0 [ 610.944033][T17861] ___sys_sendmsg+0x134/0x1d0 [ 610.944048][T17861] ? __pfx____sys_sendmsg+0x10/0x10 [ 610.944078][T17861] ? __pfx___might_resched+0x10/0x10 [ 610.944096][T17861] __sys_sendmmsg+0x200/0x420 [ 610.944112][T17861] ? __pfx___sys_sendmmsg+0x10/0x10 [ 610.944132][T17861] ? __pfx_do_futex+0x10/0x10 [ 610.944161][T17861] ? xfd_validate_state+0x5d/0x180 [ 610.944184][T17861] ? rcu_is_watching+0x12/0xc0 [ 610.944199][T17861] __x64_sys_sendmmsg+0x9c/0x100 [ 610.944214][T17861] ? lockdep_hardirqs_on+0x7c/0x110 [ 610.944231][T17861] do_syscall_64+0xcd/0x230 [ 610.944250][T17861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.944264][T17861] RIP: 0033:0x7f5174d8e969 [ 610.944276][T17861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.944288][T17861] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 610.944301][T17861] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 610.944310][T17861] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 610.944318][T17861] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 610.944326][T17861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.944334][T17861] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 610.944352][T17861] [ 611.251191][ C1] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 612.125478][T17861] [ 612.127828][T17861] ============================= [ 612.132746][T17861] WARNING: suspicious RCU usage [ 612.137578][T17861] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Tainted: G I [ 612.146361][T17861] ----------------------------- [ 612.151243][T17861] net/mpls/af_mpls.c:85 suspicious rcu_dereference_check() usage! [ 612.159374][T17861] [ 612.159374][T17861] other info that might help us debug this: [ 612.159374][T17861] [ 612.169741][T17861] [ 612.169741][T17861] rcu_scheduler_active = 2, debug_locks = 1 [ 612.177834][T17861] 1 lock held by syz.1.4756/17861: [ 612.183260][T17861] #0: ffffffff901265e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 612.193410][T17861] [ 612.193410][T17861] stack backtrace: [ 612.199645][T17861] CPU: 1 UID: 0 PID: 17861 Comm: syz.1.4756 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 612.199669][T17861] Tainted: [I]=FIRMWARE_WORKAROUND [ 612.199674][T17861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 612.199690][T17861] Call Trace: [ 612.199694][T17861] [ 612.199699][T17861] dump_stack_lvl+0x16c/0x1f0 [ 612.199722][T17861] lockdep_rcu_suspicious+0x166/0x260 [ 612.199742][T17861] mpls_route_input_rcu+0x153/0x200 [ 612.199761][T17861] mpls_getroute+0x621/0x1ea0 [ 612.199782][T17861] ? __lock_acquire+0xaa4/0x1ba0 [ 612.199800][T17861] ? __pfx_mpls_getroute+0x10/0x10 [ 612.199819][T17861] ? bpf_ksym_find+0x40/0x1c0 [ 612.199839][T17861] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 612.199863][T17861] ? rcu_is_watching+0x12/0xc0 [ 612.199893][T17861] ? __pfx_mpls_getroute+0x10/0x10 [ 612.199913][T17861] rtnetlink_rcv_msg+0x3c6/0xe90 [ 612.199931][T17861] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 612.199957][T17861] netlink_rcv_skb+0x16a/0x440 [ 612.199974][T17861] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 612.199991][T17861] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 612.200017][T17861] ? netlink_deliver_tap+0x1ae/0xd30 [ 612.200042][T17861] netlink_unicast+0x53a/0x7f0 [ 612.200060][T17861] ? __pfx_netlink_unicast+0x10/0x10 [ 612.200075][T17861] ? __lock_acquire+0xaa4/0x1ba0 [ 612.200096][T17861] netlink_sendmsg+0x8d1/0xdd0 [ 612.200115][T17861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.200137][T17861] ____sys_sendmsg+0xa95/0xc70 [ 612.200156][T17861] ? copy_msghdr_from_user+0x10a/0x160 [ 612.200171][T17861] ? __pfx_____sys_sendmsg+0x10/0x10 [ 612.200188][T17861] ? __pfx___schedule+0x10/0x10 [ 612.200206][T17861] ? kfree+0x252/0x4d0 [ 612.200222][T17861] ___sys_sendmsg+0x134/0x1d0 [ 612.200238][T17861] ? __pfx____sys_sendmsg+0x10/0x10 [ 612.200268][T17861] ? __pfx___might_resched+0x10/0x10 [ 612.200288][T17861] __sys_sendmmsg+0x200/0x420 [ 612.200305][T17861] ? __pfx___sys_sendmmsg+0x10/0x10 [ 612.200325][T17861] ? __pfx_do_futex+0x10/0x10 [ 612.200349][T17861] ? xfd_validate_state+0x5d/0x180 [ 612.200372][T17861] ? rcu_is_watching+0x12/0xc0 [ 612.200387][T17861] __x64_sys_sendmmsg+0x9c/0x100 [ 612.200402][T17861] ? lockdep_hardirqs_on+0x7c/0x110 [ 612.200420][T17861] do_syscall_64+0xcd/0x230 [ 612.200440][T17861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.200455][T17861] RIP: 0033:0x7f5174d8e969 [ 612.200468][T17861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.200482][T17861] RSP: 002b:00007f5175bfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 612.200496][T17861] RAX: ffffffffffffffda RBX: 00007f5174fb5fa0 RCX: 00007f5174d8e969 [ 612.200505][T17861] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 612.200514][T17861] RBP: 00007f5174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 612.200523][T17861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.200531][T17861] R13: 0000000000000000 R14: 00007f5174fb5fa0 R15: 00007ffcb5922638 [ 612.200548][T17861] [ 612.500931][ C1] vkms_vblank_simulate: vblank timer overrun [ 613.934914][ T64] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.022160][ T64] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.093192][ T64] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.164240][ T64] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.311452][ T64] bridge_slave_1: left allmulticast mode [ 614.317359][ T64] bridge_slave_1: left promiscuous mode [ 614.347476][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.364662][ T64] bridge_slave_0: left allmulticast mode [ 614.381907][ T64] bridge_slave_0: left promiscuous mode [ 614.387604][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.957066][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.968991][ T64] bond0 (unregistering): Released all slaves [ 615.262235][ T64] hsr_slave_0: left promiscuous mode [ 615.270496][ T64] hsr_slave_1: left promiscuous mode [ 615.290625][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.312269][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.332838][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.340271][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.404515][ T64] veth1_macvtap: left promiscuous mode [ 615.410306][ T64] veth0_macvtap: left promiscuous mode [ 615.428338][ T64] veth1_vlan: left promiscuous mode [ 615.443470][ T64] veth0_vlan: left promiscuous mode [ 615.929475][ T64] team0 (unregistering): Port device team_slave_1 removed [ 615.966005][ T64] team0 (unregistering): Port device team_slave_0 removed