last executing test programs: 5m52.263309203s ago: executing program 0 (id=5133): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x10, 0x2, 0x0) mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x80, 0x9, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0xae31e9c9e702e50}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5m51.973544075s ago: executing program 0 (id=5135): close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) 5m50.967567302s ago: executing program 0 (id=5136): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, 0x0, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x7, 0x14, 0x0, 0x1, [@generic="1c551b"]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) futex_requeue$auto(&(0x7f0000000040)={0xb, 0x6, 0x2, 0x2000000}, 0x0, 0xf, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40400) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5m50.73843183s ago: executing program 0 (id=5139): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 5m50.422793794s ago: executing program 0 (id=5141): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x801, 0x84) sendmsg$auto_SMC_PNETID_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@SMC_PNETID_IBNAME={0x19, 0x3, '/dev/bus/usb/036/001\x00'}, @SMC_PNETID_IBNAME={0xd, 0x3, '\\&{./}:,\x00'}, @SMC_PNETID_IBNAME={0xd, 0x3, '/dev/kvm\x00'}]}, 0x50}}, 0x4) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) 5m47.203401415s ago: executing program 0 (id=5151): syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getcpu$auto(&(0x7f0000001140), 0x0, 0x0) ioctl$auto(0x1, 0x8941, 0x8) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x20000000) ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, 0x0) 5m46.515529709s ago: executing program 32 (id=5151): syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getcpu$auto(&(0x7f0000001140), 0x0, 0x0) ioctl$auto(0x1, 0x8941, 0x8) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x20000000) ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, 0x0) 2m37.598726142s ago: executing program 1 (id=6037): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x401, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) 2m37.294700991s ago: executing program 1 (id=6040): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002240)='/dev/cec26\x00', 0x1a9602, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x80001, 0x0) 2m36.866307577s ago: executing program 1 (id=6044): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(r0, 0xc040aed4, r1) close_range$auto(0x2, 0xa, 0x0) 2m36.376223095s ago: executing program 1 (id=6048): unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1f3400, 0x0) r1 = socket(0x2, 0x5, 0x0) setsockopt$auto(r1, 0x0, 0x1, 0x0, 0x1) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000380)={0x15, 0x81}) 2m33.499301461s ago: executing program 1 (id=6062): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 2m32.290926468s ago: executing program 1 (id=6066): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x8ff, 0x400, 0x9}]}) 2m17.012772626s ago: executing program 33 (id=6066): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x8ff, 0x400, 0x9}]}) 1m11.419721727s ago: executing program 2 (id=6383): mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) 1m10.691805367s ago: executing program 2 (id=6388): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyaa\x00', 0x109401, 0x0) ioctl$auto(r0, 0x540a, 0x0) write$auto(r0, 0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) 1m10.264267533s ago: executing program 2 (id=6389): sigaltstack$auto(&(0x7f0000000040)={0x0, 0x1, 0x10401}, 0x0) socket(0x18, 0x5, 0x2) sigaltstack$auto(&(0x7f00000000c0)={&(0x7f0000000140)="daa8e60550c49e6d637095e9a9e1564a0eb979fee6679669f220ce410255f2cadeabda503eafa43c5db71fc457ae191485d60909cbf6f130095c643026599b7dba46a416ba4496b6cec6f6378c0905f7c44dc9f5038f30dbf3e3e9481cdc1d8bf967aab3498f9bb0a55b976c40cf1b1892700fe33eb8df78957e69a436f338803771c31f2953bf1efc1b4e8737da6e7ae8ed27f640e4d2be2badbf87b979b8c8a5206cd3240fa122", 0xc, 0x8000000000000000}, &(0x7f00000002c0)={&(0x7f0000000280)="1e5ea7140feab1abcfd44652193bba623d73ae5e64", 0x9, 0xe4}) unshare$auto(0x40000080) socket(0x25, 0x1, 0x84) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x183440, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='*\x00%i'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1m9.40342438s ago: executing program 2 (id=6392): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) socket(0x2c, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) write$auto(0x3, 0x0, 0xfdef) 1m7.449797432s ago: executing program 2 (id=6401): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 1m6.628159409s ago: executing program 2 (id=6403): recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) getrandom$auto(0x0, 0xe06, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) ioctl$auto(0x1, 0x8983, 0x8) 51.324573603s ago: executing program 34 (id=6403): recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) getrandom$auto(0x0, 0xe06, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) ioctl$auto(0x1, 0x8983, 0x8) 10.344977299s ago: executing program 5 (id=6570): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x105100, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x3ff, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) r2 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_TUNSETVNETLE(r2, 0x400454dc, 0x0) 7.293612284s ago: executing program 5 (id=6578): mmap$auto(0x0, 0x401, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket(0xf, 0x3, 0x2) socket(0x2, 0xa, 0xe57a) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(0x6, 0x8000000000000006, 0x13, 0x0, 0x7ffffc) sendmsg$auto_NL80211_CMD_SET_REG(r0, 0x0, 0x20000000) 6.865381544s ago: executing program 4 (id=6580): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x15, 0x5, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) bind$auto(r0, &(0x7f0000000080)=@in={0x2, 0x2, @loopback}, 0x6b) sendmsg$auto_OVS_DP_CMD_GET(r0, 0x0, 0x0) 6.630469201s ago: executing program 4 (id=6581): r0 = openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x1f53, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fanotify_mark$auto(0x0, 0x1, 0x7, 0x4, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(r0, 0x0, 0x3) 4.948014592s ago: executing program 4 (id=6582): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = getpid() fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x7fffffffffffffff, 0x80000006, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0xfffffffeffffff91, 0xfd3, 0x2, 0x8000000ec, 0xfffffffffffffffd, 0x81, 0x100000000, 0x6, 0xfffffffffffffff7, 0x17fffffff}) socket(0x11, 0x3, 0x9) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0x40000100000001}, 0x6, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r2, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(r1, 0x89f2, r1) 4.634561183s ago: executing program 5 (id=6583): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r0 = socket(0xa, 0x5, 0x84) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/current\x00', 0x1, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) sendto$auto(r0, 0x0, 0x441, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000ff8000"}, 0x20) 3.441690467s ago: executing program 5 (id=6585): fcntl$auto(0xffffffffffffffff, 0x402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) close_range$auto(0x2, 0x8, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x8681, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.382749309s ago: executing program 3 (id=6586): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) getsockopt$auto_SO_TIMESTAMP_OLD(r0, 0x800, 0x1d, &(0x7f0000000040)='-{\x93(\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x11, 0x80003, 0x304) getsockopt$auto(r1, 0xd, 0x80000200, 0x0, 0x0) ioctl$auto(0x3, 0x80044501, 0x10000000000402) 3.162280713s ago: executing program 6 (id=6587): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.086083716s ago: executing program 4 (id=6588): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x2}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040), 0xc, 0x0}, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000040), 0x8000, 0x1}, 0x8}, 0x1, 0x5e0c) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 2.855959899s ago: executing program 3 (id=6589): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioperm$auto(0x2, 0x3, 0x1) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = getpid() r1 = gettid() rt_tgsigqueueinfo$auto(r0, r1, 0x1f, 0x0) io_uring_setup$auto(0x6, 0x0) ppoll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x692, 0xffa0}, 0x4, 0x0, &(0x7f00000000c0)={0x4}, 0x8) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) 2.642119414s ago: executing program 6 (id=6590): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0) read$auto(0x3, 0x0, 0x80) 2.307733862s ago: executing program 3 (id=6591): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0) 2.262356682s ago: executing program 6 (id=6592): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103000, 0x0) mbind$auto(0x100000000, 0x1, 0x9, 0x0, 0xbca, 0x5) mmap$auto(0x3ff, 0x40000a, 0x9, 0x7f, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x6, 0x7, 0x0, 0x0, 0x80000002) mremap$auto(0x0, 0x9, 0x2, 0x3, 0x7fffffffb000) 2.241687506s ago: executing program 4 (id=6593): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) pipe$auto(0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x5, 0x1) write$auto(0x3, 0x0, 0xffd8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket(0xa, 0x801, 0x84) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x20000010) getsockopt$auto(r0, 0x84, 0x72, 0x0, &(0x7f0000000100)=0x22a) 2.11446236s ago: executing program 5 (id=6594): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4188aea7, 0x0) 1.355351701s ago: executing program 6 (id=6595): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4004ae86, 0x0) 1.114195927s ago: executing program 3 (id=6596): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x5, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0x22000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0001, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 730.541683ms ago: executing program 3 (id=6597): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/o2cb/logmask/HB_BIO\x00', 0x102, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xc00caee0, r0) 663.992219ms ago: executing program 6 (id=6598): mmap$auto(0x0, 0x1, 0xe1, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x8000, 0x7, 0xd, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x0, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0x0, 0x22000, 0x200, 0x0, 0x84}, 0x1fe, 0xd) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x20000804}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 429.909087ms ago: executing program 4 (id=6599): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 357.961656ms ago: executing program 5 (id=6600): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 12.46205ms ago: executing program 3 (id=6601): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000010}, 0x20044804) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 6 (id=6602): mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) pipe$auto(0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x22082, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) ioctl$auto(0x3, 0x40106f52, r0) kernel console output (not intermixed with test programs): ailed: -22 [ 952.550800][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 952.870902][T20688] mkiss: ax0: crc mode is auto. [ 954.717057][T18555] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 958.029821][T20757] FAULT_INJECTION: forcing a failure. [ 958.029821][T20757] name failslab, interval 1, probability 0, space 0, times 0 [ 958.098838][T20757] CPU: 1 UID: 0 PID: 20757 Comm: syz.4.5691 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 958.098880][T20757] Tainted: [I]=FIRMWARE_WORKAROUND [ 958.098889][T20757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 958.098905][T20757] Call Trace: [ 958.098912][T20757] [ 958.098922][T20757] dump_stack_lvl+0x16c/0x1f0 [ 958.098955][T20757] should_fail_ex+0x512/0x640 [ 958.098989][T20757] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 958.099015][T20757] should_failslab+0xc2/0x120 [ 958.099045][T20757] __kmalloc_cache_noprof+0x6a/0x3e0 [ 958.099067][T20757] ? apparmor_capable+0x114/0x1d0 [ 958.099105][T20757] ? fsnotify_alloc_group+0x92/0x330 [ 958.099146][T20757] fsnotify_alloc_group+0x92/0x330 [ 958.099184][T20757] __do_sys_fanotify_init+0x287/0xc00 [ 958.099216][T20757] ? rcu_is_watching+0x12/0xc0 [ 958.099251][T20757] do_syscall_64+0xcd/0x490 [ 958.099282][T20757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.099306][T20757] RIP: 0033:0x7f515698e969 [ 958.099325][T20757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 958.099347][T20757] RSP: 002b:00007f5157738038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 958.099369][T20757] RAX: ffffffffffffffda RBX: 00007f5156bb5fa0 RCX: 00007f515698e969 [ 958.099391][T20757] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000401 [ 958.099405][T20757] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 958.099420][T20757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 958.099434][T20757] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 958.099463][T20757] [ 960.360439][T20776] random: crng reseeded on system resumption [ 963.736681][T20829] mkiss: ax0: crc mode is auto. [ 964.531448][T18555] Bluetooth: hci0: command 0x0406 tx timeout [ 964.597130][T20840] sp0: Synchronizing with TNC [ 966.120916][T20854] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 966.244005][T20857] FAULT_INJECTION: forcing a failure. [ 966.244005][T20857] name failslab, interval 1, probability 0, space 0, times 0 [ 966.369291][T20857] CPU: 1 UID: 0 PID: 20857 Comm: syz.3.5724 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 966.369332][T20857] Tainted: [I]=FIRMWARE_WORKAROUND [ 966.369341][T20857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 966.369356][T20857] Call Trace: [ 966.369364][T20857] [ 966.369373][T20857] dump_stack_lvl+0x16c/0x1f0 [ 966.369405][T20857] should_fail_ex+0x512/0x640 [ 966.369439][T20857] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 966.369470][T20857] should_failslab+0xc2/0x120 [ 966.369500][T20857] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 966.369527][T20857] ? dup_fd+0x4e/0xb90 [ 966.369548][T20857] ? do_futex+0x122/0x350 [ 966.369591][T20857] dup_fd+0x4e/0xb90 [ 966.369614][T20857] ? do_unlinkat+0x159/0x6a0 [ 966.369644][T20857] __do_sys_close_range+0x4ca/0x730 [ 966.369672][T20857] ? __pfx___do_sys_close_range+0x10/0x10 [ 966.369706][T20857] do_syscall_64+0xcd/0x490 [ 966.369737][T20857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 966.369761][T20857] RIP: 0033:0x7f564e58e969 [ 966.369786][T20857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 966.369809][T20857] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 966.369832][T20857] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 966.369847][T20857] RDX: 0004000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 966.369862][T20857] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 966.369877][T20857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 966.369891][T20857] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 966.369921][T20857] [ 967.639537][T20882] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5735'. [ 968.019042][T20884] FAULT_INJECTION: forcing a failure. [ 968.019042][T20884] name failslab, interval 1, probability 0, space 0, times 0 [ 968.032102][T20884] CPU: 1 UID: 0 PID: 20884 Comm: syz.2.5734 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 968.032141][T20884] Tainted: [I]=FIRMWARE_WORKAROUND [ 968.032150][T20884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 968.032165][T20884] Call Trace: [ 968.032172][T20884] [ 968.032181][T20884] dump_stack_lvl+0x116/0x1f0 [ 968.032214][T20884] should_fail_ex+0x512/0x640 [ 968.032253][T20884] should_failslab+0xc2/0x120 [ 968.032284][T20884] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 968.032313][T20884] ? __send_signal_locked+0x159/0x12c0 [ 968.032353][T20884] __send_signal_locked+0x159/0x12c0 [ 968.032385][T20884] ? __lock_task_sighand+0x146/0x340 [ 968.032418][T20884] do_send_specific+0x1e8/0x370 [ 968.032457][T20884] ? __pfx_do_send_specific+0x10/0x10 [ 968.032494][T20884] ? __task_pid_nr_ns+0x17c/0x500 [ 968.032527][T20884] do_rt_tgsigqueueinfo+0xa9/0x100 [ 968.032568][T20884] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 968.032596][T20884] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 968.032638][T20884] do_syscall_64+0xcd/0x490 [ 968.032668][T20884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 968.032692][T20884] RIP: 0033:0x7f0126f8e969 [ 968.032711][T20884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 968.032747][T20884] RSP: 002b:00007f0127d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 968.032768][T20884] RAX: ffffffffffffffda RBX: 00007f01271b5fa0 RCX: 00007f0126f8e969 [ 968.032784][T20884] RDX: 0000000000000021 RSI: 000000000000079d RDI: 000000000000079c [ 968.032798][T20884] RBP: 00007f0127010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 968.032811][T20884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 968.032825][T20884] R13: 0000000000000000 R14: 00007f01271b5fa0 R15: 00007ffd43395608 [ 968.032853][T20884] [ 968.511629][T20886] FAULT_INJECTION: forcing a failure. [ 968.511629][T20886] name failslab, interval 1, probability 0, space 0, times 0 [ 968.571903][T20886] CPU: 1 UID: 0 PID: 20886 Comm: syz.1.5736 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 968.571951][T20886] Tainted: [I]=FIRMWARE_WORKAROUND [ 968.571960][T20886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 968.571975][T20886] Call Trace: [ 968.571983][T20886] [ 968.571992][T20886] dump_stack_lvl+0x16c/0x1f0 [ 968.572024][T20886] should_fail_ex+0x512/0x640 [ 968.572058][T20886] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 968.572089][T20886] should_failslab+0xc2/0x120 [ 968.572119][T20886] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 968.572147][T20886] ? __kernfs_new_node+0xd2/0x8e0 [ 968.572175][T20886] __kernfs_new_node+0xd2/0x8e0 [ 968.572203][T20886] ? __pfx___kernfs_new_node+0x10/0x10 [ 968.572240][T20886] ? find_held_lock+0x2b/0x80 [ 968.572273][T20886] ? kernfs_root+0xee/0x2a0 [ 968.572302][T20886] kernfs_new_node+0x13c/0x1e0 [ 968.572336][T20886] __kernfs_create_file+0x53/0x350 [ 968.572374][T20886] sysfs_add_file_mode_ns+0x207/0x3c0 [ 968.572420][T20886] internal_create_group+0x578/0xf30 [ 968.572453][T20886] ? __pfx_internal_create_group+0x10/0x10 [ 968.572484][T20886] ? kernfs_create_link+0x1bd/0x240 [ 968.572522][T20886] internal_create_groups+0x9d/0x150 [ 968.572550][T20886] device_add+0x6d1/0x1a70 [ 968.572577][T20886] ? __pfx_device_add+0x10/0x10 [ 968.572598][T20886] ? lockdep_init_map_type+0x5c/0x280 [ 968.572624][T20886] ? __init_waitqueue_head+0xca/0x150 [ 968.572661][T20886] rfkill_register+0x1ad/0xb40 [ 968.572702][T20886] nfc_register_device+0x11f/0x3c0 [ 968.572736][T20886] nci_register_device+0x7f1/0xb80 [ 968.572761][T20886] ? __pfx_nci_register_device+0x10/0x10 [ 968.572790][T20886] ? lockdep_init_map_type+0x5c/0x280 [ 968.572820][T20886] virtual_ncidev_open+0x141/0x220 [ 968.572847][T20886] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 968.572874][T20886] misc_open+0x35a/0x420 [ 968.572901][T20886] ? __pfx_misc_open+0x10/0x10 [ 968.572932][T20886] chrdev_open+0x231/0x6a0 [ 968.572958][T20886] ? __pfx_apparmor_file_open+0x10/0x10 [ 968.572987][T20886] ? __pfx_chrdev_open+0x10/0x10 [ 968.573017][T20886] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 968.573061][T20886] do_dentry_open+0x741/0x1c10 [ 968.573086][T20886] ? __pfx_chrdev_open+0x10/0x10 [ 968.573119][T20886] vfs_open+0x82/0x3f0 [ 968.573154][T20886] path_openat+0x1de4/0x2cb0 [ 968.573188][T20886] ? __pfx_path_openat+0x10/0x10 [ 968.573219][T20886] ? __lock_acquire+0xb8a/0x1c90 [ 968.573245][T20886] do_filp_open+0x20b/0x470 [ 968.573269][T20886] ? __pfx_do_filp_open+0x10/0x10 [ 968.573315][T20886] ? alloc_fd+0x471/0x7d0 [ 968.573345][T20886] do_sys_openat2+0x11b/0x1d0 [ 968.573378][T20886] ? __pfx_do_sys_openat2+0x10/0x10 [ 968.573423][T20886] __x64_sys_openat+0x174/0x210 [ 968.573456][T20886] ? __pfx___x64_sys_openat+0x10/0x10 [ 968.573502][T20886] do_syscall_64+0xcd/0x490 [ 968.573533][T20886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 968.573557][T20886] RIP: 0033:0x7f027138e969 [ 968.573576][T20886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 968.573600][T20886] RSP: 002b:00007f0272144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 968.573622][T20886] RAX: ffffffffffffffda RBX: 00007f02715b5fa0 RCX: 00007f027138e969 [ 968.573637][T20886] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 968.573652][T20886] RBP: 00007f0271410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 968.573666][T20886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 968.573680][T20886] R13: 0000000000000000 R14: 00007f02715b5fa0 R15: 00007ffd1368fc58 [ 968.573710][T20886] [ 969.127358][T20895] random: crng reseeded on system resumption [ 971.049963][T20916] netlink: 'syz.4.5753': attribute type 32 has an invalid length. [ 971.092332][T20916] netlink: 'syz.4.5753': attribute type 33 has an invalid length. [ 971.100222][T20916] netlink: 'syz.4.5753': attribute type 35 has an invalid length. [ 971.171778][T20916] netlink: 'syz.4.5753': attribute type 37 has an invalid length. [ 971.216090][T20916] netlink: 'syz.4.5753': attribute type 39 has an invalid length. [ 971.248646][T20916] netlink: 'syz.4.5753': attribute type 40 has an invalid length. [ 971.294475][T20916] netlink: 'syz.4.5753': attribute type 41 has an invalid length. [ 971.331400][T20916] netlink: 'syz.4.5753': attribute type 44 has an invalid length. [ 971.363903][T20916] netlink: 'syz.4.5753': attribute type 46 has an invalid length. [ 971.422106][T20916] netlink: 'syz.4.5753': attribute type 47 has an invalid length. [ 971.461584][T20916] netlink: 2 bytes leftover after parsing attributes in process `syz.4.5753'. [ 971.927025][T20928] kvm_intel: kvm [20927]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x2 [ 974.209571][T20955] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5756'. [ 974.312024][T20955] : renamed from lo [ 974.659682][T20958] sd 0:0:1:0: PR command failed: 1026 [ 974.683861][T20958] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 974.722346][T20958] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 977.279005][T20993] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5769'. [ 977.573274][T20980] Process accounting paused [ 981.038522][T20989] Process accounting paused [ 984.063066][T21067] FAULT_INJECTION: forcing a failure. [ 984.063066][T21067] name fail_futex, interval 1, probability 0, space 0, times 1 [ 984.281564][T21067] CPU: 1 UID: 0 PID: 21067 Comm: syz.2.5796 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 984.281605][T21067] Tainted: [I]=FIRMWARE_WORKAROUND [ 984.281613][T21067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 984.281627][T21067] Call Trace: [ 984.281634][T21067] [ 984.281643][T21067] dump_stack_lvl+0x16c/0x1f0 [ 984.281674][T21067] should_fail_ex+0x512/0x640 [ 984.281712][T21067] get_futex_key+0x1d0/0x1540 [ 984.281751][T21067] ? __pfx_get_futex_key+0x10/0x10 [ 984.281787][T21067] ? __mutex_trylock_common+0xe9/0x250 [ 984.281818][T21067] futex_wake+0xea/0x530 [ 984.281846][T21067] ? __pfx_futex_wake+0x10/0x10 [ 984.281868][T21067] ? __lock_acquire+0xb8a/0x1c90 [ 984.281902][T21067] do_futex+0x1e3/0x350 [ 984.281939][T21067] ? __pfx_do_futex+0x10/0x10 [ 984.281972][T21067] ? __might_fault+0xe3/0x190 [ 984.282006][T21067] mm_release+0x24e/0x300 [ 984.282041][T21067] do_exit+0x901/0x2c70 [ 984.282071][T21067] ? __pfx_do_exit+0x10/0x10 [ 984.282094][T21067] ? do_raw_spin_lock+0x12c/0x2b0 [ 984.282121][T21067] ? find_held_lock+0x2b/0x80 [ 984.282155][T21067] do_group_exit+0xd3/0x2a0 [ 984.282182][T21067] get_signal+0x2673/0x26d0 [ 984.282227][T21067] ? __pfx_get_signal+0x10/0x10 [ 984.282261][T21067] ? do_futex+0x122/0x350 [ 984.282297][T21067] ? __pfx_do_futex+0x10/0x10 [ 984.282336][T21067] arch_do_signal_or_restart+0x8f/0x790 [ 984.282373][T21067] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 984.282416][T21067] ? xfd_validate_state+0x61/0x180 [ 984.282444][T21067] ? __pfx_do_writev+0x10/0x10 [ 984.282470][T21067] exit_to_user_mode_loop+0x84/0x110 [ 984.282499][T21067] do_syscall_64+0x3f6/0x490 [ 984.282529][T21067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.282552][T21067] RIP: 0033:0x7f0126f8e969 [ 984.282570][T21067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 984.282593][T21067] RSP: 002b:00007f0127d500e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 984.282615][T21067] RAX: fffffffffffffe00 RBX: 00007f01271b5fa8 RCX: 00007f0126f8e969 [ 984.282630][T21067] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01271b5fa8 [ 984.282645][T21067] RBP: 00007f01271b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 984.282659][T21067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01271b5fac [ 984.282672][T21067] R13: 0000000000000000 R14: 00007ffd43395520 R15: 00007ffd43395608 [ 984.282700][T21067] [ 984.659900][T21082] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5801'. [ 985.051777][T21090] FAULT_INJECTION: forcing a failure. [ 985.051777][T21090] name failslab, interval 1, probability 0, space 0, times 0 [ 985.088720][T21090] CPU: 1 UID: 0 PID: 21090 Comm: syz.1.5804 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 985.088762][T21090] Tainted: [I]=FIRMWARE_WORKAROUND [ 985.088770][T21090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 985.088784][T21090] Call Trace: [ 985.088793][T21090] [ 985.088803][T21090] dump_stack_lvl+0x16c/0x1f0 [ 985.088836][T21090] should_fail_ex+0x512/0x640 [ 985.088870][T21090] ? __kmalloc_noprof+0xbf/0x510 [ 985.088899][T21090] ? lsm_blob_alloc+0x68/0x90 [ 985.088932][T21090] should_failslab+0xc2/0x120 [ 985.088962][T21090] __kmalloc_noprof+0xd2/0x510 [ 985.088994][T21090] lsm_blob_alloc+0x68/0x90 [ 985.089028][T21090] security_prepare_creds+0x30/0x270 [ 985.089061][T21090] prepare_creds+0x56f/0x7d0 [ 985.089091][T21090] __sys_setresuid+0x46d/0x1160 [ 985.089131][T21090] do_syscall_64+0xcd/0x490 [ 985.089161][T21090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 985.089185][T21090] RIP: 0033:0x7f027138e969 [ 985.089204][T21090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 985.089227][T21090] RSP: 002b:00007f0272144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 985.089250][T21090] RAX: ffffffffffffffda RBX: 00007f02715b5fa0 RCX: 00007f027138e969 [ 985.089266][T21090] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000000 [ 985.089281][T21090] RBP: 00007f0271410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 985.089295][T21090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 985.089309][T21090] R13: 0000000000000000 R14: 00007f02715b5fa0 R15: 00007ffd1368fc58 [ 985.089338][T21090] [ 985.931745][T21087] FAULT_INJECTION: forcing a failure. [ 985.931745][T21087] name failslab, interval 1, probability 0, space 0, times 0 [ 986.074332][T21087] CPU: 1 UID: 0 PID: 21087 Comm: syz.3.5803 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 986.074375][T21087] Tainted: [I]=FIRMWARE_WORKAROUND [ 986.074385][T21087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 986.074400][T21087] Call Trace: [ 986.074407][T21087] [ 986.074418][T21087] dump_stack_lvl+0x16c/0x1f0 [ 986.074451][T21087] should_fail_ex+0x512/0x640 [ 986.074486][T21087] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 986.074521][T21087] should_failslab+0xc2/0x120 [ 986.074554][T21087] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 986.074590][T21087] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 986.074626][T21087] acpi_ut_create_generic_state+0x5c/0xb0 [ 986.074656][T21087] acpi_ps_init_scope+0x1a/0x1c0 [ 986.074693][T21087] acpi_ds_init_aml_walk+0x1d9/0x590 [ 986.074738][T21087] acpi_ps_execute_method+0x32d/0xb30 [ 986.074777][T21087] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 986.074804][T21087] acpi_ns_evaluate+0x76c/0xca0 [ 986.074847][T21087] ? kasan_save_track+0x14/0x30 [ 986.074875][T21087] acpi_evaluate_object+0x1fa/0xa90 [ 986.074909][T21087] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.074940][T21087] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 986.074974][T21087] ? __mutex_trylock_common+0xe9/0x250 [ 986.075003][T21087] acpi_evaluate_integer+0xdd/0x200 [ 986.075031][T21087] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 986.075071][T21087] ? __pfx_status_show+0x10/0x10 [ 986.075103][T21087] status_show+0xa0/0x120 [ 986.075134][T21087] ? __pfx_status_show+0x10/0x10 [ 986.075178][T21087] dev_attr_show+0x56/0xe0 [ 986.075202][T21087] ? __pfx_dev_attr_show+0x10/0x10 [ 986.075221][T21087] sysfs_kf_seq_show+0x216/0x3e0 [ 986.075265][T21087] seq_read_iter+0x506/0x12c0 [ 986.075317][T21087] kernfs_fop_read_iter+0x40f/0x5a0 [ 986.075350][T21087] ? rw_verify_area+0xcf/0x680 [ 986.075390][T21087] vfs_read+0x8bf/0xc60 [ 986.075417][T21087] ? __pfx___mutex_lock+0x10/0x10 [ 986.075446][T21087] ? __pfx_vfs_read+0x10/0x10 [ 986.075489][T21087] ksys_read+0x12a/0x250 [ 986.075516][T21087] ? __pfx_ksys_read+0x10/0x10 [ 986.075548][T21087] do_syscall_64+0xcd/0x490 [ 986.075585][T21087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.075609][T21087] RIP: 0033:0x7f564e58e969 [ 986.075628][T21087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 986.075651][T21087] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 986.075678][T21087] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 986.075694][T21087] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 986.075708][T21087] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 986.075722][T21087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 986.075736][T21087] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 986.075766][T21087] [ 987.068820][T21111] netlink: 'syz.4.5812': attribute type 4 has an invalid length. [ 987.093001][T21111] netlink: 314 bytes leftover after parsing attributes in process `syz.4.5812'. [ 987.218556][T21114] netlink: 'syz.2.5813': attribute type 15 has an invalid length. [ 987.252914][T21114] netlink: 'syz.2.5813': attribute type 16 has an invalid length. [ 987.271088][T21114] netlink: 'syz.2.5813': attribute type 17 has an invalid length. [ 987.297031][T21114] netlink: 'syz.2.5813': attribute type 19 has an invalid length. [ 987.317672][T21114] netlink: 'syz.2.5813': attribute type 27 has an invalid length. [ 987.349617][T21114] netlink: 'syz.2.5813': attribute type 28 has an invalid length. [ 987.418884][T21114] netlink: 'syz.2.5813': attribute type 29 has an invalid length. [ 987.447390][T21114] netlink: 'syz.2.5813': attribute type 30 has an invalid length. [ 987.483008][T21114] netlink: 18 bytes leftover after parsing attributes in process `syz.2.5813'. [ 989.177776][T21146] zswap: compressor 00 not available [ 992.005255][ T51] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18 [ 992.687745][T21216] vhci_hcd: not connected 4 [ 993.059516][ T51] Bluetooth: hci0: unexpected event 0x08 length: 11 > 4 [ 993.060218][T21222] ima: policy update failed [ 993.127421][ T30] audit: type=1802 audit(4294969779.867:24): pid=21222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.5852" res=0 errno=0 [ 993.260156][T21221] FAULT_INJECTION: forcing a failure. [ 993.260156][T21221] name failslab, interval 1, probability 0, space 0, times 0 [ 993.434681][T21221] CPU: 1 UID: 0 PID: 21221 Comm: syz.3.5850 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 993.434723][T21221] Tainted: [I]=FIRMWARE_WORKAROUND [ 993.434733][T21221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 993.434747][T21221] Call Trace: [ 993.434756][T21221] [ 993.434765][T21221] dump_stack_lvl+0x16c/0x1f0 [ 993.434797][T21221] should_fail_ex+0x512/0x640 [ 993.434832][T21221] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 993.434863][T21221] should_failslab+0xc2/0x120 [ 993.434893][T21221] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 993.434920][T21221] ? sk_prot_alloc+0x60/0x2a0 [ 993.434959][T21221] sk_prot_alloc+0x60/0x2a0 [ 993.434995][T21221] sk_alloc+0x36/0xc20 [ 993.435022][T21221] unix_create1+0xa6/0x700 [ 993.435047][T21221] unix_create+0x10e/0x1d0 [ 993.435070][T21221] __sock_create+0x338/0x8d0 [ 993.435112][T21221] __sys_socketpair+0x1d8/0x5a0 [ 993.435135][T21221] ? __pfx___sys_socketpair+0x10/0x10 [ 993.435159][T21221] ? xfd_validate_state+0x61/0x180 [ 993.435190][T21221] __x64_sys_socketpair+0x96/0x100 [ 993.435211][T21221] ? lockdep_hardirqs_on+0x7c/0x110 [ 993.435237][T21221] do_syscall_64+0xcd/0x490 [ 993.435268][T21221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.435291][T21221] RIP: 0033:0x7f564e58e969 [ 993.435309][T21221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 993.435333][T21221] RSP: 002b:00007f564f472038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 993.435354][T21221] RAX: ffffffffffffffda RBX: 00007f564e7b6080 RCX: 00007f564e58e969 [ 993.435370][T21221] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 993.435385][T21221] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 993.435399][T21221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 993.435413][T21221] R13: 0000000000000000 R14: 00007f564e7b6080 R15: 00007ffe17ea1cc8 [ 993.435442][T21221] [ 994.286785][T21237] netlink: 504 bytes leftover after parsing attributes in process `syz.3.5858'. [ 996.307238][T21265] netlink: 146 bytes leftover after parsing attributes in process `syz.4.5864'. [ 997.863780][T21283] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5871'. [ 998.312585][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.322667][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.620961][T21292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5873'. [ 998.679868][T21292] netlink: 13 bytes leftover after parsing attributes in process `syz.3.5873'. [ 1000.040586][T21311] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5881'. [ 1000.091516][T21311] : renamed from lo (while UP) [ 1000.608737][T21313] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5882'. [ 1001.548820][T21328] FAULT_INJECTION: forcing a failure. [ 1001.548820][T21328] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.650682][T21328] CPU: 1 UID: 0 PID: 21328 Comm: syz.4.5886 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1001.650724][T21328] Tainted: [I]=FIRMWARE_WORKAROUND [ 1001.650733][T21328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1001.650748][T21328] Call Trace: [ 1001.650756][T21328] [ 1001.650766][T21328] dump_stack_lvl+0x16c/0x1f0 [ 1001.650799][T21328] should_fail_ex+0x512/0x640 [ 1001.650840][T21328] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1001.650867][T21328] should_failslab+0xc2/0x120 [ 1001.650897][T21328] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1001.650921][T21328] ? __do_sys_memfd_create+0x17b/0x8a0 [ 1001.650960][T21328] __do_sys_memfd_create+0x17b/0x8a0 [ 1001.650998][T21328] do_syscall_64+0xcd/0x490 [ 1001.651028][T21328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.651053][T21328] RIP: 0033:0x7f515698e969 [ 1001.651071][T21328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1001.651095][T21328] RSP: 002b:00007f5157738038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1001.651117][T21328] RAX: ffffffffffffffda RBX: 00007f5156bb5fa0 RCX: 00007f515698e969 [ 1001.651133][T21328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1001.651146][T21328] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1001.651161][T21328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1001.651175][T21328] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 1001.651204][T21328] [ 1002.007704][T21330] netlink: 'syz.1.5887': attribute type 4 has an invalid length. [ 1002.067225][T21330] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5887'. [ 1002.167580][T21330] netlink: 'syz.1.5887': attribute type 4 has an invalid length. [ 1002.175367][T21330] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5887'. [ 1003.298162][T21335] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5889'. [ 1003.888499][T21347] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5893'. [ 1003.929445][T21347] : renamed from lo [ 1004.252460][T21353] FAULT_INJECTION: forcing a failure. [ 1004.252460][T21353] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.318352][T21353] CPU: 1 UID: 0 PID: 21353 Comm: syz.2.5896 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1004.318393][T21353] Tainted: [I]=FIRMWARE_WORKAROUND [ 1004.318401][T21353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1004.318416][T21353] Call Trace: [ 1004.318424][T21353] [ 1004.318433][T21353] dump_stack_lvl+0x16c/0x1f0 [ 1004.318466][T21353] should_fail_ex+0x512/0x640 [ 1004.318499][T21353] ? __kmalloc_noprof+0xbf/0x510 [ 1004.318528][T21353] ? lsm_blob_alloc+0x68/0x90 [ 1004.318560][T21353] should_failslab+0xc2/0x120 [ 1004.318590][T21353] __kmalloc_noprof+0xd2/0x510 [ 1004.318623][T21353] lsm_blob_alloc+0x68/0x90 [ 1004.318658][T21353] security_prepare_creds+0x30/0x270 [ 1004.318692][T21353] prepare_creds+0x56f/0x7d0 [ 1004.318721][T21353] __sys_setresgid+0x4af/0x1150 [ 1004.318761][T21353] do_syscall_64+0xcd/0x490 [ 1004.318791][T21353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.318816][T21353] RIP: 0033:0x7f0126f8e969 [ 1004.318834][T21353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1004.318857][T21353] RSP: 002b:00007f0127d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 1004.318879][T21353] RAX: ffffffffffffffda RBX: 00007f01271b5fa0 RCX: 00007f0126f8e969 [ 1004.318895][T21353] RDX: 0000000000000008 RSI: 00000000800000a0 RDI: 0000000000000081 [ 1004.318909][T21353] RBP: 00007f0127010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1004.318924][T21353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1004.318938][T21353] R13: 0000000000000000 R14: 00007f01271b5fa0 R15: 00007ffd43395608 [ 1004.318967][T21353] [ 1005.446145][T21368] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5904'. [ 1006.161145][T21373] mkiss: ax0: crc mode is auto. [ 1006.807576][T21384] kvm: kvm [21382]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000077) [ 1007.219967][T21389] overlayfs: "check_copy_up" module option is obsolete [ 1007.283481][T21389] FAULT_INJECTION: forcing a failure. [ 1007.283481][T21389] name failslab, interval 1, probability 0, space 0, times 0 [ 1007.359836][T21389] CPU: 1 UID: 0 PID: 21389 Comm: syz.1.5912 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1007.359879][T21389] Tainted: [I]=FIRMWARE_WORKAROUND [ 1007.359887][T21389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1007.359907][T21389] Call Trace: [ 1007.359915][T21389] [ 1007.359924][T21389] dump_stack_lvl+0x16c/0x1f0 [ 1007.359958][T21389] should_fail_ex+0x512/0x640 [ 1007.359992][T21389] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1007.360023][T21389] should_failslab+0xc2/0x120 [ 1007.360053][T21389] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1007.360082][T21389] ? __d_alloc+0x31/0xaa0 [ 1007.360112][T21389] __d_alloc+0x31/0xaa0 [ 1007.360141][T21389] d_alloc+0x4a/0x1e0 [ 1007.360169][T21389] d_alloc_parallel+0xe3/0x12e0 [ 1007.360211][T21389] ? find_held_lock+0x2b/0x80 [ 1007.360245][T21389] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1007.360282][T21389] ? __d_lookup+0x266/0x4a0 [ 1007.360323][T21389] lookup_open.isra.0+0x665/0x1580 [ 1007.360366][T21389] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1007.360418][T21389] ? mnt_get_write_access+0x20c/0x300 [ 1007.360455][T21389] path_openat+0x893/0x2cb0 [ 1007.360489][T21389] ? __pfx_path_openat+0x10/0x10 [ 1007.360514][T21389] ? __lock_acquire+0xb8a/0x1c90 [ 1007.360541][T21389] do_filp_open+0x20b/0x470 [ 1007.360565][T21389] ? __pfx_do_filp_open+0x10/0x10 [ 1007.360599][T21389] ? __pfx_kfree_link+0x10/0x10 [ 1007.360640][T21389] ? alloc_fd+0x471/0x7d0 [ 1007.360670][T21389] do_sys_openat2+0x11b/0x1d0 [ 1007.360702][T21389] ? __pfx_do_sys_openat2+0x10/0x10 [ 1007.360747][T21389] __x64_sys_openat+0x174/0x210 [ 1007.360781][T21389] ? __pfx___x64_sys_openat+0x10/0x10 [ 1007.360826][T21389] do_syscall_64+0xcd/0x490 [ 1007.360862][T21389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.360887][T21389] RIP: 0033:0x7f027138d2d0 [ 1007.360912][T21389] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1007.360936][T21389] RSP: 002b:00007f0272143f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1007.360959][T21389] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f027138d2d0 [ 1007.360975][T21389] RDX: 0000000000000002 RSI: 00007f0272143fa0 RDI: 00000000ffffff9c [ 1007.360990][T21389] RBP: 00007f0272143fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1007.361004][T21389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1007.361018][T21389] R13: 0000000000000000 R14: 00007f02715b5fa0 R15: 00007ffd1368fc58 [ 1007.361048][T21389] [ 1007.910910][T21393] netlink: 'syz.3.5915': attribute type 33 has an invalid length. [ 1007.918981][T21393] netlink: 322 bytes leftover after parsing attributes in process `syz.3.5915'. [ 1008.939412][T21389] Process accounting resumed [ 1010.416184][T21437] sp0: Synchronizing with TNC [ 1011.290344][T21449] Process accounting resumed [ 1015.790273][T21523] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5951'. [ 1015.906504][T21525] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 3480795618 out of range (51000000..2150000000) [ 1016.021341][T21528] kvm: user requested TSC rate below hardware speed [ 1017.543717][ T51] Bluetooth: hci0: unexpected event 0x03 length: 18 > 11 [ 1017.900537][T21559] FAULT_INJECTION: forcing a failure. [ 1017.900537][T21559] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.015794][T21559] CPU: 1 UID: 0 PID: 21559 Comm: syz.4.5965 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1018.015835][T21559] Tainted: [I]=FIRMWARE_WORKAROUND [ 1018.015843][T21559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1018.015858][T21559] Call Trace: [ 1018.015865][T21559] [ 1018.015875][T21559] dump_stack_lvl+0x16c/0x1f0 [ 1018.015907][T21559] should_fail_ex+0x512/0x640 [ 1018.015941][T21559] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1018.015974][T21559] should_failslab+0xc2/0x120 [ 1018.016004][T21559] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1018.016033][T21559] ? proc_alloc_inode+0x25/0x200 [ 1018.016062][T21559] ? __pfx_proc_alloc_inode+0x10/0x10 [ 1018.016085][T21559] proc_alloc_inode+0x25/0x200 [ 1018.016108][T21559] alloc_inode+0x64/0x240 [ 1018.016140][T21559] new_inode+0x22/0x1c0 [ 1018.016173][T21559] proc_pid_make_inode+0x22/0x160 [ 1018.016199][T21559] proc_ns_instantiate+0x57/0x100 [ 1018.016224][T21559] proc_ns_dir_lookup+0x1af/0x2f0 [ 1018.016251][T21559] ? __pfx_proc_ns_dir_lookup+0x10/0x10 [ 1018.016274][T21559] lookup_open.isra.0+0x4d7/0x1580 [ 1018.016318][T21559] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1018.016371][T21559] ? mnt_get_write_access+0x20c/0x300 [ 1018.016407][T21559] path_openat+0x893/0x2cb0 [ 1018.016441][T21559] ? __pfx_path_openat+0x10/0x10 [ 1018.016466][T21559] ? __lock_acquire+0xb8a/0x1c90 [ 1018.016494][T21559] do_filp_open+0x20b/0x470 [ 1018.016518][T21559] ? __pfx_do_filp_open+0x10/0x10 [ 1018.016552][T21559] ? __pfx_kfree_link+0x10/0x10 [ 1018.016594][T21559] ? alloc_fd+0x471/0x7d0 [ 1018.016623][T21559] do_sys_openat2+0x11b/0x1d0 [ 1018.016656][T21559] ? __pfx_do_sys_openat2+0x10/0x10 [ 1018.016708][T21559] __x64_sys_openat+0x174/0x210 [ 1018.016742][T21559] ? __pfx___x64_sys_openat+0x10/0x10 [ 1018.016788][T21559] do_syscall_64+0xcd/0x490 [ 1018.016821][T21559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.016845][T21559] RIP: 0033:0x7f515698d2d0 [ 1018.016864][T21559] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1018.016888][T21559] RSP: 002b:00007f5157737f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1018.016910][T21559] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f515698d2d0 [ 1018.016925][T21559] RDX: 0000000000000002 RSI: 00007f5157737fa0 RDI: 00000000ffffff9c [ 1018.016940][T21559] RBP: 00007f5157737fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1018.016954][T21559] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1018.016967][T21559] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 1018.016997][T21559] [ 1018.652922][T21564] netlink: 'syz.1.5967': attribute type 21 has an invalid length. [ 1018.700136][T21564] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5967'. [ 1018.794519][T21567] netlink: 'syz.2.5969': attribute type 16 has an invalid length. [ 1018.831804][T21567] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5969'. [ 1018.990466][T21567] veth1_macvtap: left promiscuous mode [ 1019.711768][T21583] serio: Serial port pty233 [ 1019.755654][T21586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5978'. [ 1019.782707][T21587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5977'. [ 1019.799016][T21586] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5978'. [ 1022.366657][T21632] netlink: 266 bytes leftover after parsing attributes in process `syz.2.5994'. [ 1022.697249][T21636] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5996'. [ 1022.748027][T21636] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5996'. [ 1023.465020][T21656] random: crng reseeded on system resumption [ 1024.947678][T21685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6015'. [ 1025.008234][T21685] unsupported nlmsg_type 40 [ 1026.242033][T21700] input: f¬ as /devices/virtual/input/input22 [ 1026.546101][T21709] FAULT_INJECTION: forcing a failure. [ 1026.546101][T21709] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1026.593358][T21709] CPU: 1 UID: 0 PID: 21709 Comm: syz.1.6022 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1026.593399][T21709] Tainted: [I]=FIRMWARE_WORKAROUND [ 1026.593408][T21709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1026.593427][T21709] Call Trace: [ 1026.593434][T21709] [ 1026.593444][T21709] dump_stack_lvl+0x16c/0x1f0 [ 1026.593476][T21709] should_fail_ex+0x512/0x640 [ 1026.593513][T21709] should_fail_alloc_page+0xe7/0x130 [ 1026.593545][T21709] prepare_alloc_pages+0x3c2/0x610 [ 1026.593581][T21709] ? rcu_is_watching+0x12/0xc0 [ 1026.593615][T21709] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1026.593642][T21709] ? lockdep_hardirqs_on+0x7c/0x110 [ 1026.593668][T21709] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1026.593703][T21709] ? __lock_acquire+0x622/0x1c90 [ 1026.593731][T21709] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1026.593757][T21709] ? relay_open+0x653/0xad0 [ 1026.593787][T21709] ? rcu_read_unlock+0x17/0x60 [ 1026.593823][T21709] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1026.593852][T21709] ? policy_nodemask+0xea/0x4e0 [ 1026.593882][T21709] alloc_pages_mpol+0x1fb/0x550 [ 1026.593912][T21709] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1026.593940][T21709] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 1026.593975][T21709] ? trace_kmalloc+0x2b/0xd0 [ 1026.594004][T21709] ? __kmalloc_noprof.cold+0x5c/0x61 [ 1026.594035][T21709] ? relay_open_buf.part.0+0x194/0xb90 [ 1026.594060][T21709] alloc_pages_noprof+0x131/0x390 [ 1026.594089][T21709] relay_open_buf.part.0+0x262/0xb90 [ 1026.594121][T21709] relay_open+0x653/0xad0 [ 1026.594143][T21709] ? debugfs_create_file_full+0x41/0x60 [ 1026.594184][T21709] do_blk_trace_setup+0x503/0xb50 [ 1026.594221][T21709] blk_trace_setup+0xed/0x1b0 [ 1026.594254][T21709] ? __pfx_blk_trace_setup+0x10/0x10 [ 1026.594286][T21709] ? __pfx_snprintf+0x10/0x10 [ 1026.594325][T21709] blk_trace_ioctl+0x146/0x280 [ 1026.594359][T21709] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1026.594397][T21709] ? find_held_lock+0x2b/0x80 [ 1026.594427][T21709] ? hook_file_ioctl_common+0x145/0x410 [ 1026.594453][T21709] blkdev_ioctl+0x108/0x6d0 [ 1026.594479][T21709] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1026.594508][T21709] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1026.594534][T21709] __x64_sys_ioctl+0x18b/0x210 [ 1026.594571][T21709] do_syscall_64+0xcd/0x490 [ 1026.594600][T21709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.594624][T21709] RIP: 0033:0x7f027138e969 [ 1026.594642][T21709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.594665][T21709] RSP: 002b:00007f0272144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1026.594694][T21709] RAX: ffffffffffffffda RBX: 00007f02715b5fa0 RCX: 00007f027138e969 [ 1026.594708][T21709] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 1026.594723][T21709] RBP: 00007f0271410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1026.594737][T21709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1026.594750][T21709] R13: 0000000000000000 R14: 00007f02715b5fa0 R15: 00007ffd1368fc58 [ 1026.594779][T21709] [ 1028.501550][T21733] net_ratelimit: 20 callbacks suppressed [ 1028.501567][T21733] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1029.114725][T21741] netlink: 130 bytes leftover after parsing attributes in process `syz.4.6034'. [ 1031.292793][T21775] random: crng reseeded on system resumption [ 1031.672491][T21781] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6050'. [ 1032.129118][T21793] netlink: 346 bytes leftover after parsing attributes in process `syz.2.6054'. [ 1032.590829][T21800] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6056'. [ 1033.994253][T21817] FAULT_INJECTION: forcing a failure. [ 1033.994253][T21817] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.105579][T21817] CPU: 1 UID: 0 PID: 21817 Comm: syz.4.6060 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1034.105619][T21817] Tainted: [I]=FIRMWARE_WORKAROUND [ 1034.105628][T21817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1034.105642][T21817] Call Trace: [ 1034.105650][T21817] [ 1034.105659][T21817] dump_stack_lvl+0x16c/0x1f0 [ 1034.105691][T21817] should_fail_ex+0x512/0x640 [ 1034.105725][T21817] ? __kmalloc_noprof+0xbf/0x510 [ 1034.105754][T21817] ? acpi_ns_get_normalized_pathname+0x75/0xd0 [ 1034.105779][T21817] should_failslab+0xc2/0x120 [ 1034.105809][T21817] __kmalloc_noprof+0xd2/0x510 [ 1034.105842][T21817] acpi_ns_get_normalized_pathname+0x75/0xd0 [ 1034.105874][T21817] acpi_ex_start_trace_method+0x30/0x480 [ 1034.105905][T21817] acpi_ds_begin_method_execution+0x3c/0x980 [ 1034.105935][T21817] ? acpi_tb_check_dsdt_header+0x187/0x3e0 [ 1034.105968][T21817] acpi_ps_execute_method+0x94/0xb30 [ 1034.106008][T21817] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 1034.106035][T21817] acpi_ns_evaluate+0x76c/0xca0 [ 1034.106074][T21817] ? kasan_save_track+0x14/0x30 [ 1034.106102][T21817] acpi_evaluate_object+0x1fa/0xa90 [ 1034.106136][T21817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.106162][T21817] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1034.106195][T21817] ? __mutex_trylock_common+0xe9/0x250 [ 1034.106224][T21817] acpi_evaluate_integer+0xdd/0x200 [ 1034.106251][T21817] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1034.106291][T21817] ? __pfx_status_show+0x10/0x10 [ 1034.106323][T21817] status_show+0xa0/0x120 [ 1034.106355][T21817] ? __pfx_status_show+0x10/0x10 [ 1034.106395][T21817] dev_attr_show+0x56/0xe0 [ 1034.106417][T21817] ? __pfx_dev_attr_show+0x10/0x10 [ 1034.106437][T21817] sysfs_kf_seq_show+0x216/0x3e0 [ 1034.106482][T21817] seq_read_iter+0x506/0x12c0 [ 1034.106532][T21817] kernfs_fop_read_iter+0x40f/0x5a0 [ 1034.106564][T21817] ? rw_verify_area+0xcf/0x680 [ 1034.106603][T21817] vfs_read+0x8bf/0xc60 [ 1034.106630][T21817] ? __pfx___mutex_lock+0x10/0x10 [ 1034.106660][T21817] ? __pfx_vfs_read+0x10/0x10 [ 1034.106702][T21817] ksys_read+0x12a/0x250 [ 1034.106724][T21817] ? __pfx_ksys_read+0x10/0x10 [ 1034.106756][T21817] do_syscall_64+0xcd/0x490 [ 1034.106787][T21817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.106811][T21817] RIP: 0033:0x7f515698e969 [ 1034.106830][T21817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1034.106858][T21817] RSP: 002b:00007f5157738038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1034.106880][T21817] RAX: ffffffffffffffda RBX: 00007f5156bb5fa0 RCX: 00007f515698e969 [ 1034.106896][T21817] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 1034.106910][T21817] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1034.106924][T21817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1034.106938][T21817] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 1034.106969][T21817] [ 1034.106980][T21817] ACPI Error: [ 1034.485370][T21829] KVM: debugfs: duplicate directory 21829-4 [ 1034.748087][T21834] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6065'. [ 1035.713641][ T51] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 1035.726346][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:427' [ 1035.739213][ T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1035.739253][ T51] Tainted: [I]=FIRMWARE_WORKAROUND [ 1035.739262][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1035.739278][ T51] Workqueue: hci2 hci_rx_work [ 1035.739311][ T51] Call Trace: [ 1035.739319][ T51] [ 1035.739327][ T51] dump_stack_lvl+0x16c/0x1f0 [ 1035.739357][ T51] sysfs_warn_dup+0x7f/0xa0 [ 1035.739381][ T51] sysfs_create_dir_ns+0x24b/0x2b0 [ 1035.739404][ T51] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1035.739424][ T51] ? find_held_lock+0x2b/0x80 [ 1035.739462][ T51] ? do_raw_spin_unlock+0x172/0x230 [ 1035.739493][ T51] kobject_add_internal+0x2c4/0x9b0 [ 1035.739530][ T51] kobject_add+0x16e/0x240 [ 1035.739561][ T51] ? __pfx_kobject_add+0x10/0x10 [ 1035.739594][ T51] ? do_raw_spin_unlock+0x172/0x230 [ 1035.739623][ T51] ? kobject_put+0xab/0x5a0 [ 1035.739661][ T51] device_add+0x288/0x1a70 [ 1035.739685][ T51] ? __pfx_dev_set_name+0x10/0x10 [ 1035.739712][ T51] ? __pfx_device_add+0x10/0x10 [ 1035.739734][ T51] ? mgmt_send_event_skb+0x2fb/0x460 [ 1035.739777][ T51] hci_conn_add_sysfs+0x17e/0x230 [ 1035.739812][ T51] le_conn_complete_evt+0x1075/0x1d70 [ 1035.739848][ T51] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1035.739875][ T51] ? bt_warn+0xe4/0x120 [ 1035.739898][ T51] ? __pfx_bt_warn+0x10/0x10 [ 1035.739930][ T51] hci_le_conn_complete_evt+0x23c/0x370 [ 1035.739965][ T51] hci_le_meta_evt+0x357/0x5e0 [ 1035.739994][ T51] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1035.740026][ T51] hci_event_packet+0x682/0x11c0 [ 1035.740054][ T51] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1035.740086][ T51] ? __pfx_hci_event_packet+0x10/0x10 [ 1035.740116][ T51] ? kcov_remote_start+0x3c9/0x6d0 [ 1035.740143][ T51] ? lockdep_hardirqs_on+0x7c/0x110 [ 1035.740177][ T51] hci_rx_work+0x2c5/0x16b0 [ 1035.740208][ T51] ? rcu_is_watching+0x12/0xc0 [ 1035.740245][ T51] process_one_work+0x9cc/0x1b70 [ 1035.740286][ T51] ? __pfx_process_one_work+0x10/0x10 [ 1035.740323][ T51] ? assign_work+0x1a0/0x250 [ 1035.740352][ T51] worker_thread+0x6c8/0xf10 [ 1035.740394][ T51] ? __pfx_worker_thread+0x10/0x10 [ 1035.740423][ T51] kthread+0x3c5/0x780 [ 1035.740449][ T51] ? __pfx_kthread+0x10/0x10 [ 1035.740477][ T51] ? rcu_is_watching+0x12/0xc0 [ 1035.740509][ T51] ? __pfx_kthread+0x10/0x10 [ 1035.740536][ T51] ret_from_fork+0x5d4/0x6f0 [ 1035.740559][ T51] ? __pfx_kthread+0x10/0x10 [ 1035.740585][ T51] ret_from_fork_asm+0x1a/0x30 [ 1035.740623][ T51] [ 1035.740649][ T51] kobject: kobject_add_internal failed for hci2:427 with -EEXIST, don't try to register things with the same name in the same directory. [ 1036.064167][ T51] Bluetooth: hci2: failed to register connection device [ 1036.134391][T21817] Could not allocate 15 bytes (20250404/nsnames-308) [ 1036.959078][T21860] kvm: kvm [21858]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2 [ 1038.449949][T21877] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6076'. [ 1040.843337][T21907] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6086'. [ 1041.442794][T21912] Process accounting paused [ 1042.458834][T21930] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6096'. [ 1042.972625][T21944] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6100'. [ 1043.512065][T21952] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6103'. [ 1043.565985][T21952] bridge0: port 2(bridge_slave_1) entered disabled state [ 1043.574487][T21952] bridge0: port 1(bridge_slave_0) entered disabled state [ 1044.052003][T21957] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1045.201598][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d613000: rx timeout, send abort [ 1045.211734][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d612c00: rx timeout, send abort [ 1045.220266][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d613000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1045.236099][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d612c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1045.259953][ T5188] ERROR: Out of memory at tomoyo_memory_ok. [ 1050.106240][ T5842] Process accounting paused [ 1050.128678][T22029] netlink: 'syz.3.6134': attribute type 4 has an invalid length. [ 1050.199583][T22029] netlink: 314 bytes leftover after parsing attributes in process `syz.3.6134'. [ 1050.249887][T22029] IPv6: Can't replace route, no match found [ 1051.523749][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1051.533807][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1051.542138][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1051.560763][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1051.583741][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1051.910183][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.385054][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.526993][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.646543][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1053.227574][T22042] chnl_net:caif_netlink_parms(): no params data found [ 1053.326091][ T12] vlan1: left allmulticast mode [ 1053.331000][ T12] vlan1: left promiscuous mode [ 1053.399095][ T12] bridge0: port 3(vlan1) entered disabled state [ 1053.482603][ T12] bridge_slave_1: left allmulticast mode [ 1053.527995][ T12] bridge_slave_1: left promiscuous mode [ 1053.581907][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.613567][T18555] Bluetooth: hci3: command tx timeout [ 1053.673868][ T12] bridge_slave_0: left allmulticast mode [ 1053.705865][ T12] bridge_slave_0: left promiscuous mode [ 1053.744742][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1055.388067][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1055.410791][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1055.422783][ T12] bond0 (unregistering): Released all slaves [ 1055.448554][T22078] netlink: 346 bytes leftover after parsing attributes in process `syz.3.6153'. [ 1055.529941][ T12] ovs_ÿþ: left promiscuous mode [ 1055.696700][T18555] Bluetooth: hci3: command tx timeout [ 1056.408812][T22042] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.463005][T22042] bridge0: port 1(bridge_slave_0) entered disabled state [ 1056.515195][T22042] bridge_slave_0: entered allmulticast mode [ 1056.556241][T22042] bridge_slave_0: entered promiscuous mode [ 1056.614066][T22042] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.664898][T22042] bridge0: port 2(bridge_slave_1) entered disabled state [ 1056.717175][T22042] bridge_slave_1: entered allmulticast mode [ 1056.784797][T22042] bridge_slave_1: entered promiscuous mode [ 1057.130246][T22042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1057.208392][T22042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1057.367957][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1057.407345][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1057.467671][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1057.519153][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1057.603017][ T12] veth1_macvtap: left promiscuous mode [ 1057.652781][ T12] veth0_macvtap: left promiscuous mode [ 1057.689248][ T12] veth1_vlan: left promiscuous mode [ 1057.694576][ T12] veth0_vlan: left promiscuous mode [ 1057.775773][T18555] Bluetooth: hci3: command tx timeout [ 1058.449907][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1059.121477][T22042] team0: Port device team_slave_0 added [ 1059.151625][T22042] team0: Port device team_slave_1 added [ 1059.260027][T22042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1059.274083][T22042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1059.314919][T22042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1059.341398][T22042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1059.368572][T22042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1059.430914][T22042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1059.564191][T22042] hsr_slave_0: entered promiscuous mode [ 1059.591826][T22042] hsr_slave_1: entered promiscuous mode [ 1059.624389][T22042] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1059.640632][T22042] Cannot create hsr debugfs directory [ 1059.787365][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.793682][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.865396][T18555] Bluetooth: hci3: command tx timeout [ 1060.140363][T22042] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1060.167759][T22042] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1060.197690][T22042] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1060.230175][T22042] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1060.426158][T22042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1060.511787][T22042] 8021q: adding VLAN 0 to HW filter on device team0 [ 1060.544119][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.551295][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1060.603884][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.611073][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1061.139568][T22042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1061.874971][T22042] veth0_vlan: entered promiscuous mode [ 1061.907663][T22042] veth1_vlan: entered promiscuous mode [ 1061.974985][T22042] veth0_macvtap: entered promiscuous mode [ 1062.004225][T22042] veth1_macvtap: entered promiscuous mode [ 1062.055810][T22042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1062.091114][T22042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1062.126175][T22042] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.148657][T22042] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.175055][T22042] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.201620][T22042] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.441665][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1062.480994][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1062.566468][ T3559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1062.597916][ T3559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1062.997824][T22195] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1063.451925][T22196] zswap: compressor not available [ 1064.342756][T22219] FAULT_INJECTION: forcing a failure. [ 1064.342756][T22219] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.442189][T22219] CPU: 1 UID: 0 PID: 22219 Comm: syz.3.6168 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1064.442230][T22219] Tainted: [I]=FIRMWARE_WORKAROUND [ 1064.442239][T22219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1064.442253][T22219] Call Trace: [ 1064.442260][T22219] [ 1064.442269][T22219] dump_stack_lvl+0x16c/0x1f0 [ 1064.442301][T22219] should_fail_ex+0x512/0x640 [ 1064.442334][T22219] ? __kmalloc_noprof+0xbf/0x510 [ 1064.442363][T22219] ? lsm_blob_alloc+0x68/0x90 [ 1064.442396][T22219] should_failslab+0xc2/0x120 [ 1064.442426][T22219] __kmalloc_noprof+0xd2/0x510 [ 1064.442458][T22219] lsm_blob_alloc+0x68/0x90 [ 1064.442492][T22219] security_prepare_creds+0x30/0x270 [ 1064.442532][T22219] prepare_creds+0x56f/0x7d0 [ 1064.442562][T22219] __sys_setresuid+0x46d/0x1160 [ 1064.442602][T22219] do_syscall_64+0xcd/0x490 [ 1064.442633][T22219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.442657][T22219] RIP: 0033:0x7f564e58e969 [ 1064.442675][T22219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1064.442698][T22219] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 1064.442720][T22219] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1064.442735][T22219] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000000 [ 1064.442749][T22219] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1064.442763][T22219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1064.442777][T22219] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1064.442807][T22219] [ 1064.652044][T22224] FAULT_INJECTION: forcing a failure. [ 1064.652044][T22224] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.665353][T22224] CPU: 1 UID: 0 PID: 22224 Comm: syz.5.6170 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1064.665393][T22224] Tainted: [I]=FIRMWARE_WORKAROUND [ 1064.665402][T22224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1064.665417][T22224] Call Trace: [ 1064.665425][T22224] [ 1064.665434][T22224] dump_stack_lvl+0x16c/0x1f0 [ 1064.665466][T22224] should_fail_ex+0x512/0x640 [ 1064.665499][T22224] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1064.665530][T22224] should_failslab+0xc2/0x120 [ 1064.665560][T22224] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1064.665586][T22224] ? mark_held_locks+0x49/0x80 [ 1064.665607][T22224] ? key_alloc+0x3e0/0x1390 [ 1064.665639][T22224] key_alloc+0x3e0/0x1390 [ 1064.665676][T22224] ? __pfx_key_alloc+0x10/0x10 [ 1064.665713][T22224] ? __pfx_key_default_cmp+0x10/0x10 [ 1064.665746][T22224] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1064.665782][T22224] keyring_alloc+0x44/0xc0 [ 1064.665816][T22224] look_up_user_keyrings+0x510/0x760 [ 1064.665846][T22224] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 1064.665882][T22224] lookup_user_key+0x1a3/0x1300 [ 1064.665911][T22224] ? __pfx_lookup_user_key+0x10/0x10 [ 1064.665933][T22224] ? do_futex+0x122/0x350 [ 1064.665979][T22224] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1064.666010][T22224] ? fput+0x70/0xf0 [ 1064.666044][T22224] keyctl_keyring_clear+0x24/0x1a0 [ 1064.666082][T22224] __do_sys_keyctl+0x355/0x590 [ 1064.666106][T22224] do_syscall_64+0xcd/0x490 [ 1064.666136][T22224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.666160][T22224] RIP: 0033:0x7fb07178e969 [ 1064.666179][T22224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1064.666202][T22224] RSP: 002b:00007fb07253f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1064.666223][T22224] RAX: ffffffffffffffda RBX: 00007fb0719b5fa0 RCX: 00007fb07178e969 [ 1064.666239][T22224] RDX: 0000000000000002 RSI: 00000000fffffffb RDI: 0000000000000007 [ 1064.666253][T22224] RBP: 00007fb071810ab1 R08: 0000000000000008 R09: 0000000000000000 [ 1064.666267][T22224] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 1064.666281][T22224] R13: 0000000000000000 R14: 00007fb0719b5fa0 R15: 00007ffd85d70638 [ 1064.666311][T22224] [ 1064.940525][T22225] FAULT_INJECTION: forcing a failure. [ 1064.940525][T22225] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.953403][T22225] CPU: 1 UID: 0 PID: 22225 Comm: syz.4.6169 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1064.953442][T22225] Tainted: [I]=FIRMWARE_WORKAROUND [ 1064.953451][T22225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1064.953466][T22225] Call Trace: [ 1064.953473][T22225] [ 1064.953483][T22225] dump_stack_lvl+0x16c/0x1f0 [ 1064.953516][T22225] should_fail_ex+0x512/0x640 [ 1064.953549][T22225] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1064.953581][T22225] should_failslab+0xc2/0x120 [ 1064.953611][T22225] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1064.953639][T22225] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 1064.953683][T22225] acpi_ut_create_generic_state+0x5c/0xb0 [ 1064.953713][T22225] acpi_ps_init_scope+0x1a/0x1c0 [ 1064.953750][T22225] acpi_ds_init_aml_walk+0x1d9/0x590 [ 1064.953790][T22225] acpi_ps_execute_method+0x32d/0xb30 [ 1064.953831][T22225] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 1064.953858][T22225] acpi_ns_evaluate+0x76c/0xca0 [ 1064.953897][T22225] ? kasan_save_track+0x14/0x30 [ 1064.953925][T22225] acpi_evaluate_object+0x1fa/0xa90 [ 1064.953959][T22225] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.953985][T22225] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1064.954018][T22225] ? __mutex_trylock_common+0xe9/0x250 [ 1064.954047][T22225] acpi_evaluate_integer+0xdd/0x200 [ 1064.954073][T22225] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1064.954114][T22225] ? __pfx_status_show+0x10/0x10 [ 1064.954145][T22225] status_show+0xa0/0x120 [ 1064.954177][T22225] ? __pfx_status_show+0x10/0x10 [ 1064.954217][T22225] dev_attr_show+0x56/0xe0 [ 1064.954239][T22225] ? __pfx_dev_attr_show+0x10/0x10 [ 1064.954259][T22225] sysfs_kf_seq_show+0x216/0x3e0 [ 1064.954303][T22225] seq_read_iter+0x506/0x12c0 [ 1064.954353][T22225] kernfs_fop_read_iter+0x40f/0x5a0 [ 1064.954386][T22225] ? rw_verify_area+0xcf/0x680 [ 1064.954426][T22225] vfs_read+0x8bf/0xc60 [ 1064.954453][T22225] ? __pfx___mutex_lock+0x10/0x10 [ 1064.954482][T22225] ? __pfx_vfs_read+0x10/0x10 [ 1064.954526][T22225] ksys_read+0x12a/0x250 [ 1064.954548][T22225] ? __pfx_ksys_read+0x10/0x10 [ 1064.954580][T22225] do_syscall_64+0xcd/0x490 [ 1064.954611][T22225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.954635][T22225] RIP: 0033:0x7f515698e969 [ 1064.954659][T22225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1064.954683][T22225] RSP: 002b:00007f5157717038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1064.954704][T22225] RAX: ffffffffffffffda RBX: 00007f5156bb6080 RCX: 00007f515698e969 [ 1064.954720][T22225] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 1064.954735][T22225] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1064.954750][T22225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1064.954764][T22225] R13: 0000000000000000 R14: 00007f5156bb6080 R15: 00007fff094a5a08 [ 1064.954794][T22225] [ 1065.432922][T22231] kvm: kvm [22227]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001f) [ 1066.328358][T22247] netlink: 'syz.4.6180': attribute type 15 has an invalid length. [ 1066.424166][T22247] netlink: 'syz.4.6180': attribute type 16 has an invalid length. [ 1066.463467][T22247] netlink: 'syz.4.6180': attribute type 17 has an invalid length. [ 1066.526972][T22247] netlink: 'syz.4.6180': attribute type 19 has an invalid length. [ 1066.598298][T22247] netlink: 'syz.4.6180': attribute type 27 has an invalid length. [ 1066.653815][T22247] netlink: 'syz.4.6180': attribute type 28 has an invalid length. [ 1066.696201][T22247] netlink: 'syz.4.6180': attribute type 29 has an invalid length. [ 1066.738739][T22247] netlink: 'syz.4.6180': attribute type 30 has an invalid length. [ 1066.788044][T22247] netlink: 18 bytes leftover after parsing attributes in process `syz.4.6180'. [ 1069.094993][T18555] Bluetooth: hci2: unexpected event 0x08 length: 11 > 4 [ 1069.095792][T22295] ima: policy update failed [ 1069.172872][ T30] audit: type=1802 audit(4294970878.879:25): pid=22295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.6193" res=0 errno=0 [ 1070.769359][T22316] zswap: compressor not available [ 1071.190751][T22327] FAULT_INJECTION: forcing a failure. [ 1071.190751][T22327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1071.279027][T22329] netlink: 504 bytes leftover after parsing attributes in process `syz.2.6199'. [ 1071.306125][T22327] CPU: 1 UID: 0 PID: 22327 Comm: syz.4.6198 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1071.306166][T22327] Tainted: [I]=FIRMWARE_WORKAROUND [ 1071.306174][T22327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1071.306189][T22327] Call Trace: [ 1071.306196][T22327] [ 1071.306205][T22327] dump_stack_lvl+0x16c/0x1f0 [ 1071.306238][T22327] should_fail_ex+0x512/0x640 [ 1071.306276][T22327] strncpy_from_user+0x3b/0x2e0 [ 1071.306311][T22327] getname_flags.part.0+0x8f/0x550 [ 1071.306348][T22327] getname_flags+0x93/0xf0 [ 1071.306370][T22327] do_sys_openat2+0xb8/0x1d0 [ 1071.306402][T22327] ? __pfx_do_sys_openat2+0x10/0x10 [ 1071.306446][T22327] __x64_sys_openat+0x174/0x210 [ 1071.306480][T22327] ? __pfx___x64_sys_openat+0x10/0x10 [ 1071.306525][T22327] do_syscall_64+0xcd/0x490 [ 1071.306556][T22327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1071.306580][T22327] RIP: 0033:0x7f515698e969 [ 1071.306599][T22327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1071.306622][T22327] RSP: 002b:00007f5157738038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1071.306644][T22327] RAX: ffffffffffffffda RBX: 00007f5156bb5fa0 RCX: 00007f515698e969 [ 1071.306659][T22327] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1071.306681][T22327] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1071.306695][T22327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1071.306709][T22327] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 1071.306739][T22327] [ 1071.524196][T22332] kvm: kvm [22331]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001f) [ 1072.608197][T22292] Process accounting resumed [ 1073.811711][T22381] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6210'. [ 1073.815324][T22381] netlink: 13 bytes leftover after parsing attributes in process `syz.5.6210'. [ 1074.351909][T22386] FAULT_INJECTION: forcing a failure. [ 1074.351909][T22386] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.351951][T22386] CPU: 1 UID: 0 PID: 22386 Comm: syz.2.6211 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1074.351987][T22386] Tainted: [I]=FIRMWARE_WORKAROUND [ 1074.351997][T22386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1074.352011][T22386] Call Trace: [ 1074.352018][T22386] [ 1074.352027][T22386] dump_stack_lvl+0x16c/0x1f0 [ 1074.352059][T22386] should_fail_ex+0x512/0x640 [ 1074.352092][T22386] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1074.352124][T22386] should_failslab+0xc2/0x120 [ 1074.352154][T22386] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1074.352181][T22386] ? alloc_empty_file+0x55/0x1e0 [ 1074.352216][T22386] alloc_empty_file+0x55/0x1e0 [ 1074.352248][T22386] path_openat+0xda/0x2cb0 [ 1074.352269][T22386] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.352303][T22386] ? __pfx_path_openat+0x10/0x10 [ 1074.352351][T22386] ? __lock_acquire+0xb8a/0x1c90 [ 1074.352378][T22386] do_filp_open+0x20b/0x470 [ 1074.352402][T22386] ? __pfx_do_filp_open+0x10/0x10 [ 1074.352448][T22386] ? alloc_fd+0x471/0x7d0 [ 1074.352477][T22386] do_sys_openat2+0x11b/0x1d0 [ 1074.352509][T22386] ? __pfx_do_sys_openat2+0x10/0x10 [ 1074.352553][T22386] __x64_sys_openat+0x174/0x210 [ 1074.352587][T22386] ? __pfx___x64_sys_openat+0x10/0x10 [ 1074.352633][T22386] do_syscall_64+0xcd/0x490 [ 1074.352663][T22386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.352687][T22386] RIP: 0033:0x7f0126f8e969 [ 1074.352706][T22386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1074.352729][T22386] RSP: 002b:00007f0127d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1074.352751][T22386] RAX: ffffffffffffffda RBX: 00007f01271b5fa0 RCX: 00007f0126f8e969 [ 1074.352766][T22386] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1074.352780][T22386] RBP: 00007f0127010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1074.352794][T22386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1074.352808][T22386] R13: 0000000000000000 R14: 00007f01271b5fa0 R15: 00007ffd43395608 [ 1074.352837][T22386] [ 1075.875074][T22414] netlink: 'syz.5.6217': attribute type 4 has an invalid length. [ 1075.875098][T22414] netlink: 314 bytes leftover after parsing attributes in process `syz.5.6217'. [ 1075.876031][T22414] netlink: 'syz.5.6217': attribute type 4 has an invalid length. [ 1075.876049][T22414] netlink: 314 bytes leftover after parsing attributes in process `syz.5.6217'. [ 1077.241106][T22425] zswap: compressor not available [ 1080.769251][T22485] mkiss: ax0: crc mode is auto. [ 1081.144498][T22498] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6239'. [ 1081.223337][T22498] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6239'. [ 1081.925015][T22513] netlink: 'syz.2.6253': attribute type 33 has an invalid length. [ 1082.018240][T22513] netlink: 322 bytes leftover after parsing attributes in process `syz.2.6253'. [ 1084.584002][T22553] mkiss: ax0: crc mode is auto. [ 1084.853366][T22556] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6254'. [ 1084.913452][T22556] ipvlan1: entered promiscuous mode [ 1084.959408][T22556] ipvlan1: entered allmulticast mode [ 1084.974044][T22556] veth0_vlan: entered allmulticast mode [ 1087.839481][T22618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6272'. [ 1087.936128][T22618] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6272'. [ 1088.853710][T22637] overlayfs: "check_copy_up" module option is obsolete [ 1088.889285][T22637] FAULT_INJECTION: forcing a failure. [ 1088.889285][T22637] name failslab, interval 1, probability 0, space 0, times 0 [ 1088.889368][T22637] CPU: 1 UID: 0 PID: 22637 Comm: syz.2.6277 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1088.889404][T22637] Tainted: [I]=FIRMWARE_WORKAROUND [ 1088.889412][T22637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1088.889426][T22637] Call Trace: [ 1088.889433][T22637] [ 1088.889441][T22637] dump_stack_lvl+0x16c/0x1f0 [ 1088.889473][T22637] should_fail_ex+0x512/0x640 [ 1088.889508][T22637] ? fs_reclaim_acquire+0xae/0x150 [ 1088.889546][T22637] should_failslab+0xc2/0x120 [ 1088.889576][T22637] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1088.889604][T22637] ? security_inode_alloc+0x3b/0x2b0 [ 1088.889632][T22637] security_inode_alloc+0x3b/0x2b0 [ 1088.889656][T22637] inode_init_always_gfp+0xce4/0x1030 [ 1088.889684][T22637] alloc_inode+0x86/0x240 [ 1088.889714][T22637] new_inode+0x22/0x1c0 [ 1088.889747][T22637] proc_pid_make_inode+0x22/0x160 [ 1088.889773][T22637] proc_pident_instantiate+0x85/0x320 [ 1088.889801][T22637] proc_pident_lookup+0x21d/0x290 [ 1088.889832][T22637] __lookup_slow+0x24e/0x460 [ 1088.889866][T22637] ? __pfx___lookup_slow+0x10/0x10 [ 1088.889917][T22637] ? lookup_fast+0x156/0x610 [ 1088.889966][T22637] walk_component+0x353/0x5b0 [ 1088.890005][T22637] link_path_walk+0x627/0xe20 [ 1088.890054][T22637] path_openat+0x1b0/0x2cb0 [ 1088.890075][T22637] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.890109][T22637] ? __pfx_path_openat+0x10/0x10 [ 1088.890135][T22637] ? __lock_acquire+0xb8a/0x1c90 [ 1088.890162][T22637] do_filp_open+0x20b/0x470 [ 1088.890186][T22637] ? __pfx_do_filp_open+0x10/0x10 [ 1088.890220][T22637] ? __pfx_kfree_link+0x10/0x10 [ 1088.890261][T22637] ? alloc_fd+0x471/0x7d0 [ 1088.890291][T22637] do_sys_openat2+0x11b/0x1d0 [ 1088.890323][T22637] ? __pfx_do_sys_openat2+0x10/0x10 [ 1088.890367][T22637] __x64_sys_openat+0x174/0x210 [ 1088.890404][T22637] ? __pfx___x64_sys_openat+0x10/0x10 [ 1088.890450][T22637] do_syscall_64+0xcd/0x490 [ 1088.890480][T22637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.890504][T22637] RIP: 0033:0x7f0126f8d2d0 [ 1088.890523][T22637] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1088.890546][T22637] RSP: 002b:00007f0127d4ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1088.890568][T22637] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0126f8d2d0 [ 1088.890583][T22637] RDX: 0000000000000002 RSI: 00007f0127d4ffa0 RDI: 00000000ffffff9c [ 1088.890598][T22637] RBP: 00007f0127d4ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 1088.890613][T22637] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1088.890626][T22637] R13: 0000000000000000 R14: 00007f01271b5fa0 R15: 00007ffd43395608 [ 1088.890656][T22637] [ 1091.653521][T22679] netlink: 'syz.3.6287': attribute type 21 has an invalid length. [ 1091.733616][T22679] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6287'. [ 1092.642760][T22699] FAULT_INJECTION: forcing a failure. [ 1092.642760][T22699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1092.780684][T22699] CPU: 1 UID: 0 PID: 22699 Comm: syz.4.6291 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1092.780726][T22699] Tainted: [I]=FIRMWARE_WORKAROUND [ 1092.780735][T22699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1092.780750][T22699] Call Trace: [ 1092.780758][T22699] [ 1092.780767][T22699] dump_stack_lvl+0x16c/0x1f0 [ 1092.780798][T22699] should_fail_ex+0x512/0x640 [ 1092.780837][T22699] _copy_from_user+0x2e/0xd0 [ 1092.780874][T22699] copy_msghdr_from_user+0x98/0x160 [ 1092.780904][T22699] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1092.780938][T22699] ? kfree+0x24f/0x4d0 [ 1092.780958][T22699] ? futex_unqueue+0x133/0x2c0 [ 1092.780998][T22699] ___sys_sendmsg+0xfe/0x1d0 [ 1092.781028][T22699] ? __pfx____sys_sendmsg+0x10/0x10 [ 1092.781083][T22699] ? __pfx___might_resched+0x10/0x10 [ 1092.781126][T22699] __sys_sendmmsg+0x200/0x420 [ 1092.781158][T22699] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1092.781195][T22699] ? __pfx_do_futex+0x10/0x10 [ 1092.781230][T22699] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1092.781272][T22699] ? fput+0x70/0xf0 [ 1092.781311][T22699] ? xfd_validate_state+0x61/0x180 [ 1092.781334][T22699] ? __pfx_do_writev+0x10/0x10 [ 1092.781360][T22699] __x64_sys_sendmmsg+0x9c/0x100 [ 1092.781389][T22699] ? lockdep_hardirqs_on+0x7c/0x110 [ 1092.781415][T22699] do_syscall_64+0xcd/0x490 [ 1092.781446][T22699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1092.781470][T22699] RIP: 0033:0x7f515698e969 [ 1092.781488][T22699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1092.781512][T22699] RSP: 002b:00007f5157717038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1092.781533][T22699] RAX: ffffffffffffffda RBX: 00007f5156bb6080 RCX: 00007f515698e969 [ 1092.781549][T22699] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1092.781563][T22699] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1092.781577][T22699] R10: 0000000000003ec0 R11: 0000000000000246 R12: 0000000000000000 [ 1092.781591][T22699] R13: 0000000000000000 R14: 00007f5156bb6080 R15: 00007fff094a5a08 [ 1092.781620][T22699] [ 1094.641833][T22724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6300'. [ 1094.739037][T22724] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6300'. [ 1096.047865][T22750] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6304'. [ 1096.124629][T22750] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6304'. [ 1097.329524][T22769] netlink: 'syz.4.6307': attribute type 16 has an invalid length. [ 1097.381446][T22769] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6307'. [ 1097.434428][T22769] veth1_macvtap: left promiscuous mode [ 1098.361560][T22784] Invalid ELF header magic: != ELF [ 1098.965636][T22800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6317'. [ 1099.091617][T22802] serio: Serial port pty233 [ 1099.502346][T22812] netlink: 504 bytes leftover after parsing attributes in process `syz.5.6320'. [ 1099.555701][T22812] netlink: 504 bytes leftover after parsing attributes in process `syz.5.6320'. [ 1103.282364][T22878] input: f¬ as /devices/virtual/input/input23 [ 1103.643745][T22866] Process accounting paused [ 1104.147747][T22876] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6343'. [ 1108.126507][T22952] FAULT_INJECTION: forcing a failure. [ 1108.126507][T22952] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1108.232603][T22952] CPU: 1 UID: 0 PID: 22952 Comm: syz.2.6354 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1108.232645][T22952] Tainted: [I]=FIRMWARE_WORKAROUND [ 1108.232653][T22952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1108.232667][T22952] Call Trace: [ 1108.232674][T22952] [ 1108.232683][T22952] dump_stack_lvl+0x16c/0x1f0 [ 1108.232715][T22952] should_fail_ex+0x512/0x640 [ 1108.232754][T22952] should_fail_alloc_page+0xe7/0x130 [ 1108.232786][T22952] prepare_alloc_pages+0x3c2/0x610 [ 1108.232823][T22952] ? rcu_is_watching+0x12/0xc0 [ 1108.232858][T22952] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1108.232895][T22952] ? __lock_acquire+0x622/0x1c90 [ 1108.232923][T22952] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1108.232950][T22952] ? relay_open+0x653/0xad0 [ 1108.232980][T22952] ? rcu_read_unlock+0x17/0x60 [ 1108.233016][T22952] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1108.233046][T22952] ? policy_nodemask+0xea/0x4e0 [ 1108.233078][T22952] alloc_pages_mpol+0x1fb/0x550 [ 1108.233108][T22952] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1108.233137][T22952] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 1108.233173][T22952] ? trace_kmalloc+0x2b/0xd0 [ 1108.233203][T22952] ? __kmalloc_noprof.cold+0x5c/0x61 [ 1108.233235][T22952] ? relay_open_buf.part.0+0x194/0xb90 [ 1108.233261][T22952] alloc_pages_noprof+0x131/0x390 [ 1108.233291][T22952] relay_open_buf.part.0+0x262/0xb90 [ 1108.233324][T22952] relay_open+0x653/0xad0 [ 1108.233346][T22952] ? debugfs_create_file_full+0x41/0x60 [ 1108.233388][T22952] do_blk_trace_setup+0x503/0xb50 [ 1108.233425][T22952] blk_trace_setup+0xed/0x1b0 [ 1108.233460][T22952] ? __pfx_blk_trace_setup+0x10/0x10 [ 1108.233493][T22952] ? __pfx_snprintf+0x10/0x10 [ 1108.233538][T22952] blk_trace_ioctl+0x146/0x280 [ 1108.233574][T22952] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1108.233614][T22952] ? find_held_lock+0x2b/0x80 [ 1108.233646][T22952] ? hook_file_ioctl_common+0x145/0x410 [ 1108.233673][T22952] blkdev_ioctl+0x108/0x6d0 [ 1108.233700][T22952] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1108.233730][T22952] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1108.233757][T22952] __x64_sys_ioctl+0x18b/0x210 [ 1108.233794][T22952] do_syscall_64+0xcd/0x490 [ 1108.233824][T22952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1108.233848][T22952] RIP: 0033:0x7f0126f8e969 [ 1108.233866][T22952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1108.233890][T22952] RSP: 002b:00007f0127d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1108.233912][T22952] RAX: ffffffffffffffda RBX: 00007f01271b5fa0 RCX: 00007f0126f8e969 [ 1108.233928][T22952] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 1108.233942][T22952] RBP: 00007f0127010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1108.233957][T22952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.233971][T22952] R13: 0000000000000000 R14: 00007f01271b5fa0 R15: 00007ffd43395608 [ 1108.234002][T22952] [ 1108.664821][T22960] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6353'. [ 1110.651786][T22986] netlink: 346 bytes leftover after parsing attributes in process `syz.3.6365'. [ 1111.521883][T23003] kvm: kvm [22998]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2 [ 1112.034857][T23015] random: crng reseeded on system resumption [ 1114.381362][T23035] Invalid ELF header magic: != ELF [ 1115.711514][T23068] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6384'. [ 1118.548238][T23110] Invalid ELF header magic: != ELF [ 1120.963515][T23141] FAULT_INJECTION: forcing a failure. [ 1120.963515][T23141] name failslab, interval 1, probability 0, space 0, times 0 [ 1121.024789][T23141] CPU: 1 UID: 0 PID: 23141 Comm: syz.3.6411 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1121.024830][T23141] Tainted: [I]=FIRMWARE_WORKAROUND [ 1121.024839][T23141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1121.024854][T23141] Call Trace: [ 1121.024861][T23141] [ 1121.024870][T23141] dump_stack_lvl+0x16c/0x1f0 [ 1121.024903][T23141] should_fail_ex+0x512/0x640 [ 1121.024937][T23141] ? __kmalloc_noprof+0xbf/0x510 [ 1121.024967][T23141] ? acpi_ns_get_normalized_pathname+0x75/0xd0 [ 1121.024990][T23141] should_failslab+0xc2/0x120 [ 1121.025020][T23141] __kmalloc_noprof+0xd2/0x510 [ 1121.025053][T23141] acpi_ns_get_normalized_pathname+0x75/0xd0 [ 1121.025081][T23141] acpi_ex_start_trace_method+0x30/0x480 [ 1121.025111][T23141] acpi_ds_begin_method_execution+0x3c/0x980 [ 1121.025141][T23141] ? acpi_tb_check_dsdt_header+0x187/0x3e0 [ 1121.025174][T23141] acpi_ps_execute_method+0x94/0xb30 [ 1121.025213][T23141] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 1121.025239][T23141] acpi_ns_evaluate+0x76c/0xca0 [ 1121.025279][T23141] ? kasan_save_track+0x14/0x30 [ 1121.025307][T23141] acpi_evaluate_object+0x1fa/0xa90 [ 1121.025341][T23141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.025374][T23141] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1121.025408][T23141] ? __mutex_trylock_common+0xe9/0x250 [ 1121.025437][T23141] acpi_evaluate_integer+0xdd/0x200 [ 1121.025465][T23141] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1121.025505][T23141] ? __pfx_status_show+0x10/0x10 [ 1121.025537][T23141] status_show+0xa0/0x120 [ 1121.025568][T23141] ? __pfx_status_show+0x10/0x10 [ 1121.025608][T23141] dev_attr_show+0x56/0xe0 [ 1121.025630][T23141] ? __pfx_dev_attr_show+0x10/0x10 [ 1121.025650][T23141] sysfs_kf_seq_show+0x216/0x3e0 [ 1121.025695][T23141] seq_read_iter+0x506/0x12c0 [ 1121.025745][T23141] kernfs_fop_read_iter+0x40f/0x5a0 [ 1121.025778][T23141] ? rw_verify_area+0xcf/0x680 [ 1121.025818][T23141] vfs_read+0x8bf/0xc60 [ 1121.025845][T23141] ? __pfx___mutex_lock+0x10/0x10 [ 1121.025875][T23141] ? __pfx_vfs_read+0x10/0x10 [ 1121.025918][T23141] ksys_read+0x12a/0x250 [ 1121.025941][T23141] ? __pfx_ksys_read+0x10/0x10 [ 1121.025973][T23141] do_syscall_64+0xcd/0x490 [ 1121.026006][T23141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.026030][T23141] RIP: 0033:0x7f564e58e969 [ 1121.026049][T23141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.026072][T23141] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1121.026094][T23141] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1121.026110][T23141] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 1121.026124][T23141] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1121.026139][T23141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1121.026152][T23141] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1121.026183][T23141] [ 1121.026193][T23141] ACPI Error: [ 1121.397157][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.425909][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.402052][T23141] Could not allocate 15 bytes (20250404/nsnames-308) [ 1123.992628][T23168] random: crng reseeded on system resumption [ 1128.950111][T23212] random: crng reseeded on system resumption [ 1131.555537][T23246] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6432'. [ 1133.899207][T23259] Invalid ELF header magic: != ELF [ 1134.247456][T23261] Process accounting resumed [ 1136.343184][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d5e6800: rx timeout, send abort [ 1136.351585][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d5e6c00: rx timeout, send abort [ 1136.360345][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d5e6800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1136.374829][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d5e6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1137.129193][T23300] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1137.149703][T23300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1137.159141][T23300] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1137.168382][T23300] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1137.176351][T23300] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1137.629969][ T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.804469][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.988549][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1138.079689][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1138.144222][T23299] chnl_net:caif_netlink_parms(): no params data found [ 1138.179246][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1138.361966][T23299] bridge0: port 1(bridge_slave_0) entered blocking state [ 1138.370163][T23299] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.382425][T23299] bridge_slave_0: entered allmulticast mode [ 1138.392754][T23299] bridge_slave_0: entered promiscuous mode [ 1138.426490][T23299] bridge0: port 2(bridge_slave_1) entered blocking state [ 1138.433626][T23299] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.452767][T23299] bridge_slave_1: entered allmulticast mode [ 1138.469315][T23299] bridge_slave_1: entered promiscuous mode [ 1138.563816][ T12] bridge_slave_1: left allmulticast mode [ 1138.586049][ T12] bridge_slave_1: left promiscuous mode [ 1138.592544][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.627154][ T12] bridge_slave_0: left allmulticast mode [ 1138.632929][ T12] bridge_slave_0: left promiscuous mode [ 1138.658630][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1139.257681][T23300] Bluetooth: hci2: command tx timeout [ 1139.616003][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1139.647206][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1139.681959][ T12] bond0 (unregistering): Released all slaves [ 1139.799785][T23299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1139.858892][T23299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1139.874420][ T12] Â: left promiscuous mode [ 1139.942296][ T12] .^: left promiscuous mode [ 1139.970457][T23299] team0: Port device team_slave_0 added [ 1140.018632][T23299] team0: Port device team_slave_1 added [ 1140.025648][ T12] tipc: Left network mode [ 1140.143092][T23299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1140.170199][T23299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1140.235403][T23299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1140.301128][T23299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1140.309414][T23299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1140.390013][T23299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1140.600590][T23299] hsr_slave_0: entered promiscuous mode [ 1140.628971][T23299] hsr_slave_1: entered promiscuous mode [ 1140.645324][T23299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1140.676729][T23299] Cannot create hsr debugfs directory [ 1141.026313][ T12] hsr_slave_0: left promiscuous mode [ 1141.050142][ T12] hsr_slave_1: left promiscuous mode [ 1141.067513][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1141.074962][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1141.105295][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1141.132976][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1141.185645][ T12] veth0_macvtap: left promiscuous mode [ 1141.193236][ T12] veth0_vlan: left promiscuous mode [ 1141.343270][T23300] Bluetooth: hci2: command tx timeout [ 1141.873135][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1141.936742][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1143.065603][T23299] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1143.105041][T23299] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1143.134033][T23299] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1143.163611][T23299] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1143.392120][T23299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1143.419607][T23300] Bluetooth: hci2: command tx timeout [ 1143.456469][T23299] 8021q: adding VLAN 0 to HW filter on device team0 [ 1143.489935][T19055] bridge0: port 1(bridge_slave_0) entered blocking state [ 1143.497128][T19055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1143.555003][T19055] bridge0: port 2(bridge_slave_1) entered blocking state [ 1143.562235][T19055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1144.171914][T23299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1144.859862][T23299] veth0_vlan: entered promiscuous mode [ 1144.892301][T23299] veth1_vlan: entered promiscuous mode [ 1145.000210][T23299] veth0_macvtap: entered promiscuous mode [ 1145.026698][T23299] veth1_macvtap: entered promiscuous mode [ 1145.081171][T23299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1145.115112][T23299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1145.153221][T23299] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.178896][T23299] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.187638][T23299] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.230892][T23299] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.469330][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1145.477209][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1145.499936][T23300] Bluetooth: hci2: command tx timeout [ 1145.575092][ T2994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1145.608492][ T2994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1145.938838][T23382] netlink: 504 bytes leftover after parsing attributes in process `syz.4.6462'. [ 1146.051964][T23382] netlink: 504 bytes leftover after parsing attributes in process `syz.4.6462'. [ 1147.847780][T23393] Invalid ELF header magic: != ELF [ 1149.026402][T23437] netlink: 504 bytes leftover after parsing attributes in process `syz.5.6469'. [ 1149.111734][T23438] netlink: 504 bytes leftover after parsing attributes in process `syz.5.6469'. [ 1149.919303][T23453] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6481'. [ 1150.122364][T23457] FAULT_INJECTION: forcing a failure. [ 1150.122364][T23457] name failslab, interval 1, probability 0, space 0, times 0 [ 1150.237727][T23457] CPU: 1 UID: 0 PID: 23457 Comm: syz.3.6474 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1150.237769][T23457] Tainted: [I]=FIRMWARE_WORKAROUND [ 1150.237778][T23457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1150.237800][T23457] Call Trace: [ 1150.237808][T23457] [ 1150.237817][T23457] dump_stack_lvl+0x16c/0x1f0 [ 1150.237850][T23457] should_fail_ex+0x512/0x640 [ 1150.237885][T23457] ? __kmalloc_noprof+0xbf/0x510 [ 1150.237914][T23457] ? drm_atomic_state_init+0x17b/0x320 [ 1150.237939][T23457] should_failslab+0xc2/0x120 [ 1150.237969][T23457] __kmalloc_noprof+0xd2/0x510 [ 1150.238003][T23457] drm_atomic_state_init+0x17b/0x320 [ 1150.238026][T23457] ? __kasan_kmalloc+0xaa/0xb0 [ 1150.238054][T23457] drm_atomic_state_alloc+0xd3/0x120 [ 1150.238080][T23457] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 1150.238107][T23457] ? __pfx___might_resched+0x10/0x10 [ 1150.238144][T23457] ? rcu_is_watching+0x12/0xc0 [ 1150.238177][T23457] ? trace_contention_end+0xdd/0x130 [ 1150.238202][T23457] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1150.238259][T23457] drm_client_modeset_commit_locked+0x14d/0x580 [ 1150.238289][T23457] drm_client_modeset_commit+0x4f/0x80 [ 1150.238314][T23457] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 1150.238355][T23457] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1150.238387][T23457] drm_fbdev_client_restore+0x2c/0x40 [ 1150.238418][T23457] drm_client_dev_restore+0x1f3/0x2a0 [ 1150.238446][T23457] drm_release+0x2c4/0x360 [ 1150.238487][T23457] ? __pfx_drm_release+0x10/0x10 [ 1150.238524][T23457] __fput+0x402/0xb70 [ 1150.238560][T23457] task_work_run+0x14d/0x240 [ 1150.238590][T23457] ? __pfx_task_work_run+0x10/0x10 [ 1150.238620][T23457] ? __pfx___do_sys_close_range+0x10/0x10 [ 1150.238652][T23457] exit_to_user_mode_loop+0xeb/0x110 [ 1150.238683][T23457] do_syscall_64+0x3f6/0x490 [ 1150.238714][T23457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.238738][T23457] RIP: 0033:0x7f564e58e969 [ 1150.238757][T23457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1150.238780][T23457] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1150.238807][T23457] RAX: 0000000000000000 RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1150.238822][T23457] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1150.238836][T23457] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1150.238851][T23457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1150.238865][T23457] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1150.238896][T23457] [ 1150.239210][T23448] could not allocate digest TFM handle [ 1152.026730][T23483] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6482'. [ 1152.095878][T23483] ipvlan1: entered allmulticast mode [ 1152.101253][T23483] veth0_vlan: entered allmulticast mode [ 1153.900983][T23497] sp0: Synchronizing with TNC [ 1154.374625][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c2ca000: rx timeout, send abort [ 1154.382974][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c2c9800: rx timeout, send abort [ 1154.392943][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c2ca000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1154.407408][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c2c9800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1155.026459][T23513] sp0: Synchronizing with TNC [ 1155.123836][T23513] sp0: Found TNC [ 1158.212839][T23569] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6507'. [ 1158.260565][T23570] netlink: 'syz.3.6508': attribute type 4 has an invalid length. [ 1158.316457][T23569] netlink: 214 bytes leftover after parsing attributes in process `syz.4.6507'. [ 1158.325867][T23570] netlink: 314 bytes leftover after parsing attributes in process `syz.3.6508'. [ 1158.390663][T23569] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1158.397970][T23569] IPv6: NLM_F_CREATE should be set when creating new route [ 1158.405255][T23569] IPv6: NLM_F_CREATE should be set when creating new route [ 1158.412475][T23569] IPv6: NLM_F_CREATE should be set when creating new route [ 1159.137859][T23582] FAULT_INJECTION: forcing a failure. [ 1159.137859][T23582] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.153316][T23586] erspan0: entered allmulticast mode [ 1159.259743][T23582] CPU: 1 UID: 0 PID: 23582 Comm: syz.6.6512 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1159.259782][T23582] Tainted: [I]=FIRMWARE_WORKAROUND [ 1159.259798][T23582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1159.259812][T23582] Call Trace: [ 1159.259819][T23582] [ 1159.259828][T23582] dump_stack_lvl+0x16c/0x1f0 [ 1159.259859][T23582] should_fail_ex+0x512/0x640 [ 1159.259892][T23582] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1159.259917][T23582] should_failslab+0xc2/0x120 [ 1159.259947][T23582] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1159.259968][T23582] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 1159.260002][T23582] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1159.260037][T23582] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1159.260076][T23582] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1159.260117][T23582] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1159.260154][T23582] ? __asan_memset+0x23/0x50 [ 1159.260172][T23582] ? calc_src_frames.isra.0+0x187/0x1d0 [ 1159.260209][T23582] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 1159.260252][T23582] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 1159.260302][T23582] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1159.260341][T23582] ? snd_pcm_oss_sync+0x30c/0x840 [ 1159.260394][T23582] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1159.260432][T23582] snd_pcm_oss_sync+0x32e/0x840 [ 1159.260470][T23582] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1159.260506][T23582] snd_pcm_oss_release+0x28b/0x310 [ 1159.260543][T23582] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1159.260577][T23582] __fput+0x402/0xb70 [ 1159.260612][T23582] task_work_run+0x14d/0x240 [ 1159.260642][T23582] ? __pfx_task_work_run+0x10/0x10 [ 1159.260670][T23582] ? __pfx___do_sys_close_range+0x10/0x10 [ 1159.260700][T23582] exit_to_user_mode_loop+0xeb/0x110 [ 1159.260730][T23582] do_syscall_64+0x3f6/0x490 [ 1159.260760][T23582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.260789][T23582] RIP: 0033:0x7fb174d8e969 [ 1159.260807][T23582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1159.260830][T23582] RSP: 002b:00007fb175b1b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1159.260852][T23582] RAX: 0000000000000000 RBX: 00007fb174fb5fa0 RCX: 00007fb174d8e969 [ 1159.260867][T23582] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 1159.260880][T23582] RBP: 00007fb174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1159.260894][T23582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1159.260907][T23582] R13: 0000000000000000 R14: 00007fb174fb5fa0 R15: 00007fffdc2ebbc8 [ 1159.260936][T23582] [ 1159.747309][T23588] mkiss: ax0: crc mode is auto. [ 1160.436855][T23603] netlink: 'syz.6.6520': attribute type 19 has an invalid length. [ 1160.456358][T23603] netlink: 334 bytes leftover after parsing attributes in process `syz.6.6520'. [ 1161.642468][T23623] FAULT_INJECTION: forcing a failure. [ 1161.642468][T23623] name failslab, interval 1, probability 0, space 0, times 0 [ 1161.761442][T23623] CPU: 1 UID: 0 PID: 23623 Comm: syz.3.6523 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1161.761484][T23623] Tainted: [I]=FIRMWARE_WORKAROUND [ 1161.761493][T23623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1161.761507][T23623] Call Trace: [ 1161.761515][T23623] [ 1161.761529][T23623] dump_stack_lvl+0x16c/0x1f0 [ 1161.761562][T23623] should_fail_ex+0x512/0x640 [ 1161.761596][T23623] ? __kmalloc_noprof+0xbf/0x510 [ 1161.761626][T23623] ? fib_default_rule_add+0x4f/0x420 [ 1161.761656][T23623] should_failslab+0xc2/0x120 [ 1161.761686][T23623] __kmalloc_noprof+0xd2/0x510 [ 1161.761719][T23623] fib_default_rule_add+0x4f/0x420 [ 1161.761753][T23623] fib4_rules_init+0x52/0x1c0 [ 1161.761782][T23623] fib_net_init+0x1dc/0x3f0 [ 1161.761816][T23623] ? __pfx___register_sysctl_table+0x10/0x10 [ 1161.761848][T23623] ? __pfx_fib_net_init+0x10/0x10 [ 1161.761884][T23623] ? lockdep_init_map_type+0x5c/0x280 [ 1161.761910][T23623] ? do_init_timer+0xc9/0x110 [ 1161.761948][T23623] ? devinet_init_net+0x5c2/0x910 [ 1161.761989][T23623] ? __pfx_fib_net_init+0x10/0x10 [ 1161.762023][T23623] ops_init+0x1e2/0x5f0 [ 1161.762057][T23623] setup_net+0x1ff/0x510 [ 1161.762087][T23623] ? lockdep_init_map_type+0x5c/0x280 [ 1161.762111][T23623] ? __pfx_setup_net+0x10/0x10 [ 1161.762145][T23623] ? debug_mutex_init+0x37/0x70 [ 1161.762180][T23623] copy_net_ns+0x2a6/0x5f0 [ 1161.762217][T23623] create_new_namespaces+0x3ea/0xa90 [ 1161.762260][T23623] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1161.762299][T23623] ksys_unshare+0x45b/0xa40 [ 1161.762325][T23623] ? __pfx_ksys_unshare+0x10/0x10 [ 1161.762350][T23623] ? xfd_validate_state+0x61/0x180 [ 1161.762383][T23623] __x64_sys_unshare+0x31/0x40 [ 1161.762408][T23623] do_syscall_64+0xcd/0x490 [ 1161.762439][T23623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.762463][T23623] RIP: 0033:0x7f564e58e969 [ 1161.762482][T23623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1161.762506][T23623] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1161.762533][T23623] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1161.762549][T23623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1161.762563][T23623] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1161.762577][T23623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1161.762592][T23623] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1161.762622][T23623] [ 1162.328579][T23628] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6525'. [ 1162.519594][T23628] gretap0: refused to change device tx_queue_len [ 1162.802843][T23631] FAULT_INJECTION: forcing a failure. [ 1162.802843][T23631] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1162.877643][T23631] CPU: 1 UID: 0 PID: 23631 Comm: syz.6.6526 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1162.877684][T23631] Tainted: [I]=FIRMWARE_WORKAROUND [ 1162.877693][T23631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1162.877708][T23631] Call Trace: [ 1162.877716][T23631] [ 1162.877725][T23631] dump_stack_lvl+0x16c/0x1f0 [ 1162.877757][T23631] should_fail_ex+0x512/0x640 [ 1162.877796][T23631] should_fail_alloc_page+0xe7/0x130 [ 1162.877828][T23631] prepare_alloc_pages+0x3c2/0x610 [ 1162.877865][T23631] ? rcu_is_watching+0x12/0xc0 [ 1162.877901][T23631] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1162.877930][T23631] ? kasan_save_stack+0x33/0x60 [ 1162.877953][T23631] ? kasan_save_track+0x14/0x30 [ 1162.877976][T23631] ? __kasan_kmalloc+0xaa/0xb0 [ 1162.877998][T23631] ? __kvmalloc_node_noprof+0x279/0x620 [ 1162.878022][T23631] ? relay_open_buf.part.0+0x194/0xb90 [ 1162.878042][T23631] ? relay_open+0x653/0xad0 [ 1162.878061][T23631] ? do_blk_trace_setup+0x503/0xb50 [ 1162.878091][T23631] ? blk_trace_setup+0xed/0x1b0 [ 1162.878121][T23631] ? blk_trace_ioctl+0x146/0x280 [ 1162.878154][T23631] ? blkdev_ioctl+0x108/0x6d0 [ 1162.878177][T23631] ? __x64_sys_ioctl+0x18b/0x210 [ 1162.878209][T23631] ? do_syscall_64+0xcd/0x490 [ 1162.878235][T23631] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.878264][T23631] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1162.878311][T23631] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1162.878341][T23631] ? policy_nodemask+0xea/0x4e0 [ 1162.878380][T23631] alloc_pages_mpol+0x1fb/0x550 [ 1162.878411][T23631] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1162.878441][T23631] ? __kvmalloc_node_noprof+0x296/0x620 [ 1162.878465][T23631] ? trace_kmalloc+0x2b/0xd0 [ 1162.878496][T23631] ? __free_slab.cold+0x1a/0x32 [ 1162.878528][T23631] ? relay_open_buf.part.0+0x194/0xb90 [ 1162.878553][T23631] alloc_pages_noprof+0x131/0x390 [ 1162.878584][T23631] relay_open_buf.part.0+0x262/0xb90 [ 1162.878617][T23631] relay_open+0x653/0xad0 [ 1162.878640][T23631] ? debugfs_create_file_full+0x41/0x60 [ 1162.878681][T23631] do_blk_trace_setup+0x503/0xb50 [ 1162.878718][T23631] blk_trace_setup+0xed/0x1b0 [ 1162.878752][T23631] ? __pfx_blk_trace_setup+0x10/0x10 [ 1162.878785][T23631] ? __pfx_snprintf+0x10/0x10 [ 1162.878825][T23631] blk_trace_ioctl+0x146/0x280 [ 1162.878861][T23631] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1162.878900][T23631] ? find_held_lock+0x2b/0x80 [ 1162.878931][T23631] ? hook_file_ioctl_common+0x145/0x410 [ 1162.878958][T23631] blkdev_ioctl+0x108/0x6d0 [ 1162.878984][T23631] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1162.879014][T23631] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1162.879041][T23631] __x64_sys_ioctl+0x18b/0x210 [ 1162.879077][T23631] do_syscall_64+0xcd/0x490 [ 1162.879108][T23631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.879131][T23631] RIP: 0033:0x7fb174d8e969 [ 1162.879150][T23631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.879173][T23631] RSP: 002b:00007fb175b1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1162.879195][T23631] RAX: ffffffffffffffda RBX: 00007fb174fb5fa0 RCX: 00007fb174d8e969 [ 1162.879211][T23631] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000007 [ 1162.879226][T23631] RBP: 00007fb174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1162.879240][T23631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.879255][T23631] R13: 0000000000000000 R14: 00007fb174fb5fa0 R15: 00007fffdc2ebbc8 [ 1162.879285][T23631] [ 1163.964162][T23641] futex_wake_op: syz.4.6527 tries to shift op by -9; fix this program [ 1164.824351][T23634] Process accounting paused [ 1168.117915][T23692] FAULT_INJECTION: forcing a failure. [ 1168.117915][T23692] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.202073][T23692] CPU: 1 UID: 0 PID: 23692 Comm: syz.3.6542 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1168.202115][T23692] Tainted: [I]=FIRMWARE_WORKAROUND [ 1168.202123][T23692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1168.202137][T23692] Call Trace: [ 1168.202144][T23692] [ 1168.202153][T23692] dump_stack_lvl+0x16c/0x1f0 [ 1168.202185][T23692] should_fail_ex+0x512/0x640 [ 1168.202219][T23692] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1168.202250][T23692] should_failslab+0xc2/0x120 [ 1168.202281][T23692] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1168.202309][T23692] ? __d_alloc+0x31/0xaa0 [ 1168.202339][T23692] __d_alloc+0x31/0xaa0 [ 1168.202363][T23692] ? do_raw_spin_lock+0x12c/0x2b0 [ 1168.202394][T23692] d_alloc+0x4a/0x1e0 [ 1168.202421][T23692] d_alloc_name+0x83/0xb0 [ 1168.202447][T23692] ? __pfx_d_alloc_name+0x10/0x10 [ 1168.202480][T23692] simple_fill_super+0x2eb/0x720 [ 1168.202506][T23692] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1168.202539][T23692] nfsd_fill_super+0x90/0x530 [ 1168.202570][T23692] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1168.202607][T23692] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1168.202638][T23692] get_tree_keyed+0x10b/0x1d0 [ 1168.202662][T23692] vfs_get_tree+0x8e/0x340 [ 1168.202696][T23692] path_mount+0x14d4/0x1f70 [ 1168.202724][T23692] ? kmem_cache_free+0x2d1/0x4d0 [ 1168.202748][T23692] ? __pfx_path_mount+0x10/0x10 [ 1168.202778][T23692] ? putname+0x154/0x1a0 [ 1168.202810][T23692] __x64_sys_mount+0x28d/0x310 [ 1168.202845][T23692] ? __pfx___x64_sys_mount+0x10/0x10 [ 1168.202881][T23692] do_syscall_64+0xcd/0x490 [ 1168.202912][T23692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.202936][T23692] RIP: 0033:0x7f564e58e969 [ 1168.202954][T23692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.202977][T23692] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1168.202999][T23692] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1168.203015][T23692] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 1168.203029][T23692] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1168.203044][T23692] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1168.203057][T23692] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1168.203088][T23692] [ 1169.004969][T23700] ERROR: Out of memory at tomoyo_memory_ok. [ 1169.957712][T23714] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6547'. [ 1171.783399][T23745] FAULT_INJECTION: forcing a failure. [ 1171.783399][T23745] name failslab, interval 1, probability 0, space 0, times 0 [ 1171.864356][T23745] CPU: 1 UID: 0 PID: 23745 Comm: syz.3.6554 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1171.864404][T23745] Tainted: [I]=FIRMWARE_WORKAROUND [ 1171.864414][T23745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1171.864428][T23745] Call Trace: [ 1171.864436][T23745] [ 1171.864445][T23745] dump_stack_lvl+0x16c/0x1f0 [ 1171.864479][T23745] should_fail_ex+0x512/0x640 [ 1171.864513][T23745] ? fs_reclaim_acquire+0xae/0x150 [ 1171.864553][T23745] should_failslab+0xc2/0x120 [ 1171.864583][T23745] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1171.864611][T23745] ? security_inode_alloc+0x3b/0x2b0 [ 1171.864638][T23745] security_inode_alloc+0x3b/0x2b0 [ 1171.864662][T23745] inode_init_always_gfp+0xce4/0x1030 [ 1171.864691][T23745] alloc_inode+0x86/0x240 [ 1171.864721][T23745] path_from_stashed+0x2be/0xb00 [ 1171.864751][T23745] ? __pfx_path_from_stashed+0x10/0x10 [ 1171.864775][T23745] ? userns_get+0x16b/0x420 [ 1171.864809][T23745] ns_get_path+0x5f/0x80 [ 1171.864847][T23745] proc_ns_get_link+0x121/0x260 [ 1171.864870][T23745] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1171.864896][T23745] ? atime_needs_update+0x8b/0x710 [ 1171.864930][T23745] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1171.864953][T23745] step_into+0x1a2c/0x2270 [ 1171.864996][T23745] ? __pfx_step_into+0x10/0x10 [ 1171.865031][T23745] ? find_held_lock+0x2b/0x80 [ 1171.865073][T23745] path_openat+0x6db/0x2cb0 [ 1171.865106][T23745] ? __pfx_path_openat+0x10/0x10 [ 1171.865131][T23745] ? __lock_acquire+0xb8a/0x1c90 [ 1171.865157][T23745] do_filp_open+0x20b/0x470 [ 1171.865180][T23745] ? __pfx_do_filp_open+0x10/0x10 [ 1171.865225][T23745] ? alloc_fd+0x471/0x7d0 [ 1171.865254][T23745] do_sys_openat2+0x11b/0x1d0 [ 1171.865287][T23745] ? __pfx_do_sys_openat2+0x10/0x10 [ 1171.865331][T23745] __x64_sys_openat+0x174/0x210 [ 1171.865365][T23745] ? __pfx___x64_sys_openat+0x10/0x10 [ 1171.865415][T23745] do_syscall_64+0xcd/0x490 [ 1171.865448][T23745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.865473][T23745] RIP: 0033:0x7f564e58d2d0 [ 1171.865492][T23745] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1171.865515][T23745] RSP: 002b:00007f564f492f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1171.865538][T23745] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f564e58d2d0 [ 1171.865553][T23745] RDX: 0000000000000002 RSI: 00007f564f492fa0 RDI: 00000000ffffff9c [ 1171.865567][T23745] RBP: 00007f564f492fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1171.865581][T23745] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1171.865595][T23745] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1171.865625][T23745] [ 1172.180256][T23741] FAULT_INJECTION: forcing a failure. [ 1172.180256][T23741] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.193884][T23741] CPU: 1 UID: 0 PID: 23741 Comm: syz.5.6553 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1172.193922][T23741] Tainted: [I]=FIRMWARE_WORKAROUND [ 1172.193931][T23741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1172.193945][T23741] Call Trace: [ 1172.193953][T23741] [ 1172.193962][T23741] dump_stack_lvl+0x16c/0x1f0 [ 1172.193995][T23741] should_fail_ex+0x512/0x640 [ 1172.194028][T23741] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1172.194060][T23741] should_failslab+0xc2/0x120 [ 1172.194090][T23741] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1172.194123][T23741] ? proc_alloc_inode+0x25/0x200 [ 1172.194151][T23741] ? __pfx_proc_alloc_inode+0x10/0x10 [ 1172.194174][T23741] proc_alloc_inode+0x25/0x200 [ 1172.194197][T23741] alloc_inode+0x64/0x240 [ 1172.194228][T23741] new_inode+0x22/0x1c0 [ 1172.194261][T23741] proc_sys_make_inode+0x47/0x5c0 [ 1172.194291][T23741] proc_sys_lookup+0x282/0x410 [ 1172.194318][T23741] ? __pfx_proc_sys_lookup+0x10/0x10 [ 1172.194348][T23741] ? lockdep_init_map_type+0x5c/0x280 [ 1172.194376][T23741] ? lockdep_init_map_type+0x5c/0x280 [ 1172.194405][T23741] __lookup_slow+0x24e/0x460 [ 1172.194439][T23741] ? __pfx___lookup_slow+0x10/0x10 [ 1172.194490][T23741] ? lookup_fast+0x156/0x610 [ 1172.194524][T23741] ? _raw_spin_unlock+0x28/0x50 [ 1172.194551][T23741] walk_component+0x353/0x5b0 [ 1172.194590][T23741] link_path_walk+0x627/0xe20 [ 1172.194644][T23741] path_openat+0x1b0/0x2cb0 [ 1172.194665][T23741] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.194700][T23741] ? __pfx_path_openat+0x10/0x10 [ 1172.194725][T23741] ? __lock_acquire+0xb8a/0x1c90 [ 1172.194752][T23741] do_filp_open+0x20b/0x470 [ 1172.194775][T23741] ? __pfx_do_filp_open+0x10/0x10 [ 1172.194821][T23741] ? alloc_fd+0x471/0x7d0 [ 1172.194850][T23741] do_sys_openat2+0x11b/0x1d0 [ 1172.194883][T23741] ? __pfx_do_sys_openat2+0x10/0x10 [ 1172.194916][T23741] ? find_held_lock+0x2b/0x80 [ 1172.194955][T23741] __x64_sys_openat+0x174/0x210 [ 1172.194988][T23741] ? __pfx___x64_sys_openat+0x10/0x10 [ 1172.195034][T23741] do_syscall_64+0xcd/0x490 [ 1172.195065][T23741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.195088][T23741] RIP: 0033:0x7fb07178e969 [ 1172.195106][T23741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.195130][T23741] RSP: 002b:00007fb07253f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1172.195151][T23741] RAX: ffffffffffffffda RBX: 00007fb0719b5fa0 RCX: 00007fb07178e969 [ 1172.195167][T23741] RDX: 0000000000000202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1172.195182][T23741] RBP: 00007fb071810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1172.195195][T23741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.195210][T23741] R13: 0000000000000000 R14: 00007fb0719b5fa0 R15: 00007ffd85d70638 [ 1172.195240][T23741] [ 1173.314901][T23751] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1173.859437][T23764] netlink: 206 bytes leftover after parsing attributes in process `syz.3.6560'. [ 1174.800987][T23780] FAULT_INJECTION: forcing a failure. [ 1174.800987][T23780] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.890976][T23780] CPU: 1 UID: 0 PID: 23780 Comm: syz.3.6564 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1174.891019][T23780] Tainted: [I]=FIRMWARE_WORKAROUND [ 1174.891029][T23780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1174.891043][T23780] Call Trace: [ 1174.891052][T23780] [ 1174.891062][T23780] dump_stack_lvl+0x16c/0x1f0 [ 1174.891096][T23780] should_fail_ex+0x512/0x640 [ 1174.891130][T23780] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1174.891157][T23780] should_failslab+0xc2/0x120 [ 1174.891188][T23780] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1174.891212][T23780] ? nci_allocate_device+0x105/0x430 [ 1174.891239][T23780] nci_allocate_device+0x105/0x430 [ 1174.891264][T23780] virtual_ncidev_open+0x6f/0x220 [ 1174.891293][T23780] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1174.891326][T23780] misc_open+0x35a/0x420 [ 1174.891355][T23780] ? __pfx_misc_open+0x10/0x10 [ 1174.891381][T23780] chrdev_open+0x231/0x6a0 [ 1174.891408][T23780] ? __pfx_apparmor_file_open+0x10/0x10 [ 1174.891436][T23780] ? __pfx_chrdev_open+0x10/0x10 [ 1174.891465][T23780] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1174.891509][T23780] do_dentry_open+0x741/0x1c10 [ 1174.891534][T23780] ? __pfx_chrdev_open+0x10/0x10 [ 1174.891567][T23780] vfs_open+0x82/0x3f0 [ 1174.891602][T23780] path_openat+0x1de4/0x2cb0 [ 1174.891635][T23780] ? __pfx_path_openat+0x10/0x10 [ 1174.891660][T23780] ? __lock_acquire+0xb8a/0x1c90 [ 1174.891688][T23780] do_filp_open+0x20b/0x470 [ 1174.891713][T23780] ? __pfx_do_filp_open+0x10/0x10 [ 1174.891759][T23780] ? alloc_fd+0x471/0x7d0 [ 1174.891789][T23780] do_sys_openat2+0x11b/0x1d0 [ 1174.891822][T23780] ? __pfx_do_sys_openat2+0x10/0x10 [ 1174.891867][T23780] __x64_sys_openat+0x174/0x210 [ 1174.891920][T23780] ? __pfx___x64_sys_openat+0x10/0x10 [ 1174.891967][T23780] do_syscall_64+0xcd/0x490 [ 1174.891999][T23780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.892024][T23780] RIP: 0033:0x7f564e58e969 [ 1174.892043][T23780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.892066][T23780] RSP: 002b:00007f564f493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1174.892088][T23780] RAX: ffffffffffffffda RBX: 00007f564e7b5fa0 RCX: 00007f564e58e969 [ 1174.892104][T23780] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1174.892119][T23780] RBP: 00007f564e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1174.892134][T23780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1174.892148][T23780] R13: 0000000000000000 R14: 00007f564e7b5fa0 R15: 00007ffe17ea1cc8 [ 1174.892178][T23780] [ 1175.548384][T18555] Bluetooth: hci3: command 0x0406 tx timeout [ 1176.646542][T23810] FAULT_INJECTION: forcing a failure. [ 1176.646542][T23810] name failslab, interval 1, probability 0, space 0, times 0 [ 1176.757234][T23810] CPU: 1 UID: 0 PID: 23810 Comm: syz.4.6569 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1176.757276][T23810] Tainted: [I]=FIRMWARE_WORKAROUND [ 1176.757285][T23810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1176.757299][T23810] Call Trace: [ 1176.757307][T23810] [ 1176.757316][T23810] dump_stack_lvl+0x16c/0x1f0 [ 1176.757348][T23810] should_fail_ex+0x512/0x640 [ 1176.757382][T23810] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1176.757408][T23810] should_failslab+0xc2/0x120 [ 1176.757438][T23810] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1176.757462][T23810] ? do_signalfd4+0x169/0x430 [ 1176.757488][T23810] do_signalfd4+0x169/0x430 [ 1176.757513][T23810] __x64_sys_signalfd+0x120/0x1a0 [ 1176.757537][T23810] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1176.757571][T23810] do_syscall_64+0xcd/0x490 [ 1176.757601][T23810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.757626][T23810] RIP: 0033:0x7f515698e969 [ 1176.757644][T23810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.757668][T23810] RSP: 002b:00007f5157738038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 1176.757690][T23810] RAX: ffffffffffffffda RBX: 00007f5156bb5fa0 RCX: 00007f515698e969 [ 1176.757706][T23810] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 1176.757720][T23810] RBP: 00007f5156a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1176.757735][T23810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1176.757749][T23810] R13: 0000000000000000 R14: 00007f5156bb5fa0 R15: 00007fff094a5a08 [ 1176.757778][T23810] [ 1178.537432][T23827] FAULT_INJECTION: forcing a failure. [ 1178.537432][T23827] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1178.556665][T23300] Bluetooth: hci2: unexpected subevent 0x19 length: 252 > 28 [ 1178.576004][T23300] Bluetooth: hci2: Unable to find connection with handle 0xc3d2 [ 1178.707689][T23827] CPU: 1 UID: 0 PID: 23827 Comm: syz.3.6576 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1178.707732][T23827] Tainted: [I]=FIRMWARE_WORKAROUND [ 1178.707741][T23827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1178.707755][T23827] Call Trace: [ 1178.707763][T23827] [ 1178.707772][T23827] dump_stack_lvl+0x16c/0x1f0 [ 1178.707806][T23827] should_fail_ex+0x512/0x640 [ 1178.707844][T23827] should_fail_alloc_page+0xe7/0x130 [ 1178.707882][T23827] prepare_alloc_pages+0x3c2/0x610 [ 1178.707926][T23827] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1178.707957][T23827] ? folio_remove_rmap_ptes+0x138/0x970 [ 1178.707980][T23827] ? noop_dirty_folio+0x5e/0xb0 [ 1178.708017][T23827] ? try_to_migrate_one+0x13d8/0x34c0 [ 1178.708045][T23827] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1178.708076][T23827] ? __pfx_try_to_migrate_one+0x10/0x10 [ 1178.708108][T23827] ? __up_read+0x1f8/0x750 [ 1178.708138][T23827] ? __pfx___up_read+0x10/0x10 [ 1178.708163][T23827] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1178.708193][T23827] ? policy_nodemask+0xea/0x4e0 [ 1178.708224][T23827] alloc_pages_mpol+0x1fb/0x550 [ 1178.708255][T23827] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1178.708292][T23827] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1178.708328][T23827] alloc_migration_target_by_mpol+0x246/0x500 [ 1178.708366][T23827] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1178.708403][T23827] ? __pfx___might_resched+0x10/0x10 [ 1178.708439][T23827] ? __pfx_queue_folios_pte_range+0x10/0x10 [ 1178.708475][T23827] migrate_pages_batch+0x3bf/0x31a0 [ 1178.708513][T23827] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1178.708559][T23827] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1178.708604][T23827] migrate_pages_sync+0x12d/0x8a0 [ 1178.708639][T23827] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1178.708682][T23827] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1178.708718][T23827] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 1178.708764][T23827] migrate_pages+0x1b67/0x23b0 [ 1178.708801][T23827] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1178.708846][T23827] ? __pfx_migrate_pages+0x10/0x10 [ 1178.708887][T23827] ? find_held_lock+0x2b/0x80 [ 1178.708925][T23827] ? up_write+0x1b2/0x520 [ 1178.708954][T23827] do_mbind+0x6f0/0xf30 [ 1178.708996][T23827] ? __pfx_do_mbind+0x10/0x10 [ 1178.709031][T23827] ? do_writev+0x218/0x340 [ 1178.709065][T23827] ? __pfx_get_nodes+0x10/0x10 [ 1178.709099][T23827] kernel_mbind+0x1e3/0x1f0 [ 1178.709136][T23827] ? __pfx_kernel_mbind+0x10/0x10 [ 1178.709178][T23827] do_syscall_64+0xcd/0x490 [ 1178.709209][T23827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1178.709234][T23827] RIP: 0033:0x7f564e58e969 [ 1178.709253][T23827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1178.709276][T23827] RSP: 002b:00007f564f472038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1178.709298][T23827] RAX: ffffffffffffffda RBX: 00007f564e7b6080 RCX: 00007f564e58e969 [ 1178.709314][T23827] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 1178.709328][T23827] RBP: 00007f564e610ab1 R08: 0000000000000006 R09: 0000000000000002 [ 1178.709343][T23827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1178.709357][T23827] R13: 0000000000000000 R14: 00007f564e7b6080 R15: 00007ffe17ea1cc8 [ 1178.709387][T23827] [ 1182.728533][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.734913][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1182.806996][T23855] ERROR: Out of memory at tomoyo_memory_ok. [ 1184.088151][T23871] netlink: 18 bytes leftover after parsing attributes in process `syz.6.6587'. [ 1186.520085][T23917] netlink: 338 bytes leftover after parsing attributes in process `syz.6.6598'. [ 1186.626120][T23917] netlink: 338 bytes leftover after parsing attributes in process `syz.6.6598'. [ 1186.702027][T23919] netlink: 290 bytes leftover after parsing attributes in process `syz.6.6598'. [ 1187.200127][T23928] ================================================================== [ 1187.208231][T23928] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 1187.215974][T23928] Read of size 8 at addr ffff8881447b3218 by task syz.6.6602/23928 [ 1187.223878][T23928] [ 1187.226210][T23928] CPU: 1 UID: 0 PID: 23928 Comm: syz.6.6602 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1187.226247][T23928] Tainted: [I]=FIRMWARE_WORKAROUND [ 1187.226256][T23928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1187.226271][T23928] Call Trace: [ 1187.226279][T23928] [ 1187.226289][T23928] dump_stack_lvl+0x116/0x1f0 [ 1187.226319][T23928] print_report+0xcd/0x680 [ 1187.226349][T23928] ? __virt_addr_valid+0x81/0x610 [ 1187.226384][T23928] ? __phys_addr+0xe8/0x180 [ 1187.226418][T23928] ? dvb_device_open+0x36a/0x3b0 [ 1187.226448][T23928] kasan_report+0xe0/0x110 [ 1187.226477][T23928] ? dvb_device_open+0x36a/0x3b0 [ 1187.226510][T23928] ? __pfx_dvb_device_open+0x10/0x10 [ 1187.226541][T23928] dvb_device_open+0x36a/0x3b0 [ 1187.226571][T23928] ? __pfx_dvb_device_open+0x10/0x10 [ 1187.226602][T23928] chrdev_open+0x231/0x6a0 [ 1187.226628][T23928] ? __pfx_apparmor_file_open+0x10/0x10 [ 1187.226662][T23928] ? __pfx_chrdev_open+0x10/0x10 [ 1187.226690][T23928] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1187.226731][T23928] do_dentry_open+0x741/0x1c10 [ 1187.226756][T23928] ? __pfx_chrdev_open+0x10/0x10 [ 1187.226785][T23928] vfs_open+0x82/0x3f0 [ 1187.226817][T23928] path_openat+0x1de4/0x2cb0 [ 1187.226845][T23928] ? __pfx_path_openat+0x10/0x10 [ 1187.226868][T23928] ? __lock_acquire+0xb8a/0x1c90 [ 1187.226893][T23928] do_filp_open+0x20b/0x470 [ 1187.226916][T23928] ? __pfx_do_filp_open+0x10/0x10 [ 1187.226949][T23928] ? alloc_fd+0x471/0x7d0 [ 1187.226974][T23928] do_sys_openat2+0x11b/0x1d0 [ 1187.227005][T23928] ? __pfx_do_sys_openat2+0x10/0x10 [ 1187.227037][T23928] ? __pfx_do_sys_openat2+0x10/0x10 [ 1187.227069][T23928] ? __pfx___might_resched+0x10/0x10 [ 1187.227107][T23928] __x64_sys_openat+0x174/0x210 [ 1187.227141][T23928] ? __pfx___x64_sys_openat+0x10/0x10 [ 1187.227180][T23928] do_syscall_64+0xcd/0x490 [ 1187.227209][T23928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1187.227233][T23928] RIP: 0033:0x7fb174d8e969 [ 1187.227252][T23928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1187.227276][T23928] RSP: 002b:00007fb175b1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1187.227299][T23928] RAX: ffffffffffffffda RBX: 00007fb174fb5fa0 RCX: 00007fb174d8e969 [ 1187.227315][T23928] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1187.227331][T23928] RBP: 00007fb174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1187.227347][T23928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1187.227363][T23928] R13: 0000000000000000 R14: 00007fb174fb5fa0 R15: 00007fffdc2ebbc8 [ 1187.227387][T23928] [ 1187.227396][T23928] [ 1187.493313][T23928] Allocated by task 1: [ 1187.497383][T23928] kasan_save_stack+0x33/0x60 [ 1187.502092][T23928] kasan_save_track+0x14/0x30 [ 1187.506820][T23928] __kasan_kmalloc+0xaa/0xb0 [ 1187.511425][T23928] dvb_register_device+0x1e4/0x2370 [ 1187.516647][T23928] dvb_register_frontend+0x5a6/0x880 [ 1187.521941][T23928] vidtv_bridge_probe+0x459/0xa90 [ 1187.527149][T23928] platform_probe+0x102/0x1f0 [ 1187.531855][T23928] really_probe+0x23e/0xa90 [ 1187.536388][T23928] __driver_probe_device+0x1de/0x440 [ 1187.541698][T23928] driver_probe_device+0x4c/0x1b0 [ 1187.546739][T23928] __driver_attach+0x283/0x580 [ 1187.551519][T23928] bus_for_each_dev+0x13e/0x1d0 [ 1187.556378][T23928] bus_add_driver+0x2e9/0x690 [ 1187.561067][T23928] driver_register+0x15c/0x4b0 [ 1187.565939][T23928] vidtv_bridge_init+0x45/0x80 [ 1187.570723][T23928] do_one_initcall+0x120/0x6e0 [ 1187.575763][T23928] kernel_init_freeable+0x5c2/0x900 [ 1187.580987][T23928] kernel_init+0x1c/0x2b0 [ 1187.585355][T23928] ret_from_fork+0x5d4/0x6f0 [ 1187.589967][T23928] ret_from_fork_asm+0x1a/0x30 [ 1187.594930][T23928] [ 1187.597263][T23928] Freed by task 23751: [ 1187.601337][T23928] kasan_save_stack+0x33/0x60 [ 1187.606034][T23928] kasan_save_track+0x14/0x30 [ 1187.610721][T23928] kasan_save_free_info+0x3b/0x60 [ 1187.615779][T23928] __kasan_slab_free+0x51/0x70 [ 1187.620583][T23928] kfree+0x2b4/0x4d0 [ 1187.624514][T23928] dvb_device_put.part.0+0x60/0x90 [ 1187.629643][T23928] dvb_device_open+0x2a4/0x3b0 [ 1187.634417][T23928] chrdev_open+0x231/0x6a0 [ 1187.638853][T23928] do_dentry_open+0x741/0x1c10 [ 1187.643632][T23928] vfs_open+0x82/0x3f0 [ 1187.647714][T23928] path_openat+0x1de4/0x2cb0 [ 1187.652311][T23928] do_filp_open+0x20b/0x470 [ 1187.656827][T23928] do_sys_openat2+0x11b/0x1d0 [ 1187.661520][T23928] __x64_sys_openat+0x174/0x210 [ 1187.666438][T23928] do_syscall_64+0xcd/0x490 [ 1187.670968][T23928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1187.676982][T23928] [ 1187.679339][T23928] The buggy address belongs to the object at ffff8881447b3200 [ 1187.679339][T23928] which belongs to the cache kmalloc-256 of size 256 [ 1187.693398][T23928] The buggy address is located 24 bytes inside of [ 1187.693398][T23928] freed 256-byte region [ffff8881447b3200, ffff8881447b3300) [ 1187.707288][T23928] [ 1187.709625][T23928] The buggy address belongs to the physical page: [ 1187.716056][T23928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1447b2 [ 1187.724912][T23928] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1187.733431][T23928] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 1187.741087][T23928] page_type: f5(slab) [ 1187.745079][T23928] raw: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 1187.753668][T23928] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1187.762281][T23928] head: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 1187.770997][T23928] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1187.780198][T23928] head: 057ff00000000001 ffffea000511ec81 00000000ffffffff 00000000ffffffff [ 1187.788879][T23928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1187.797580][T23928] page dumped because: kasan: bad access detected [ 1187.804001][T23928] page_owner tracks the page as allocated [ 1187.809714][T23928] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25621952256, free_ts 0 [ 1187.829437][T23928] post_alloc_hook+0x1c0/0x230 [ 1187.834212][T23928] get_page_from_freelist+0x135c/0x3950 [ 1187.839801][T23928] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1187.845908][T23928] alloc_pages_mpol+0x1fb/0x550 [ 1187.850787][T23928] new_slab+0x23b/0x330 [ 1187.854972][T23928] ___slab_alloc+0xd9c/0x1940 [ 1187.859660][T23928] __slab_alloc.constprop.0+0x56/0xb0 [ 1187.865036][T23928] __kmalloc_cache_noprof+0xfb/0x3e0 [ 1187.870327][T23928] bus_add_driver+0x92/0x690 [ 1187.875019][T23928] driver_register+0x15c/0x4b0 [ 1187.879816][T23928] usb_register_driver+0x216/0x4d0 [ 1187.884938][T23928] do_one_initcall+0x120/0x6e0 [ 1187.889709][T23928] kernel_init_freeable+0x5c2/0x900 [ 1187.894919][T23928] kernel_init+0x1c/0x2b0 [ 1187.899267][T23928] ret_from_fork+0x5d4/0x6f0 [ 1187.903950][T23928] ret_from_fork_asm+0x1a/0x30 [ 1187.908721][T23928] page_owner free stack trace missing [ 1187.914084][T23928] [ 1187.916408][T23928] Memory state around the buggy address: [ 1187.922034][T23928] ffff8881447b3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1187.930099][T23928] ffff8881447b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1187.938161][T23928] >ffff8881447b3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1187.946221][T23928] ^ [ 1187.951075][T23928] ffff8881447b3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1187.959141][T23928] ffff8881447b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1187.967202][T23928] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1189.885277][ T5188] ERROR: Out of memory at tomoyo_memory_ok. [ 1190.720889][ T3559] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.053205][ T3559] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.178197][T23928] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1191.185513][T23928] CPU: 1 UID: 0 PID: 23928 Comm: syz.6.6602 Tainted: G I 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1191.198810][T23928] Tainted: [I]=FIRMWARE_WORKAROUND [ 1191.203920][T23928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1191.214051][T23928] Call Trace: [ 1191.217378][T23928] [ 1191.220330][T23928] dump_stack_lvl+0x3d/0x1f0 [ 1191.224946][T23928] panic+0x71c/0x800 [ 1191.228858][T23928] ? __pfx_panic+0x10/0x10 [ 1191.233374][T23928] ? mark_held_locks+0x49/0x80 [ 1191.238149][T23928] ? preempt_schedule_thunk+0x16/0x30 [ 1191.243556][T23928] ? dvb_device_open+0x36a/0x3b0 [ 1191.249030][T23928] ? preempt_schedule_common+0x44/0xc0 [ 1191.254502][T23928] ? dvb_device_open+0x36a/0x3b0 [ 1191.259638][T23928] check_panic_on_warn+0xab/0xb0 [ 1191.264589][T23928] end_report+0x107/0x170 [ 1191.268933][T23928] kasan_report+0xee/0x110 [ 1191.273376][T23928] ? dvb_device_open+0x36a/0x3b0 [ 1191.278331][T23928] ? __pfx_dvb_device_open+0x10/0x10 [ 1191.283631][T23928] dvb_device_open+0x36a/0x3b0 [ 1191.288427][T23928] ? __pfx_dvb_device_open+0x10/0x10 [ 1191.293728][T23928] chrdev_open+0x231/0x6a0 [ 1191.298182][T23928] ? __pfx_apparmor_file_open+0x10/0x10 [ 1191.303742][T23928] ? __pfx_chrdev_open+0x10/0x10 [ 1191.308703][T23928] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1191.315495][T23928] do_dentry_open+0x741/0x1c10 [ 1191.320270][T23928] ? __pfx_chrdev_open+0x10/0x10 [ 1191.325227][T23928] vfs_open+0x82/0x3f0 [ 1191.329332][T23928] path_openat+0x1de4/0x2cb0 [ 1191.333948][T23928] ? __pfx_path_openat+0x10/0x10 [ 1191.338906][T23928] ? __lock_acquire+0xb8a/0x1c90 [ 1191.343863][T23928] do_filp_open+0x20b/0x470 [ 1191.348399][T23928] ? __pfx_do_filp_open+0x10/0x10 [ 1191.353460][T23928] ? alloc_fd+0x471/0x7d0 [ 1191.357809][T23928] do_sys_openat2+0x11b/0x1d0 [ 1191.362504][T23928] ? __pfx_do_sys_openat2+0x10/0x10 [ 1191.367716][T23928] ? __pfx_do_sys_openat2+0x10/0x10 [ 1191.372935][T23928] ? __pfx___might_resched+0x10/0x10 [ 1191.378245][T23928] __x64_sys_openat+0x174/0x210 [ 1191.383113][T23928] ? __pfx___x64_sys_openat+0x10/0x10 [ 1191.388511][T23928] do_syscall_64+0xcd/0x490 [ 1191.393030][T23928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.398933][T23928] RIP: 0033:0x7fb174d8e969 [ 1191.403353][T23928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.422983][T23928] RSP: 002b:00007fb175b1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1191.431414][T23928] RAX: ffffffffffffffda RBX: 00007fb174fb5fa0 RCX: 00007fb174d8e969 [ 1191.439420][T23928] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1191.447394][T23928] RBP: 00007fb174e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1191.455371][T23928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.463345][T23928] R13: 0000000000000000 R14: 00007fb174fb5fa0 R15: 00007fffdc2ebbc8 [ 1191.471327][T23928] [ 1191.474408][T23928] Kernel Offset: disabled [ 1191.478742][T23928] Rebooting in 86400 seconds..