last executing test programs: 4m59.073413885s ago: executing program 3 (id=2386): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) open(0x0, 0xa22c0, 0x155) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x8000, 0xe) setreuid$auto(0x15, 0x5) access$auto(0x0, 0x5) 4m58.712826982s ago: executing program 3 (id=2388): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4018aebd, r0) 4m58.038842028s ago: executing program 3 (id=2392): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3b, 0x4909b6fb, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x400000000004, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x6, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x202, 0xd) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/plpmtud_probe_interval\x00', 0x88002, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyc1\x00', 0x8240, 0x0) ioctl$auto_TIOCVHANGUP(r0, 0x5437, 0x0) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) 4m57.787719403s ago: executing program 3 (id=2394): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 4m57.202636855s ago: executing program 3 (id=2396): mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, 0xffffffffffffffff, 0x28000) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x4010) ptrace$auto(0x4206, r1, 0x0, 0x200005) waitid$auto_P_ALL(0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 4m55.20214191s ago: executing program 3 (id=2403): rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = getpid() r1 = gettid() r2 = getpid() rt_tgsigqueueinfo$auto(r2, r1, 0x21, &(0x7f0000000400)={@_si_pad}) rt_tgsigqueueinfo$auto(r0, r1, 0x21, &(0x7f0000000040)={@_si_pad}) rt_sigprocmask$auto_SIG_SETMASK(0x2, &(0x7f00000000c0)={0x8000000000000000}, 0x0, 0x8) 4m54.340083092s ago: executing program 32 (id=2403): rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = getpid() r1 = gettid() r2 = getpid() rt_tgsigqueueinfo$auto(r2, r1, 0x21, &(0x7f0000000400)={@_si_pad}) rt_tgsigqueueinfo$auto(r0, r1, 0x21, &(0x7f0000000040)={@_si_pad}) rt_sigprocmask$auto_SIG_SETMASK(0x2, &(0x7f00000000c0)={0x8000000000000000}, 0x0, 0x8) 12.107780106s ago: executing program 1 (id=3633): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) r3 = socket(0x2b, 0x1, 0x1) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) 8.220280175s ago: executing program 1 (id=3653): r0 = socket(0x2, 0x801, 0x6) mmap$auto(0x0, 0x8, 0xe2, 0xeb1, 0x69a5, 0xa800000000000000) fanotify_init$auto(0x5, 0x800) pipe2$auto(0x0, 0x80) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xa4) 7.059027056s ago: executing program 1 (id=3655): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1cb702, 0x0) write$auto(0x3, 0x0, 0xfffffdef) cachestat$auto(r0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) write$auto(0x3, 0x0, 0xfdef) setsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0x4, 0x2b, 0x0, 0x3) 4.07990627s ago: executing program 1 (id=3668): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x4000009f, 0x400, 0x9}]}) 3.810447956s ago: executing program 0 (id=3670): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x0, &(0x7f0000000140)={0x4, 0x2, 0x6, 0x6, 0x5, 0xef, 0xffffffffffffffff, [0x3, 0x10000, 0x101], {0x7ff, 0x3, 0xc, 0x6, 0x0, 0x0, 0xfc2, 0x6}, {0x7, 0x5, 0x6, 0x8b83, 0xc, 0x8000, 0x9, 0xc4e, 0x7}}) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.460907782s ago: executing program 4 (id=3671): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) sysfs$auto(0x2, 0x4a, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x1, &(0x7f0000000200)='I\xee\"\xe3\xb7\xcfD\xe5\xb1\x05\x1e#\xff1<\xd9h[e\xdf\xc0M\xa2\x00\v\x97\xb5\xd4\x94\x99u\x9e\xf4O\x1a\xb1\x05\xb8\xcb\x96\fd\xa3\xf9&\xc9~\x10\x06X\a\xc8\xb7\x97\xc7M\x83\'^\xc9\x9e\xccAsv\xce8sw\v\xac\xcd\xa2B\xf8.\xce\xe6n\xfe\xd6\xc8^W>Rz`C+\x0e\x8c<\xc5\x8f\xe6\x0f\x14\xfa\x9ea4>\xd8O[{\xede\xfd\xbc\xc7\xbd4_\xbc\xc6\x06\xe5h\x9e\xf5/4\xe8\xcfc\x95\xbb~\xd9.\xb3\x84\xb8K\xa7\xca\xda\xc8\x11u\xa1\x1d\x9d\xe1%\xc0m\xf6%1\xba\xe7^\xed0\xdc\x86\xeaG)?p,Up \xe9\b\x14\xaf\xbf\xd9\xc3,\xb8\x17\x10\x9f\x92\x95@),A\xb4\x92Q\x86\xbe\xed=p\x1b\x9d\xd4\x99_]K\xce.\x00\x00\x00\x8eDv\x0fl\xed\x93ey\xf9\x19\xf0\x9d\xf5\xfe\xed\xc7Q\xc0ZJ\xc9*7\xf2\x1a\xa7\xb3\xc6v\v\xe1u\x16:\x15\xefel\xf0\x8c/\xa2\x95\xc1\xacd\xc9\a\xe5\x888F\xaa\xce\x94\xa2zsx\xea\x96\x7f~]\xdbj\xd1#\x94K\xcf\x11l\xe5Z\xec\xa6B\x90\xb6\xa3`\x88\xd4\x87\x17\x8a\xedFx\x95#\x83\x99\x00\xc6Z\x1au\x8e\xa7}\xa7\xe9\x83X\xa3\xad\xe2T\xea\xa0\xba\xd7R8T\x00\x8e0h\x8ck4\x15\xf3sh0\xd3\x1e\xedU@\xab\xc0g\xeeT\xc5\x8d\x9b\x188x)\xf0i]\xdcf\xdd\xf9\xffA\"ZQ\x8d\x15\xff\xf3WYX\x8a/\xb36\x1d\x8e7\xb2d3\xe8\xf4\x1e3\xec\xfe\xbf\xbbo\xbb\xd2Z\x89:\xa2\xc8n8k\xa8\xba\xa5E\x9f\xbe>3,\xcb\xa2\xa7q \xe2', &(0x7f0000000280), 0x0) 3.271392515s ago: executing program 0 (id=3673): mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(r0, 0x29, 0x4e, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) 2.963185073s ago: executing program 4 (id=3674): read$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0xd) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a2b, 0x1000, 0x0, 0x3, 0x10000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x20200, 0x0) 2.831403014s ago: executing program 2 (id=3675): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0xd, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140), 0x55) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) 2.806826408s ago: executing program 0 (id=3676): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x801, 0x100) socketpair$auto(0x3, 0x7, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 2.00943917s ago: executing program 2 (id=3677): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.90306686s ago: executing program 1 (id=3678): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) socket(0x10, 0x2, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000003, 0x1, 0x100, 0x0, 0x0, 0x0, 0xffffffffffffff91, 0x8000fd3, 0x2, 0xef, 0x4, 0x80040000081, 0xfffffffffffffff9, 0x2, 0xfffffffffffffff7, 0x63}) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x4048841) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x8c4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.901687403s ago: executing program 4 (id=3679): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x3ff, 0x3, 0x9, 0x10001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x8], {0x9, 0x1, 0xe41, 0x0, 0x420, 0x1001, 0x3fdc, 0x3, 0x5}, {0x2, 0x140, 0x54ed, 0x0, 0x101, 0xff, 0x7, 0xa, 0x3}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x9}}, 0x10b, 0x0) 1.835001474s ago: executing program 0 (id=3680): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x59, 0x0) open(0x0, 0x64842, 0x0) io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x28, 0x2, 0x0, 0x0) io_uring_register$auto(0x2, 0x14, 0x0, 0x3) 1.621417514s ago: executing program 2 (id=3681): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) nanosleep$auto(&(0x7f0000000080)={0xfffffffffffffff7, 0x5ea}, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d000000060006"], 0x6c}}, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.620661489s ago: executing program 4 (id=3682): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getresgid$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, 0x0, 0x3f) write$auto(r0, 0x0, 0x7ff) write$auto(0x3, 0x0, 0xffd8) 1.560315924s ago: executing program 0 (id=3683): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 1.16013157s ago: executing program 2 (id=3684): mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) 1.06290677s ago: executing program 1 (id=3685): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) close_range$auto(0xffffffffffffffff, r0, 0xa23) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 830.295426ms ago: executing program 0 (id=3686): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) memfd_create$auto(0x0, 0x7) statmount$auto(0x0, &(0x7f0000000180)={0x1a, 0x1, 0x401bf, 0x7352, 0x42, 0x6, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x200, 0x6, 0x1010003, 0x83, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 797.757001ms ago: executing program 2 (id=3687): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x401, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x200ffffffff, 0x9, 0x5, 0xf870e9f, 0x7, 0x8}, 0x9) 529.929233ms ago: executing program 4 (id=3688): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x2ff, 0x400, 0x2}]}) 48.890192ms ago: executing program 4 (id=3689): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x801, 0x100) socketpair$auto(0x3, 0x7, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 0s ago: executing program 2 (id=3690): mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(r0, 0x29, 0x4e, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) kernel console output (not intermixed with test programs): 580.650384][T12651] dump_stack_lvl+0x16c/0x1f0 [ 580.650433][T12651] should_fail_ex+0x512/0x640 [ 580.650475][T12651] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 580.650506][T12651] should_failslab+0xc2/0x120 [ 580.650541][T12651] __kmalloc_cache_noprof+0x6a/0x3e0 [ 580.650566][T12651] ? percpu_ref_init+0xec/0x410 [ 580.650618][T12651] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 580.650662][T12651] percpu_ref_init+0xec/0x410 [ 580.650704][T12651] io_uring_setup+0x453/0x1ff0 [ 580.650742][T12651] ? __pfx_io_uring_setup+0x10/0x10 [ 580.650776][T12651] ? do_futex+0x122/0x350 [ 580.650807][T12651] ? __pfx_do_futex+0x10/0x10 [ 580.650835][T12651] ? fd_install+0x225/0x750 [ 580.650873][T12651] ? rcu_is_watching+0x12/0xc0 [ 580.650904][T12651] __x64_sys_io_uring_setup+0xc2/0x170 [ 580.650940][T12651] do_syscall_64+0xcd/0x230 [ 580.650981][T12651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.651007][T12651] RIP: 0033:0x7fbbca58e969 [ 580.651027][T12651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.651051][T12651] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 580.651075][T12651] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 580.651091][T12651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 580.651105][T12651] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 580.651120][T12651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 580.651135][T12651] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 580.651164][T12651] [ 581.174794][T12664] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2531'. [ 581.207648][T12218] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 582.116600][T12674] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2534'. [ 586.356625][T12729] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 586.682137][T12733] netlink: 314 bytes leftover after parsing attributes in process `syz.4.2550'. [ 587.162792][T12742] FAULT_INJECTION: forcing a failure. [ 587.162792][T12742] name failslab, interval 1, probability 0, space 0, times 0 [ 587.223921][T12742] CPU: 0 UID: 0 PID: 12742 Comm: syz.4.2555 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 587.223973][T12742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 587.223993][T12742] Call Trace: [ 587.224008][T12742] [ 587.224018][T12742] dump_stack_lvl+0x16c/0x1f0 [ 587.224065][T12742] should_fail_ex+0x512/0x640 [ 587.224107][T12742] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 587.224136][T12742] should_failslab+0xc2/0x120 [ 587.224169][T12742] __kmalloc_cache_noprof+0x6a/0x3e0 [ 587.224195][T12742] ? madvise_collapse+0x1cb/0xb20 [ 587.224236][T12742] madvise_collapse+0x1cb/0xb20 [ 587.224275][T12742] ? mtree_range_walk+0x718/0xc00 [ 587.224310][T12742] ? __pfx_madvise_collapse+0x10/0x10 [ 587.224350][T12742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 587.224392][T12742] madvise_vma_behavior+0xca3/0x1d50 [ 587.224433][T12742] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 587.224470][T12742] ? find_vma_prev+0xda/0x160 [ 587.224510][T12742] ? __pfx_find_vma_prev+0x10/0x10 [ 587.224545][T12742] ? __might_fault+0xe3/0x190 [ 587.224572][T12742] ? __might_fault+0x13b/0x190 [ 587.224607][T12742] ? futex_wait+0x120/0x380 [ 587.224646][T12742] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 587.224681][T12742] madvise_walk_vmas+0x1ce/0x2c0 [ 587.224715][T12742] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 587.224756][T12742] madvise_do_behavior+0x12b/0x3b0 [ 587.224789][T12742] ? __pfx___might_resched+0x10/0x10 [ 587.224820][T12742] ? __pfx_madvise_do_behavior+0x10/0x10 [ 587.224902][T12742] do_madvise+0x10b/0x170 [ 587.224937][T12742] __x64_sys_madvise+0xa9/0x110 [ 587.224971][T12742] ? lockdep_hardirqs_on+0x7c/0x110 [ 587.225007][T12742] do_syscall_64+0xcd/0x230 [ 587.225045][T12742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.225070][T12742] RIP: 0033:0x7f26dff8e969 [ 587.225089][T12742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.225112][T12742] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 587.225135][T12742] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 587.225163][T12742] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 587.225179][T12742] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 587.225193][T12742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.225208][T12742] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 587.225238][T12742] [ 588.781630][T12753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2557'. [ 588.852364][T12753] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2557'. [ 591.647729][T12793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 592.170562][T12802] netlink: 'syz.2.2571': attribute type 5 has an invalid length. [ 592.215127][T12802] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2571'. [ 592.458355][T12806] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2573'. [ 592.610850][T12810] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2575'. [ 593.090140][T12817] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2579'. [ 594.315912][T12831] netlink: 29 bytes leftover after parsing attributes in process `syz.1.2583'. [ 594.421163][T12839] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 594.421163][T12839] The task syz.2.2584 (12839) triggered the difference, watch for misbehavior. [ 595.605864][T12832] dlm: Unknown command passed to DLM device : 0 [ 595.605864][T12832] [ 595.975892][T12862] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2591'. [ 597.699643][T12890] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2599'. [ 598.228841][T12900] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2603'. [ 598.332270][T12900] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 598.340223][T12900] IPv6: NLM_F_CREATE should be set when creating new route [ 598.347477][T12900] IPv6: NLM_F_CREATE should be set when creating new route [ 598.708443][T12899] netlink: 110 bytes leftover after parsing attributes in process `syz.1.2602'. [ 600.552475][T12928] FAULT_INJECTION: forcing a failure. [ 600.552475][T12928] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 600.856184][T12928] CPU: 0 UID: 0 PID: 12928 Comm: syz.0.2608 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 600.856224][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 600.856239][T12928] Call Trace: [ 600.856248][T12928] [ 600.856257][T12928] dump_stack_lvl+0x16c/0x1f0 [ 600.856307][T12928] should_fail_ex+0x512/0x640 [ 600.856350][T12928] _copy_from_user+0x2e/0xd0 [ 600.856393][T12928] memdup_user+0x6b/0xe0 [ 600.856429][T12928] strndup_user+0x78/0xe0 [ 600.856461][T12928] __x64_sys_mount+0x180/0x310 [ 600.856491][T12928] ? __pfx___x64_sys_mount+0x10/0x10 [ 600.856517][T12928] ? rcu_is_watching+0x12/0xc0 [ 600.856549][T12928] do_syscall_64+0xcd/0x230 [ 600.856589][T12928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.856615][T12928] RIP: 0033:0x7fbbca58e969 [ 600.856642][T12928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.856667][T12928] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 600.856691][T12928] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 600.856707][T12928] RDX: 0000200000000180 RSI: 0000000000000000 RDI: 0000200000000100 [ 600.856722][T12928] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 600.856737][T12928] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 600.856752][T12928] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 600.856782][T12928] [ 601.012687][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.290838][T12923] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 603.744198][T12959] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 603.853245][ T5181] ERROR: Out of memory at tomoyo_memory_ok. [ 605.336612][T12991] FAULT_INJECTION: forcing a failure. [ 605.336612][T12991] name failslab, interval 1, probability 0, space 0, times 0 [ 605.454853][T12991] CPU: 0 UID: 0 PID: 12991 Comm: syz.2.2625 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 605.454898][T12991] Tainted: [I]=FIRMWARE_WORKAROUND [ 605.454908][T12991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.454923][T12991] Call Trace: [ 605.454932][T12991] [ 605.454941][T12991] dump_stack_lvl+0x16c/0x1f0 [ 605.454989][T12991] should_fail_ex+0x512/0x640 [ 605.455042][T12991] ? fs_reclaim_acquire+0xae/0x150 [ 605.455085][T12991] should_failslab+0xc2/0x120 [ 605.455117][T12991] __kmalloc_cache_noprof+0x6a/0x3e0 [ 605.455144][T12991] ? tomoyo_write_log2+0x33d/0xc10 [ 605.455202][T12991] tomoyo_write_log2+0x33d/0xc10 [ 605.455259][T12991] tomoyo_supervisor+0x15e/0x13b0 [ 605.455288][T12991] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 605.455325][T12991] ? lockdep_hardirqs_on+0x7c/0x110 [ 605.455365][T12991] ? kfree+0x2b6/0x4d0 [ 605.455384][T12991] ? tomoyo_check_path_acl+0xad/0x210 [ 605.455415][T12991] ? tomoyo_check_acl+0x1f7/0x410 [ 605.455446][T12991] tomoyo_path_permission+0x270/0x3b0 [ 605.455478][T12991] tomoyo_check_open_permission+0x349/0x3c0 [ 605.455511][T12991] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 605.455542][T12991] ? __lock_acquire+0xaa4/0x1ba0 [ 605.455604][T12991] ? find_held_lock+0x2b/0x80 [ 605.455641][T12991] tomoyo_file_open+0x6b/0x90 [ 605.455666][T12991] security_file_open+0x84/0x1e0 [ 605.455701][T12991] do_dentry_open+0x596/0x1c10 [ 605.455737][T12991] vfs_open+0x82/0x3f0 [ 605.455775][T12991] path_openat+0x1e5e/0x2d40 [ 605.455811][T12991] ? __pfx_path_openat+0x10/0x10 [ 605.455843][T12991] do_filp_open+0x20b/0x470 [ 605.455867][T12991] ? __pfx_do_filp_open+0x10/0x10 [ 605.455914][T12991] ? alloc_fd+0x471/0x7d0 [ 605.455961][T12991] do_sys_openat2+0x11b/0x1d0 [ 605.455994][T12991] ? __pfx_do_sys_openat2+0x10/0x10 [ 605.456039][T12991] __x64_sys_openat+0x174/0x210 [ 605.456073][T12991] ? __pfx___x64_sys_openat+0x10/0x10 [ 605.456110][T12991] ? rcu_is_watching+0x12/0xc0 [ 605.456141][T12991] do_syscall_64+0xcd/0x230 [ 605.456181][T12991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.456212][T12991] RIP: 0033:0x7f9dd538e969 [ 605.456232][T12991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.456255][T12991] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 605.456279][T12991] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 605.456295][T12991] RDX: 0000000000000601 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 605.456311][T12991] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 605.456327][T12991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.456342][T12991] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 605.456372][T12991] [ 610.274897][T13041] netlink: 'syz.4.2640': attribute type 20 has an invalid length. [ 610.401522][T13041] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2640'. [ 610.569569][T13041] IPv6: NLM_F_CREATE should be specified when creating new route [ 610.876744][T13052] usbip-vudc usbip-vudc.0: gadget not bound [ 611.883831][T13063] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2645'. [ 612.331044][T13070] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 612.883557][T13078] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2649'. [ 612.968644][T13078] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2649'. [ 613.348070][ T5834] Bluetooth: hci3: unexpected event 0x06 length: 440 > 3 [ 616.204145][T13127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2663'. [ 616.342269][T13130] netlink: 'syz.1.2664': attribute type 21 has an invalid length. [ 616.390008][T13132] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2663'. [ 616.422236][T13130] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2664'. [ 616.563455][T13134] FAULT_INJECTION: forcing a failure. [ 616.563455][T13134] name failslab, interval 1, probability 0, space 0, times 0 [ 616.609716][T13135] netlink: 146 bytes leftover after parsing attributes in process `syz.4.2665'. [ 616.667637][T13134] CPU: 0 UID: 0 PID: 13134 Comm: syz.2.2666 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 616.667680][T13134] Tainted: [I]=FIRMWARE_WORKAROUND [ 616.667689][T13134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 616.667704][T13134] Call Trace: [ 616.667712][T13134] [ 616.667721][T13134] dump_stack_lvl+0x16c/0x1f0 [ 616.667783][T13134] should_fail_ex+0x512/0x640 [ 616.667840][T13134] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 616.667875][T13134] should_failslab+0xc2/0x120 [ 616.667908][T13134] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 616.667937][T13134] ? __pfx___might_resched+0x10/0x10 [ 616.667976][T13134] ? __anon_vma_prepare+0x344/0x5e0 [ 616.668010][T13134] __anon_vma_prepare+0x344/0x5e0 [ 616.668043][T13134] __vmf_anon_prepare+0x11c/0x240 [ 616.668084][T13134] do_huge_pmd_anonymous_page+0x161/0x1ff0 [ 616.668114][T13134] ? find_held_lock+0x2b/0x80 [ 616.668142][T13134] __handle_mm_fault+0x1c10/0x2a40 [ 616.668176][T13134] ? __pfx___handle_mm_fault+0x10/0x10 [ 616.668220][T13134] ? find_vma+0xbf/0x140 [ 616.668266][T13134] ? __pfx_find_vma+0x10/0x10 [ 616.668307][T13134] handle_mm_fault+0x3fe/0xad0 [ 616.668338][T13134] do_user_addr_fault+0x7a6/0x1370 [ 616.668372][T13134] ? rcu_is_watching+0x12/0xc0 [ 616.668399][T13134] exc_page_fault+0x5c/0xc0 [ 616.668436][T13134] asm_exc_page_fault+0x26/0x30 [ 616.668461][T13134] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 616.668493][T13134] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 616.668517][T13134] RSP: 0018:ffffc900044bfe58 EFLAGS: 00050202 [ 616.668538][T13134] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000c [ 616.668556][T13134] RDX: fffff52000897fd7 RSI: 0000000000000000 RDI: ffffc900044bfeb0 [ 616.668572][T13134] RBP: 000000000000000c R08: 0000000000000001 R09: fffff52000897fd7 [ 616.668587][T13134] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 616.668601][T13134] R13: ffffc900044bfeb0 R14: 0000000000000001 R15: 0000000000000005 [ 616.668632][T13134] _copy_from_user+0x98/0xd0 [ 616.668677][T13134] __x64_sys_epoll_ctl+0x131/0x1e0 [ 616.668721][T13134] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 616.668759][T13134] ? rcu_is_watching+0x12/0xc0 [ 616.668798][T13134] do_syscall_64+0xcd/0x230 [ 616.668839][T13134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.668863][T13134] RIP: 0033:0x7f9dd538e969 [ 616.668883][T13134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.668907][T13134] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 616.668929][T13134] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 616.668945][T13134] RDX: ffffffffffffffff RSI: 0000000000000001 RDI: 0000000000000005 [ 616.668965][T13134] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 616.668980][T13134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.668994][T13134] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 616.669025][T13134] [ 619.058982][T13170] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2674'. [ 619.993893][T13186] FAULT_INJECTION: forcing a failure. [ 619.993893][T13186] name failslab, interval 1, probability 0, space 0, times 0 [ 620.160255][T13186] CPU: 0 UID: 0 PID: 13186 Comm: syz.0.2681 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 620.160305][T13186] Tainted: [I]=FIRMWARE_WORKAROUND [ 620.160314][T13186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 620.160329][T13186] Call Trace: [ 620.160338][T13186] [ 620.160347][T13186] dump_stack_lvl+0x16c/0x1f0 [ 620.160397][T13186] should_fail_ex+0x512/0x640 [ 620.160445][T13186] ? fs_reclaim_acquire+0xae/0x150 [ 620.160489][T13186] should_failslab+0xc2/0x120 [ 620.160523][T13186] __kmalloc_cache_noprof+0x6a/0x3e0 [ 620.160550][T13186] ? tomoyo_init_log+0x197/0x2140 [ 620.160592][T13186] tomoyo_init_log+0x197/0x2140 [ 620.160627][T13186] ? format_decode+0x1ad/0xd40 [ 620.160668][T13186] ? __pfx_format_decode+0x10/0x10 [ 620.160710][T13186] ? __pfx_tomoyo_init_log+0x10/0x10 [ 620.160768][T13186] tomoyo_write_log2+0x2f7/0xc10 [ 620.160809][T13186] tomoyo_supervisor+0x15e/0x13b0 [ 620.160839][T13186] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 620.160874][T13186] ? lockdep_hardirqs_on+0x7c/0x110 [ 620.160914][T13186] ? tomoyo_check_path_acl+0xad/0x210 [ 620.160944][T13186] ? tomoyo_check_acl+0x1f7/0x410 [ 620.160974][T13186] tomoyo_path_permission+0x270/0x3b0 [ 620.161006][T13186] tomoyo_check_open_permission+0x37b/0x3c0 [ 620.161038][T13186] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 620.161099][T13186] ? do_raw_spin_lock+0x12c/0x2b0 [ 620.161145][T13186] tomoyo_file_open+0x6b/0x90 [ 620.161170][T13186] security_file_open+0x84/0x1e0 [ 620.161204][T13186] do_dentry_open+0x596/0x1c10 [ 620.161239][T13186] vfs_open+0x82/0x3f0 [ 620.161274][T13186] path_openat+0x1e5e/0x2d40 [ 620.161314][T13186] ? __pfx_path_openat+0x10/0x10 [ 620.161346][T13186] do_filp_open+0x20b/0x470 [ 620.161371][T13186] ? __pfx_do_filp_open+0x10/0x10 [ 620.161417][T13186] ? alloc_fd+0x471/0x7d0 [ 620.161477][T13186] do_sys_openat2+0x11b/0x1d0 [ 620.161510][T13186] ? __pfx_do_sys_openat2+0x10/0x10 [ 620.161557][T13186] __x64_sys_openat+0x174/0x210 [ 620.161592][T13186] ? __pfx___x64_sys_openat+0x10/0x10 [ 620.161629][T13186] ? rcu_is_watching+0x12/0xc0 [ 620.161666][T13186] do_syscall_64+0xcd/0x230 [ 620.161708][T13186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.161733][T13186] RIP: 0033:0x7fbbca58e969 [ 620.161753][T13186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.161777][T13186] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 620.161802][T13186] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 620.161819][T13186] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 620.161835][T13186] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 620.161850][T13186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.161865][T13186] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 620.161896][T13186] [ 620.970694][T13197] [U]  [ 620.973552][T13197] [U] [ 620.976267][T13197] [U] [ 620.978980][T13197] [U] [ 621.014711][T13197] [U] [ 621.017484][T13197] [U] [ 621.020202][T13197] [U] [ 621.022915][T13197] [U] [ 621.074614][T13197] [U] [ 621.077380][T13197] [U] [ 621.080095][T13197] [U] [ 621.082805][T13197] [U] [ 621.160854][T13198] [U] [ 621.562722][T13208] FAULT_INJECTION: forcing a failure. [ 621.562722][T13208] name failslab, interval 1, probability 0, space 0, times 0 [ 621.626821][T13208] CPU: 0 UID: 0 PID: 13208 Comm: syz.1.2685 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 621.626867][T13208] Tainted: [I]=FIRMWARE_WORKAROUND [ 621.626876][T13208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 621.626891][T13208] Call Trace: [ 621.626899][T13208] [ 621.626908][T13208] dump_stack_lvl+0x16c/0x1f0 [ 621.626957][T13208] should_fail_ex+0x512/0x640 [ 621.626996][T13208] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 621.627031][T13208] should_failslab+0xc2/0x120 [ 621.627063][T13208] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 621.627090][T13208] ? __pfx___might_resched+0x10/0x10 [ 621.627119][T13208] ? __anon_vma_prepare+0x344/0x5e0 [ 621.627150][T13208] __anon_vma_prepare+0x344/0x5e0 [ 621.627181][T13208] __vmf_anon_prepare+0x11c/0x240 [ 621.627220][T13208] do_huge_pmd_anonymous_page+0x161/0x1ff0 [ 621.627248][T13208] ? find_held_lock+0x2b/0x80 [ 621.627288][T13208] __handle_mm_fault+0x1c10/0x2a40 [ 621.627324][T13208] ? __pfx___handle_mm_fault+0x10/0x10 [ 621.627367][T13208] ? find_vma+0xbf/0x140 [ 621.627402][T13208] ? __pfx_find_vma+0x10/0x10 [ 621.627460][T13208] handle_mm_fault+0x3fe/0xad0 [ 621.627493][T13208] do_user_addr_fault+0x7a6/0x1370 [ 621.627523][T13208] ? rcu_is_watching+0x12/0xc0 [ 621.627557][T13208] exc_page_fault+0x5c/0xc0 [ 621.627596][T13208] asm_exc_page_fault+0x26/0x30 [ 621.627623][T13208] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 621.627654][T13208] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 621.627679][T13208] RSP: 0018:ffffc900035e7e58 EFLAGS: 00050202 [ 621.627700][T13208] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000c [ 621.627715][T13208] RDX: fffff520006bcfd7 RSI: 0000000000000000 RDI: ffffc900035e7eb0 [ 621.627731][T13208] RBP: 000000000000000c R08: 0000000000000001 R09: fffff520006bcfd7 [ 621.627747][T13208] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 621.627762][T13208] R13: ffffc900035e7eb0 R14: 0000000000000001 R15: 0000000000000005 [ 621.627795][T13208] _copy_from_user+0x98/0xd0 [ 621.627838][T13208] __x64_sys_epoll_ctl+0x131/0x1e0 [ 621.627879][T13208] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 621.627916][T13208] ? rcu_is_watching+0x12/0xc0 [ 621.627948][T13208] do_syscall_64+0xcd/0x230 [ 621.627990][T13208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.628014][T13208] RIP: 0033:0x7f366d78e969 [ 621.628033][T13208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.628056][T13208] RSP: 002b:00007f366e59a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 621.628078][T13208] RAX: ffffffffffffffda RBX: 00007f366d9b5fa0 RCX: 00007f366d78e969 [ 621.628094][T13208] RDX: ffffffffffffffff RSI: 0000000000000001 RDI: 0000000000000005 [ 621.628109][T13208] RBP: 00007f366d810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 621.628124][T13208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.628139][T13208] R13: 0000000000000000 R14: 00007f366d9b5fa0 R15: 00007ffd1224bc28 [ 621.628169][T13208] [ 623.816934][T13230] usbip-vudc usbip-vudc.0: gadget not bound [ 625.031232][T13235] FAULT_INJECTION: forcing a failure. [ 625.031232][T13235] name failslab, interval 1, probability 0, space 0, times 0 [ 625.136928][T13235] CPU: 0 UID: 0 PID: 13235 Comm: syz.4.2695 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 625.136975][T13235] Tainted: [I]=FIRMWARE_WORKAROUND [ 625.136984][T13235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 625.136999][T13235] Call Trace: [ 625.137008][T13235] [ 625.137018][T13235] dump_stack_lvl+0x16c/0x1f0 [ 625.137077][T13235] should_fail_ex+0x512/0x640 [ 625.137115][T13235] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 625.137141][T13235] should_failslab+0xc2/0x120 [ 625.137171][T13235] __kmalloc_cache_noprof+0x6a/0x3e0 [ 625.137193][T13235] ? __asan_memset+0x23/0x50 [ 625.137212][T13235] ? alloc_netdev_mqs+0xece/0x1570 [ 625.137248][T13235] alloc_netdev_mqs+0xece/0x1570 [ 625.137296][T13235] ppp_ioctl+0x1761/0x2660 [ 625.137351][T13235] ? find_held_lock+0x2b/0x80 [ 625.137375][T13235] ? __pfx_ppp_ioctl+0x10/0x10 [ 625.137410][T13235] ? __fget_files+0x20e/0x3c0 [ 625.137437][T13235] ? __pfx_ppp_ioctl+0x10/0x10 [ 625.137470][T13235] __x64_sys_ioctl+0x190/0x200 [ 625.137507][T13235] do_syscall_64+0xcd/0x230 [ 625.137546][T13235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.137571][T13235] RIP: 0033:0x7f26dff8e969 [ 625.137589][T13235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.137612][T13235] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.137634][T13235] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 625.137649][T13235] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 625.137667][T13235] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 625.137681][T13235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.137695][T13235] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 625.137723][T13235] [ 625.700271][T13241] FAULT_INJECTION: forcing a failure. [ 625.700271][T13241] name failslab, interval 1, probability 0, space 0, times 0 [ 625.751193][T13241] CPU: 0 UID: 0 PID: 13241 Comm: syz.4.2697 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 625.751239][T13241] Tainted: [I]=FIRMWARE_WORKAROUND [ 625.751250][T13241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 625.751266][T13241] Call Trace: [ 625.751275][T13241] [ 625.751285][T13241] dump_stack_lvl+0x16c/0x1f0 [ 625.751344][T13241] should_fail_ex+0x512/0x640 [ 625.751385][T13241] ? fs_reclaim_acquire+0xae/0x150 [ 625.751431][T13241] should_failslab+0xc2/0x120 [ 625.751465][T13241] __kmalloc_cache_noprof+0x6a/0x3e0 [ 625.751492][T13241] ? tomoyo_init_log+0x197/0x2140 [ 625.751535][T13241] tomoyo_init_log+0x197/0x2140 [ 625.751571][T13241] ? format_decode+0x1ad/0xd40 [ 625.751604][T13241] ? __pfx_format_decode+0x10/0x10 [ 625.751645][T13241] ? __pfx_tomoyo_init_log+0x10/0x10 [ 625.751691][T13241] tomoyo_write_log2+0x2f7/0xc10 [ 625.751726][T13241] ? tomoyo_domain_quota_is_ok+0x2a0/0x5a0 [ 625.751763][T13241] tomoyo_supervisor+0x15e/0x13b0 [ 625.751795][T13241] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 625.751832][T13241] ? lockdep_hardirqs_on+0x7c/0x110 [ 625.751875][T13241] ? tomoyo_check_path_acl+0xad/0x210 [ 625.751908][T13241] ? tomoyo_check_acl+0x1f7/0x410 [ 625.751940][T13241] tomoyo_path_permission+0x270/0x3b0 [ 625.751976][T13241] tomoyo_check_open_permission+0x349/0x3c0 [ 625.752011][T13241] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 625.752076][T13241] ? do_raw_spin_lock+0x12c/0x2b0 [ 625.752125][T13241] tomoyo_file_open+0x6b/0x90 [ 625.752151][T13241] security_file_open+0x84/0x1e0 [ 625.752188][T13241] do_dentry_open+0x596/0x1c10 [ 625.752240][T13241] vfs_open+0x82/0x3f0 [ 625.752280][T13241] path_openat+0x1e5e/0x2d40 [ 625.752326][T13241] ? __pfx_path_openat+0x10/0x10 [ 625.752371][T13241] do_filp_open+0x20b/0x470 [ 625.752398][T13241] ? __pfx_do_filp_open+0x10/0x10 [ 625.752456][T13241] ? alloc_fd+0x471/0x7d0 [ 625.752503][T13241] do_sys_openat2+0x11b/0x1d0 [ 625.752534][T13241] ? __pfx_do_sys_openat2+0x10/0x10 [ 625.752576][T13241] __x64_sys_openat+0x174/0x210 [ 625.752609][T13241] ? __pfx___x64_sys_openat+0x10/0x10 [ 625.752643][T13241] ? rcu_is_watching+0x12/0xc0 [ 625.752674][T13241] do_syscall_64+0xcd/0x230 [ 625.752711][T13241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.752736][T13241] RIP: 0033:0x7f26dff8e969 [ 625.752755][T13241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.752778][T13241] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 625.752818][T13241] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 625.752835][T13241] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 625.752852][T13241] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 625.752867][T13241] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 625.752894][T13241] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 625.752922][T13241] [ 626.381095][T13249] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2702'. [ 626.452239][T13251] FAULT_INJECTION: forcing a failure. [ 626.452239][T13251] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 626.452427][T13251] CPU: 0 UID: 0 PID: 13251 Comm: syz.0.2701 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 626.452465][T13251] Tainted: [I]=FIRMWARE_WORKAROUND [ 626.452474][T13251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 626.452488][T13251] Call Trace: [ 626.452496][T13251] [ 626.452505][T13251] dump_stack_lvl+0x16c/0x1f0 [ 626.452551][T13251] should_fail_ex+0x512/0x640 [ 626.452595][T13251] should_fail_alloc_page+0xe7/0x130 [ 626.452632][T13251] prepare_alloc_pages+0x3c2/0x610 [ 626.452677][T13251] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 626.452711][T13251] ? look_up_lock_class+0x59/0x150 [ 626.452749][T13251] ? register_lock_class+0x41/0x4c0 [ 626.452790][T13251] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 626.452829][T13251] ? __lock_acquire+0xaa4/0x1ba0 [ 626.452866][T13251] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 626.452904][T13251] ? policy_nodemask+0xea/0x4e0 [ 626.452937][T13251] alloc_pages_mpol+0x1fb/0x550 [ 626.452979][T13251] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 626.453006][T13251] ? up_write+0x1b2/0x520 [ 626.453045][T13251] alloc_pages_noprof+0x131/0x390 [ 626.453075][T13251] pte_alloc_one+0x19/0x380 [ 626.453103][T13251] do_huge_pmd_anonymous_page+0x8b0/0x1ff0 [ 626.453143][T13251] ? find_held_lock+0x2b/0x80 [ 626.453167][T13251] __handle_mm_fault+0x1c10/0x2a40 [ 626.453201][T13251] ? __pfx___handle_mm_fault+0x10/0x10 [ 626.453249][T13251] ? find_vma+0xbf/0x140 [ 626.453282][T13251] ? __pfx_find_vma+0x10/0x10 [ 626.453318][T13251] handle_mm_fault+0x3fe/0xad0 [ 626.453347][T13251] do_user_addr_fault+0x7a6/0x1370 [ 626.453374][T13251] ? rcu_is_watching+0x12/0xc0 [ 626.453399][T13251] exc_page_fault+0x5c/0xc0 [ 626.453432][T13251] asm_exc_page_fault+0x26/0x30 [ 626.453454][T13251] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 626.453483][T13251] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 626.453505][T13251] RSP: 0018:ffffc90003437e58 EFLAGS: 00050202 [ 626.453522][T13251] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000c [ 626.453535][T13251] RDX: fffff52000686fd7 RSI: 0000000000000000 RDI: ffffc90003437eb0 [ 626.453550][T13251] RBP: 000000000000000c R08: 0000000000000001 R09: fffff52000686fd7 [ 626.453563][T13251] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 626.453580][T13251] R13: ffffc90003437eb0 R14: 0000000000000001 R15: 0000000000000005 [ 626.453608][T13251] _copy_from_user+0x98/0xd0 [ 626.453648][T13251] __x64_sys_epoll_ctl+0x131/0x1e0 [ 626.453685][T13251] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 626.453718][T13251] ? rcu_is_watching+0x12/0xc0 [ 626.453746][T13251] do_syscall_64+0xcd/0x230 [ 626.453784][T13251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.453805][T13251] RIP: 0033:0x7fbbca58e969 [ 626.453824][T13251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.453846][T13251] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 626.453866][T13251] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 626.453880][T13251] RDX: ffffffffffffffff RSI: 0000000000000001 RDI: 0000000000000005 [ 626.453894][T13251] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 626.453907][T13251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 626.453920][T13251] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 626.453948][T13251] [ 628.052013][T13264] usbip-vudc usbip-vudc.0: gadget not bound [ 629.240504][T13241] tty tty26: ldisc open failed (-12), clearing slot 25 [ 630.341920][T13282] netlink: 146 bytes leftover after parsing attributes in process `syz.4.2713'. [ 630.729107][T13290] FAULT_INJECTION: forcing a failure. [ 630.729107][T13290] name failslab, interval 1, probability 0, space 0, times 0 [ 630.778838][T13290] CPU: 0 UID: 0 PID: 13290 Comm: syz.2.2724 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 630.778887][T13290] Tainted: [I]=FIRMWARE_WORKAROUND [ 630.778897][T13290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 630.778912][T13290] Call Trace: [ 630.778921][T13290] [ 630.778931][T13290] dump_stack_lvl+0x16c/0x1f0 [ 630.778983][T13290] should_fail_ex+0x512/0x640 [ 630.779025][T13290] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 630.779068][T13290] should_failslab+0xc2/0x120 [ 630.779103][T13290] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 630.779143][T13290] ? __proc_create+0xc3/0x8c0 [ 630.779175][T13290] ? __proc_create+0x2ce/0x8c0 [ 630.779209][T13290] __proc_create+0x2ce/0x8c0 [ 630.779239][T13290] ? __pfx___proc_create+0x10/0x10 [ 630.779271][T13290] ? insert_header+0xf8d/0x1480 [ 630.779303][T13290] ? __register_sysctl_table+0x736/0x1900 [ 630.779337][T13290] proc_create_reg+0x7d/0x180 [ 630.779370][T13290] proc_create_net_data+0x8e/0x1b0 [ 630.779401][T13290] ? __pfx_proc_create_net_data+0x10/0x10 [ 630.779433][T13290] ? __pfx___register_sysctl_table+0x10/0x10 [ 630.779462][T13290] ? is_module_address+0x69/0xf0 [ 630.779498][T13290] ? register_net_sysctl_sz+0x228/0x3e0 [ 630.779525][T13290] ? __pfx_nf_log_net_init+0x10/0x10 [ 630.779559][T13290] nf_log_net_init+0x69/0x450 [ 630.779590][T13290] ? __pfx_nf_log_net_init+0x10/0x10 [ 630.779619][T13290] ops_init+0x1e2/0x5f0 [ 630.779658][T13290] setup_net+0x21e/0x850 [ 630.779694][T13290] ? __pfx_setup_net+0x10/0x10 [ 630.779725][T13290] ? lockdep_init_map_type+0x5c/0x280 [ 630.779761][T13290] ? __pfx_down_read_killable+0x10/0x10 [ 630.779791][T13290] ? debug_mutex_init+0x37/0x70 [ 630.779818][T13290] copy_net_ns+0x2a6/0x5f0 [ 630.779857][T13290] create_new_namespaces+0x3ea/0xad0 [ 630.779894][T13290] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 630.779926][T13290] ksys_unshare+0x45b/0xa40 [ 630.779962][T13290] ? __pfx_ksys_unshare+0x10/0x10 [ 630.779996][T13290] ? xfd_validate_state+0x5d/0x180 [ 630.780041][T13290] ? rcu_is_watching+0x12/0xc0 [ 630.780073][T13290] __x64_sys_unshare+0x31/0x40 [ 630.780118][T13290] do_syscall_64+0xcd/0x230 [ 630.780157][T13290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.780181][T13290] RIP: 0033:0x7f9dd538e969 [ 630.780200][T13290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.780222][T13290] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 630.780243][T13290] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 630.780259][T13290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 630.780272][T13290] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 630.780287][T13290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.780301][T13290] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 630.780330][T13290] [ 631.396942][T13299] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2719'. [ 632.428593][T13310] usbip-vudc usbip-vudc.0: gadget not bound [ 635.132296][T13347] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 635.139288][T13347] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 636.138586][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 636.144965][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 638.061994][T13390] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2749'. [ 638.779004][T13398] netlink: 'syz.4.2752': attribute type 17 has an invalid length. [ 638.839241][T13398] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2752'. [ 638.887638][T13400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2753'. [ 639.614417][T13410] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2758'. [ 640.554554][T13419] zswap: compressor not available [ 640.654291][T13427] netlink: 146 bytes leftover after parsing attributes in process `syz.4.2761'. [ 640.982310][T13433] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2764'. [ 644.741770][T13483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2781'. [ 644.821059][T13485] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2781'. [ 646.076171][T13500] FAULT_INJECTION: forcing a failure. [ 646.076171][T13500] name fail_futex, interval 1, probability 0, space 0, times 1 [ 646.132451][T13500] CPU: 0 UID: 0 PID: 13500 Comm: syz.1.2786 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 646.132495][T13500] Tainted: [I]=FIRMWARE_WORKAROUND [ 646.132504][T13500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 646.132518][T13500] Call Trace: [ 646.132526][T13500] [ 646.132536][T13500] dump_stack_lvl+0x16c/0x1f0 [ 646.132581][T13500] should_fail_ex+0x512/0x640 [ 646.132623][T13500] get_futex_key+0x1c2/0x1000 [ 646.132653][T13500] ? __pfx_get_futex_key+0x10/0x10 [ 646.132680][T13500] ? kasan_save_track+0x14/0x30 [ 646.132706][T13500] ? __kasan_kmalloc+0xaa/0xb0 [ 646.132733][T13500] futex_lock_pi+0x27c/0x7b0 [ 646.132767][T13500] ? __pfx_futex_lock_pi+0x10/0x10 [ 646.132796][T13500] ? __pfx___futex_wait+0x10/0x10 [ 646.132846][T13500] ? futex_wait+0x120/0x380 [ 646.132879][T13500] ? __pfx_futex_wake_mark+0x10/0x10 [ 646.132920][T13500] ? do_writev+0x218/0x330 [ 646.132946][T13500] do_futex+0x11a/0x350 [ 646.132972][T13500] ? __pfx_do_futex+0x10/0x10 [ 646.132995][T13500] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 646.133042][T13500] __x64_sys_futex+0x1e0/0x4c0 [ 646.133072][T13500] ? __pfx___x64_sys_futex+0x10/0x10 [ 646.133100][T13500] ? rcu_is_watching+0x12/0xc0 [ 646.133129][T13500] do_syscall_64+0xcd/0x230 [ 646.133167][T13500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.133191][T13500] RIP: 0033:0x7f366d78e969 [ 646.133209][T13500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 646.133231][T13500] RSP: 002b:00007f366e59a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 646.133253][T13500] RAX: ffffffffffffffda RBX: 00007f366d9b5fa0 RCX: 00007f366d78e969 [ 646.133268][T13500] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 646.133282][T13500] RBP: 00007f366d810ab1 R08: 0000000000000000 R09: 0000000000000006 [ 646.133295][T13500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 646.133308][T13500] R13: 0000000000000000 R14: 00007f366d9b5fa0 R15: 00007ffd1224bc28 [ 646.133335][T13500] [ 646.342097][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.691426][T13525] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2794'. [ 648.750760][T13525] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2794'. [ 648.819428][T13528] netlink: 'syz.1.2794': attribute type 3 has an invalid length. [ 648.871790][T13528] netlink: 158 bytes leftover after parsing attributes in process `syz.1.2794'. [ 649.992282][T13546] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2799'. [ 650.580306][T13556] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00400 pfn:0x7fe00 [ 650.612597][T13556] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 650.673759][T13556] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 650.746021][T13556] raw: ffff88807fe00400 0000000000000000 00000001ffffffff 0000000000000000 [ 650.754684][T13556] page dumped because: unmovable page [ 650.876600][T13556] page_owner tracks the page as allocated [ 650.921547][T13556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 7710, tgid 7703 (syz.3.693), ts 227175650538, free_ts 225236707791 [ 651.074287][T13556] post_alloc_hook+0x181/0x1b0 [ 651.101410][T13556] get_page_from_freelist+0x135c/0x3920 [ 651.143042][T13556] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 651.176549][T13556] alloc_pages_mpol+0x1fb/0x550 [ 651.199400][T13556] alloc_pages_noprof+0x131/0x390 [ 651.215595][T13556] brd_insert_page+0x59/0x120 [ 651.239030][T13556] brd_submit_bio+0x365/0xe30 [ 651.264873][T13556] __submit_bio+0x301/0x690 [ 651.283992][T13556] submit_bio_noacct_nocheck+0x855/0xd30 [ 651.307501][T13556] submit_bio_noacct+0x50d/0x1ec0 [ 651.342905][T13556] blkdev_direct_IO+0x1345/0x1cc0 [ 651.364661][T13556] blkdev_write_iter+0x6fd/0xdf0 [ 651.391283][T13556] vfs_write+0x5ba/0x1180 [ 651.409197][T13556] ksys_write+0x12a/0x240 [ 651.424523][T13556] do_syscall_64+0xcd/0x230 [ 651.447981][T13556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.471210][T13556] page last free pid 7681 tgid 7680 stack trace: [ 651.494186][T13556] __free_frozen_pages+0x69d/0xff0 [ 651.542332][T13556] kimage_free_page_list+0x130/0x230 [ 651.567560][T13556] kimage_alloc_control_pages+0x3b3/0x910 [ 651.601629][T13556] do_kexec_load+0x480/0x8d0 [ 651.639109][T13556] __x64_sys_kexec_load+0x1bf/0x230 [ 651.657530][T13569] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2805'. [ 651.678554][T13556] do_syscall_64+0xcd/0x230 [ 651.698945][T13556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.219721][T13609] bond0: mtu greater than device maximum [ 655.861351][T13602] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 656.413349][ T5184] ERROR: Out of memory at tomoyo_memory_ok. [ 658.189164][T13631] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2835'. [ 659.377572][T13649] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2833'. [ 659.440936][T13649] netlink: 102 bytes leftover after parsing attributes in process `syz.2.2833'. [ 659.571955][T13653] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2841'. [ 659.696319][T13653] IPv6: NLM_F_CREATE should be specified when creating new route [ 662.110157][T13683] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2844'. [ 664.577926][T13716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2855'. [ 664.609207][T13716] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2855'. [ 665.026067][T13722] [U]  [ 665.028935][T13722] [U] [ 665.031654][T13722] [U] [ 665.034365][T13722] [U] [ 665.102130][T13722] [U] [ 665.104903][T13722] [U] [ 665.107652][T13722] [U] [ 665.110364][T13722] [U] [ 665.147456][T13722] [U] [ 665.150351][T13722] [U] [ 665.153071][T13722] [U] [ 665.155787][T13722] [U] [ 665.211653][T13722] [U] [ 665.214422][T13722] [U] [ 665.217148][T13722] [U] [ 665.219867][T13722] [U] [ 665.275143][T13722] [U] [ 665.277941][T13722] [U] [ 665.280669][T13722] [U] [ 665.283386][T13722] [U] [ 665.333851][T13722] [U] [ 668.008161][T13772] FAULT_INJECTION: forcing a failure. [ 668.008161][T13772] name failslab, interval 1, probability 0, space 0, times 0 [ 668.080080][T13772] CPU: 0 UID: 0 PID: 13772 Comm: syz.0.2876 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 668.080131][T13772] Tainted: [I]=FIRMWARE_WORKAROUND [ 668.080140][T13772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.080154][T13772] Call Trace: [ 668.080163][T13772] [ 668.080172][T13772] dump_stack_lvl+0x16c/0x1f0 [ 668.080222][T13772] should_fail_ex+0x512/0x640 [ 668.080264][T13772] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 668.080295][T13772] should_failslab+0xc2/0x120 [ 668.080328][T13772] __kmalloc_cache_noprof+0x6a/0x3e0 [ 668.080353][T13772] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 668.080399][T13772] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 668.080443][T13772] drm_atomic_get_connector_state+0x388/0x740 [ 668.080489][T13772] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 668.080532][T13772] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 668.080568][T13772] ? ww_mutex_lock+0x37/0x160 [ 668.080608][T13772] ? modeset_lock+0x114/0x6e0 [ 668.080640][T13772] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 668.080682][T13772] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 668.080723][T13772] ? drm_client_rotation+0x4d9/0x6a0 [ 668.080762][T13772] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 668.080806][T13772] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 668.080873][T13772] drm_client_modeset_commit_locked+0x14d/0x580 [ 668.080925][T13772] drm_client_modeset_commit+0x4f/0x80 [ 668.080960][T13772] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 668.080993][T13772] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 668.081035][T13772] drm_fbdev_client_restore+0x2c/0x40 [ 668.081073][T13772] drm_client_dev_restore+0x1f3/0x2a0 [ 668.081117][T13772] drm_release+0x2c4/0x360 [ 668.081149][T13772] ? __pfx_drm_release+0x10/0x10 [ 668.081178][T13772] __fput+0x402/0xb70 [ 668.081217][T13772] task_work_run+0x150/0x240 [ 668.081260][T13772] ? __pfx_task_work_run+0x10/0x10 [ 668.081299][T13772] ? __pfx___do_sys_close_range+0x10/0x10 [ 668.081323][T13772] ? rcu_is_watching+0x12/0xc0 [ 668.081356][T13772] syscall_exit_to_user_mode+0x27b/0x2a0 [ 668.081396][T13772] do_syscall_64+0xda/0x230 [ 668.081443][T13772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.081469][T13772] RIP: 0033:0x7fbbca58e969 [ 668.081489][T13772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.081514][T13772] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 668.081537][T13772] RAX: 0000000000000000 RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 668.081553][T13772] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 668.081567][T13772] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 668.081582][T13772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.081609][T13772] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 668.081639][T13772] [ 669.015808][T13777] FAULT_INJECTION: forcing a failure. [ 669.015808][T13777] name failslab, interval 1, probability 0, space 0, times 0 [ 669.163318][T13777] CPU: 0 UID: 0 PID: 13777 Comm: syz.1.2879 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 669.163372][T13777] Tainted: [I]=FIRMWARE_WORKAROUND [ 669.163382][T13777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 669.163410][T13777] Call Trace: [ 669.163420][T13777] [ 669.163429][T13777] dump_stack_lvl+0x16c/0x1f0 [ 669.163479][T13777] should_fail_ex+0x512/0x640 [ 669.163521][T13777] ? fs_reclaim_acquire+0xae/0x150 [ 669.163565][T13777] should_failslab+0xc2/0x120 [ 669.163598][T13777] __kmalloc_cache_noprof+0x6a/0x3e0 [ 669.163625][T13777] ? tomoyo_write_log2+0x33d/0xc10 [ 669.163667][T13777] tomoyo_write_log2+0x33d/0xc10 [ 669.163709][T13777] tomoyo_supervisor+0x15e/0x13b0 [ 669.163740][T13777] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 669.163778][T13777] ? lockdep_hardirqs_on+0x7c/0x110 [ 669.163820][T13777] ? tomoyo_check_path_acl+0xad/0x210 [ 669.163852][T13777] ? tomoyo_check_acl+0x1f7/0x410 [ 669.163884][T13777] tomoyo_path_permission+0x270/0x3b0 [ 669.163918][T13777] tomoyo_check_open_permission+0x349/0x3c0 [ 669.163952][T13777] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 669.164016][T13777] ? do_raw_spin_lock+0x12c/0x2b0 [ 669.164070][T13777] tomoyo_file_open+0x6b/0x90 [ 669.164096][T13777] security_file_open+0x84/0x1e0 [ 669.164133][T13777] do_dentry_open+0x596/0x1c10 [ 669.164169][T13777] vfs_open+0x82/0x3f0 [ 669.164207][T13777] path_openat+0x1e5e/0x2d40 [ 669.164244][T13777] ? __pfx_path_openat+0x10/0x10 [ 669.164277][T13777] do_filp_open+0x20b/0x470 [ 669.164307][T13777] ? __pfx_do_filp_open+0x10/0x10 [ 669.164359][T13777] ? alloc_fd+0x471/0x7d0 [ 669.164410][T13777] do_sys_openat2+0x11b/0x1d0 [ 669.164444][T13777] ? __pfx_do_sys_openat2+0x10/0x10 [ 669.164481][T13777] ? find_held_lock+0x2b/0x80 [ 669.164515][T13777] __x64_sys_openat+0x174/0x210 [ 669.164551][T13777] ? __pfx___x64_sys_openat+0x10/0x10 [ 669.164589][T13777] ? rcu_is_watching+0x12/0xc0 [ 669.164622][T13777] do_syscall_64+0xcd/0x230 [ 669.164664][T13777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.164690][T13777] RIP: 0033:0x7f366d78e969 [ 669.164710][T13777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.164736][T13777] RSP: 002b:00007f366e59a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 669.164760][T13777] RAX: ffffffffffffffda RBX: 00007f366d9b5fa0 RCX: 00007f366d78e969 [ 669.164778][T13777] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 669.164795][T13777] RBP: 00007f366d810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 669.164811][T13777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.164827][T13777] R13: 0000000000000000 R14: 00007f366d9b5fa0 R15: 00007ffd1224bc28 [ 669.164858][T13777] [ 670.279119][T13797] i2c i2c-0: Failed to register i2c client card: at 0x01 (-16) [ 671.334441][T13806] ERROR: Out of memory at tomoyo_memory_ok. [ 673.461223][T13830] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2896'. [ 673.824402][T13836] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2899'. [ 674.067873][T12218] Bluetooth: hci0: command 0x0406 tx timeout [ 674.125999][T13842] FAULT_INJECTION: forcing a failure. [ 674.125999][T13842] name failslab, interval 1, probability 0, space 0, times 0 [ 674.183917][T13842] CPU: 0 UID: 0 PID: 13842 Comm: syz.4.2902 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 674.183966][T13842] Tainted: [I]=FIRMWARE_WORKAROUND [ 674.183975][T13842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 674.183990][T13842] Call Trace: [ 674.183999][T13842] [ 674.184008][T13842] dump_stack_lvl+0x16c/0x1f0 [ 674.184066][T13842] should_fail_ex+0x512/0x640 [ 674.184109][T13842] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 674.184140][T13842] should_failslab+0xc2/0x120 [ 674.184173][T13842] __kmalloc_cache_noprof+0x6a/0x3e0 [ 674.184201][T13842] ? snd_seq_port_connect+0x61/0x550 [ 674.184245][T13842] snd_seq_port_connect+0x61/0x550 [ 674.184281][T13842] ? _raw_read_unlock+0x28/0x50 [ 674.184318][T13842] ? check_subscription_permission.isra.0+0xf5/0x240 [ 674.184361][T13842] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 674.184420][T13842] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 674.184474][T13842] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 674.184516][T13842] snd_seq_oss_midi_open+0x442/0x660 [ 674.184547][T13842] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 674.184584][T13842] ? rcu_is_watching+0x12/0xc0 [ 674.184610][T13842] ? trace_contention_end+0xdd/0x130 [ 674.184650][T13842] snd_seq_oss_synth_reset+0x437/0x880 [ 674.184679][T13842] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 674.184708][T13842] ? __pfx___fsnotify_parent+0x10/0x10 [ 674.184756][T13842] snd_seq_oss_reset+0x73/0x290 [ 674.184795][T13842] ? __pfx_odev_release+0x10/0x10 [ 674.184830][T13842] snd_seq_oss_release+0x7c/0x180 [ 674.184869][T13842] odev_release+0x4c/0x70 [ 674.184902][T13842] __fput+0x402/0xb70 [ 674.184948][T13842] task_work_run+0x150/0x240 [ 674.184991][T13842] ? __pfx_task_work_run+0x10/0x10 [ 674.185037][T13842] ? __pfx___do_sys_close_range+0x10/0x10 [ 674.185064][T13842] ? rcu_is_watching+0x12/0xc0 [ 674.185094][T13842] syscall_exit_to_user_mode+0x27b/0x2a0 [ 674.185138][T13842] do_syscall_64+0xda/0x230 [ 674.185180][T13842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.185207][T13842] RIP: 0033:0x7f26dff8e969 [ 674.185229][T13842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.185255][T13842] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 674.185280][T13842] RAX: 0000000000000000 RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 674.185296][T13842] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 674.185312][T13842] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 674.185327][T13842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.185342][T13842] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 674.185373][T13842] [ 675.946728][T13866] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2910'. [ 676.301586][T13873] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2912'. [ 676.835692][T13879] netlink: 290 bytes leftover after parsing attributes in process `syz.4.2915'. [ 676.948467][T13883] netlink: 30 bytes leftover after parsing attributes in process `syz.0.2924'. [ 678.796007][T13911] FAULT_INJECTION: forcing a failure. [ 678.796007][T13911] name failslab, interval 1, probability 0, space 0, times 0 [ 678.858366][T13911] CPU: 0 UID: 0 PID: 13911 Comm: syz.4.2927 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 678.858415][T13911] Tainted: [I]=FIRMWARE_WORKAROUND [ 678.858424][T13911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 678.858441][T13911] Call Trace: [ 678.858449][T13911] [ 678.858459][T13911] dump_stack_lvl+0x16c/0x1f0 [ 678.858509][T13911] should_fail_ex+0x512/0x640 [ 678.858552][T13911] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 678.858587][T13911] should_failslab+0xc2/0x120 [ 678.858621][T13911] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 678.858651][T13911] ? copy_net_ns+0xe8/0x5f0 [ 678.858715][T13911] copy_net_ns+0xe8/0x5f0 [ 678.858754][T13911] ? copy_cgroup_ns+0xa4/0x6f0 [ 678.858783][T13911] create_new_namespaces+0x3ea/0xad0 [ 678.858822][T13911] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 678.858856][T13911] ksys_unshare+0x45b/0xa40 [ 678.858894][T13911] ? __pfx_ksys_unshare+0x10/0x10 [ 678.858929][T13911] ? xfd_validate_state+0x5d/0x180 [ 678.858956][T13911] ? rcu_is_watching+0x12/0xc0 [ 678.858987][T13911] __x64_sys_unshare+0x31/0x40 [ 678.859022][T13911] do_syscall_64+0xcd/0x230 [ 678.859064][T13911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.859091][T13911] RIP: 0033:0x7f26dff8e969 [ 678.859111][T13911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.859136][T13911] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 678.859160][T13911] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 678.859176][T13911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 678.859193][T13911] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 678.859209][T13911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.859224][T13911] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 678.859255][T13911] [ 679.446298][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2930'. [ 679.461504][T13920] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2931'. [ 679.486744][T13921] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2930'. [ 679.536901][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2930'. [ 681.254511][T13950] FAULT_INJECTION: forcing a failure. [ 681.254511][T13950] name failslab, interval 1, probability 0, space 0, times 0 [ 681.333238][T13950] CPU: 0 UID: 0 PID: 13950 Comm: syz.1.2941 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 681.333288][T13950] Tainted: [I]=FIRMWARE_WORKAROUND [ 681.333298][T13950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 681.333313][T13950] Call Trace: [ 681.333323][T13950] [ 681.333333][T13950] dump_stack_lvl+0x16c/0x1f0 [ 681.333381][T13950] should_fail_ex+0x512/0x640 [ 681.333421][T13950] ? __kmalloc_noprof+0xbf/0x510 [ 681.333454][T13950] ? ima_write_template_field_data+0x5d/0x1f0 [ 681.333491][T13950] should_failslab+0xc2/0x120 [ 681.333525][T13950] __kmalloc_noprof+0xd2/0x510 [ 681.333561][T13950] ima_write_template_field_data+0x5d/0x1f0 [ 681.333601][T13950] ima_eventdigest_init_common+0x154/0x430 [ 681.333639][T13950] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 681.333693][T13950] ? rcu_is_watching+0x12/0xc0 [ 681.333724][T13950] ? trace_kmalloc+0x2b/0xd0 [ 681.333756][T13950] ? __kmalloc_noprof+0x242/0x510 [ 681.333784][T13950] ? __print_lock_name+0xd1/0xe0 [ 681.333820][T13950] ima_alloc_init_template+0x3a0/0x720 [ 681.333855][T13950] ima_store_measurement+0x1eb/0x5c0 [ 681.333886][T13950] ? __pfx_ima_store_measurement+0x10/0x10 [ 681.333915][T13950] ? vfs_getxattr_alloc+0xec/0x340 [ 681.333962][T13950] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 681.334007][T13950] process_measurement+0x1ddb/0x23e0 [ 681.334066][T13950] ? __pfx_process_measurement+0x10/0x10 [ 681.334105][T13950] ? __lock_acquire+0x5ca/0x1ba0 [ 681.334140][T13950] ? init_file+0x93/0x4c0 [ 681.334169][T13950] ? alloc_empty_file+0x73/0x1e0 [ 681.334200][T13950] ? hugetlb_file_setup+0x4cd/0x620 [ 681.334235][T13950] ? ksys_mmap_pgoff+0x189/0x5c0 [ 681.334274][T13950] ? __x64_sys_mmap+0x125/0x190 [ 681.334342][T13950] ima_file_mmap+0x1b1/0x1d0 [ 681.334383][T13950] ? __pfx_ima_file_mmap+0x10/0x10 [ 681.334431][T13950] security_mmap_file+0x88c/0x990 [ 681.334470][T13950] vm_mmap_pgoff+0xec/0x450 [ 681.334517][T13950] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 681.334552][T13950] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 681.334587][T13950] ? hugetlbfs_get_inode+0x31f/0x730 [ 681.334628][T13950] ksys_mmap_pgoff+0x1c8/0x5c0 [ 681.334665][T13950] ? rcu_is_watching+0x12/0xc0 [ 681.334691][T13950] __x64_sys_mmap+0x125/0x190 [ 681.334718][T13950] do_syscall_64+0xcd/0x230 [ 681.334759][T13950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.334786][T13950] RIP: 0033:0x7f366d78e969 [ 681.334806][T13950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.334836][T13950] RSP: 002b:00007f366e59a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 681.334861][T13950] RAX: ffffffffffffffda RBX: 00007f366d9b5fa0 RCX: 00007f366d78e969 [ 681.334878][T13950] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 681.334894][T13950] RBP: 00007f366d810ab1 R08: 0000000000000401 R09: 0000300000000000 [ 681.334911][T13950] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 681.334926][T13950] R13: 0000000000000000 R14: 00007f366d9b5fa0 R15: 00007ffd1224bc28 [ 681.334959][T13950] [ 681.676853][ T30] audit: type=1804 audit(4294968645.506:13): pid=13950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.2941" name="anon_hugepage" dev="hugetlbfs" ino=39771 res=0 errno=0 [ 682.096304][T13958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2942'. [ 682.110021][T13958] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2942'. [ 682.132331][T13958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2942'. [ 683.085151][T13965] netlink: 'syz.1.2947': attribute type 19 has an invalid length. [ 683.094159][T13966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2954'. [ 683.124017][T13965] netlink: 114 bytes leftover after parsing attributes in process `syz.1.2947'. [ 683.148066][T13969] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2954'. [ 685.082253][T14003] FAULT_INJECTION: forcing a failure. [ 685.082253][T14003] name failslab, interval 1, probability 0, space 0, times 0 [ 685.125464][T14004] __nla_validate_parse: 3 callbacks suppressed [ 685.125488][T14004] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2960'. [ 685.194737][T14003] CPU: 0 UID: 0 PID: 14003 Comm: syz.2.2959 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 685.194785][T14003] Tainted: [I]=FIRMWARE_WORKAROUND [ 685.194794][T14003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.194809][T14003] Call Trace: [ 685.194818][T14003] [ 685.194828][T14003] dump_stack_lvl+0x16c/0x1f0 [ 685.194889][T14003] should_fail_ex+0x512/0x640 [ 685.194930][T14003] ? fs_reclaim_acquire+0xae/0x150 [ 685.194973][T14003] should_failslab+0xc2/0x120 [ 685.195007][T14003] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 685.195037][T14003] ? security_inode_alloc+0x3b/0x2b0 [ 685.195071][T14003] security_inode_alloc+0x3b/0x2b0 [ 685.195101][T14003] inode_init_always_gfp+0xce4/0x1030 [ 685.195130][T14003] alloc_inode+0x86/0x240 [ 685.195178][T14003] path_from_stashed+0x2be/0xb00 [ 685.195226][T14003] ? do_raw_spin_lock+0x12c/0x2b0 [ 685.195275][T14003] ? __pfx_path_from_stashed+0x10/0x10 [ 685.195302][T14003] ? do_raw_spin_unlock+0x172/0x230 [ 685.195347][T14003] ns_get_path+0x5f/0x80 [ 685.195389][T14003] proc_ns_get_link+0x121/0x260 [ 685.195415][T14003] ? __pfx_proc_ns_get_link+0x10/0x10 [ 685.195439][T14003] ? __pfx___might_resched+0x10/0x10 [ 685.195473][T14003] ? __pfx_proc_ns_get_link+0x10/0x10 [ 685.195496][T14003] step_into+0x1b22/0x2270 [ 685.195541][T14003] ? __pfx_step_into+0x10/0x10 [ 685.195578][T14003] ? find_held_lock+0x2b/0x80 [ 685.195611][T14003] path_openat+0x749/0x2d40 [ 685.195646][T14003] ? __pfx_path_openat+0x10/0x10 [ 685.195679][T14003] do_filp_open+0x20b/0x470 [ 685.195703][T14003] ? __pfx_do_filp_open+0x10/0x10 [ 685.195749][T14003] ? alloc_fd+0x471/0x7d0 [ 685.195797][T14003] do_sys_openat2+0x11b/0x1d0 [ 685.195832][T14003] ? __pfx_do_sys_openat2+0x10/0x10 [ 685.195878][T14003] __x64_sys_openat+0x174/0x210 [ 685.195914][T14003] ? __pfx___x64_sys_openat+0x10/0x10 [ 685.195950][T14003] ? rcu_is_watching+0x12/0xc0 [ 685.195983][T14003] do_syscall_64+0xcd/0x230 [ 685.196025][T14003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.196051][T14003] RIP: 0033:0x7f9dd538d2d0 [ 685.196072][T14003] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 685.196098][T14003] RSP: 002b:00007f9dd62a1f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 685.196124][T14003] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9dd538d2d0 [ 685.196140][T14003] RDX: 0000000000000002 RSI: 00007f9dd62a1fa0 RDI: 00000000ffffff9c [ 685.196157][T14003] RBP: 00007f9dd62a1fa0 R08: 0000000000000000 R09: 0000000000000000 [ 685.196173][T14003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 685.196188][T14003] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 685.196219][T14003] [ 689.205724][T14055] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2979'. [ 691.055577][T14087] netlink: 138 bytes leftover after parsing attributes in process `syz.2.2993'. [ 691.489899][T14096] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2996'. [ 693.534780][T14132] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3009'. [ 693.878862][T14136] nbd: socks must be embedded in a SOCK_ITEM attr [ 693.935634][T14136] block nbd2: shutting down sockets [ 694.353094][T14147] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3017'. [ 695.851391][T14176] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3033'. [ 697.333641][T14204] netlink: 'syz.0.3038': attribute type 4 has an invalid length. [ 697.380095][T14204] netlink: 314 bytes leftover after parsing attributes in process `syz.0.3038'. [ 697.502428][T14207] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3039'. [ 697.607479][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 697.613998][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 699.917633][T14247] FAULT_INJECTION: forcing a failure. [ 699.917633][T14247] name failslab, interval 1, probability 0, space 0, times 0 [ 699.965355][T14247] CPU: 0 UID: 0 PID: 14247 Comm: syz.2.3053 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 699.965400][T14247] Tainted: [I]=FIRMWARE_WORKAROUND [ 699.965409][T14247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 699.965424][T14247] Call Trace: [ 699.965431][T14247] [ 699.965441][T14247] dump_stack_lvl+0x16c/0x1f0 [ 699.965488][T14247] should_fail_ex+0x512/0x640 [ 699.965526][T14247] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 699.965559][T14247] should_failslab+0xc2/0x120 [ 699.965590][T14247] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 699.965616][T14247] ? _raw_spin_unlock+0x28/0x50 [ 699.965647][T14247] ? mqueue_create_attr+0x2fb/0x440 [ 699.965672][T14247] ? alloc_empty_file+0x55/0x1e0 [ 699.965706][T14247] alloc_empty_file+0x55/0x1e0 [ 699.965737][T14247] dentry_open+0x46/0xd0 [ 699.965768][T14247] do_mq_open+0x4c1/0x8b0 [ 699.965795][T14247] ? __pfx_do_mq_open+0x10/0x10 [ 699.965818][T14247] ? __pfx___might_resched+0x10/0x10 [ 699.965850][T14247] __x64_sys_mq_open+0x155/0x1e0 [ 699.965875][T14247] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 699.965913][T14247] do_syscall_64+0xcd/0x230 [ 699.965951][T14247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.965975][T14247] RIP: 0033:0x7f9dd538e969 [ 699.965993][T14247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.966015][T14247] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 699.966037][T14247] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 699.966051][T14247] RDX: 0000000000000009 RSI: 000000000000007e RDI: 0000000000000000 [ 699.966065][T14247] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 699.966079][T14247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.966092][T14247] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 699.966121][T14247] [ 700.749212][T14254] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3057'. [ 703.002153][T14290] dlm: Unknown command passed to DLM device : 0 [ 703.002153][T14290] [ 703.038630][T14289] FAULT_INJECTION: forcing a failure. [ 703.038630][T14289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 703.117267][T14289] CPU: 0 UID: 0 PID: 14289 Comm: syz.0.3070 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 703.117316][T14289] Tainted: [I]=FIRMWARE_WORKAROUND [ 703.117325][T14289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 703.117351][T14289] Call Trace: [ 703.117360][T14289] [ 703.117369][T14289] dump_stack_lvl+0x16c/0x1f0 [ 703.117417][T14289] should_fail_ex+0x512/0x640 [ 703.117462][T14289] should_fail_alloc_page+0xe7/0x130 [ 703.117497][T14289] prepare_alloc_pages+0x3c2/0x610 [ 703.117543][T14289] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 703.117581][T14289] ? __lock_acquire+0xaa4/0x1ba0 [ 703.117619][T14289] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 703.117659][T14289] ? __lock_acquire+0xaa4/0x1ba0 [ 703.117696][T14289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 703.117735][T14289] ? policy_nodemask+0xea/0x4e0 [ 703.117769][T14289] alloc_pages_mpol+0x1fb/0x550 [ 703.117800][T14289] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 703.117833][T14289] ? __anon_vma_prepare+0x2db/0x5e0 [ 703.117864][T14289] folio_alloc_mpol_noprof+0x36/0x2f0 [ 703.117902][T14289] vma_alloc_folio_noprof+0xed/0x1e0 [ 703.117955][T14289] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 703.117991][T14289] ? __anon_vma_prepare+0x2e2/0x5e0 [ 703.118026][T14289] do_pte_missing+0x223d/0x3fb0 [ 703.118064][T14289] __handle_mm_fault+0x103d/0x2a40 [ 703.118099][T14289] ? __pfx___handle_mm_fault+0x10/0x10 [ 703.118133][T14289] ? __pte_offset_map_lock+0x155/0x2f0 [ 703.118173][T14289] ? find_held_lock+0x2b/0x80 [ 703.118196][T14289] ? find_held_lock+0x2b/0x80 [ 703.118240][T14289] handle_mm_fault+0x3fe/0xad0 [ 703.118274][T14289] __get_user_pages+0x771/0x36f0 [ 703.118324][T14289] ? __pfx_mt_find+0x10/0x10 [ 703.118349][T14289] ? __pfx___get_user_pages+0x10/0x10 [ 703.118400][T14289] populate_vma_page_range+0x278/0x3a0 [ 703.118428][T14289] ? __pfx_populate_vma_page_range+0x10/0x10 [ 703.118452][T14289] ? __pfx_find_vma_intersection+0x10/0x10 [ 703.118494][T14289] ? do_mmap+0x69c/0x11b0 [ 703.118535][T14289] __mm_populate+0x1d8/0x380 [ 703.118561][T14289] ? __pfx___mm_populate+0x10/0x10 [ 703.118588][T14289] ? up_write+0x1b2/0x520 [ 703.118627][T14289] vm_mmap_pgoff+0x362/0x450 [ 703.118669][T14289] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 703.118706][T14289] ? __pfx_alarmtimer_nsleep_wakeup+0x10/0x10 [ 703.118741][T14289] ? __x64_sys_futex+0x1e0/0x4c0 [ 703.118774][T14289] ? __x64_sys_futex+0x1e9/0x4c0 [ 703.118806][T14289] ksys_mmap_pgoff+0x7d/0x5c0 [ 703.118844][T14289] ? rcu_is_watching+0x12/0xc0 [ 703.118871][T14289] __x64_sys_mmap+0x125/0x190 [ 703.118906][T14289] do_syscall_64+0xcd/0x230 [ 703.118948][T14289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.118978][T14289] RIP: 0033:0x7fbbca58e969 [ 703.118998][T14289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.119025][T14289] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 703.119049][T14289] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 703.119066][T14289] RDX: 0000000400000072 RSI: 0000000000000009 RDI: 0000000000000000 [ 703.119082][T14289] RBP: 00007fbbca610ab1 R08: 0000001000000002 R09: 0000000000008000 [ 703.119098][T14289] R10: 0000000000008b72 R11: 0000000000000246 R12: 0000000000000000 [ 703.119117][T14289] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 703.119148][T14289] [ 708.744557][T14350] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3091'. [ 710.271832][T14352] kexec: Could not allocate control_code_buffer [ 713.572791][T14409] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3112'. [ 714.852711][T14417] ERROR: Out of memory at tomoyo_memory_ok. [ 714.991056][T14422] ERROR: Out of memory at tomoyo_memory_ok. [ 715.092986][T14426] ERROR: Out of memory at tomoyo_memory_ok. [ 716.571982][T14444] netlink: 266 bytes leftover after parsing attributes in process `syz.0.3123'. [ 716.615678][T14444] IPv6: NLM_F_CREATE should be specified when creating new route [ 716.907371][T14448] FAULT_INJECTION: forcing a failure. [ 716.907371][T14448] name failslab, interval 1, probability 0, space 0, times 0 [ 717.024825][T14448] CPU: 0 UID: 0 PID: 14448 Comm: syz.1.3124 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 717.024874][T14448] Tainted: [I]=FIRMWARE_WORKAROUND [ 717.024884][T14448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 717.024900][T14448] Call Trace: [ 717.024909][T14448] [ 717.024918][T14448] dump_stack_lvl+0x16c/0x1f0 [ 717.024968][T14448] should_fail_ex+0x512/0x640 [ 717.025012][T14448] ? fs_reclaim_acquire+0xae/0x150 [ 717.025055][T14448] should_failslab+0xc2/0x120 [ 717.025089][T14448] __kmalloc_cache_noprof+0x6a/0x3e0 [ 717.025116][T14448] ? tomoyo_init_log+0x197/0x2140 [ 717.025159][T14448] tomoyo_init_log+0x197/0x2140 [ 717.025201][T14448] ? format_decode+0x1ad/0xd40 [ 717.025234][T14448] ? __pfx_format_decode+0x10/0x10 [ 717.025274][T14448] ? __pfx_tomoyo_init_log+0x10/0x10 [ 717.025321][T14448] tomoyo_write_log2+0x2f7/0xc10 [ 717.025363][T14448] tomoyo_supervisor+0x15e/0x13b0 [ 717.025395][T14448] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 717.025433][T14448] ? lockdep_hardirqs_on+0x7c/0x110 [ 717.025475][T14448] ? tomoyo_check_path_acl+0xad/0x210 [ 717.025508][T14448] ? tomoyo_check_acl+0x1f7/0x410 [ 717.025539][T14448] tomoyo_path_permission+0x270/0x3b0 [ 717.025575][T14448] tomoyo_check_open_permission+0x37b/0x3c0 [ 717.025609][T14448] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 717.025673][T14448] ? do_raw_spin_lock+0x12c/0x2b0 [ 717.025722][T14448] tomoyo_file_open+0x6b/0x90 [ 717.025749][T14448] security_file_open+0x84/0x1e0 [ 717.025785][T14448] do_dentry_open+0x596/0x1c10 [ 717.025828][T14448] vfs_open+0x82/0x3f0 [ 717.025880][T14448] path_openat+0x1e5e/0x2d40 [ 717.025919][T14448] ? __pfx_path_openat+0x10/0x10 [ 717.025953][T14448] do_filp_open+0x20b/0x470 [ 717.025979][T14448] ? __pfx_do_filp_open+0x10/0x10 [ 717.026027][T14448] ? alloc_fd+0x471/0x7d0 [ 717.026076][T14448] do_sys_openat2+0x11b/0x1d0 [ 717.026110][T14448] ? __pfx_do_sys_openat2+0x10/0x10 [ 717.026157][T14448] __x64_sys_openat+0x174/0x210 [ 717.026197][T14448] ? __pfx___x64_sys_openat+0x10/0x10 [ 717.026234][T14448] ? rcu_is_watching+0x12/0xc0 [ 717.026267][T14448] do_syscall_64+0xcd/0x230 [ 717.026309][T14448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.026335][T14448] RIP: 0033:0x7f366d78e969 [ 717.026356][T14448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.026382][T14448] RSP: 002b:00007f366e59a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 717.026407][T14448] RAX: ffffffffffffffda RBX: 00007f366d9b5fa0 RCX: 00007f366d78e969 [ 717.026425][T14448] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 717.026441][T14448] RBP: 00007f366d810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 717.026458][T14448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 717.026474][T14448] R13: 0000000000000000 R14: 00007f366d9b5fa0 R15: 00007ffd1224bc28 [ 717.026505][T14448] [ 717.840703][T14459] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 718.175024][T14466] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3130'. [ 718.545205][T14470] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3133'. [ 720.319462][T14488] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3137'. [ 721.331377][T14502] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3142'. [ 721.910915][T14508] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3144'. [ 723.163851][T14524] netlink: zone id is out of range [ 723.198876][T14524] netlink: zone id is out of range [ 723.235345][T14524] netlink: zone id is out of range [ 723.264182][T14524] netlink: zone id is out of range [ 723.302342][T14524] netlink: zone id is out of range [ 723.332331][T14524] netlink: zone id is out of range [ 723.366862][T14524] netlink: zone id is out of range [ 723.394592][T14524] netlink: zone id is out of range [ 723.434677][T14524] netlink: zone id is out of range [ 723.482429][T14524] netlink: zone id is out of range [ 724.949389][T14550] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.3158' sets config #0 [ 725.086226][T14553] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3160'. [ 725.131720][T14553] : renamed from gre0 (while UP) [ 725.204518][T14553] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3160'. [ 726.676901][T14579] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3168'. [ 726.769183][T14579] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.428497][T14585] ERROR: Out of memory at tomoyo_memory_ok. [ 728.090274][T14606] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3177'. [ 729.936121][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 729.943069][T14592] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 730.634793][T14592] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 730.654537][T14592] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 730.671967][T14592] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 730.681068][T14592] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 730.690559][T14592] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 730.703041][T14592] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 730.710827][T14592] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 730.729033][T14592] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 730.735185][T14592] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 730.748019][T14592] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 732.018608][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 732.298382][T14640] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3190'. [ 732.739685][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 732.745778][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 732.752013][T12218] Bluetooth: hci3: command 0x0406 tx timeout [ 732.858127][T14648] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3192'. [ 733.125760][T14655] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3195'. [ 733.207855][T14655] IPv6: Can't replace route, no match found [ 734.097643][T14646] Bluetooth: hci1: command 0x0c1a tx timeout [ 734.818073][T14646] Bluetooth: hci2: command 0x0406 tx timeout [ 734.825917][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 734.832153][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 735.954982][T14703] netlink: 'syz.2.3212': attribute type 4 has an invalid length. [ 736.014293][T14703] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3212'. [ 736.900199][T14646] Bluetooth: hci0: command 0x0406 tx timeout [ 736.906280][T14646] Bluetooth: hci3: command 0x0406 tx timeout [ 737.969743][T14736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3223'. [ 738.020183][T14736] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3223'. [ 738.436234][T14742] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3226'. [ 739.127720][T14751] FAULT_INJECTION: forcing a failure. [ 739.127720][T14751] name failslab, interval 1, probability 0, space 0, times 0 [ 739.240916][T14751] CPU: 0 UID: 0 PID: 14751 Comm: syz.0.3230 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 739.240964][T14751] Tainted: [I]=FIRMWARE_WORKAROUND [ 739.240973][T14751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 739.240988][T14751] Call Trace: [ 739.240996][T14751] [ 739.241006][T14751] dump_stack_lvl+0x16c/0x1f0 [ 739.241055][T14751] should_fail_ex+0x512/0x640 [ 739.241095][T14751] ? __kvmalloc_node_noprof+0x122/0x600 [ 739.241128][T14751] should_failslab+0xc2/0x120 [ 739.241180][T14751] __kvmalloc_node_noprof+0x135/0x600 [ 739.241207][T14751] ? lockdep_init_map_type+0x5c/0x280 [ 739.241244][T14751] ? alloc_netdev_mqs+0xcf8/0x1570 [ 739.241285][T14751] ? alloc_netdev_mqs+0xcf8/0x1570 [ 739.241317][T14751] alloc_netdev_mqs+0xcf8/0x1570 [ 739.241358][T14751] ppp_ioctl+0x1761/0x2660 [ 739.241412][T14751] ? find_held_lock+0x2b/0x80 [ 739.241437][T14751] ? __pfx_ppp_ioctl+0x10/0x10 [ 739.241476][T14751] ? __fget_files+0x20e/0x3c0 [ 739.241505][T14751] ? __pfx_ppp_ioctl+0x10/0x10 [ 739.241540][T14751] __x64_sys_ioctl+0x190/0x200 [ 739.241581][T14751] do_syscall_64+0xcd/0x230 [ 739.241622][T14751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.241655][T14751] RIP: 0033:0x7fbbca58e969 [ 739.241677][T14751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.241702][T14751] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 739.241727][T14751] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 739.241744][T14751] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 739.241759][T14751] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 739.241775][T14751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.241790][T14751] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 739.241821][T14751] [ 740.514266][T14771] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3238'. [ 740.695714][T14774] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3239'. [ 740.708675][T14774] IPv6: Can't replace route, no match found [ 742.010689][T14783] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3248'. [ 742.403069][T14788] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 742.446149][T14793] [U]  [ 742.449014][T14793] [U] [ 742.451735][T14793] [U] [ 742.454452][T14793] [U] [ 742.458234][T14788] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 742.502745][T14793] [U] [ 742.505509][T14793] [U] [ 742.508238][T14793] [U] [ 742.510947][T14793] [U] [ 742.522644][T14788] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 742.536448][T14793] [U] [ 742.539204][T14793] [U] [ 742.541918][T14793] [U] [ 742.544641][T14793] [U] [ 742.579493][T14788] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 742.596250][T14795] [U] [ 743.266137][T14799] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3245'. [ 743.470637][T14803] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.3246' sets config #0 [ 743.782995][T14646] Bluetooth: hci1: command 0x0c1a tx timeout [ 743.919150][T14812] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3250'. [ 744.423755][T14816] netlink: 266 bytes leftover after parsing attributes in process `syz.1.3253'. [ 744.502897][T14646] Bluetooth: hci3: command 0x0406 tx timeout [ 744.584241][T14646] Bluetooth: hci0: command 0x0406 tx timeout [ 744.590343][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 745.744399][T14837] net_ratelimit: 20 callbacks suppressed [ 745.744434][T14837] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 745.756630][T14837] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 746.848459][T14851] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3268'. [ 747.140518][T14856] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3269'. [ 747.515925][T14859] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3270'. [ 748.083692][T14868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3273'. [ 748.141070][T14869] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3273'. [ 749.406445][T14875] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3276'. [ 750.336874][T14892] FAULT_INJECTION: forcing a failure. [ 750.336874][T14892] name failslab, interval 1, probability 0, space 0, times 0 [ 750.413926][T14892] CPU: 0 UID: 0 PID: 14892 Comm: syz.4.3280 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 750.413973][T14892] Tainted: [I]=FIRMWARE_WORKAROUND [ 750.413983][T14892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 750.413999][T14892] Call Trace: [ 750.414007][T14892] [ 750.414017][T14892] dump_stack_lvl+0x16c/0x1f0 [ 750.414067][T14892] should_fail_ex+0x512/0x640 [ 750.414118][T14892] ? fs_reclaim_acquire+0xae/0x150 [ 750.414159][T14892] should_failslab+0xc2/0x120 [ 750.414191][T14892] __kmalloc_cache_noprof+0x6a/0x3e0 [ 750.414217][T14892] ? tomoyo_init_log+0x197/0x2140 [ 750.414257][T14892] tomoyo_init_log+0x197/0x2140 [ 750.414289][T14892] ? format_decode+0x1ad/0xd40 [ 750.414321][T14892] ? __pfx_format_decode+0x10/0x10 [ 750.414359][T14892] ? __pfx_tomoyo_init_log+0x10/0x10 [ 750.414402][T14892] tomoyo_write_log2+0x2f7/0xc10 [ 750.414442][T14892] tomoyo_supervisor+0x15e/0x13b0 [ 750.414472][T14892] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 750.414508][T14892] ? lockdep_hardirqs_on+0x7c/0x110 [ 750.414547][T14892] ? tomoyo_check_path_acl+0xad/0x210 [ 750.414578][T14892] ? tomoyo_check_acl+0x1f7/0x410 [ 750.414609][T14892] tomoyo_path_permission+0x270/0x3b0 [ 750.414641][T14892] tomoyo_check_open_permission+0x37b/0x3c0 [ 750.414673][T14892] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 750.414734][T14892] ? do_raw_spin_lock+0x12c/0x2b0 [ 750.414780][T14892] tomoyo_file_open+0x6b/0x90 [ 750.414804][T14892] security_file_open+0x84/0x1e0 [ 750.414839][T14892] do_dentry_open+0x596/0x1c10 [ 750.414872][T14892] vfs_open+0x82/0x3f0 [ 750.414939][T14892] path_openat+0x1e5e/0x2d40 [ 750.414976][T14892] ? __pfx_path_openat+0x10/0x10 [ 750.415008][T14892] do_filp_open+0x20b/0x470 [ 750.415032][T14892] ? __pfx_do_filp_open+0x10/0x10 [ 750.415079][T14892] ? alloc_fd+0x471/0x7d0 [ 750.415126][T14892] do_sys_openat2+0x11b/0x1d0 [ 750.415159][T14892] ? __pfx_do_sys_openat2+0x10/0x10 [ 750.415205][T14892] __x64_sys_openat+0x174/0x210 [ 750.415239][T14892] ? __pfx___x64_sys_openat+0x10/0x10 [ 750.415288][T14892] ? rcu_is_watching+0x12/0xc0 [ 750.415323][T14892] do_syscall_64+0xcd/0x230 [ 750.415366][T14892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.415395][T14892] RIP: 0033:0x7f26dff8e969 [ 750.415414][T14892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.415440][T14892] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 750.415465][T14892] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 750.415486][T14892] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 750.415502][T14892] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 750.415517][T14892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.415532][T14892] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 750.415564][T14892] [ 751.318979][T14897] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3283'. [ 751.359491][T14897] netlink: 'syz.2.3283': attribute type 3 has an invalid length. [ 751.390612][T14897] netlink: 154 bytes leftover after parsing attributes in process `syz.2.3283'. [ 753.503402][T14921] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3289'. [ 753.986305][T14930] netlink: 'syz.2.3293': attribute type 17 has an invalid length. [ 754.025542][T14930] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3293'. [ 754.707515][T14938] bond0: mtu greater than device maximum [ 755.654363][T14944] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3297'. [ 755.771924][T14946] [U]  [ 755.774789][T14946] [U] [ 755.777506][T14946] [U] [ 755.780219][T14946] [U] [ 755.818577][T14946] [U] [ 755.821349][T14946] [U] [ 755.824067][T14946] [U] [ 755.826779][T14946] [U] [ 755.901738][T14946] [U] [ 755.904517][T14946] [U] [ 755.907241][T14946] [U] [ 755.909958][T14946] [U] [ 755.996454][T14946] [U] [ 755.999261][T14946] [U] [ 756.002003][T14946] [U] [ 756.004738][T14946] [U] [ 756.049008][T14946] [U] [ 756.486871][T14956] FAULT_INJECTION: forcing a failure. [ 756.486871][T14956] name failslab, interval 1, probability 0, space 0, times 0 [ 756.536647][T14956] CPU: 0 UID: 0 PID: 14956 Comm: syz.2.3302 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 756.536695][T14956] Tainted: [I]=FIRMWARE_WORKAROUND [ 756.536705][T14956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 756.536720][T14956] Call Trace: [ 756.536728][T14956] [ 756.536738][T14956] dump_stack_lvl+0x16c/0x1f0 [ 756.536786][T14956] should_fail_ex+0x512/0x640 [ 756.536828][T14956] ? fs_reclaim_acquire+0xae/0x150 [ 756.536886][T14956] should_failslab+0xc2/0x120 [ 756.536921][T14956] __kmalloc_cache_noprof+0x6a/0x3e0 [ 756.536949][T14956] ? tomoyo_init_log+0x197/0x2140 [ 756.536991][T14956] tomoyo_init_log+0x197/0x2140 [ 756.537026][T14956] ? format_decode+0x1ad/0xd40 [ 756.537059][T14956] ? __pfx_format_decode+0x10/0x10 [ 756.537100][T14956] ? __pfx_tomoyo_init_log+0x10/0x10 [ 756.537145][T14956] tomoyo_write_log2+0x2f7/0xc10 [ 756.537187][T14956] tomoyo_supervisor+0x15e/0x13b0 [ 756.537218][T14956] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 756.537256][T14956] ? lockdep_hardirqs_on+0x7c/0x110 [ 756.537298][T14956] ? tomoyo_check_path_acl+0xad/0x210 [ 756.537330][T14956] ? tomoyo_check_acl+0x1f7/0x410 [ 756.537362][T14956] tomoyo_path_permission+0x270/0x3b0 [ 756.537397][T14956] tomoyo_check_open_permission+0x37b/0x3c0 [ 756.537431][T14956] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 756.537501][T14956] ? do_raw_spin_lock+0x12c/0x2b0 [ 756.537550][T14956] tomoyo_file_open+0x6b/0x90 [ 756.537577][T14956] security_file_open+0x84/0x1e0 [ 756.537618][T14956] do_dentry_open+0x596/0x1c10 [ 756.537655][T14956] vfs_open+0x82/0x3f0 [ 756.537693][T14956] path_openat+0x1e5e/0x2d40 [ 756.537730][T14956] ? __pfx_path_openat+0x10/0x10 [ 756.537763][T14956] do_filp_open+0x20b/0x470 [ 756.537788][T14956] ? __pfx_do_filp_open+0x10/0x10 [ 756.537835][T14956] ? alloc_fd+0x471/0x7d0 [ 756.537884][T14956] do_sys_openat2+0x11b/0x1d0 [ 756.537918][T14956] ? __pfx_do_sys_openat2+0x10/0x10 [ 756.537965][T14956] __x64_sys_openat+0x174/0x210 [ 756.538000][T14956] ? __pfx___x64_sys_openat+0x10/0x10 [ 756.538038][T14956] ? rcu_is_watching+0x12/0xc0 [ 756.538070][T14956] do_syscall_64+0xcd/0x230 [ 756.538111][T14956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.538138][T14956] RIP: 0033:0x7f9dd538e969 [ 756.538157][T14956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.538182][T14956] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 756.538206][T14956] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 756.538222][T14956] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 756.538238][T14956] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 756.538254][T14956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.538269][T14956] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 756.538300][T14956] [ 758.590940][T14986] FAULT_INJECTION: forcing a failure. [ 758.590940][T14986] name failslab, interval 1, probability 0, space 0, times 0 [ 758.662875][T14986] CPU: 0 UID: 0 PID: 14986 Comm: syz.2.3313 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 758.662924][T14986] Tainted: [I]=FIRMWARE_WORKAROUND [ 758.662933][T14986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 758.662949][T14986] Call Trace: [ 758.662971][T14986] [ 758.662981][T14986] dump_stack_lvl+0x16c/0x1f0 [ 758.663029][T14986] should_fail_ex+0x512/0x640 [ 758.663069][T14986] ? fs_reclaim_acquire+0xae/0x150 [ 758.663115][T14986] should_failslab+0xc2/0x120 [ 758.663149][T14986] __kmalloc_cache_noprof+0x6a/0x3e0 [ 758.663176][T14986] ? tomoyo_write_log2+0x33d/0xc10 [ 758.663218][T14986] tomoyo_write_log2+0x33d/0xc10 [ 758.663263][T14986] tomoyo_supervisor+0x15e/0x13b0 [ 758.663297][T14986] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 758.663339][T14986] ? lockdep_hardirqs_on+0x7c/0x110 [ 758.663413][T14986] ? tomoyo_check_path_acl+0xad/0x210 [ 758.663447][T14986] ? tomoyo_check_acl+0x1f7/0x410 [ 758.663488][T14986] tomoyo_path_permission+0x270/0x3b0 [ 758.663523][T14986] tomoyo_check_open_permission+0x349/0x3c0 [ 758.663559][T14986] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 758.663624][T14986] ? do_raw_spin_lock+0x12c/0x2b0 [ 758.663674][T14986] tomoyo_file_open+0x6b/0x90 [ 758.663700][T14986] security_file_open+0x84/0x1e0 [ 758.663737][T14986] do_dentry_open+0x596/0x1c10 [ 758.663773][T14986] vfs_open+0x82/0x3f0 [ 758.663811][T14986] path_openat+0x1e5e/0x2d40 [ 758.663848][T14986] ? __pfx_path_openat+0x10/0x10 [ 758.663881][T14986] do_filp_open+0x20b/0x470 [ 758.663906][T14986] ? __pfx_do_filp_open+0x10/0x10 [ 758.663954][T14986] ? alloc_fd+0x471/0x7d0 [ 758.664002][T14986] do_sys_openat2+0x11b/0x1d0 [ 758.664037][T14986] ? __pfx_do_sys_openat2+0x10/0x10 [ 758.664073][T14986] ? find_held_lock+0x2b/0x80 [ 758.664105][T14986] __x64_sys_openat+0x174/0x210 [ 758.664140][T14986] ? __pfx___x64_sys_openat+0x10/0x10 [ 758.664178][T14986] ? rcu_is_watching+0x12/0xc0 [ 758.664211][T14986] do_syscall_64+0xcd/0x230 [ 758.664252][T14986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.664278][T14986] RIP: 0033:0x7f9dd538e969 [ 758.664298][T14986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.664323][T14986] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 758.664347][T14986] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 758.664364][T14986] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 758.664386][T14986] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 758.664401][T14986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.664416][T14986] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 758.664447][T14986] [ 759.346454][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 759.360066][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 760.193482][T15002] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3319'. [ 760.332723][T15002] bridge0: port 3(vlan1) entered disabled state [ 761.307861][T15022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3328'. [ 761.346207][T15021] netlink: 290 bytes leftover after parsing attributes in process `syz.0.3325'. [ 761.961095][T15031] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3330'. [ 762.924215][T15046] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3335'. [ 764.559909][T15072] FAULT_INJECTION: forcing a failure. [ 764.559909][T15072] name failslab, interval 1, probability 0, space 0, times 0 [ 764.654646][T15072] CPU: 0 UID: 0 PID: 15072 Comm: syz.2.3343 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 764.654695][T15072] Tainted: [I]=FIRMWARE_WORKAROUND [ 764.654704][T15072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 764.654719][T15072] Call Trace: [ 764.654729][T15072] [ 764.654738][T15072] dump_stack_lvl+0x16c/0x1f0 [ 764.654788][T15072] should_fail_ex+0x512/0x640 [ 764.654828][T15072] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 764.654859][T15072] should_failslab+0xc2/0x120 [ 764.654892][T15072] __kmalloc_cache_noprof+0x6a/0x3e0 [ 764.654918][T15072] ? snd_seq_port_connect+0x61/0x550 [ 764.654960][T15072] snd_seq_port_connect+0x61/0x550 [ 764.655001][T15072] ? _raw_read_unlock+0x28/0x50 [ 764.655036][T15072] ? check_subscription_permission.isra.0+0xf5/0x240 [ 764.655080][T15072] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 764.655123][T15072] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 764.655186][T15072] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 764.655224][T15072] snd_seq_oss_midi_open+0x442/0x660 [ 764.655251][T15072] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 764.655285][T15072] ? rcu_is_watching+0x12/0xc0 [ 764.655309][T15072] ? trace_contention_end+0xdd/0x130 [ 764.655346][T15072] snd_seq_oss_synth_reset+0x437/0x880 [ 764.655373][T15072] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 764.655399][T15072] ? __pfx___fsnotify_parent+0x10/0x10 [ 764.655442][T15072] snd_seq_oss_reset+0x73/0x290 [ 764.655478][T15072] ? __pfx_odev_release+0x10/0x10 [ 764.655509][T15072] snd_seq_oss_release+0x7c/0x180 [ 764.655545][T15072] odev_release+0x4c/0x70 [ 764.655576][T15072] __fput+0x402/0xb70 [ 764.655613][T15072] task_work_run+0x150/0x240 [ 764.655657][T15072] ? __pfx_task_work_run+0x10/0x10 [ 764.655697][T15072] ? __pfx___do_sys_close_range+0x10/0x10 [ 764.655721][T15072] ? rcu_is_watching+0x12/0xc0 [ 764.655750][T15072] syscall_exit_to_user_mode+0x27b/0x2a0 [ 764.655791][T15072] do_syscall_64+0xda/0x230 [ 764.655831][T15072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.655857][T15072] RIP: 0033:0x7f9dd538e969 [ 764.655877][T15072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 764.655902][T15072] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 764.655926][T15072] RAX: 0000000000000000 RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 764.655941][T15072] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 764.655971][T15072] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 764.655987][T15072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 764.656001][T15072] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 764.656032][T15072] [ 764.934993][ C0] vkms_vblank_simulate: vblank timer overrun [ 766.010116][T15084] netlink: 'syz.2.3348': attribute type 19 has an invalid length. [ 766.045729][T15084] netlink: 114 bytes leftover after parsing attributes in process `syz.2.3348'. [ 766.755005][T15094] netlink: 'syz.0.3351': attribute type 17 has an invalid length. [ 766.824620][T15094] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3351'. [ 768.324044][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3359'. [ 769.446049][T15130] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3370'. [ 769.722540][T15134] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3372'. [ 770.174829][T15143] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3365'. [ 772.779848][T15186] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3379'. [ 774.014011][T15206] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3386'. [ 775.693956][T15224] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3395'. [ 775.705177][T15225] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3394'. [ 775.754308][T15225] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3394'. [ 775.812803][T15225] netlink: 'syz.4.3394': attribute type 2 has an invalid length. [ 775.846705][T15225] netlink: 'syz.4.3394': attribute type 3 has an invalid length. [ 775.876652][T15229] netlink: 30 bytes leftover after parsing attributes in process `syz.2.3401'. [ 775.896296][T15225] netlink: 158 bytes leftover after parsing attributes in process `syz.4.3394'. [ 779.027366][T15270] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3406'. [ 779.131790][T15272] ERROR: Out of memory at tomoyo_memory_ok. [ 781.350762][T15296] netlink: 350 bytes leftover after parsing attributes in process `syz.4.3424'. [ 781.966702][T15309] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3417'. [ 783.240890][T15319] netlink: 350 bytes leftover after parsing attributes in process `syz.1.3429'. [ 783.742647][T15327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3420'. [ 784.742251][T15339] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3436'. [ 785.107611][T15345] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3422'. [ 788.322196][T15386] team0: mtu greater than device maximum [ 792.030903][T15428] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3455'. [ 792.732847][T15444] FAULT_INJECTION: forcing a failure. [ 792.732847][T15444] name failslab, interval 1, probability 0, space 0, times 0 [ 792.799304][T15444] CPU: 0 UID: 0 PID: 15444 Comm: syz.0.3462 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 792.799353][T15444] Tainted: [I]=FIRMWARE_WORKAROUND [ 792.799363][T15444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 792.799379][T15444] Call Trace: [ 792.799388][T15444] [ 792.799398][T15444] dump_stack_lvl+0x16c/0x1f0 [ 792.799452][T15444] should_fail_ex+0x512/0x640 [ 792.799496][T15444] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 792.799533][T15444] should_failslab+0xc2/0x120 [ 792.799570][T15444] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 792.799600][T15444] ? mqueue_alloc_inode+0x25/0x50 [ 792.799630][T15444] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 792.799654][T15444] mqueue_alloc_inode+0x25/0x50 [ 792.799695][T15444] alloc_inode+0x61/0x240 [ 792.799732][T15444] new_inode+0x22/0x1c0 [ 792.799767][T15444] mqueue_get_inode+0x2e/0xdd0 [ 792.799797][T15444] mqueue_create_attr+0x261/0x440 [ 792.799828][T15444] vfs_mkobj+0x3d8/0x620 [ 792.799866][T15444] ? __pfx_mqueue_create_attr+0x10/0x10 [ 792.799897][T15444] do_mq_open+0x700/0x8b0 [ 792.799924][T15444] ? __pfx_do_mq_open+0x10/0x10 [ 792.799952][T15444] ? __pfx___might_resched+0x10/0x10 [ 792.799988][T15444] __x64_sys_mq_open+0x155/0x1e0 [ 792.800015][T15444] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 792.800057][T15444] do_syscall_64+0xcd/0x230 [ 792.800099][T15444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.800128][T15444] RIP: 0033:0x7fbbca58e969 [ 792.800147][T15444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.800171][T15444] RSP: 002b:00007fbbcb31b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 792.800195][T15444] RAX: ffffffffffffffda RBX: 00007fbbca7b5fa0 RCX: 00007fbbca58e969 [ 792.800212][T15444] RDX: 0000000000000009 RSI: 000000000000007e RDI: 0000000000000000 [ 792.800227][T15444] RBP: 00007fbbca610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 792.800242][T15444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.800257][T15444] R13: 0000000000000000 R14: 00007fbbca7b5fa0 R15: 00007fffe07bfe48 [ 792.800296][T15444] [ 793.381137][T15447] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3466'. [ 793.419902][T15447] : renamed from gre0 [ 793.464337][T15447] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3466'. [ 794.055014][T15456] ERROR: Out of memory at tomoyo_memory_ok. [ 794.616039][T15473] netlink: 'syz.1.3475': attribute type 4 has an invalid length. [ 794.639882][T15473] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3475'. [ 796.179555][T15490] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3481'. [ 796.523741][T15494] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.3480' sets config #0 [ 797.519421][T15511] netlink: 'syz.0.3494': attribute type 4 has an invalid length. [ 797.573953][T15511] netlink: 314 bytes leftover after parsing attributes in process `syz.0.3494'. [ 798.635990][T15523] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.107557][T15548] input: f¬ as /devices/virtual/input/input8 [ 801.145099][ T5184] ERROR: Out of memory at tomoyo_memory_ok. [ 801.585395][T15554] netlink: 'syz.4.3503': attribute type 27 has an invalid length. [ 801.634580][T15554] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3503'. [ 803.475143][T15573] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3511'. [ 803.618590][T15576] netlink: 'syz.2.3512': attribute type 4 has an invalid length. [ 803.661542][T15576] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3512'. [ 803.721891][T15577] netlink: 'syz.2.3512': attribute type 4 has an invalid length. [ 803.769181][T15577] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3512'. [ 803.829750][T15579] netlink: 'syz.4.3513': attribute type 8 has an invalid length. [ 803.896609][T15579] netlink: 'syz.4.3513': attribute type 8 has an invalid length. [ 804.164289][T15582] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3515'. [ 804.328735][T15584] FAULT_INJECTION: forcing a failure. [ 804.328735][T15584] name fail_futex, interval 1, probability 0, space 0, times 0 [ 804.505080][T15584] CPU: 0 UID: 0 PID: 15584 Comm: syz.1.3514 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 804.505128][T15584] Tainted: [I]=FIRMWARE_WORKAROUND [ 804.505138][T15584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 804.505153][T15584] Call Trace: [ 804.505161][T15584] [ 804.505171][T15584] dump_stack_lvl+0x16c/0x1f0 [ 804.505219][T15584] should_fail_ex+0x512/0x640 [ 804.505267][T15584] get_futex_key+0x49e/0x1000 [ 804.505305][T15584] ? __pfx_get_futex_key+0x10/0x10 [ 804.505331][T15584] ? pick_eevdf+0x3be/0x5b0 [ 804.505363][T15584] ? update_curr_se+0x8b/0x270 [ 804.505397][T15584] ? update_curr+0x74/0x800 [ 804.505440][T15584] futex_wait_setup+0x78/0x290 [ 804.505481][T15584] __futex_wait+0x266/0x3c0 [ 804.505517][T15584] ? __pfx___futex_wait+0x10/0x10 [ 804.505550][T15584] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 804.505592][T15584] ? __pfx_futex_wake_mark+0x10/0x10 [ 804.505638][T15584] futex_wait+0xe8/0x380 [ 804.505670][T15584] ? __pfx_futex_wait+0x10/0x10 [ 804.505714][T15584] ? rcu_is_watching+0x12/0xc0 [ 804.505743][T15584] do_futex+0x229/0x350 [ 804.505771][T15584] ? __pfx_do_futex+0x10/0x10 [ 804.505798][T15584] ? putname+0x154/0x1a0 [ 804.505834][T15584] __x64_sys_futex+0x1e0/0x4c0 [ 804.505866][T15584] ? __pfx___x64_sys_futex+0x10/0x10 [ 804.505906][T15584] do_syscall_64+0xcd/0x230 [ 804.505948][T15584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.505975][T15584] RIP: 0033:0x7f366d78e969 [ 804.505995][T15584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 804.506020][T15584] RSP: 002b:00007f366e59a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 804.506044][T15584] RAX: ffffffffffffffda RBX: 00007f366d9b5fa8 RCX: 00007f366d78e969 [ 804.506066][T15584] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f366d9b5fa8 [ 804.506082][T15584] RBP: 00007f366d9b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 804.506096][T15584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f366d9b5fac [ 804.506112][T15584] R13: 0000000000000000 R14: 00007ffd1224bb40 R15: 00007ffd1224bc28 [ 804.506142][T15584] [ 804.968652][T15588] random: crng reseeded on system resumption [ 805.056270][T15590] netlink: 130 bytes leftover after parsing attributes in process `syz.4.3518'. [ 807.003395][T15617] netlink: 'syz.1.3528': attribute type 21 has an invalid length. [ 807.057815][T15617] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3528'. [ 807.505628][T15624] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3530'. [ 808.290841][T15633] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3533'. [ 808.343218][T15633] unsupported nlmsg_type 40 [ 810.713701][T15675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3551'. [ 810.774366][T15675] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3551'. [ 812.530547][T15695] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3558'. [ 813.440876][T15708] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3562'. [ 817.021197][T15760] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3582'. [ 818.734577][T15783] kvm: kvm [15781]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2 [ 818.891460][T15785] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 820.546372][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 820.553038][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 821.129202][T15807] netlink: 'syz.2.3599': attribute type 4 has an invalid length. [ 821.185671][T15807] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3599'. [ 821.246444][T15807] IPv6: Can't replace route, no match found [ 821.665834][T15812] mkiss: ax0: crc mode is auto. [ 822.187992][T15818] kvm: kvm [15817]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2 [ 822.712303][T15826] FAULT_INJECTION: forcing a failure. [ 822.712303][T15826] name failslab, interval 1, probability 0, space 0, times 0 [ 822.769696][T15826] CPU: 0 UID: 0 PID: 15826 Comm: syz.2.3605 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 822.769744][T15826] Tainted: [I]=FIRMWARE_WORKAROUND [ 822.769753][T15826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 822.769769][T15826] Call Trace: [ 822.769777][T15826] [ 822.769787][T15826] dump_stack_lvl+0x16c/0x1f0 [ 822.769835][T15826] should_fail_ex+0x512/0x640 [ 822.769877][T15826] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 822.769908][T15826] should_failslab+0xc2/0x120 [ 822.769943][T15826] __kmalloc_cache_noprof+0x6a/0x3e0 [ 822.769968][T15826] ? __do_sys_fanotify_init+0x40b/0xb80 [ 822.770007][T15826] __do_sys_fanotify_init+0x40b/0xb80 [ 822.770039][T15826] ? rcu_is_watching+0x12/0xc0 [ 822.770068][T15826] do_syscall_64+0xcd/0x230 [ 822.770115][T15826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.770141][T15826] RIP: 0033:0x7f9dd538e969 [ 822.770161][T15826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 822.770186][T15826] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 822.770210][T15826] RAX: ffffffffffffffda RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 822.770228][T15826] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000401 [ 822.770244][T15826] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 822.770260][T15826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 822.770275][T15826] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 822.770306][T15826] [ 824.709041][T15844] netlink: 'syz.1.3610': attribute type 4 has an invalid length. [ 824.794732][T15844] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3610'. [ 824.884754][T15844] IPv6: NLM_F_CREATE should be specified when creating new route [ 824.955197][T15844] IPv6: Can't replace route, no match found [ 825.034017][T15848] mkiss: ax0: crc mode is auto. [ 826.416221][T15866] sp0: Synchronizing with TNC [ 828.261958][T15896] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3632'. [ 828.814278][T15904] FAULT_INJECTION: forcing a failure. [ 828.814278][T15904] name failslab, interval 1, probability 0, space 0, times 0 [ 828.861194][T15904] CPU: 0 UID: 0 PID: 15904 Comm: syz.4.3635 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 828.861242][T15904] Tainted: [I]=FIRMWARE_WORKAROUND [ 828.861252][T15904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 828.861267][T15904] Call Trace: [ 828.861277][T15904] [ 828.861287][T15904] dump_stack_lvl+0x16c/0x1f0 [ 828.861338][T15904] should_fail_ex+0x512/0x640 [ 828.861382][T15904] ? __kmalloc_noprof+0xbf/0x510 [ 828.861414][T15904] ? lsm_blob_alloc+0x68/0x90 [ 828.861437][T15904] should_failslab+0xc2/0x120 [ 828.861472][T15904] __kmalloc_noprof+0xd2/0x510 [ 828.861507][T15904] lsm_blob_alloc+0x68/0x90 [ 828.861531][T15904] security_prepare_creds+0x30/0x270 [ 828.861573][T15904] prepare_creds+0x56f/0x7d0 [ 828.861621][T15904] __sys_setresuid+0x46d/0x1160 [ 828.861656][T15904] do_syscall_64+0xcd/0x230 [ 828.861707][T15904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.861734][T15904] RIP: 0033:0x7f26dff8e969 [ 828.861755][T15904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.861781][T15904] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 828.861805][T15904] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 828.861822][T15904] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000000 [ 828.861838][T15904] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 828.861854][T15904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.861870][T15904] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 828.861900][T15904] [ 832.151127][T15944] syz.2.3652: vmalloc error: size 1961984, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 832.230786][T15944] CPU: 0 UID: 0 PID: 15944 Comm: syz.2.3652 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 832.230842][T15944] Tainted: [I]=FIRMWARE_WORKAROUND [ 832.230852][T15944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 832.230868][T15944] Call Trace: [ 832.230879][T15944] [ 832.230889][T15944] dump_stack_lvl+0x16c/0x1f0 [ 832.230937][T15944] warn_alloc+0x248/0x3a0 [ 832.230977][T15944] ? __pfx_warn_alloc+0x10/0x10 [ 832.231007][T15944] ? alloc_pages_mpol+0x25a/0x550 [ 832.231046][T15944] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 832.231078][T15944] ? trace_kmalloc+0x2b/0xd0 [ 832.231121][T15944] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 832.231176][T15944] ? __snd_dma_alloc_pages+0x53/0x90 [ 832.231210][T15944] ? do_alloc_pages+0xd7/0x280 [ 832.231234][T15944] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 832.231288][T15944] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 832.231333][T15944] ? __snd_dma_alloc_pages+0x53/0x90 [ 832.231362][T15944] vmalloc_noprof+0x6b/0x90 [ 832.231391][T15944] ? __snd_dma_alloc_pages+0x53/0x90 [ 832.231417][T15944] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 832.231445][T15944] __snd_dma_alloc_pages+0x53/0x90 [ 832.231474][T15944] snd_dma_alloc_dir_pages+0x151/0x240 [ 832.231505][T15944] do_alloc_pages+0x115/0x280 [ 832.231532][T15944] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 832.231564][T15944] snd_pcm_hw_params+0x15e1/0x1b40 [ 832.231596][T15944] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 832.231623][T15944] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 832.231668][T15944] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 832.231705][T15944] ? __asan_memset+0x23/0x50 [ 832.231735][T15944] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 832.231762][T15944] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 832.231816][T15944] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 832.231857][T15944] ? snd_pcm_oss_sync+0x30c/0x840 [ 832.231916][T15944] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 832.231957][T15944] snd_pcm_oss_sync+0x32e/0x840 [ 832.231999][T15944] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 832.232038][T15944] snd_pcm_oss_release+0x28b/0x310 [ 832.232078][T15944] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 832.232116][T15944] __fput+0x402/0xb70 [ 832.232174][T15944] task_work_run+0x150/0x240 [ 832.232217][T15944] ? __pfx_task_work_run+0x10/0x10 [ 832.232256][T15944] ? __pfx___do_sys_close_range+0x10/0x10 [ 832.232281][T15944] ? rcu_is_watching+0x12/0xc0 [ 832.232317][T15944] syscall_exit_to_user_mode+0x27b/0x2a0 [ 832.232390][T15944] do_syscall_64+0xda/0x230 [ 832.232432][T15944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.232459][T15944] RIP: 0033:0x7f9dd538e969 [ 832.232480][T15944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.232506][T15944] RSP: 002b:00007f9dd62a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 832.232530][T15944] RAX: 0000000000000000 RBX: 00007f9dd55b5fa0 RCX: 00007f9dd538e969 [ 832.232546][T15944] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 832.232578][T15944] RBP: 00007f9dd5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 832.232592][T15944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.232607][T15944] R13: 0000000000000000 R14: 00007f9dd55b5fa0 R15: 00007ffc25ab5128 [ 832.232640][T15944] [ 832.926814][T15944] Mem-Info: [ 832.936767][T15944] active_anon:79426 inactive_anon:0 isolated_anon:0 [ 832.936767][T15944] active_file:8803 inactive_file:49791 isolated_file:0 [ 832.936767][T15944] unevictable:768 dirty:290 writeback:0 [ 832.936767][T15944] slab_reclaimable:10758 slab_unreclaimable:94198 [ 832.936767][T15944] mapped:30824 shmem:68415 pagetables:1016 [ 832.936767][T15944] sec_pagetables:0 bounce:0 [ 832.936767][T15944] kernel_misc_reclaimable:0 [ 832.936767][T15944] free:1246825 free_pcp:13337 free_cma:0 [ 833.031056][T15944] Node 0 active_anon:315936kB inactive_anon:0kB active_file:35212kB inactive_file:198964kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:123920kB dirty:1208kB writeback:0kB shmem:272476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10576kB pagetables:4116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 833.126951][T15944] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 833.231973][T15944] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 833.232099][T15944] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 833.232166][T15944] Node 0 DMA32 free:1118512kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:312688kB inactive_anon:0kB active_file:35212kB inactive_file:197144kB unevictable:1536kB writepending:1244kB present:3129332kB managed:2544136kB mlocked:0kB bounce:0kB free_pcp:7128kB local_pcp:7128kB free_cma:0kB [ 833.232233][T15944] lowmem_reserve[]: 0 0 1 1 1 [ 833.232277][T15944] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 833.232347][T15944] lowmem_reserve[]: 0 0 0 0 0 [ 833.232392][T15944] Node 1 Normal free:3853160kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:50992kB local_pcp:50992kB free_cma:0kB [ 833.232461][T15944] lowmem_reserve[]: 0 0 0 0 0 [ 833.232509][T15944] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 833.232721][T15944] Node 0 DMA32: 2*4kB (UE) 9*8kB (ME) 10*16kB (UME) 5*32kB (E) 10*64kB (UME) 34*128kB (U) 34*256kB (UME) 41*512kB (UM) 48*1024kB (UE) 7*2048kB (UM) 249*4096kB (UM) = 1118480kB [ 833.232934][T15944] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 833.233072][T15944] Node 1 Normal: 5*4kB (ME) 8*8kB (UME) 12*16kB (ME) 52*32kB (UME) 94*64kB (UME) 43*128kB (UME) 17*256kB (UME) 13*512kB (UME) 7*1024kB (UM) 6*2048kB (UME) 930*4096kB (UM) = 3853204kB [ 833.233299][T15944] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 833.233328][T15944] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 833.233348][T15944] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 833.233369][T15944] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 833.233390][T15944] 125721 total pagecache pages [ 833.233400][T15944] 0 pages in swap cache [ 833.233414][T15944] Free swap = 124996kB [ 833.233423][T15944] Total swap = 124996kB [ 833.233433][T15944] 2097051 pages RAM [ 833.233441][T15944] 0 pages HighMem/MovableOnly [ 833.233450][T15944] 428911 pages reserved [ 833.233459][T15944] 0 pages cma reserved [ 834.877333][T15948] tty tty46: ldisc open failed (-12), clearing slot 45 [ 836.103587][T15977] sd 0:0:1:0: PR command failed: 1026 [ 836.124771][T15977] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 836.165058][T15977] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 836.847093][T15991] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3670'. [ 837.705619][T16001] FAULT_INJECTION: forcing a failure. [ 837.705619][T16001] name failslab, interval 1, probability 0, space 0, times 0 [ 837.839299][T16001] CPU: 0 UID: 0 PID: 16001 Comm: syz.4.3674 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 837.839348][T16001] Tainted: [I]=FIRMWARE_WORKAROUND [ 837.839358][T16001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 837.839374][T16001] Call Trace: [ 837.839382][T16001] [ 837.839393][T16001] dump_stack_lvl+0x16c/0x1f0 [ 837.839443][T16001] should_fail_ex+0x512/0x640 [ 837.839486][T16001] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 837.839517][T16001] should_failslab+0xc2/0x120 [ 837.839550][T16001] __kmalloc_cache_noprof+0x6a/0x3e0 [ 837.839577][T16001] ? ima_calc_file_hash_tfm+0x29f/0x3d0 [ 837.839610][T16001] ima_calc_file_hash_tfm+0x29f/0x3d0 [ 837.839638][T16001] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 837.839700][T16001] ? shmem_huge_global_enabled+0x173/0x5b0 [ 837.839732][T16001] ? ima_alloc_tfm+0x21a/0x2e0 [ 837.839755][T16001] ? shmem_getattr+0x397/0x450 [ 837.839784][T16001] ima_calc_file_hash+0x1ba/0x490 [ 837.839814][T16001] ima_collect_measurement+0x897/0xa40 [ 837.839851][T16001] ? __pfx_ima_collect_measurement+0x10/0x10 [ 837.839915][T16001] ? do_raw_read_unlock+0x44/0xe0 [ 837.839966][T16001] ? vfs_getxattr_alloc+0xec/0x340 [ 837.839997][T16001] ? ima_get_hash_algo+0x27c/0x400 [ 837.840042][T16001] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 837.840086][T16001] ? process_measurement+0x11fa/0x23e0 [ 837.840128][T16001] process_measurement+0x11fa/0x23e0 [ 837.840180][T16001] ? __pfx_process_measurement+0x10/0x10 [ 837.840220][T16001] ? __lock_acquire+0x5ca/0x1ba0 [ 837.840258][T16001] ? futex_wait_queue+0x24/0x220 [ 837.840329][T16001] ? mtree_load+0x325/0xa40 [ 837.840373][T16001] ima_file_mmap+0x1b1/0x1d0 [ 837.840414][T16001] ? __pfx_ima_file_mmap+0x10/0x10 [ 837.840463][T16001] security_mmap_file+0x88c/0x990 [ 837.840502][T16001] __do_sys_remap_file_pages+0x2e2/0xac0 [ 837.840556][T16001] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 837.840599][T16001] ? __x64_sys_futex+0x1e0/0x4c0 [ 837.840631][T16001] ? xfd_validate_state+0x5d/0x180 [ 837.840659][T16001] ? rcu_is_watching+0x12/0xc0 [ 837.840693][T16001] do_syscall_64+0xcd/0x230 [ 837.840736][T16001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.840762][T16001] RIP: 0033:0x7f26dff8e969 [ 837.840783][T16001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.840808][T16001] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 837.840832][T16001] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 837.840849][T16001] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000006a2b [ 837.840865][T16001] RBP: 00007f26e0010ab1 R08: 0000000000010000 R09: 0000000000000000 [ 837.840881][T16001] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 837.840896][T16001] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 837.840927][T16001] [ 837.841135][ T30] audit: type=1800 audit(4294970847.936:14): pid=16001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3674" name="dev/zero" dev="tmpfs" ino=2936 res=0 errno=0 [ 838.311365][T16005] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 838.558533][T16010] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3677'. [ 838.880911][T16018] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3681'. [ 838.934757][T16018] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.942247][T16018] bridge0: port 1(bridge_slave_0) entered disabled state [ 840.514869][T16037] ================================================================== [ 840.523008][T16037] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 840.530772][T16037] Read of size 8 at addr ffff88802a216018 by task syz.4.3689/16037 [ 840.538763][T16037] [ 840.541102][T16037] CPU: 0 UID: 0 PID: 16037 Comm: syz.4.3689 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 840.541143][T16037] Tainted: [I]=FIRMWARE_WORKAROUND [ 840.541152][T16037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 840.541167][T16037] Call Trace: [ 840.541179][T16037] [ 840.541188][T16037] dump_stack_lvl+0x116/0x1f0 [ 840.541235][T16037] print_report+0xc3/0x670 [ 840.541280][T16037] ? __virt_addr_valid+0x5e/0x590 [ 840.541317][T16037] ? __phys_addr+0xc6/0x150 [ 840.541351][T16037] ? dvb_device_open+0x36a/0x3b0 [ 840.541390][T16037] kasan_report+0xe0/0x110 [ 840.541422][T16037] ? dvb_device_open+0x36a/0x3b0 [ 840.541462][T16037] ? __pfx_dvb_device_open+0x10/0x10 [ 840.541500][T16037] dvb_device_open+0x36a/0x3b0 [ 840.541539][T16037] ? __pfx_dvb_device_open+0x10/0x10 [ 840.541577][T16037] chrdev_open+0x234/0x6a0 [ 840.541607][T16037] ? __pfx_apparmor_file_open+0x10/0x10 [ 840.541644][T16037] ? __pfx_chrdev_open+0x10/0x10 [ 840.541673][T16037] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 840.541717][T16037] do_dentry_open+0x744/0x1c10 [ 840.541745][T16037] ? __pfx_chrdev_open+0x10/0x10 [ 840.541775][T16037] vfs_open+0x82/0x3f0 [ 840.541810][T16037] path_openat+0x1e5e/0x2d40 [ 840.541841][T16037] ? __pfx_path_openat+0x10/0x10 [ 840.541869][T16037] do_filp_open+0x20b/0x470 [ 840.541906][T16037] ? __pfx_do_filp_open+0x10/0x10 [ 840.541949][T16037] ? alloc_fd+0x471/0x7d0 [ 840.541993][T16037] do_sys_openat2+0x11b/0x1d0 [ 840.542046][T16037] ? __pfx_do_sys_openat2+0x10/0x10 [ 840.542086][T16037] ? __pfx_do_sys_openat2+0x10/0x10 [ 840.542122][T16037] ? __pfx___might_resched+0x10/0x10 [ 840.542155][T16037] __x64_sys_openat+0x174/0x210 [ 840.542190][T16037] ? __pfx___x64_sys_openat+0x10/0x10 [ 840.542226][T16037] ? rcu_is_watching+0x12/0xc0 [ 840.542255][T16037] do_syscall_64+0xcd/0x230 [ 840.542295][T16037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.542323][T16037] RIP: 0033:0x7f26dff8e969 [ 840.542344][T16037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 840.542370][T16037] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 840.542394][T16037] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 840.542411][T16037] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 840.542427][T16037] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 840.542442][T16037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 840.542457][T16037] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 840.542481][T16037] [ 840.542489][T16037] [ 840.807503][T16037] Allocated by task 1: [ 840.811579][T16037] kasan_save_stack+0x33/0x60 [ 840.816277][T16037] kasan_save_track+0x14/0x30 [ 840.820981][T16037] __kasan_kmalloc+0xaa/0xb0 [ 840.825580][T16037] dvb_register_device+0x1e4/0x2370 [ 840.830805][T16037] dvb_register_frontend+0x5a6/0x880 [ 840.836117][T16037] vidtv_bridge_probe+0x459/0xa90 [ 840.841184][T16037] platform_probe+0xff/0x1f0 [ 840.845803][T16037] really_probe+0x241/0xa90 [ 840.850358][T16037] __driver_probe_device+0x1de/0x440 [ 840.855658][T16037] driver_probe_device+0x4c/0x1b0 [ 840.860718][T16037] __driver_attach+0x283/0x580 [ 840.865507][T16037] bus_for_each_dev+0x13e/0x1d0 [ 840.870384][T16037] bus_add_driver+0x2e9/0x690 [ 840.875070][T16037] driver_register+0x15c/0x4b0 [ 840.879851][T16037] vidtv_bridge_init+0x45/0x80 [ 840.884634][T16037] do_one_initcall+0x120/0x6e0 [ 840.889450][T16037] kernel_init_freeable+0x5c2/0x900 [ 840.894679][T16037] kernel_init+0x1c/0x2b0 [ 840.899025][T16037] ret_from_fork+0x48/0x80 [ 840.903449][T16037] ret_from_fork_asm+0x1a/0x30 [ 840.908243][T16037] [ 840.910589][T16037] Freed by task 16005: [ 840.914660][T16037] kasan_save_stack+0x33/0x60 [ 840.919353][T16037] kasan_save_track+0x14/0x30 [ 840.924041][T16037] kasan_save_free_info+0x3b/0x60 [ 840.929092][T16037] __kasan_slab_free+0x51/0x70 [ 840.933867][T16037] kfree+0x2b6/0x4d0 [ 840.937769][T16037] dvb_device_put.part.0+0x60/0x90 [ 840.942907][T16037] dvb_device_open+0x2a4/0x3b0 [ 840.947693][T16037] chrdev_open+0x234/0x6a0 [ 840.952120][T16037] do_dentry_open+0x744/0x1c10 [ 840.956917][T16037] vfs_open+0x82/0x3f0 [ 840.961003][T16037] path_openat+0x1e5e/0x2d40 [ 840.965603][T16037] do_filp_open+0x20b/0x470 [ 840.970114][T16037] do_sys_openat2+0x11b/0x1d0 [ 840.974894][T16037] __x64_sys_openat+0x174/0x210 [ 840.979783][T16037] do_syscall_64+0xcd/0x230 [ 840.984322][T16037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.990226][T16037] [ 840.992554][T16037] The buggy address belongs to the object at ffff88802a216000 [ 840.992554][T16037] which belongs to the cache kmalloc-256 of size 256 [ 841.006617][T16037] The buggy address is located 24 bytes inside of [ 841.006617][T16037] freed 256-byte region [ffff88802a216000, ffff88802a216100) [ 841.020354][T16037] [ 841.022698][T16037] The buggy address belongs to the physical page: [ 841.029108][T16037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a216 [ 841.037908][T16037] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 841.046444][T16037] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 841.054017][T16037] page_type: f5(slab) [ 841.058025][T16037] raw: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 841.066617][T16037] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 841.075228][T16037] head: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 841.083906][T16037] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 841.092586][T16037] head: 00fff00000000001 ffffea0000a88581 00000000ffffffff 00000000ffffffff [ 841.101264][T16037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 841.109946][T16037] page dumped because: kasan: bad access detected [ 841.116371][T16037] page_owner tracks the page as allocated [ 841.122086][T16037] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 27734160208, free_ts 0 [ 841.141814][T16037] post_alloc_hook+0x181/0x1b0 [ 841.146625][T16037] get_page_from_freelist+0x135c/0x3920 [ 841.152190][T16037] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 841.158095][T16037] alloc_pages_mpol+0x1fb/0x550 [ 841.162964][T16037] new_slab+0x244/0x340 [ 841.167212][T16037] ___slab_alloc+0xd9c/0x1940 [ 841.171893][T16037] __slab_alloc.constprop.0+0x56/0xb0 [ 841.177273][T16037] __kmalloc_cache_noprof+0xfb/0x3e0 [ 841.182564][T16037] dvb_register_device+0x1e4/0x2370 [ 841.187810][T16037] dvb_register_frontend+0x5a6/0x880 [ 841.193139][T16037] vidtv_bridge_probe+0x459/0xa90 [ 841.198202][T16037] platform_probe+0xff/0x1f0 [ 841.202833][T16037] really_probe+0x241/0xa90 [ 841.207349][T16037] __driver_probe_device+0x1de/0x440 [ 841.212748][T16037] driver_probe_device+0x4c/0x1b0 [ 841.217808][T16037] __driver_attach+0x283/0x580 [ 841.222589][T16037] page_owner free stack trace missing [ 841.227955][T16037] [ 841.230277][T16037] Memory state around the buggy address: [ 841.235909][T16037] ffff88802a215f00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 841.243977][T16037] ffff88802a215f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 841.252049][T16037] >ffff88802a216000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 841.260113][T16037] ^ [ 841.264961][T16037] ffff88802a216080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 841.273030][T16037] ffff88802a216100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 841.281094][T16037] ================================================================== [ 841.289352][ C0] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 843.386502][ T5181] ERROR: Out of memory at tomoyo_memory_ok. [ 843.909034][T16037] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 843.916301][T16037] CPU: 0 UID: 0 PID: 16037 Comm: syz.4.3689 Tainted: G I 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 843.929945][T16037] Tainted: [I]=FIRMWARE_WORKAROUND [ 843.935052][T16037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 843.945111][T16037] Call Trace: [ 843.948399][T16037] [ 843.951338][T16037] dump_stack_lvl+0x3d/0x1f0 [ 843.955970][T16037] panic+0x71c/0x800 [ 843.959891][T16037] ? __pfx_panic+0x10/0x10 [ 843.964330][T16037] ? mark_held_locks+0x49/0x80 [ 843.969142][T16037] ? preempt_schedule_thunk+0x16/0x30 [ 843.974696][T16037] ? dvb_device_open+0x36a/0x3b0 [ 843.979677][T16037] ? preempt_schedule_common+0x44/0xc0 [ 843.985201][T16037] ? dvb_device_open+0x36a/0x3b0 [ 843.990167][T16037] check_panic_on_warn+0xab/0xb0 [ 843.995135][T16037] end_report+0x107/0x170 [ 843.999518][T16037] kasan_report+0xee/0x110 [ 844.003976][T16037] ? dvb_device_open+0x36a/0x3b0 [ 844.008981][T16037] ? __pfx_dvb_device_open+0x10/0x10 [ 844.014307][T16037] dvb_device_open+0x36a/0x3b0 [ 844.019100][T16037] ? __pfx_dvb_device_open+0x10/0x10 [ 844.024435][T16037] chrdev_open+0x234/0x6a0 [ 844.028926][T16037] ? __pfx_apparmor_file_open+0x10/0x10 [ 844.034519][T16037] ? __pfx_chrdev_open+0x10/0x10 [ 844.039505][T16037] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 844.046308][T16037] do_dentry_open+0x744/0x1c10 [ 844.051090][T16037] ? __pfx_chrdev_open+0x10/0x10 [ 844.056042][T16037] vfs_open+0x82/0x3f0 [ 844.060127][T16037] path_openat+0x1e5e/0x2d40 [ 844.064728][T16037] ? __pfx_path_openat+0x10/0x10 [ 844.069681][T16037] do_filp_open+0x20b/0x470 [ 844.074195][T16037] ? __pfx_do_filp_open+0x10/0x10 [ 844.079240][T16037] ? alloc_fd+0x471/0x7d0 [ 844.083601][T16037] do_sys_openat2+0x11b/0x1d0 [ 844.088323][T16037] ? __pfx_do_sys_openat2+0x10/0x10 [ 844.093580][T16037] ? __pfx_do_sys_openat2+0x10/0x10 [ 844.098933][T16037] ? __pfx___might_resched+0x10/0x10 [ 844.104265][T16037] __x64_sys_openat+0x174/0x210 [ 844.109155][T16037] ? __pfx___x64_sys_openat+0x10/0x10 [ 844.114555][T16037] ? rcu_is_watching+0x12/0xc0 [ 844.119339][T16037] do_syscall_64+0xcd/0x230 [ 844.123873][T16037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.129779][T16037] RIP: 0033:0x7f26dff8e969 [ 844.134202][T16037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.153819][T16037] RSP: 002b:00007f26e0d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 844.162250][T16037] RAX: ffffffffffffffda RBX: 00007f26e01b5fa0 RCX: 00007f26dff8e969 [ 844.170227][T16037] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 844.178222][T16037] RBP: 00007f26e0010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 844.186198][T16037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.194171][T16037] R13: 0000000000000000 R14: 00007f26e01b5fa0 R15: 00007ffebbb82208 [ 844.202172][T16037] [ 844.205334][T16037] Kernel Offset: disabled [ 844.209714][T16037] Rebooting in 86400 seconds..