last executing test programs: 4.159019364s ago: executing program 0 (id=2751): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket(0x2a, 0x2, 0x0) socket(0x2a, 0x2, 0x1) bind$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0x0, 0x8000}, 0x6b) 4.025942647s ago: executing program 0 (id=2753): r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(r0, r0, 0x0) socket(0x2, 0x2, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3.778783043s ago: executing program 0 (id=2755): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendto$auto(0x3, 0x0, 0xfffffffffffffdef, 0x101, 0x0, 0x1c) ioctl$auto(0x3, 0x80000541b, 0x38) 2.929643865s ago: executing program 1 (id=2764): socket(0x15, 0x5, 0x0) eventfd$auto(0x7) open(&(0x7f0000004080)='./file0\x00', 0x40, 0x23) socket(0x2, 0x3, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x0, 0x22, 0xfffffffffffffffe, 0x0) 2.822806524s ago: executing program 0 (id=2765): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, 0x0) 2.754966168s ago: executing program 0 (id=2767): syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0) 2.728614428s ago: executing program 1 (id=2768): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 2.630777745s ago: executing program 0 (id=2769): close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) mremap$auto(0x0, 0x9, 0x2, 0x3, 0x7fffffffb000) 2.570602767s ago: executing program 1 (id=2770): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x82, 0x0) 1.697996932s ago: executing program 3 (id=2776): mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) getsockopt$auto(0x6, 0x11b, 0x8, 0xfffffffffffffffd, 0x0) 1.572754664s ago: executing program 3 (id=2777): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) getsockopt$auto(0x4, 0x6, 0x100003, 0xfffffffffffffffc, 0x0) 1.288813103s ago: executing program 1 (id=2778): unshare$auto(0x40000080) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa833e6fc65b6b3cf705001900ffff8eac2cdafc1f64010043eeb0b0530300000000000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7ff, 0x200}, 0x100, 0x6) 1.288685059s ago: executing program 3 (id=2779): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x0) 1.209323842s ago: executing program 3 (id=2780): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x200, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001d40), 0x40a40, 0x0) 685.641684ms ago: executing program 2 (id=2783): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x1, 0x0, 0x0) timer_gettime$auto(0x0, 0x0) 614.82945ms ago: executing program 2 (id=2784): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0xff, 0x4001, 0x0, 0x5) 614.645892ms ago: executing program 2 (id=2785): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000240)={0x13, r1, 0x6c5679fc7dece1a9, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_SECRET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000) 593.180619ms ago: executing program 2 (id=2786): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000011c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)={0x14, r1, 0x929, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x240008c5}, 0xc0) 561.971013ms ago: executing program 2 (id=2787): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b", @ANYRES32, @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x100}, 0x2e) 525.231689ms ago: executing program 2 (id=2788): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x3f3) 404.567291ms ago: executing program 1 (id=2789): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) shutdown$auto(0x200000003, 0x1) 330.290746ms ago: executing program 1 (id=2790): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 231.691102ms ago: executing program 3 (id=2791): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r1, 0x703, 0x70bd27, 0x25dfd9fc}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x4) 0s ago: executing program 3 (id=2792): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) kernel console output (not intermixed with test programs): miscuous mode [ 87.990317][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.008193][ T5830] veth0_macvtap: entered promiscuous mode [ 88.017765][ T5833] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.027616][ T5833] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.036500][ T5833] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.045666][ T5833] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.058650][ T5829] veth1_macvtap: entered promiscuous mode [ 88.077886][ T5827] veth0_vlan: entered promiscuous mode [ 88.090404][ T5830] veth1_macvtap: entered promiscuous mode [ 88.116217][ T5827] veth1_vlan: entered promiscuous mode [ 88.139923][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.151596][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.179423][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.195334][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.210211][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.219376][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.229582][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.238588][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.258491][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.267608][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.277360][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.287372][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.373844][ T5827] veth0_macvtap: entered promiscuous mode [ 88.395231][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.395700][ T5827] veth1_macvtap: entered promiscuous mode [ 88.418785][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.493349][ T2996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.503253][ T2996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.552568][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.561869][ T3561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.577854][ T3561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.594195][ T2949] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.606430][ T2949] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.619687][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.647778][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.657864][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.668262][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.679704][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.686340][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.732564][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.754668][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.847804][ T3561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.873841][ T3561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.049863][ T2996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.071156][ T2996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.209363][ T3561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.231862][ T3561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.309952][ T5845] Bluetooth: hci1: command tx timeout [ 89.385217][ T5845] Bluetooth: hci2: command tx timeout [ 89.391138][ T51] Bluetooth: hci0: command tx timeout [ 89.396791][ T51] Bluetooth: hci3: command tx timeout [ 91.385733][ T5845] Bluetooth: hci1: command tx timeout [ 91.465648][ T5845] Bluetooth: hci0: command tx timeout [ 91.471100][ T5845] Bluetooth: hci2: command tx timeout [ 91.476558][ T51] Bluetooth: hci3: command tx timeout [ 91.605345][ T6000] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.791582][ T24] cfg80211: failed to load regulatory.db [ 92.295926][ T6025] random: crng reseeded on system resumption [ 92.395391][ T6029] Zero length message leads to an empty skb [ 92.908684][ T6047] netlink: 342 bytes leftover after parsing attributes in process `syz.1.57'. [ 93.214537][ T6059] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.297226][ T6062] capability: warning: `syz.3.64' uses 32-bit capabilities (legacy support in use) [ 93.738993][ T6078] ptrace attach of "./syz-executor exec"[5833] was attempted by ""[6078] [ 93.979795][ T6084] capability: warning: `syz.1.72' uses deprecated v2 capabilities in a way that may be insecure [ 96.173314][ T6155] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 96.190097][ T6155] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 96.413604][ T6164] process 'syz.2.106' launched '/dev/fd/3/./file0' with NULL argv: empty string added [ 98.036492][ T6222] netlink: 346 bytes leftover after parsing attributes in process `syz.2.132'. [ 98.365994][ T6234] netlink: 334 bytes leftover after parsing attributes in process `syz.2.137'. [ 99.452464][ T6263] netlink: 334 bytes leftover after parsing attributes in process `syz.1.148'. [ 100.483307][ T6299] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 100.524019][ T6299] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 101.503503][ T6332] netlink: 40 bytes leftover after parsing attributes in process `syz.3.178'. [ 102.140840][ T6350] netlink: 206 bytes leftover after parsing attributes in process `syz.2.185'. [ 102.998089][ T6378] netlink: 342 bytes leftover after parsing attributes in process `syz.0.197'. [ 103.930579][ T6411] UHID_CREATE from different security context by process 124 (syz.2.212), this is not allowed. [ 105.783574][ T6417] kexec: Could not allocate control_code_buffer [ 106.965795][ T6498] mmap: syz.2.247 (6498) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 108.280886][ T6501] kexec: Could not allocate control_code_buffer [ 108.330748][ T6534] netlink: 'syz.3.259': attribute type 9 has an invalid length. [ 108.404734][ T6534] netlink: 330 bytes leftover after parsing attributes in process `syz.3.259'. [ 108.600892][ T5845] Bluetooth: hci2: Malformed Event: 0x2f [ 109.342225][ T6568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.277'. [ 109.538632][ T6574] FAULT_INJECTION: forcing a failure. [ 109.538632][ T6574] name failslab, interval 1, probability 0, space 0, times 1 [ 109.604090][ T6574] CPU: 0 UID: 0 PID: 6574 Comm: syz.2.279 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 109.604128][ T6574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.604146][ T6574] Call Trace: [ 109.604155][ T6574] [ 109.604168][ T6574] dump_stack_lvl+0x16c/0x1f0 [ 109.604214][ T6574] should_fail_ex+0x512/0x640 [ 109.604248][ T6574] ? __kmalloc_noprof+0xbf/0x510 [ 109.604289][ T6574] ? sk_prot_alloc+0x1a8/0x2a0 [ 109.604312][ T6574] should_failslab+0xc2/0x120 [ 109.604336][ T6574] __kmalloc_noprof+0xd2/0x510 [ 109.604380][ T6574] sk_prot_alloc+0x1a8/0x2a0 [ 109.604409][ T6574] sk_alloc+0x36/0xc20 [ 109.604444][ T6574] mctp_pf_create+0xe8/0x330 [ 109.604490][ T6574] __sock_create+0x335/0x8d0 [ 109.604527][ T6574] __sys_socket+0x14d/0x260 [ 109.604558][ T6574] ? __pfx___sys_socket+0x10/0x10 [ 109.604588][ T6574] ? xfd_validate_state+0x61/0x180 [ 109.604618][ T6574] ? __pfx___do_sys_prctl+0x10/0x10 [ 109.604660][ T6574] __x64_sys_socket+0x72/0xb0 [ 109.604688][ T6574] ? lockdep_hardirqs_on+0x7c/0x110 [ 109.604722][ T6574] do_syscall_64+0xcd/0x490 [ 109.604761][ T6574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.604786][ T6574] RIP: 0033:0x7f011098e929 [ 109.604810][ T6574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.604838][ T6574] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 109.604863][ T6574] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 109.604880][ T6574] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d [ 109.604895][ T6574] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 109.604910][ T6574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.604925][ T6574] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 109.604959][ T6574] [ 110.767814][ T6594] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary [ 111.071794][ T6605] FAULT_INJECTION: forcing a failure. [ 111.071794][ T6605] name failslab, interval 1, probability 0, space 0, times 0 [ 111.131241][ T6605] CPU: 0 UID: 0 PID: 6605 Comm: syz.0.292 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 111.131279][ T6605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.131293][ T6605] Call Trace: [ 111.131303][ T6605] [ 111.131313][ T6605] dump_stack_lvl+0x16c/0x1f0 [ 111.131356][ T6605] should_fail_ex+0x512/0x640 [ 111.131391][ T6605] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 111.131427][ T6605] should_failslab+0xc2/0x120 [ 111.131452][ T6605] __kmalloc_cache_noprof+0x6a/0x3e0 [ 111.131485][ T6605] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 111.131516][ T6605] ? kasan_save_track+0x14/0x30 [ 111.131554][ T6605] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 111.131586][ T6605] ? rcu_is_watching+0x12/0xc0 [ 111.131615][ T6605] ? __mutex_lock+0x1ca/0xb90 [ 111.131657][ T6605] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 111.131688][ T6605] ? __pfx___mutex_lock+0x10/0x10 [ 111.131735][ T6605] ? __fsnotify_parent+0x24b/0xc40 [ 111.131777][ T6605] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 111.131808][ T6605] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 111.131835][ T6605] snd_pcm_oss_sync+0x1de/0x840 [ 111.131866][ T6605] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 111.131894][ T6605] snd_pcm_oss_release+0x28b/0x310 [ 111.131924][ T6605] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 111.131950][ T6605] __fput+0x402/0xb70 [ 111.131984][ T6605] task_work_run+0x14d/0x240 [ 111.132022][ T6605] ? __pfx_task_work_run+0x10/0x10 [ 111.132058][ T6605] ? __pfx___do_sys_close_range+0x10/0x10 [ 111.132110][ T6605] exit_to_user_mode_loop+0xeb/0x110 [ 111.132151][ T6605] do_syscall_64+0x3f6/0x490 [ 111.132191][ T6605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.132221][ T6605] RIP: 0033:0x7f7e8c18e929 [ 111.132243][ T6605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.132268][ T6605] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 111.132292][ T6605] RAX: 0000000000000000 RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 111.132308][ T6605] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 111.132324][ T6605] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 111.132339][ T6605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.132353][ T6605] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 111.132387][ T6605] [ 112.322561][ T6630] XFS: Clearing xfsstats [ 113.616373][ T6674] sock: sock_timestamping_bind_phc: sock not bind to device [ 115.839866][ T6746] netlink: 28 bytes leftover after parsing attributes in process `syz.0.352'. [ 116.565152][ T6764] netlink: 338 bytes leftover after parsing attributes in process `syz.3.358'. [ 118.684163][ T6825] Invalid ELF header magic: != ELF [ 119.508226][ T6855] netlink: 346 bytes leftover after parsing attributes in process `syz.3.398'. [ 119.700128][ T6864] netlink: 4 bytes leftover after parsing attributes in process `syz.1.401'. [ 120.830199][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'. [ 121.229497][ T6916] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.424'. [ 122.198965][ T6951] binder: BINDER_SET_CONTEXT_MGR already set [ 122.207890][ T6951] binder: 6950:6951 ioctl 40046207 0 returned -16 [ 122.475518][ T6958] netlink: 346 bytes leftover after parsing attributes in process `syz.3.443'. [ 122.931165][ T6976] FAULT_INJECTION: forcing a failure. [ 122.931165][ T6976] name failslab, interval 1, probability 0, space 0, times 0 [ 122.974443][ T6976] CPU: 0 UID: 0 PID: 6976 Comm: syz.1.452 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 122.974480][ T6976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.974498][ T6976] Call Trace: [ 122.974507][ T6976] [ 122.974517][ T6976] dump_stack_lvl+0x16c/0x1f0 [ 122.974573][ T6976] should_fail_ex+0x512/0x640 [ 122.974608][ T6976] ? fs_reclaim_acquire+0xae/0x150 [ 122.974641][ T6976] should_failslab+0xc2/0x120 [ 122.974665][ T6976] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 122.974703][ T6976] ? ext4_init_io_end+0x24/0x170 [ 122.974733][ T6976] ext4_init_io_end+0x24/0x170 [ 122.974758][ T6976] ext4_do_writepages+0x985/0x3490 [ 122.974798][ T6976] ? lock_acquire+0x179/0x350 [ 122.974830][ T6976] ? find_held_lock+0x2b/0x80 [ 122.974871][ T6976] ? __pfx_ext4_do_writepages+0x10/0x10 [ 122.974925][ T6976] ? ext4_writepages+0x37a/0x7d0 [ 122.974957][ T6976] ext4_writepages+0x37a/0x7d0 [ 122.974992][ T6976] ? __pfx_ext4_writepages+0x10/0x10 [ 122.975040][ T6976] ? do_writepages+0x4b7/0x600 [ 122.975073][ T6976] ? __pfx_ext4_writepages+0x10/0x10 [ 122.975110][ T6976] do_writepages+0x27a/0x600 [ 122.975141][ T6976] ? __pfx_do_writepages+0x10/0x10 [ 122.975163][ T6976] ? do_raw_spin_unlock+0x172/0x230 [ 122.975192][ T6976] ? _raw_spin_unlock+0x28/0x50 [ 122.975219][ T6976] filemap_fdatawrite_wbc+0x104/0x160 [ 122.975246][ T6976] __filemap_fdatawrite_range+0xb2/0xf0 [ 122.975276][ T6976] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 122.975304][ T6976] ? __lock_acquire+0x622/0x1c90 [ 122.975378][ T6976] file_write_and_wait_range+0xca/0x140 [ 122.975413][ T6976] ext4_sync_file+0x310/0xf10 [ 122.975440][ T6976] ? __pfx___up_read+0x10/0x10 [ 122.975470][ T6976] ? __pfx_ext4_sync_file+0x10/0x10 [ 122.975493][ T6976] vfs_fsync_range+0x136/0x220 [ 122.975524][ T6976] __do_sys_msync+0x3cb/0x5c0 [ 122.975559][ T6976] do_syscall_64+0xcd/0x490 [ 122.975590][ T6976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.975610][ T6976] RIP: 0033:0x7f8413f8e929 [ 122.975635][ T6976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.975656][ T6976] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 122.975679][ T6976] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 122.975693][ T6976] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 122.975706][ T6976] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 122.975718][ T6976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.975729][ T6976] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 122.975755][ T6976] [ 123.885248][ T6998] nbd: socks must be embedded in a SOCK_ITEM attr [ 123.893358][ T6998] block nbd0: shutting down sockets [ 125.694038][ T7068] ======================================================= [ 125.694038][ T7068] WARNING: The mand mount option has been deprecated and [ 125.694038][ T7068] and is ignored by this kernel. Remove the mand [ 125.694038][ T7068] option from the mount to silence this warning. [ 125.694038][ T7068] ======================================================= [ 126.336784][ T7089] FAULT_INJECTION: forcing a failure. [ 126.336784][ T7089] name failslab, interval 1, probability 0, space 0, times 0 [ 126.380089][ T7089] CPU: 1 UID: 0 PID: 7089 Comm: syz.2.503 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 126.380133][ T7089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.380148][ T7089] Call Trace: [ 126.380156][ T7089] [ 126.380165][ T7089] dump_stack_lvl+0x16c/0x1f0 [ 126.380209][ T7089] should_fail_ex+0x512/0x640 [ 126.380242][ T7089] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 126.380277][ T7089] should_failslab+0xc2/0x120 [ 126.380300][ T7089] __kmalloc_cache_noprof+0x6a/0x3e0 [ 126.380333][ T7089] ? getname_flags.part.0+0x292/0x550 [ 126.380365][ T7089] getname_flags.part.0+0x292/0x550 [ 126.380396][ T7089] getname_flags+0x93/0xf0 [ 126.380426][ T7089] do_sys_openat2+0xb8/0x1d0 [ 126.380452][ T7089] ? __pfx_do_sys_openat2+0x10/0x10 [ 126.380494][ T7089] __x64_sys_open+0x153/0x1e0 [ 126.380520][ T7089] ? __pfx___x64_sys_open+0x10/0x10 [ 126.380551][ T7089] ? rcu_is_watching+0x12/0xc0 [ 126.380577][ T7089] do_syscall_64+0xcd/0x490 [ 126.380617][ T7089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.380640][ T7089] RIP: 0033:0x7f011098e929 [ 126.380660][ T7089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.380683][ T7089] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 126.380707][ T7089] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 126.380723][ T7089] RDX: 00000000000000d1 RSI: 0000000000103040 RDI: 0000200000000380 [ 126.380739][ T7089] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 126.380754][ T7089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.380768][ T7089] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 126.380799][ T7089] [ 127.252985][ T7118] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 127.720390][ T7136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.524'. [ 128.093467][ T7154] input: jJǸ-9%vlQ J8fi as /devices/virtual/input/input6 [ 128.582430][ T7165] ovs_: entered promiscuous mode [ 129.383146][ T7189] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 129.402980][ T7189] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 129.516552][ T7195] netlink: 8 bytes leftover after parsing attributes in process `syz.3.550'. [ 130.082707][ T7213] __vm_enough_memory: pid: 7213, comm: syz.0.557, bytes: 4398046511104 not enough memory for the allocation [ 130.568594][ T7228] netlink: 21 bytes leftover after parsing attributes in process `syz.3.563'. [ 131.055208][ T7241] vivid-007: ================= START STATUS ================= [ 131.084526][ T7241] vivid-007: Generate PTS: true [ 131.089681][ T7241] vivid-007: Generate SCR: true [ 131.104778][ T7241] tpg source WxH: 320x240 (Y'CbCr) [ 131.120945][ T7241] tpg field: 1 [ 131.144877][ T7241] tpg crop: (0,0)/320x240 [ 131.157426][ T7241] tpg compose: (0,0)/320x240 [ 131.162072][ T7241] tpg colorspace: 8 [ 131.183048][ T7241] tpg transfer function: 0/0 [ 131.193396][ T7241] tpg Y'CbCr encoding: 0/0 [ 131.213219][ T7241] tpg quantization: 0/0 [ 131.217865][ T7241] tpg RGB range: 0/2 [ 131.222194][ T7241] vivid-007: ================== END STATUS ================== [ 132.761698][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.775108][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.759356][ T7336] netlink: 334 bytes leftover after parsing attributes in process `syz.3.609'. [ 137.094565][ T7416] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list               syzkaller syzkaller login: [ 140.788088][ T7546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.854773][ T7546] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.687760][ T7566] Device name cannot be null; rc = [-22] [ 143.981378][ T7657] netlink: 28 bytes leftover after parsing attributes in process `syz.2.751'. [ 144.016647][ T7657] caif0: entered promiscuous mode [ 144.644973][ T7686] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 145.505674][ T7714] mtrr: base(0x7961000) is not aligned on a size(0x0000) boundary [ 146.071333][ T7736] netlink: 19 bytes leftover after parsing attributes in process `syz.1.784'. [ 146.805517][ T7758] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input8 [ 147.337069][ T7776] FAULT_INJECTION: forcing a failure. [ 147.337069][ T7776] name failslab, interval 1, probability 0, space 0, times 0 [ 147.373728][ T7776] CPU: 0 UID: 0 PID: 7776 Comm: syz.2.800 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 147.373764][ T7776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.373779][ T7776] Call Trace: [ 147.373788][ T7776] [ 147.373797][ T7776] dump_stack_lvl+0x16c/0x1f0 [ 147.373838][ T7776] should_fail_ex+0x512/0x640 [ 147.373870][ T7776] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 147.373908][ T7776] should_failslab+0xc2/0x120 [ 147.373938][ T7776] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 147.373971][ T7776] ? __pfx___might_resched+0x10/0x10 [ 147.373998][ T7776] ? __anon_vma_prepare+0xae/0x5e0 [ 147.374035][ T7776] __anon_vma_prepare+0xae/0x5e0 [ 147.374067][ T7776] ? __filemap_get_folio+0x32b/0xc30 [ 147.374095][ T7776] __vmf_anon_prepare+0x11c/0x240 [ 147.374126][ T7776] hugetlb_fault+0x1fd9/0x3070 [ 147.374162][ T7776] ? __pfx_hugetlb_fault+0x10/0x10 [ 147.374204][ T7776] ? find_vma+0xbf/0x140 [ 147.374230][ T7776] ? __pfx_find_vma+0x10/0x10 [ 147.374258][ T7776] handle_mm_fault+0xbfa/0xd10 [ 147.374291][ T7776] ? __pkru_allows_pkey+0x41/0xb0 [ 147.374326][ T7776] do_user_addr_fault+0x7a6/0x1370 [ 147.374362][ T7776] ? rcu_is_watching+0x12/0xc0 [ 147.374391][ T7776] exc_page_fault+0x5c/0xb0 [ 147.374425][ T7776] asm_exc_page_fault+0x26/0x30 [ 147.374447][ T7776] RIP: 0010:strncpy_from_user+0x147/0x2e0 [ 147.374481][ T7776] Code: 00 00 4d 89 74 1d 00 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 d7 f4 b0 fc 48 83 fd 07 76 22 e8 5c f9 b0 fc 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 88 f4 b0 fc 45 85 ff 0f 84 [ 147.374506][ T7776] RSP: 0018:ffffc90003157d10 EFLAGS: 00050246 [ 147.374526][ T7776] RAX: 000000000000003c RBX: 0000000000000000 RCX: ffffc9000c529000 [ 147.374540][ T7776] RDX: 0000000000080000 RSI: ffffffff850a93c4 RDI: 0000000000000007 [ 147.374555][ T7776] RBP: 0000000000000fe0 R08: 0000000000000007 R09: 0000000000000007 [ 147.374569][ T7776] R10: 0000000000000fe0 R11: 0000000000000000 R12: 0000000000000000 [ 147.374584][ T7776] R13: ffff888025f35520 R14: 0000000000000fe0 R15: 0000000000000000 [ 147.374612][ T7776] ? strncpy_from_user+0x144/0x2e0 [ 147.374649][ T7776] getname_flags.part.0+0x8f/0x550 [ 147.374680][ T7776] getname_flags+0x93/0xf0 [ 147.374713][ T7776] do_sys_openat2+0xb8/0x1d0 [ 147.374740][ T7776] ? __pfx_do_sys_openat2+0x10/0x10 [ 147.374783][ T7776] __x64_sys_openat+0x174/0x210 [ 147.374811][ T7776] ? __pfx___x64_sys_openat+0x10/0x10 [ 147.374855][ T7776] do_syscall_64+0xcd/0x490 [ 147.374895][ T7776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.374919][ T7776] RIP: 0033:0x7f011098e929 [ 147.374947][ T7776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.374970][ T7776] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.374993][ T7776] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 147.375010][ T7776] RDX: 0000000000512002 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 147.375026][ T7776] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 147.375042][ T7776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.375056][ T7776] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 147.375090][ T7776] [ 149.482476][ T7820] netlink: 'syz.2.819': attribute type 11 has an invalid length. [ 150.368839][ T7851] netlink: 330 bytes leftover after parsing attributes in process `syz.1.833'. [ 150.931817][ T7875] bridge0: port 3(vlan1) entered blocking state [ 150.939142][ T7875] bridge0: port 3(vlan1) entered disabled state [ 150.951019][ T7875] vlan1: entered allmulticast mode [ 150.970520][ T7875] veth0_vlan: entered allmulticast mode [ 150.995340][ T7875] vlan1: entered promiscuous mode [ 151.027820][ T7875] bridge0: port 3(vlan1) entered blocking state [ 151.035224][ T7875] bridge0: port 3(vlan1) entered forwarding state [ 151.969095][ T7914] device-mapper: ioctl: Unable to rename non-existent device,  to [ 152.298332][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.866'. [ 152.843768][ T7947] size and base must be multiples of 4 kiB [ 152.851721][ T7947] CPU: 1 UID: 0 PID: 7947 Comm: syz.1.877 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 152.851757][ T7947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.851772][ T7947] Call Trace: [ 152.851780][ T7947] [ 152.851789][ T7947] dump_stack_lvl+0x16c/0x1f0 [ 152.851835][ T7947] mtrr_del+0xd1/0x110 [ 152.851868][ T7947] mtrr_ioctl+0x922/0xcf0 [ 152.851899][ T7947] ? __pfx_mtrr_ioctl+0x10/0x10 [ 152.851937][ T7947] ? find_held_lock+0x2b/0x80 [ 152.851970][ T7947] ? __fget_files+0x20e/0x3c0 [ 152.852004][ T7947] ? __pfx_mtrr_ioctl+0x10/0x10 [ 152.852035][ T7947] proc_reg_unlocked_ioctl+0x229/0x320 [ 152.852070][ T7947] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 152.852110][ T7947] __x64_sys_ioctl+0x18b/0x210 [ 152.852142][ T7947] do_syscall_64+0xcd/0x490 [ 152.852181][ T7947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.852208][ T7947] RIP: 0033:0x7f8413f8e929 [ 152.852229][ T7947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.852252][ T7947] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 152.852276][ T7947] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 152.852294][ T7947] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 152.852309][ T7947] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 152.852324][ T7947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.852338][ T7947] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 152.852369][ T7947] [ 153.200188][ T7951] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 153.252863][ T7951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 153.304986][ T51] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 153.305022][ T51] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 153.314489][ T7951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 153.321755][ T51] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 153.327942][ T51] Bluetooth: hci3: adv larger than maximum supported [ 153.335825][ T51] Bluetooth: hci3: adv larger than maximum supported [ 153.343247][ T51] Bluetooth: hci3: Malformed LE Event: 0x0d [ 153.362353][ T7951] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 153.377022][ T7951] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 153.388681][ T7951] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 153.411040][ T7951] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 153.418264][ T7951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 153.431019][ T7951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 153.448376][ T7951] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 153.455176][ T7951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 153.484461][ T7951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 155.224639][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 155.384370][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 155.464372][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 155.471140][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 155.987997][ T8035] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 155.999119][ T8034] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 156.013109][ T8035] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 157.304680][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.467881][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 157.555909][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 157.562573][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.139654][ T8135] ovs_: entered promiscuous mode [ 159.384502][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 159.544479][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.626881][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.633544][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 162.686815][ T8244] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1009'. [ 162.838451][ T8251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.864828][ T8251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.148457][ T8259] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1014'. [ 163.233718][ T8259] caif0: entered promiscuous mode [ 167.365199][ T8351] netlink: zone id is out of range [ 167.370905][ T8351] netlink: zone id is out of range [ 167.402359][ T8351] netlink: zone id is out of range [ 167.412459][ T8351] netlink: zone id is out of range [ 167.421827][ T8351] netlink: zone id is out of range [ 167.442087][ T8351] netlink: zone id is out of range [ 167.447904][ T8351] netlink: zone id is out of range [ 167.457215][ T8351] netlink: zone id is out of range [ 167.462870][ T8351] netlink: zone id is out of range [ 167.484303][ T8351] netlink: zone id is out of range [ 169.922265][ T51] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 169.922304][ T51] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 169.945318][ T51] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 169.945370][ T51] Bluetooth: hci1: adv larger than maximum supported [ 169.953337][ T51] Bluetooth: hci1: adv larger than maximum supported [ 169.963025][ T51] Bluetooth: hci1: Malformed LE Event: 0x0d [ 174.114526][ T8496] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 174.121512][ T8496] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 174.134707][ T8496] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 174.148627][ T8496] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 176.111249][ T8525] Invalid ELF header magic: != ELF [ 176.184419][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.191186][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.197921][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.204751][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 182.781925][ T8706] netlink: 206 bytes leftover after parsing attributes in process `syz.2.1162'. [ 182.867496][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 182.867529][ T51] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 182.885209][ T51] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 182.885259][ T51] Bluetooth: hci0: adv larger than maximum supported [ 182.893243][ T51] Bluetooth: hci0: adv larger than maximum supported [ 182.901951][ T51] Bluetooth: hci0: Malformed LE Event: 0x0d [ 183.621750][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.713991][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.840779][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.993200][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.246321][ T59] bridge_slave_1: left allmulticast mode [ 184.269752][ T59] bridge_slave_1: left promiscuous mode [ 184.287875][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.321903][ T59] bridge_slave_0: left allmulticast mode [ 184.338079][ T59] bridge_slave_0: left promiscuous mode [ 184.355232][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.398023][ T5152] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 184.408924][ T5152] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 184.419610][ T5152] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 184.429664][ T5152] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 184.440694][ T5152] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 184.845739][ T8748] nbd: socks must be embedded in a SOCK_ITEM attr [ 184.854341][ T8748] block nbd1: shutting down sockets [ 184.966586][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.978993][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.991832][ T59] bond0 (unregistering): Released all slaves [ 185.461784][ T59] hsr_slave_0: left promiscuous mode [ 185.471832][ T59] hsr_slave_1: left promiscuous mode [ 185.483765][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.497422][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.508456][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.517063][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.546587][ T59] veth1_macvtap: left promiscuous mode [ 185.553900][ T59] veth0_macvtap: left promiscuous mode [ 185.562052][ T59] veth1_vlan: left promiscuous mode [ 185.568345][ T59] veth0_vlan: left promiscuous mode [ 185.936895][ T59] team0 (unregistering): Port device team_slave_1 removed [ 185.972640][ T59] team0 (unregistering): Port device team_slave_0 removed [ 186.333420][ T8738] chnl_net:caif_netlink_parms(): no params data found [ 186.459085][ T8738] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.467219][ T8738] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.475715][ T8738] bridge_slave_0: entered allmulticast mode [ 186.486521][ T8738] bridge_slave_0: entered promiscuous mode [ 186.496660][ T8738] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.505752][ T8738] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.509327][ T51] Bluetooth: hci3: command tx timeout [ 186.513847][ T8738] bridge_slave_1: entered allmulticast mode [ 186.537842][ T8738] bridge_slave_1: entered promiscuous mode [ 186.651126][ T8738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.678116][ T8738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.737888][ T8738] team0: Port device team_slave_0 added [ 186.752783][ T8738] team0: Port device team_slave_1 added [ 186.799508][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.807403][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.840119][ T8738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.859786][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.867510][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.900751][ T8738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.980977][ T8738] hsr_slave_0: entered promiscuous mode [ 186.991144][ T8738] hsr_slave_1: entered promiscuous mode [ 186.999085][ T8738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.011156][ T8738] Cannot create hsr debugfs directory [ 187.618187][ T8738] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 187.631371][ T8738] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 187.645133][ T8738] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 187.659378][ T8738] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 187.773799][ T8738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.808602][ T8738] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.826699][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.834599][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.849690][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.857579][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.172727][ T8738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.242976][ T8738] veth0_vlan: entered promiscuous mode [ 188.262773][ T8738] veth1_vlan: entered promiscuous mode [ 188.318619][ T8738] veth0_macvtap: entered promiscuous mode [ 188.332889][ T8738] veth1_macvtap: entered promiscuous mode [ 188.362365][ T8738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.391784][ T8738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.406930][ T8738] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.421567][ T8738] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.434355][ T8738] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.444615][ T8738] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.547595][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.570632][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.584586][ T51] Bluetooth: hci3: command tx timeout [ 188.609979][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.620598][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.414820][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 190.414856][ T51] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 190.432605][ T51] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 190.432655][ T51] Bluetooth: hci2: adv larger than maximum supported [ 190.445063][ T51] Bluetooth: hci2: adv larger than maximum supported [ 190.452459][ T51] Bluetooth: hci2: Malformed LE Event: 0x0d [ 190.664373][ T51] Bluetooth: hci3: command tx timeout [ 191.916343][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1204'. [ 192.121538][ T8937] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1209'. [ 192.594861][ T5152] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 192.594896][ T5152] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 192.611919][ T5152] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 192.611952][ T5152] Bluetooth: hci1: adv larger than maximum supported [ 192.620429][ T5152] Bluetooth: hci1: adv larger than maximum supported [ 192.628635][ T5152] Bluetooth: hci1: Malformed LE Event: 0x0d [ 192.746279][ T5152] Bluetooth: hci3: command tx timeout [ 193.774700][ T8998] netlink: 130 bytes leftover after parsing attributes in process `syz.1.1235'. [ 193.834370][ T5152] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 193.834408][ T5152] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 193.851137][ T5152] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 193.851168][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 193.859363][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 193.867365][ T5152] Bluetooth: hci0: Malformed LE Event: 0x0d [ 194.189546][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.196910][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.787699][ T9030] zswap: compressor 000 not available [ 196.127982][ T9088] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1270'. [ 198.450862][ T9182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1308'. [ 198.806046][ T9191] net_ratelimit: 490 callbacks suppressed [ 198.806068][ T9191] sock: sock_set_timeout: `syz.3.1311' (pid 9191) tries to set negative timeout [ 198.870739][ T9193] FAULT_INJECTION: forcing a failure. [ 198.870739][ T9193] name failslab, interval 1, probability 0, space 0, times 0 [ 198.909586][ T9193] CPU: 0 UID: 0 PID: 9193 Comm: syz.1.1313 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 198.909624][ T9193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.909639][ T9193] Call Trace: [ 198.909648][ T9193] [ 198.909658][ T9193] dump_stack_lvl+0x16c/0x1f0 [ 198.909702][ T9193] should_fail_ex+0x512/0x640 [ 198.909736][ T9193] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 198.909777][ T9193] should_failslab+0xc2/0x120 [ 198.909802][ T9193] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 198.909838][ T9193] ? find_held_lock+0x2b/0x80 [ 198.909863][ T9193] ? pidfs_alloc_inode+0x25/0x80 [ 198.909891][ T9193] ? stashed_dentry_get+0xec/0x2a0 [ 198.909927][ T9193] ? __pfx_pidfs_alloc_inode+0x10/0x10 [ 198.909954][ T9193] pidfs_alloc_inode+0x25/0x80 [ 198.909981][ T9193] alloc_inode+0x64/0x240 [ 198.910007][ T9193] path_from_stashed+0x2be/0xb00 [ 198.910048][ T9193] ? __pfx_path_from_stashed+0x10/0x10 [ 198.910081][ T9193] ? find_held_lock+0x2b/0x80 [ 198.910106][ T9193] ? alloc_fd+0x471/0x7d0 [ 198.910144][ T9193] pidfs_alloc_file+0xf8/0x330 [ 198.910173][ T9193] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 198.910207][ T9193] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.910243][ T9193] pidfd_prepare+0x10c/0x1b0 [ 198.910276][ T9193] __x64_sys_pidfd_open+0x105/0x1a0 [ 198.910312][ T9193] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 198.910351][ T9193] ? rcu_is_watching+0x12/0xc0 [ 198.910380][ T9193] do_syscall_64+0xcd/0x490 [ 198.910420][ T9193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.910445][ T9193] RIP: 0033:0x7f8413f8e929 [ 198.910464][ T9193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.910495][ T9193] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 198.910519][ T9193] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 198.910536][ T9193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 198.910551][ T9193] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 198.910567][ T9193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.910581][ T9193] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 198.910615][ T9193] [ 202.691589][ T9341] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1378'. [ 202.869605][ T9344] sctp: [Deprecated]: syz.2.1380 (pid 9344) Use of int in max_burst socket option deprecated. [ 202.869605][ T9344] Use struct sctp_assoc_value instead [ 203.270497][ T9368] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1389'. [ 203.550694][ T9380] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1393'. [ 203.934017][ T9400] syz.2.1401 uses obsolete (PF_INET,SOCK_PACKET) [ 204.545720][ T9426] netlink: 'syz.0.1412': attribute type 9 has an invalid length. [ 204.557033][ T9426] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1412'. [ 205.242096][ T9452] FAULT_INJECTION: forcing a failure. [ 205.242096][ T9452] name failslab, interval 1, probability 0, space 0, times 0 [ 205.281380][ T9452] CPU: 0 UID: 0 PID: 9452 Comm: syz.1.1422 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 205.281417][ T9452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.281430][ T9452] Call Trace: [ 205.281439][ T9452] [ 205.281448][ T9452] dump_stack_lvl+0x16c/0x1f0 [ 205.281491][ T9452] should_fail_ex+0x512/0x640 [ 205.281525][ T9452] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 205.281566][ T9452] should_failslab+0xc2/0x120 [ 205.281589][ T9452] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 205.281621][ T9452] ? __lock_acquire+0xb8a/0x1c90 [ 205.281651][ T9452] ? __d_alloc+0x31/0xaa0 [ 205.281691][ T9452] __d_alloc+0x31/0xaa0 [ 205.281729][ T9452] d_alloc_pseudo+0x1c/0xc0 [ 205.281755][ T9452] alloc_file_pseudo+0xcf/0x230 [ 205.281783][ T9452] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 205.281809][ T9452] ? do_raw_spin_unlock+0x172/0x230 [ 205.281852][ T9452] __anon_inode_getfile+0xf7/0x3a0 [ 205.281893][ T9452] do_epoll_create+0x31b/0x470 [ 205.281924][ T9452] __x64_sys_epoll_create+0x45/0x70 [ 205.281954][ T9452] do_syscall_64+0xcd/0x490 [ 205.281994][ T9452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.282020][ T9452] RIP: 0033:0x7f8413f8e929 [ 205.282041][ T9452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.282073][ T9452] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 205.282096][ T9452] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 205.282113][ T9452] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 205.282127][ T9452] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 205.282141][ T9452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.282154][ T9452] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 205.282187][ T9452] [ 206.910869][ T9514] warning: `syz.3.1448' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 207.714730][ T9533] FAULT_INJECTION: forcing a failure. [ 207.714730][ T9533] name failslab, interval 1, probability 0, space 0, times 0 [ 207.764384][ T9533] CPU: 1 UID: 0 PID: 9533 Comm: syz.3.1455 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 207.764423][ T9533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.764437][ T9533] Call Trace: [ 207.764446][ T9533] [ 207.764456][ T9533] dump_stack_lvl+0x16c/0x1f0 [ 207.764501][ T9533] should_fail_ex+0x512/0x640 [ 207.764535][ T9533] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 207.764572][ T9533] should_failslab+0xc2/0x120 [ 207.764597][ T9533] __kmalloc_cache_noprof+0x6a/0x3e0 [ 207.764640][ T9533] ? raw_ioctl+0x819/0x2c30 [ 207.764673][ T9533] raw_ioctl+0x819/0x2c30 [ 207.764707][ T9533] ? __pfx_raw_ioctl+0x10/0x10 [ 207.764737][ T9533] ? __pfx_raw_ioctl+0x10/0x10 [ 207.764765][ T9533] __x64_sys_ioctl+0x18b/0x210 [ 207.764798][ T9533] do_syscall_64+0xcd/0x490 [ 207.764839][ T9533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.764864][ T9533] RIP: 0033:0x7fd706f8e929 [ 207.764885][ T9533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.764908][ T9533] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.764932][ T9533] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 207.764948][ T9533] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003 [ 207.764963][ T9533] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 207.764978][ T9533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 207.764993][ T9533] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 207.765026][ T9533] [ 207.952057][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.262371][ T9525] kexec: Could not allocate control_code_buffer [ 209.389285][ T9588] netlink: 294 bytes leftover after parsing attributes in process `syz.3.1479'. [ 209.581079][ T9598] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 210.128480][ T9613] sctp: [Deprecated]: syz.1.1489 (pid 9613) Use of int in max_burst socket option deprecated. [ 210.128480][ T9613] Use struct sctp_assoc_value instead [ 210.655269][ T9639] nbd: socks must be embedded in a SOCK_ITEM attr [ 210.662887][ T9639] block nbd2: shutting down sockets [ 210.764652][ T9648] FAULT_INJECTION: forcing a failure. [ 210.764652][ T9648] name failslab, interval 1, probability 0, space 0, times 0 [ 210.780089][ T9648] CPU: 1 UID: 0 PID: 9648 Comm: syz.3.1504 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 210.780125][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.780139][ T9648] Call Trace: [ 210.780148][ T9648] [ 210.780158][ T9648] dump_stack_lvl+0x16c/0x1f0 [ 210.780201][ T9648] should_fail_ex+0x512/0x640 [ 210.780235][ T9648] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 210.780267][ T9648] should_failslab+0xc2/0x120 [ 210.780290][ T9648] __kmalloc_cache_noprof+0x6a/0x3e0 [ 210.780321][ T9648] ? do_epoll_create+0x62/0x470 [ 210.780357][ T9648] do_epoll_create+0x62/0x470 [ 210.780384][ T9648] __x64_sys_epoll_create+0x45/0x70 [ 210.780412][ T9648] do_syscall_64+0xcd/0x490 [ 210.780450][ T9648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.780476][ T9648] RIP: 0033:0x7fd706f8e929 [ 210.780497][ T9648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.780521][ T9648] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 210.780545][ T9648] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 210.780562][ T9648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 210.780576][ T9648] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 210.780591][ T9648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.780606][ T9648] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 210.780640][ T9648] [ 210.952654][ C1] vkms_vblank_simulate: vblank timer overrun [ 211.161170][ T30] audit: type=1800 audit(4294967403.160:2): pid=9658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1508" name="dynamic_events" dev="tracefs" ino=13 res=0 errno=0 [ 212.697846][ T9719] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1535'. [ 212.823652][ T30] audit: type=1804 audit(4294967404.850:3): pid=9723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1537" name=2F6E6577726F6F742F39342F22050820 dev="tmpfs" ino=494 res=1 errno=0 [ 212.879043][ T30] audit: type=1800 audit(4294967404.850:4): pid=9723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1537" name=22050820 dev="tmpfs" ino=494 res=0 errno=0 [ 213.043620][ T30] audit: type=1800 audit(4294967405.070:5): pid=9737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1543" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 213.851945][ T9778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1559'. [ 213.893013][ T9778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1559'. [ 215.311723][ T9764] kexec: Could not allocate control_code_buffer [ 217.120863][ T9893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1607'. [ 219.948664][ T9989] random: crng reseeded on system resumption [ 220.861577][T10009] block2mtd: error: cannot open device in [ 224.037587][T10069] kexec: Could not allocate control_code_buffer [ 224.345085][T10117] FAULT_INJECTION: forcing a failure. [ 224.345085][T10117] name failslab, interval 1, probability 0, space 0, times 0 [ 224.379457][T10117] CPU: 1 UID: 0 PID: 10117 Comm: syz.3.1685 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 224.379495][T10117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.379508][T10117] Call Trace: [ 224.379517][T10117] [ 224.379527][T10117] dump_stack_lvl+0x16c/0x1f0 [ 224.379572][T10117] should_fail_ex+0x512/0x640 [ 224.379607][T10117] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 224.379649][T10117] should_failslab+0xc2/0x120 [ 224.379672][T10117] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 224.379709][T10117] ? vma_merge_new_range+0x37f/0xa00 [ 224.379743][T10117] ? vm_area_alloc+0x1f/0x160 [ 224.379789][T10117] vm_area_alloc+0x1f/0x160 [ 224.379822][T10117] __mmap_region+0xf0a/0x25e0 [ 224.379863][T10117] ? __pfx___mmap_region+0x10/0x10 [ 224.379899][T10117] ? rcu_is_watching+0x12/0xc0 [ 224.379927][T10117] ? rcu_is_watching+0x12/0xc0 [ 224.379950][T10117] ? trace_sched_exit_tp+0xde/0x130 [ 224.379979][T10117] ? __schedule+0x1181/0x5de0 [ 224.380032][T10117] ? __pfx___schedule+0x10/0x10 [ 224.380106][T10117] ? trace_cap_capable+0x18d/0x200 [ 224.380143][T10117] mmap_region+0x1ab/0x3f0 [ 224.380179][T10117] ? __get_unmapped_area+0x267/0x440 [ 224.380211][T10117] do_mmap+0xa3e/0x1210 [ 224.380245][T10117] ? __pfx_do_mmap+0x10/0x10 [ 224.380272][T10117] ? __pfx_down_write_killable+0x10/0x10 [ 224.380306][T10117] vm_mmap_pgoff+0x281/0x450 [ 224.380338][T10117] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 224.380371][T10117] ? __x64_sys_futex+0x1e0/0x4c0 [ 224.380397][T10117] ? __x64_sys_futex+0x1e9/0x4c0 [ 224.380430][T10117] ksys_mmap_pgoff+0x7d/0x5c0 [ 224.380454][T10117] ? xfd_validate_state+0x61/0x180 [ 224.380482][T10117] ? __pfx_ksys_write+0x10/0x10 [ 224.380518][T10117] __x64_sys_mmap+0x125/0x190 [ 224.380555][T10117] do_syscall_64+0xcd/0x490 [ 224.380595][T10117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.380622][T10117] RIP: 0033:0x7fd706f8e929 [ 224.380643][T10117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.380667][T10117] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 224.380691][T10117] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 224.380708][T10117] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 224.380724][T10117] RBP: 00007fd707010b39 R08: fffffffffffffffe R09: 0000000000008000 [ 224.380740][T10117] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 224.380763][T10117] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 224.380798][T10117] [ 224.939651][T10108] kexec: Could not allocate control_code_buffer [ 225.200365][T10139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 225.935298][ T30] audit: type=1804 audit(4294967417.960:6): pid=10166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1704" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=8 res=1 errno=0 [ 226.427054][ T5152] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 226.427091][ T5152] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 226.443393][ T5152] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 226.443426][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 226.453556][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 226.461616][ T5152] Bluetooth: hci2: Malformed LE Event: 0x0d [ 230.383006][T10291] random: crng reseeded on system resumption [ 230.652985][ T5152] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 230.653022][ T5152] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 230.669856][ T5152] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 230.669886][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 230.678142][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 230.686048][ T5152] Bluetooth: hci0: Malformed LE Event: 0x0d [ 231.822619][ T5152] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 231.822656][ T5152] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 231.839741][ T5152] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 231.839770][ T5152] Bluetooth: hci1: adv larger than maximum supported [ 231.848700][ T5152] Bluetooth: hci1: adv larger than maximum supported [ 231.856154][ T5152] Bluetooth: hci1: Malformed LE Event: 0x0d [ 232.544531][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 234.146619][T10393] netlink: 'syz.1.1792': attribute type 1 has an invalid length. [ 234.508516][T10400] netlink: 'syz.2.1795': attribute type 1 has an invalid length. [ 235.787409][ T5152] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 235.787446][ T5152] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 235.804065][ T5152] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 235.804190][ T5152] Bluetooth: hci3: adv larger than maximum supported [ 235.812186][ T5152] Bluetooth: hci3: adv larger than maximum supported [ 235.820205][ T5152] Bluetooth: hci3: Malformed LE Event: 0x0d [ 236.107425][T10454] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1815'. [ 236.803348][T10423] kexec: Could not allocate control_code_buffer [ 237.281651][T10487] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1830'. [ 238.471302][T10539] FAULT_INJECTION: forcing a failure. [ 238.471302][T10539] name failslab, interval 1, probability 0, space 0, times 0 [ 238.505696][T10539] CPU: 0 UID: 0 PID: 10539 Comm: syz.2.1853 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 238.505733][T10539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.505749][T10539] Call Trace: [ 238.505758][T10539] [ 238.505768][T10539] dump_stack_lvl+0x16c/0x1f0 [ 238.505810][T10539] should_fail_ex+0x512/0x640 [ 238.505851][T10539] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 238.505888][T10539] should_failslab+0xc2/0x120 [ 238.505913][T10539] __kmalloc_cache_noprof+0x6a/0x3e0 [ 238.505946][T10539] ? resv_map_alloc+0x46/0x400 [ 238.505974][T10539] resv_map_alloc+0x46/0x400 [ 238.506000][T10539] hugetlbfs_get_inode+0x33f/0x730 [ 238.506032][T10539] hugetlb_file_setup+0x15b/0x620 [ 238.506062][T10539] ksys_mmap_pgoff+0x189/0x5c0 [ 238.506095][T10539] __x64_sys_mmap+0x125/0x190 [ 238.506133][T10539] do_syscall_64+0xcd/0x490 [ 238.506173][T10539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.506200][T10539] RIP: 0033:0x7f011098e929 [ 238.506220][T10539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.506243][T10539] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 238.506267][T10539] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 238.506284][T10539] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 238.506299][T10539] RBP: 00007f0110a10b39 R08: 0000000000000401 R09: 0000300000000000 [ 238.506315][T10539] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 238.506329][T10539] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 238.506363][T10539] [ 238.918709][T10550] qrtr: Invalid version 0 [ 239.538697][T10579] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1870'. [ 241.260614][ T5152] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 241.260650][ T5152] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 241.278190][ T5152] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 241.278222][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 241.287103][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 241.295946][ T5152] Bluetooth: hci2: Malformed LE Event: 0x0d [ 241.520089][T10618] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1882'. [ 241.956311][T10601] kexec: Could not allocate control_code_buffer [ 242.875679][ T5152] Bluetooth: hci2: Malformed Event: 0x02 [ 244.150119][T10699] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1915'. [ 244.567995][ T5152] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 244.568036][ T5152] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 244.584943][ T5152] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 244.584973][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 244.592750][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 244.600531][ T5152] Bluetooth: hci0: Malformed LE Event: 0x0d [ 246.406053][ T5152] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 246.406089][ T5152] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 246.422622][ T5152] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 246.422652][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 246.430611][ T5152] Bluetooth: hci0: adv larger than maximum supported [ 246.438108][ T5152] Bluetooth: hci0: Malformed LE Event: 0x0d [ 249.697346][ T5152] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 249.697383][ T5152] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 249.720759][ T5152] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 249.720789][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 249.729229][ T5152] Bluetooth: hci2: adv larger than maximum supported [ 249.738292][ T5152] Bluetooth: hci2: Malformed LE Event: 0x0d [ 250.066030][T10834] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1963'. [ 250.561146][ T5152] Bluetooth: hci1: Malformed Event: 0x02 [ 251.583028][T10892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1994'. [ 251.676909][ T5152] Bluetooth: hci3: Malformed Event: 0x02 [ 251.727261][T10892] ipvlan0: entered allmulticast mode [ 251.760979][T10892] veth0_vlan: entered allmulticast mode [ 253.588762][T10965] tipc: Started in network mode [ 253.602136][T10965] tipc: Node identity ee00, cluster identity 4711 [ 253.618561][T10965] tipc: Node number set to 60928 [ 253.762476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 253.936858][T10981] CIFS: VFS: Unsupported security flags: 0x10 [ 253.950498][T10982] overlayfs: missing 'lowerdir' [ 254.294325][T10991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2018'. [ 255.282597][T11022] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2031'. [ 255.292309][T11020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2029'. [ 255.340450][T11022] vlan1: entered allmulticast mode [ 255.357590][T11020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2029'. [ 255.372991][T11022] veth0_vlan: entered allmulticast mode [ 255.395100][T11027] FAULT_INJECTION: forcing a failure. [ 255.395100][T11027] name failslab, interval 1, probability 0, space 0, times 0 [ 255.424421][T11027] CPU: 0 UID: 0 PID: 11027 Comm: syz.3.2033 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 255.424457][T11027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.424476][T11027] Call Trace: [ 255.424484][T11027] [ 255.424497][T11027] dump_stack_lvl+0x16c/0x1f0 [ 255.424540][T11027] should_fail_ex+0x512/0x640 [ 255.424574][T11027] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 255.424610][T11027] should_failslab+0xc2/0x120 [ 255.424635][T11027] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 255.424672][T11027] ? alloc_inode+0xc3/0x240 [ 255.424710][T11027] alloc_inode+0xc3/0x240 [ 255.424737][T11027] create_pipe_files+0x4c/0x930 [ 255.424781][T11027] do_pipe2+0xaf/0x1c0 [ 255.424818][T11027] ? __pfx_do_pipe2+0x10/0x10 [ 255.424854][T11027] ? xfd_validate_state+0x61/0x180 [ 255.424896][T11027] __x64_sys_pipe+0x33/0x50 [ 255.424932][T11027] do_syscall_64+0xcd/0x490 [ 255.424972][T11027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.424997][T11027] RIP: 0033:0x7fd706f8e929 [ 255.425019][T11027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.425042][T11027] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 255.425066][T11027] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 255.425083][T11027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 255.425096][T11027] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 255.425110][T11027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.425123][T11027] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 255.425154][T11027] [ 255.708413][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.728180][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.016260][ T24] smpboot: CPU 0 is now offline [ 256.379638][T11046] FAULT_INJECTION: forcing a failure. [ 256.379638][T11046] name fail_futex, interval 1, probability 0, space 0, times 1 [ 256.439421][T11046] CPU: 1 UID: 0 PID: 11046 Comm: syz.1.2041 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 256.439446][T11046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 256.439455][T11046] Call Trace: [ 256.439460][T11046] [ 256.439466][T11046] dump_stack_lvl+0x16c/0x1f0 [ 256.439491][T11046] should_fail_ex+0x512/0x640 [ 256.439514][T11046] get_futex_key+0x1d0/0x1540 [ 256.439532][T11046] ? __pfx_get_futex_key+0x10/0x10 [ 256.439555][T11046] futex_wait_setup+0x9d/0x550 [ 256.439581][T11046] __futex_wait+0x194/0x2f0 [ 256.439601][T11046] ? __pfx___futex_wait+0x10/0x10 [ 256.439621][T11046] ? mt_find+0x757/0xa30 [ 256.439636][T11046] ? __pfx_futex_wake_mark+0x10/0x10 [ 256.439665][T11046] futex_wait+0xe8/0x380 [ 256.439684][T11046] ? __pfx_futex_wait+0x10/0x10 [ 256.439702][T11046] ? fixup_exception+0x10c/0xaf0 [ 256.439726][T11046] ? __bad_area_nosemaphore+0x38b/0x690 [ 256.439748][T11046] do_futex+0x229/0x350 [ 256.439764][T11046] ? __pfx_do_futex+0x10/0x10 [ 256.439781][T11046] ? rcu_is_watching+0x12/0xc0 [ 256.439797][T11046] __x64_sys_futex+0x1e0/0x4c0 [ 256.439816][T11046] ? __pfx___x64_sys_futex+0x10/0x10 [ 256.439832][T11046] ? xfd_validate_state+0x61/0x180 [ 256.439849][T11046] ? __do_sys_rseq+0x51d/0x760 [ 256.439875][T11046] do_syscall_64+0xcd/0x490 [ 256.439896][T11046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.439911][T11046] RIP: 0033:0x7f8413f8e929 [ 256.439923][T11046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.439936][T11046] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 256.439950][T11046] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 256.439959][T11046] RDX: 0000000000002948 RSI: 0000000000000000 RDI: 0000000000000000 [ 256.439967][T11046] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000005 [ 256.439976][T11046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.439983][T11046] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 256.440001][T11046] [ 257.683534][T11054] tty tty12: ldisc open failed (-12), clearing slot 11 [ 257.902904][ T5152] Bluetooth: hci0: Malformed Event: 0x02 [ 258.006727][T11059] could not allocate digest TFM handle [ 258.441906][T11083] block2mtd: error: cannot open device inX [ 259.248944][ T5152] Bluetooth: hci3: Malformed Event: 0x02 [ 259.373353][ T30] audit: type=1804 audit(4294967451.400:7): pid=11111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2067" name="/newroot/494/file0" dev="tmpfs" ino=2516 res=1 errno=0 [ 259.520189][ T30] audit: type=1800 audit(4294967451.430:8): pid=11111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2067" name="file0" dev="tmpfs" ino=2516 res=0 errno=0 [ 259.680985][ T30] audit: type=1800 audit(4294967451.440:9): pid=11111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2067" name="file0" dev="tmpfs" ino=2516 res=0 errno=0 [ 261.969656][T11181] binder: 11179:11181 ioctl c0306201 0 returned -14 [ 264.055983][T11242] FAULT_INJECTION: forcing a failure. [ 264.055983][T11242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 264.103834][T11242] CPU: 1 UID: 0 PID: 11242 Comm: syz.2.2119 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 264.103864][T11242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.103873][T11242] Call Trace: [ 264.103878][T11242] [ 264.103884][T11242] dump_stack_lvl+0x16c/0x1f0 [ 264.103911][T11242] should_fail_ex+0x512/0x640 [ 264.103934][T11242] should_fail_alloc_page+0xe7/0x130 [ 264.103949][T11242] prepare_alloc_pages+0x3c2/0x610 [ 264.103966][T11242] ? rcu_is_watching+0x12/0xc0 [ 264.103982][T11242] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 264.104008][T11242] ? __lock_acquire+0x622/0x1c90 [ 264.104027][T11242] ? xas_create+0x1d7/0x1460 [ 264.104041][T11242] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 264.104065][T11242] ? lock_acquire+0x179/0x350 [ 264.104082][T11242] ? rcu_is_watching+0x12/0xc0 [ 264.104101][T11242] ? __lock_acquire+0x622/0x1c90 [ 264.104118][T11242] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 264.104139][T11242] ? policy_nodemask+0xea/0x4e0 [ 264.104163][T11242] alloc_pages_mpol+0x1fb/0x550 [ 264.104176][T11242] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 264.104190][T11242] ? filemap_get_entry+0x1a7/0x3b0 [ 264.104206][T11242] folio_alloc_noprof+0x20/0x2d0 [ 264.104221][T11242] filemap_alloc_folio_noprof+0x3a1/0x470 [ 264.104240][T11242] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 264.104263][T11242] __filemap_get_folio+0x5e1/0xc30 [ 264.104281][T11242] ioctx_alloc+0x761/0x2120 [ 264.104307][T11242] ? __pfx_ioctx_alloc+0x10/0x10 [ 264.104322][T11242] ? __might_fault+0x13b/0x190 [ 264.104346][T11242] __x64_sys_io_setup+0xc9/0x210 [ 264.104365][T11242] do_syscall_64+0xcd/0x490 [ 264.104388][T11242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.104402][T11242] RIP: 0033:0x7f011098e929 [ 264.104414][T11242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.104426][T11242] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 264.104440][T11242] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 264.104449][T11242] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 264.104457][T11242] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 264.104465][T11242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.104472][T11242] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 264.104490][T11242] [ 265.851575][T11295] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2141'. [ 265.904015][T11297] FAULT_INJECTION: forcing a failure. [ 265.904015][T11297] name failslab, interval 1, probability 0, space 0, times 0 [ 265.985434][T11297] CPU: 1 UID: 0 PID: 11297 Comm: syz.0.2142 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 265.985459][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.985468][T11297] Call Trace: [ 265.985473][T11297] [ 265.985479][T11297] dump_stack_lvl+0x16c/0x1f0 [ 265.985505][T11297] should_fail_ex+0x512/0x640 [ 265.985525][T11297] ? __kmalloc_noprof+0xbf/0x510 [ 265.985547][T11297] ? snd_midi_event_new+0xa1/0x210 [ 265.985568][T11297] should_failslab+0xc2/0x120 [ 265.985582][T11297] __kmalloc_noprof+0xd2/0x510 [ 265.985606][T11297] snd_midi_event_new+0xa1/0x210 [ 265.985627][T11297] snd_virmidi_output_open+0x106/0x670 [ 265.985644][T11297] open_substream+0x47b/0x9b0 [ 265.985661][T11297] rawmidi_open_priv+0x543/0x6e0 [ 265.985682][T11297] snd_rawmidi_open+0x4cc/0xbf0 [ 265.985702][T11297] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 265.985728][T11297] ? __pfx_default_wake_function+0x10/0x10 [ 265.985744][T11297] ? kobject_get_unless_zero+0x156/0x1e0 [ 265.985764][T11297] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 265.985782][T11297] snd_open+0x201/0x450 [ 265.985796][T11297] ? __pfx_snd_open+0x10/0x10 [ 265.985808][T11297] chrdev_open+0x231/0x6a0 [ 265.985829][T11297] ? __pfx_apparmor_file_open+0x10/0x10 [ 265.985846][T11297] ? __pfx_chrdev_open+0x10/0x10 [ 265.985868][T11297] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 265.985889][T11297] do_dentry_open+0x744/0x1c10 [ 265.985909][T11297] ? __pfx_chrdev_open+0x10/0x10 [ 265.985933][T11297] vfs_open+0x82/0x3f0 [ 265.985950][T11297] path_openat+0x1de4/0x2cb0 [ 265.985975][T11297] ? __pfx_path_openat+0x10/0x10 [ 265.985996][T11297] ? __lock_acquire+0xb8a/0x1c90 [ 265.986015][T11297] do_filp_open+0x20b/0x470 [ 265.986034][T11297] ? __pfx_do_filp_open+0x10/0x10 [ 265.986067][T11297] ? alloc_fd+0x471/0x7d0 [ 265.986090][T11297] do_sys_openat2+0x11b/0x1d0 [ 265.986105][T11297] ? __pfx_do_sys_openat2+0x10/0x10 [ 265.986127][T11297] __x64_sys_openat+0x174/0x210 [ 265.986142][T11297] ? __pfx___x64_sys_openat+0x10/0x10 [ 265.986165][T11297] do_syscall_64+0xcd/0x490 [ 265.986187][T11297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.986201][T11297] RIP: 0033:0x7f7e8c18e929 [ 265.986214][T11297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.986227][T11297] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 265.986240][T11297] RAX: ffffffffffffffda RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 265.986249][T11297] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 265.986257][T11297] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 265.986265][T11297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.986273][T11297] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 265.986290][T11297] [ 266.654250][ T5152] Bluetooth: hci1: Malformed Event: 0x02 [ 266.862979][T11316] FAULT_INJECTION: forcing a failure. [ 266.862979][T11316] name failslab, interval 1, probability 0, space 0, times 0 [ 266.902025][T11316] CPU: 1 UID: 0 PID: 11316 Comm: syz.1.2150 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 266.902049][T11316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.902058][T11316] Call Trace: [ 266.902063][T11316] [ 266.902069][T11316] dump_stack_lvl+0x16c/0x1f0 [ 266.902094][T11316] should_fail_ex+0x512/0x640 [ 266.902114][T11316] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 266.902137][T11316] should_failslab+0xc2/0x120 [ 266.902151][T11316] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 266.902171][T11316] ? shmem_alloc_inode+0x25/0x50 [ 266.902187][T11316] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 266.902200][T11316] shmem_alloc_inode+0x25/0x50 [ 266.902212][T11316] alloc_inode+0x64/0x240 [ 266.902227][T11316] new_inode+0x22/0x1c0 [ 266.902239][T11316] ? alloc_fd+0x471/0x7d0 [ 266.902257][T11316] shmem_get_inode+0x19a/0xfb0 [ 266.902276][T11316] __shmem_file_setup+0x107/0x330 [ 266.902295][T11316] __do_sys_memfd_create+0x267/0x8a0 [ 266.902313][T11316] do_syscall_64+0xcd/0x490 [ 266.902335][T11316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.902349][T11316] RIP: 0033:0x7f8413f8e929 [ 266.902361][T11316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.902375][T11316] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 266.902388][T11316] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 266.902398][T11316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 266.902406][T11316] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 266.902415][T11316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.902423][T11316] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 266.902441][T11316] [ 267.118499][ T5839] Bluetooth: hci2: ISO packet too small [ 267.777655][T11340] netlink: 130 bytes leftover after parsing attributes in process `syz.1.2160'. [ 268.545866][T11354] sctp: [Deprecated]: syz.1.2166 (pid 11354) Use of int in maxseg socket option. [ 268.545866][T11354] Use struct sctp_assoc_value instead [ 269.600788][T11344] kexec: Could not allocate control_code_buffer [ 270.378141][T11387] netlink: 'syz.3.2176': attribute type 19 has an invalid length. [ 270.406382][T11389] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2180'. [ 270.507157][T11387] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2176'. [ 270.725269][T11395] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2183'. [ 270.777177][T11397] openvswitch: netlink: IP tunnel dst address not specified [ 270.825943][T11397] openvswitch: netlink: IP tunnel dst address not specified [ 271.595550][T11416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2191'. [ 271.653206][T11416] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2191'. [ 272.714366][T11440] netlink: 'syz.3.2202': attribute type 21 has an invalid length. [ 272.797706][T11440] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2202'. [ 273.916859][T11472] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2213'. [ 275.461648][T11504] netlink: 280 bytes leftover after parsing attributes in process `syz.0.2226'. [ 275.645518][T11508] syz.0.2228 (11508): /proc/11507/oom_adj is deprecated, please use /proc/11507/oom_score_adj instead. [ 275.863547][T11515] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2230'. [ 276.492767][T11528] FAULT_INJECTION: forcing a failure. [ 276.492767][T11528] name failslab, interval 1, probability 0, space 0, times 0 [ 276.638969][T11528] CPU: 1 UID: 0 PID: 11528 Comm: syz.3.2236 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 276.638993][T11528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 276.639008][T11528] Call Trace: [ 276.639013][T11528] [ 276.639019][T11528] dump_stack_lvl+0x16c/0x1f0 [ 276.639046][T11528] should_fail_ex+0x512/0x640 [ 276.639066][T11528] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 276.639087][T11528] should_failslab+0xc2/0x120 [ 276.639101][T11528] __kmalloc_cache_noprof+0x6a/0x3e0 [ 276.639122][T11528] ? vsnprintf+0x318/0x1160 [ 276.639140][T11528] ? __alloc_workqueue+0xda2/0x1810 [ 276.639160][T11528] __alloc_workqueue+0xda2/0x1810 [ 276.639176][T11528] ? __pfx_vsnprintf+0x10/0x10 [ 276.639197][T11528] ? lockdep_hardirqs_on+0x7c/0x110 [ 276.639217][T11528] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 276.639238][T11528] alloc_workqueue+0xd2/0x200 [ 276.639254][T11528] ? __pfx_alloc_workqueue+0x10/0x10 [ 276.639276][T11528] ? __pfx___debug_object_init+0x10/0x10 [ 276.639295][T11528] nci_register_device+0x21e/0xb80 [ 276.639316][T11528] ? __pfx_nci_register_device+0x10/0x10 [ 276.639336][T11528] ? lockdep_init_map_type+0x5c/0x280 [ 276.639358][T11528] virtual_ncidev_open+0x141/0x220 [ 276.639376][T11528] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 276.639391][T11528] misc_open+0x35a/0x420 [ 276.639408][T11528] ? __pfx_misc_open+0x10/0x10 [ 276.639424][T11528] chrdev_open+0x231/0x6a0 [ 276.639444][T11528] ? __pfx_apparmor_file_open+0x10/0x10 [ 276.639462][T11528] ? __pfx_chrdev_open+0x10/0x10 [ 276.639483][T11528] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 276.639504][T11528] do_dentry_open+0x744/0x1c10 [ 276.639525][T11528] ? __pfx_chrdev_open+0x10/0x10 [ 276.639549][T11528] vfs_open+0x82/0x3f0 [ 276.639565][T11528] path_openat+0x1de4/0x2cb0 [ 276.639591][T11528] ? __pfx_path_openat+0x10/0x10 [ 276.639611][T11528] ? __lock_acquire+0xb8a/0x1c90 [ 276.639631][T11528] do_filp_open+0x20b/0x470 [ 276.639650][T11528] ? __pfx_do_filp_open+0x10/0x10 [ 276.639683][T11528] ? alloc_fd+0x471/0x7d0 [ 276.639706][T11528] do_sys_openat2+0x11b/0x1d0 [ 276.639721][T11528] ? __pfx_do_sys_openat2+0x10/0x10 [ 276.639743][T11528] __x64_sys_openat+0x174/0x210 [ 276.639759][T11528] ? __pfx___x64_sys_openat+0x10/0x10 [ 276.639782][T11528] do_syscall_64+0xcd/0x490 [ 276.639804][T11528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.639819][T11528] RIP: 0033:0x7fd706f8e929 [ 276.639831][T11528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.639845][T11528] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 276.639858][T11528] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 276.639867][T11528] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 276.639875][T11528] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 276.639883][T11528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.639891][T11528] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 276.639908][T11528] [ 278.517455][T11556] netlink: 26 bytes leftover after parsing attributes in process `syz.3.2248'. [ 278.576364][T11556] openvswitch: netlink: IP tunnel dst address not specified [ 278.958744][T11562] input: = as /devices/virtual/input/input11 [ 280.781445][T11611] FAULT_INJECTION: forcing a failure. [ 280.781445][T11611] name failslab, interval 1, probability 0, space 0, times 0 [ 280.962059][T11611] CPU: 1 UID: 0 PID: 11611 Comm: syz.0.2270 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 280.962083][T11611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.962092][T11611] Call Trace: [ 280.962098][T11611] [ 280.962104][T11611] dump_stack_lvl+0x16c/0x1f0 [ 280.962131][T11611] should_fail_ex+0x512/0x640 [ 280.962151][T11611] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 280.962172][T11611] should_failslab+0xc2/0x120 [ 280.962186][T11611] __kmalloc_cache_noprof+0x6a/0x3e0 [ 280.962205][T11611] ? pty_common_install+0x10e/0xb30 [ 280.962230][T11611] pty_common_install+0x10e/0xb30 [ 280.962250][T11611] ? __pfx_pty_install+0x10/0x10 [ 280.962268][T11611] tty_init_dev.part.0+0x9c/0x500 [ 280.962284][T11611] tty_open+0xa50/0xf90 [ 280.962301][T11611] ? __pfx_tty_open+0x10/0x10 [ 280.962314][T11611] ? chrdev_open+0x58c/0x6a0 [ 280.962337][T11611] ? __pfx_tty_open+0x10/0x10 [ 280.962349][T11611] chrdev_open+0x231/0x6a0 [ 280.962370][T11611] ? __pfx_chrdev_open+0x10/0x10 [ 280.962392][T11611] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 280.962413][T11611] do_dentry_open+0x744/0x1c10 [ 280.962433][T11611] ? __pfx_chrdev_open+0x10/0x10 [ 280.962457][T11611] vfs_open+0x82/0x3f0 [ 280.962473][T11611] path_openat+0x1de4/0x2cb0 [ 280.962499][T11611] ? __pfx_path_openat+0x10/0x10 [ 280.962520][T11611] ? __lock_acquire+0xb8a/0x1c90 [ 280.962540][T11611] do_filp_open+0x20b/0x470 [ 280.962559][T11611] ? __pfx_do_filp_open+0x10/0x10 [ 280.962593][T11611] ? alloc_fd+0x471/0x7d0 [ 280.962616][T11611] do_sys_openat2+0x11b/0x1d0 [ 280.962630][T11611] ? __pfx_do_sys_openat2+0x10/0x10 [ 280.962653][T11611] __x64_sys_openat+0x174/0x210 [ 280.962668][T11611] ? __pfx___x64_sys_openat+0x10/0x10 [ 280.962691][T11611] do_syscall_64+0xcd/0x490 [ 280.962720][T11611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.962736][T11611] RIP: 0033:0x7f7e8c18e929 [ 280.962748][T11611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.962762][T11611] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 280.962776][T11611] RAX: ffffffffffffffda RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 280.962785][T11611] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 280.962793][T11611] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 280.962801][T11611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.962809][T11611] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 280.962828][T11611] [ 283.414523][T11641] FAULT_INJECTION: forcing a failure. [ 283.414523][T11641] name failslab, interval 1, probability 0, space 0, times 0 [ 283.494770][T11641] CPU: 1 UID: 0 PID: 11641 Comm: syz.2.2281 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 283.494793][T11641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.494802][T11641] Call Trace: [ 283.494807][T11641] [ 283.494813][T11641] dump_stack_lvl+0x16c/0x1f0 [ 283.494839][T11641] should_fail_ex+0x512/0x640 [ 283.494860][T11641] ? __kmalloc_noprof+0xbf/0x510 [ 283.494882][T11641] ? realloc_user_queue+0x270/0x310 [ 283.494896][T11641] should_failslab+0xc2/0x120 [ 283.494909][T11641] __kmalloc_noprof+0xd2/0x510 [ 283.494932][T11641] realloc_user_queue+0x270/0x310 [ 283.494948][T11641] ? __pfx_snd_timer_user_open+0x10/0x10 [ 283.494963][T11641] snd_timer_user_open+0xfc/0x180 [ 283.494983][T11641] snd_open+0x201/0x450 [ 283.494997][T11641] ? __pfx_snd_open+0x10/0x10 [ 283.495010][T11641] chrdev_open+0x231/0x6a0 [ 283.495031][T11641] ? __pfx_apparmor_file_open+0x10/0x10 [ 283.495049][T11641] ? __pfx_chrdev_open+0x10/0x10 [ 283.495071][T11641] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 283.495092][T11641] do_dentry_open+0x744/0x1c10 [ 283.495112][T11641] ? __pfx_chrdev_open+0x10/0x10 [ 283.495137][T11641] vfs_open+0x82/0x3f0 [ 283.495154][T11641] path_openat+0x1de4/0x2cb0 [ 283.495179][T11641] ? __pfx_path_openat+0x10/0x10 [ 283.495199][T11641] ? __lock_acquire+0xb8a/0x1c90 [ 283.495219][T11641] do_filp_open+0x20b/0x470 [ 283.495238][T11641] ? __pfx_do_filp_open+0x10/0x10 [ 283.495270][T11641] ? alloc_fd+0x471/0x7d0 [ 283.495293][T11641] do_sys_openat2+0x11b/0x1d0 [ 283.495308][T11641] ? __pfx_do_sys_openat2+0x10/0x10 [ 283.495330][T11641] __x64_sys_openat+0x174/0x210 [ 283.495345][T11641] ? __pfx___x64_sys_openat+0x10/0x10 [ 283.495367][T11641] do_syscall_64+0xcd/0x490 [ 283.495390][T11641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.495404][T11641] RIP: 0033:0x7f011098e929 [ 283.495416][T11641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.495434][T11641] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 283.495448][T11641] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 283.495457][T11641] RDX: 0000000000000420 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 283.495465][T11641] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 283.495473][T11641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.495481][T11641] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 283.495498][T11641] [ 284.620556][T11668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 285.902194][T11708] ptp ptp0: max value is 20 [ 286.941036][T11754] FAULT_INJECTION: forcing a failure. [ 286.941036][T11754] name failslab, interval 1, probability 0, space 0, times 0 [ 287.010555][T11754] CPU: 1 UID: 0 PID: 11754 Comm: syz.1.2329 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 287.010580][T11754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.010589][T11754] Call Trace: [ 287.010593][T11754] [ 287.010599][T11754] dump_stack_lvl+0x16c/0x1f0 [ 287.010626][T11754] should_fail_ex+0x512/0x640 [ 287.010647][T11754] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 287.010670][T11754] should_failslab+0xc2/0x120 [ 287.010683][T11754] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 287.010703][T11754] ? security_file_alloc+0x34/0x2b0 [ 287.010724][T11754] security_file_alloc+0x34/0x2b0 [ 287.010742][T11754] init_file+0x93/0x4c0 [ 287.010755][T11754] alloc_empty_file+0x73/0x1e0 [ 287.010770][T11754] alloc_file_pseudo+0x13a/0x230 [ 287.010786][T11754] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 287.010800][T11754] ? tipc_sk_finish_conn+0x580/0x790 [ 287.010817][T11754] sock_alloc_file+0x50/0x210 [ 287.010831][T11754] __sys_socketpair+0x34e/0x5a0 [ 287.010849][T11754] ? __pfx___sys_socketpair+0x10/0x10 [ 287.010864][T11754] ? fput+0x70/0xf0 [ 287.010878][T11754] ? xfd_validate_state+0x61/0x180 [ 287.010894][T11754] ? __pfx_do_writev+0x10/0x10 [ 287.010915][T11754] __x64_sys_socketpair+0x96/0x100 [ 287.010931][T11754] ? lockdep_hardirqs_on+0x7c/0x110 [ 287.010950][T11754] do_syscall_64+0xcd/0x490 [ 287.010972][T11754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.010986][T11754] RIP: 0033:0x7f8413f8e929 [ 287.010998][T11754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.011010][T11754] RSP: 002b:00007f8414ddb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 287.011024][T11754] RAX: ffffffffffffffda RBX: 00007f84141b6080 RCX: 00007f8413f8e929 [ 287.011033][T11754] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 287.011041][T11754] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 287.011048][T11754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.011056][T11754] R13: 0000000000000000 R14: 00007f84141b6080 R15: 00007ffcd4bc0d28 [ 287.011073][T11754] [ 288.974413][T11788] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2344'. [ 290.658200][T11816] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2354'. [ 290.720280][T11816] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2354'. [ 291.178393][ T30] audit: type=1800 audit(4294967483.210:10): pid=11834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2361" name="dbroot" dev="configfs" ino=28504 res=0 errno=0 [ 291.200582][ C1] vkms_vblank_simulate: vblank timer overrun [ 291.730847][T11844] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2364'. [ 292.145902][T11854] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2369'. [ 292.482406][T11863] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2373'. [ 292.727596][T11871] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2377'. [ 293.689535][T11900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 293.740267][T11900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 293.805338][T11900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 293.856789][T11900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 293.885325][T11900] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 293.911430][T11900] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 293.925407][T11900] CPU0 is offline. [ 294.160614][T11913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2392'. [ 294.218607][T11913] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2392'. [ 294.498227][T11924] FAULT_INJECTION: forcing a failure. [ 294.498227][T11924] name failslab, interval 1, probability 0, space 0, times 0 [ 294.579715][T11924] CPU: 1 UID: 0 PID: 11924 Comm: syz.0.2397 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 294.579738][T11924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.579746][T11924] Call Trace: [ 294.579751][T11924] [ 294.579757][T11924] dump_stack_lvl+0x16c/0x1f0 [ 294.579781][T11924] should_fail_ex+0x512/0x640 [ 294.579808][T11924] ? __kmalloc_noprof+0xbf/0x510 [ 294.579832][T11924] ? binder_open+0x168/0xde0 [ 294.579853][T11924] should_failslab+0xc2/0x120 [ 294.579866][T11924] __kmalloc_noprof+0xd2/0x510 [ 294.579889][T11924] binder_open+0x168/0xde0 [ 294.579911][T11924] ? __pfx_apparmor_file_open+0x10/0x10 [ 294.579928][T11924] ? __pfx_binder_open+0x10/0x10 [ 294.579950][T11924] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 294.579971][T11924] do_dentry_open+0x744/0x1c10 [ 294.579991][T11924] ? __pfx_binder_open+0x10/0x10 [ 294.580015][T11924] vfs_open+0x82/0x3f0 [ 294.580032][T11924] path_openat+0x1de4/0x2cb0 [ 294.580057][T11924] ? __pfx_path_openat+0x10/0x10 [ 294.580077][T11924] ? __lock_acquire+0xb8a/0x1c90 [ 294.580096][T11924] do_filp_open+0x20b/0x470 [ 294.580115][T11924] ? __pfx_do_filp_open+0x10/0x10 [ 294.580148][T11924] ? alloc_fd+0x471/0x7d0 [ 294.580170][T11924] do_sys_openat2+0x11b/0x1d0 [ 294.580185][T11924] ? __pfx_do_sys_openat2+0x10/0x10 [ 294.580207][T11924] __x64_sys_openat+0x174/0x210 [ 294.580222][T11924] ? __pfx___x64_sys_openat+0x10/0x10 [ 294.580244][T11924] do_syscall_64+0xcd/0x490 [ 294.580266][T11924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.580280][T11924] RIP: 0033:0x7f7e8c18e929 [ 294.580293][T11924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.580305][T11924] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 294.580319][T11924] RAX: ffffffffffffffda RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 294.580327][T11924] RDX: 0000000000002001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 294.580336][T11924] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 294.580344][T11924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.580351][T11924] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 294.580369][T11924] [ 295.707195][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 295.786239][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 295.865458][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 295.872771][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 297.954163][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 298.317754][T11970] kexec: Could not allocate control_code_buffer [ 300.024342][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 301.369584][T12069] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2456'. [ 301.436550][T12069] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2456'. [ 301.454749][T12076] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2459'. [ 302.486620][T12105] netlink: 'syz.1.2471': attribute type 35 has an invalid length. [ 302.657955][T12107] FAULT_INJECTION: forcing a failure. [ 302.657955][T12107] name failslab, interval 1, probability 0, space 0, times 0 [ 302.763710][T12107] CPU: 1 UID: 0 PID: 12107 Comm: syz.2.2472 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 302.763732][T12107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.763741][T12107] Call Trace: [ 302.763746][T12107] [ 302.763752][T12107] dump_stack_lvl+0x16c/0x1f0 [ 302.763777][T12107] should_fail_ex+0x512/0x640 [ 302.763797][T12107] ? fs_reclaim_acquire+0xae/0x150 [ 302.763816][T12107] should_failslab+0xc2/0x120 [ 302.763829][T12107] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 302.763849][T12107] ? security_inode_alloc+0x3b/0x2b0 [ 302.763868][T12107] security_inode_alloc+0x3b/0x2b0 [ 302.763884][T12107] inode_init_always_gfp+0xce4/0x1030 [ 302.763906][T12107] alloc_inode+0x86/0x240 [ 302.763920][T12107] path_from_stashed+0x2be/0xb00 [ 302.763939][T12107] ? do_raw_spin_lock+0x12c/0x2b0 [ 302.763961][T12107] ? __pfx_path_from_stashed+0x10/0x10 [ 302.763981][T12107] ? do_raw_spin_unlock+0x172/0x230 [ 302.764010][T12107] ns_get_path+0x5f/0x80 [ 302.764029][T12107] proc_ns_get_link+0x121/0x260 [ 302.764048][T12107] ? __pfx_proc_ns_get_link+0x10/0x10 [ 302.764068][T12107] ? atime_needs_update+0x8b/0x710 [ 302.764083][T12107] ? __pfx_proc_ns_get_link+0x10/0x10 [ 302.764101][T12107] step_into+0x1a2c/0x2270 [ 302.764122][T12107] ? __pfx_step_into+0x10/0x10 [ 302.764138][T12107] ? find_held_lock+0x2b/0x80 [ 302.764157][T12107] path_openat+0x6db/0x2cb0 [ 302.764181][T12107] ? __pfx_path_openat+0x10/0x10 [ 302.764201][T12107] ? __lock_acquire+0xb8a/0x1c90 [ 302.764221][T12107] do_filp_open+0x20b/0x470 [ 302.764240][T12107] ? __pfx_do_filp_open+0x10/0x10 [ 302.764284][T12107] ? alloc_fd+0x471/0x7d0 [ 302.764308][T12107] do_sys_openat2+0x11b/0x1d0 [ 302.764324][T12107] ? __pfx_do_sys_openat2+0x10/0x10 [ 302.764346][T12107] __x64_sys_openat+0x174/0x210 [ 302.764363][T12107] ? __pfx___x64_sys_openat+0x10/0x10 [ 302.764386][T12107] do_syscall_64+0xcd/0x490 [ 302.764409][T12107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.764423][T12107] RIP: 0033:0x7f011098d290 [ 302.764435][T12107] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 302.764447][T12107] RSP: 002b:00007f0111894f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 302.764461][T12107] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f011098d290 [ 302.764469][T12107] RDX: 0000000000000002 RSI: 00007f0111894fa0 RDI: 00000000ffffff9c [ 302.764477][T12107] RBP: 00007f0111894fa0 R08: 0000000000000000 R09: 0000000000000000 [ 302.764485][T12107] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 302.764493][T12107] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 302.764510][T12107] [ 303.055841][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.086421][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2475'. [ 303.822145][T12121] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2485'. [ 304.057325][T12128] blkio.reset_stats is deprecated [ 304.157808][T12133] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2481'. [ 304.565452][T12143] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 304.627432][T12143] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 304.681529][T12143] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 304.706636][T12148] FAULT_INJECTION: forcing a failure. [ 304.706636][T12148] name failslab, interval 1, probability 0, space 0, times 0 [ 304.737561][T12143] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 304.755646][T12143] CPU0 is offline. [ 304.762411][T12148] CPU: 1 UID: 0 PID: 12148 Comm: syz.2.2487 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 304.762433][T12148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.762442][T12148] Call Trace: [ 304.762447][T12148] [ 304.762453][T12148] dump_stack_lvl+0x16c/0x1f0 [ 304.762480][T12148] should_fail_ex+0x512/0x640 [ 304.762500][T12148] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 304.762523][T12148] should_failslab+0xc2/0x120 [ 304.762537][T12148] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 304.762557][T12148] ? alloc_uid+0x13d/0x4c0 [ 304.762573][T12148] ? _raw_spin_unlock_irq+0x23/0x50 [ 304.762593][T12148] alloc_uid+0x13d/0x4c0 [ 304.762609][T12148] ? __pfx_alloc_uid+0x10/0x10 [ 304.762625][T12148] ? security_prepare_creds+0xa7/0x270 [ 304.762648][T12148] __sys_setresuid+0x507/0x1160 [ 304.762666][T12148] do_syscall_64+0xcd/0x490 [ 304.762688][T12148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.762702][T12148] RIP: 0033:0x7f011098e929 [ 304.762714][T12148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.762727][T12148] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 304.762741][T12148] RAX: ffffffffffffffda RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 304.762750][T12148] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 304.762758][T12148] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 304.762766][T12148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.762774][T12148] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 304.762791][T12148] [ 304.947848][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.931914][T12178] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2501'. [ 306.095341][T12176] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2500'. [ 306.585338][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 306.664431][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 306.744831][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 306.751872][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 306.804631][T12208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2512'. [ 306.891649][T12210] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2514'. [ 307.211727][T12219] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 307.282575][T12219] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 307.329938][T12219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 307.410452][T12219] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 307.454420][T12219] CPU0 is offline. [ 307.799853][T12236] openvswitch: netlink: Unknown nsh attribute 0 [ 307.888157][T12238] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2525'. [ 308.276680][ T30] audit: type=1326 audit(4294967500.310:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm="syz.0.2532" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7e8c18e929 code=0x0 [ 309.225608][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 309.288989][T12273] FAULT_INJECTION: forcing a failure. [ 309.288989][T12273] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 309.313945][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 309.330149][T12272] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 309.346639][T12273] CPU: 1 UID: 0 PID: 12273 Comm: syz.1.2537 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 309.346662][T12273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 309.346671][T12273] Call Trace: [ 309.346676][T12273] [ 309.346682][T12273] dump_stack_lvl+0x16c/0x1f0 [ 309.346708][T12273] should_fail_ex+0x512/0x640 [ 309.346732][T12273] should_fail_alloc_page+0xe7/0x130 [ 309.346747][T12273] prepare_alloc_pages+0x3c2/0x610 [ 309.346763][T12273] ? rcu_is_watching+0x12/0xc0 [ 309.346780][T12273] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 309.346800][T12273] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 309.346817][T12273] ? is_bpf_text_address+0x94/0x1a0 [ 309.346841][T12273] ? kernel_text_address+0x8d/0x100 [ 309.346863][T12273] ? __kernel_text_address+0xd/0x40 [ 309.346886][T12273] ? unwind_get_return_address+0x59/0xa0 [ 309.346907][T12273] ? arch_stack_walk+0xa6/0x100 [ 309.346929][T12273] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 309.346955][T12273] ? stack_depot_save_flags+0x28/0xa40 [ 309.346975][T12273] ? stack_trace_save+0x8e/0xc0 [ 309.346989][T12273] ? __pfx_stack_trace_save+0x10/0x10 [ 309.347004][T12273] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 309.347025][T12273] ? policy_nodemask+0xea/0x4e0 [ 309.347048][T12273] alloc_pages_mpol+0x1fb/0x550 [ 309.347062][T12273] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 309.347079][T12273] alloc_pages_noprof+0x131/0x390 [ 309.347093][T12273] kimage_alloc_pages+0x75/0x350 [ 309.347115][T12273] kimage_alloc_control_pages+0x153/0xa00 [ 309.347141][T12273] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 309.347167][T12273] do_kexec_load+0x480/0x8d0 [ 309.347182][T12273] ? __pfx_do_kexec_load+0x10/0x10 [ 309.347196][T12273] ? _copy_from_user+0x59/0xd0 [ 309.347218][T12273] __x64_sys_kexec_load+0x1bf/0x230 [ 309.347233][T12273] do_syscall_64+0xcd/0x490 [ 309.347255][T12273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.347269][T12273] RIP: 0033:0x7f8413f8e929 [ 309.347280][T12273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.347294][T12273] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 309.347307][T12273] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 309.347316][T12273] RDX: 0000200000000040 RSI: 0000000000000002 RDI: 0000000000000005 [ 309.347324][T12273] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 309.347332][T12273] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 309.347340][T12273] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 309.347357][T12273] [ 309.348054][T12273] kexec: Could not allocate control_code_buffer [ 309.647652][T12272] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 309.664044][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 309.671302][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 309.702479][T12272] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 309.730629][T12272] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 309.748316][T12272] CPU0 is offline. [ 311.219056][T12313] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2553'. [ 311.384338][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 311.704629][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 311.864623][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 311.871521][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 312.232855][T12334] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2562'. [ 312.550035][T12345] netlink: 'syz.3.2567': attribute type 13 has an invalid length. [ 313.726864][T12342] kexec: Could not allocate control_code_buffer [ 313.824578][T12366] FAULT_INJECTION: forcing a failure. [ 313.824578][T12366] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 313.880769][T12366] CPU: 1 UID: 0 PID: 12366 Comm: syz.0.2582 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 313.880793][T12366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.880802][T12366] Call Trace: [ 313.880807][T12366] [ 313.880813][T12366] dump_stack_lvl+0x16c/0x1f0 [ 313.880839][T12366] should_fail_ex+0x512/0x640 [ 313.880863][T12366] _copy_from_user+0x2e/0xd0 [ 313.880886][T12366] kstrtouint_from_user+0xd6/0x1d0 [ 313.880903][T12366] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 313.880922][T12366] ? get_pid_task+0xfc/0x250 [ 313.880944][T12366] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 313.880961][T12366] proc_fail_nth_write+0x83/0x250 [ 313.880976][T12366] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 313.880993][T12366] ? iov_iter_advance+0x1e3/0x6c0 [ 313.881016][T12366] vfs_writev+0x5dc/0xde0 [ 313.881033][T12366] ? __pfx___mutex_trylock_common+0x10/0x10 [ 313.881057][T12366] ? __pfx_vfs_writev+0x10/0x10 [ 313.881075][T12366] ? __mutex_lock+0x1ca/0xb90 [ 313.881094][T12366] ? kmem_cache_free+0x2d1/0x4d0 [ 313.881117][T12366] ? __pfx___mutex_lock+0x10/0x10 [ 313.881144][T12366] ? __fget_files+0x20e/0x3c0 [ 313.881167][T12366] ? do_writev+0x132/0x340 [ 313.881182][T12366] do_writev+0x132/0x340 [ 313.881199][T12366] ? __pfx_do_writev+0x10/0x10 [ 313.881222][T12366] do_syscall_64+0xcd/0x490 [ 313.881244][T12366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.881259][T12366] RIP: 0033:0x7f7e8c18e929 [ 313.881271][T12366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.881283][T12366] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 313.881296][T12366] RAX: ffffffffffffffda RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 313.881305][T12366] RDX: 0000000000000003 RSI: 0000200000000200 RDI: 0000000000000004 [ 313.881313][T12366] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 313.881321][T12366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.881329][T12366] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 313.881347][T12366] [ 314.586248][T12387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2584'. [ 314.751662][T12393] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2587'. [ 315.296535][T12411] netlink: 'syz.2.2596': attribute type 3 has an invalid length. [ 315.419934][T12414] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2597'. [ 315.670373][T12425] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2602'. [ 316.018825][T12430] syz.2.2604 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 316.967632][T12453] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2612'. [ 317.072967][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.081138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.298764][T12458] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2615'. [ 319.038666][T12506] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.361829][T12519] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2639'. [ 320.582951][T12549] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2651'. [ 320.769592][T12556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2653'. [ 322.101050][T12592] FAULT_INJECTION: forcing a failure. [ 322.101050][T12592] name failslab, interval 1, probability 0, space 0, times 0 [ 322.214719][T12592] CPU: 1 UID: 0 PID: 12592 Comm: syz.1.2667 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 322.214743][T12592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.214752][T12592] Call Trace: [ 322.214758][T12592] [ 322.214764][T12592] dump_stack_lvl+0x16c/0x1f0 [ 322.214790][T12592] should_fail_ex+0x512/0x640 [ 322.214810][T12592] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 322.214835][T12592] should_failslab+0xc2/0x120 [ 322.214849][T12592] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 322.214871][T12592] ? __split_page_owner+0x23b/0x3b0 [ 322.214891][T12592] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 322.214915][T12592] krealloc_noprof+0x1fc/0x370 [ 322.214937][T12592] snd_pcm_hw_rule_add+0x414/0x5a0 [ 322.214958][T12592] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 322.214975][T12592] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 322.215007][T12592] ? lockdep_init_map_type+0x5c/0x280 [ 322.215028][T12592] ? debug_mutex_init+0x37/0x70 [ 322.215041][T12592] ? snd_pcm_attach_substream+0x89d/0xd60 [ 322.215065][T12592] snd_pcm_open_substream+0x534/0x17f0 [ 322.215085][T12592] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 322.215104][T12592] ? rcu_is_watching+0x12/0xc0 [ 322.215121][T12592] snd_pcm_open+0x29e/0x730 [ 322.215141][T12592] ? __pfx_snd_pcm_open+0x10/0x10 [ 322.215160][T12592] ? __pfx_default_wake_function+0x10/0x10 [ 322.215180][T12592] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 322.215197][T12592] snd_pcm_capture_open+0x89/0xe0 [ 322.215215][T12592] snd_open+0x201/0x450 [ 322.215228][T12592] ? __pfx_snd_open+0x10/0x10 [ 322.215240][T12592] chrdev_open+0x231/0x6a0 [ 322.215262][T12592] ? __pfx_chrdev_open+0x10/0x10 [ 322.215284][T12592] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 322.215305][T12592] do_dentry_open+0x744/0x1c10 [ 322.215325][T12592] ? __pfx_chrdev_open+0x10/0x10 [ 322.215349][T12592] vfs_open+0x82/0x3f0 [ 322.215366][T12592] path_openat+0x1de4/0x2cb0 [ 322.215392][T12592] ? __pfx_path_openat+0x10/0x10 [ 322.215413][T12592] ? __lock_acquire+0xb8a/0x1c90 [ 322.215432][T12592] do_filp_open+0x20b/0x470 [ 322.215452][T12592] ? __pfx_do_filp_open+0x10/0x10 [ 322.215484][T12592] ? alloc_fd+0x471/0x7d0 [ 322.215508][T12592] do_sys_openat2+0x11b/0x1d0 [ 322.215523][T12592] ? __pfx_do_sys_openat2+0x10/0x10 [ 322.215545][T12592] __x64_sys_openat+0x174/0x210 [ 322.215560][T12592] ? __pfx___x64_sys_openat+0x10/0x10 [ 322.215584][T12592] do_syscall_64+0xcd/0x490 [ 322.215607][T12592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.215621][T12592] RIP: 0033:0x7f8413f8e929 [ 322.215634][T12592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.215647][T12592] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 322.215661][T12592] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 322.215670][T12592] RDX: 0000000000001200 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 322.215679][T12592] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 322.215688][T12592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.215696][T12592] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 322.215715][T12592] [ 322.571946][ C1] vkms_vblank_simulate: vblank timer overrun [ 323.132236][T12600] FAULT_INJECTION: forcing a failure. [ 323.132236][T12600] name failslab, interval 1, probability 0, space 0, times 0 [ 323.167286][T12600] CPU: 1 UID: 0 PID: 12600 Comm: syz.2.2671 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 323.167310][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.167319][T12600] Call Trace: [ 323.167325][T12600] [ 323.167331][T12600] dump_stack_lvl+0x16c/0x1f0 [ 323.167357][T12600] should_fail_ex+0x512/0x640 [ 323.167378][T12600] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 323.167399][T12600] should_failslab+0xc2/0x120 [ 323.167413][T12600] __kmalloc_cache_noprof+0x6a/0x3e0 [ 323.167431][T12600] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 323.167448][T12600] ? kasan_save_track+0x14/0x30 [ 323.167470][T12600] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 323.167487][T12600] ? rcu_is_watching+0x12/0xc0 [ 323.167512][T12600] ? __mutex_lock+0x1ca/0xb90 [ 323.167537][T12600] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 323.167555][T12600] ? __pfx___mutex_lock+0x10/0x10 [ 323.167581][T12600] ? __fsnotify_parent+0x24b/0xc40 [ 323.167605][T12600] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 323.167621][T12600] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 323.167636][T12600] snd_pcm_oss_sync+0x1de/0x840 [ 323.167653][T12600] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 323.167668][T12600] snd_pcm_oss_release+0x28b/0x310 [ 323.167684][T12600] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 323.167698][T12600] __fput+0x402/0xb70 [ 323.167716][T12600] task_work_run+0x14d/0x240 [ 323.167738][T12600] ? __pfx_task_work_run+0x10/0x10 [ 323.167758][T12600] ? __pfx___do_sys_close_range+0x10/0x10 [ 323.167782][T12600] exit_to_user_mode_loop+0xeb/0x110 [ 323.167804][T12600] do_syscall_64+0x3f6/0x490 [ 323.167826][T12600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.167840][T12600] RIP: 0033:0x7f011098e929 [ 323.167852][T12600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.167866][T12600] RSP: 002b:00007f0111895038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 323.167886][T12600] RAX: 0000000000000000 RBX: 00007f0110bb5fa0 RCX: 00007f011098e929 [ 323.167895][T12600] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 323.167904][T12600] RBP: 00007f0110a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 323.167912][T12600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.167921][T12600] R13: 0000000000000000 R14: 00007f0110bb5fa0 R15: 00007ffeccd014a8 [ 323.167940][T12600] [ 323.436260][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.661090][T12631] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2684'. [ 324.876496][T12641] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2689'. [ 325.180115][T12652] netlink: 'syz.1.2693': attribute type 1 has an invalid length. [ 325.463188][T12662] FAULT_INJECTION: forcing a failure. [ 325.463188][T12662] name failslab, interval 1, probability 0, space 0, times 0 [ 325.511069][T12662] CPU: 1 UID: 0 PID: 12662 Comm: syz.0.2696 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 325.511093][T12662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 325.511103][T12662] Call Trace: [ 325.511108][T12662] [ 325.511114][T12662] dump_stack_lvl+0x16c/0x1f0 [ 325.511140][T12662] should_fail_ex+0x512/0x640 [ 325.511161][T12662] ? fs_reclaim_acquire+0xae/0x150 [ 325.511180][T12662] should_failslab+0xc2/0x120 [ 325.511193][T12662] __kmalloc_cache_noprof+0x6a/0x3e0 [ 325.511212][T12662] ? tomoyo_open_control+0x415/0xa30 [ 325.511236][T12662] tomoyo_open_control+0x415/0xa30 [ 325.511259][T12662] do_dentry_open+0x744/0x1c10 [ 325.511280][T12662] ? __pfx_tomoyo_open+0x10/0x10 [ 325.511302][T12662] vfs_open+0x82/0x3f0 [ 325.511318][T12662] path_openat+0x1de4/0x2cb0 [ 325.511344][T12662] ? __pfx_path_openat+0x10/0x10 [ 325.511364][T12662] ? __lock_acquire+0xb8a/0x1c90 [ 325.511384][T12662] do_filp_open+0x20b/0x470 [ 325.511404][T12662] ? __pfx_do_filp_open+0x10/0x10 [ 325.511436][T12662] ? alloc_fd+0x471/0x7d0 [ 325.511459][T12662] do_sys_openat2+0x11b/0x1d0 [ 325.511474][T12662] ? __pfx_do_sys_openat2+0x10/0x10 [ 325.511495][T12662] __x64_sys_openat+0x174/0x210 [ 325.511511][T12662] ? __pfx___x64_sys_openat+0x10/0x10 [ 325.511534][T12662] do_syscall_64+0xcd/0x490 [ 325.511556][T12662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.511571][T12662] RIP: 0033:0x7f7e8c18e929 [ 325.511584][T12662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.511597][T12662] RSP: 002b:00007f7e8cfee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 325.511611][T12662] RAX: ffffffffffffffda RBX: 00007f7e8c3b5fa0 RCX: 00007f7e8c18e929 [ 325.511620][T12662] RDX: 00000000000c0802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 325.511629][T12662] RBP: 00007f7e8c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 325.511638][T12662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.511647][T12662] R13: 0000000000000000 R14: 00007f7e8c3b5fa0 R15: 00007ffcb0842d88 [ 325.511665][T12662] [ 325.744971][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.055408][T12670] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2699'. [ 327.508178][T12712] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2710'. [ 328.408943][T12738] netlink: 'syz.2.2718': attribute type 2 has an invalid length. [ 328.482228][T12738] netlink: 'syz.2.2718': attribute type 2 has an invalid length. [ 329.106433][T12756] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2724'. [ 329.398621][T12756] team0: Port device team_slave_1 removed [ 332.613563][T12850] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2750'. [ 332.894147][T12859] netlink: 74 bytes leftover after parsing attributes in process `syz.2.2752'. [ 333.176193][T12866] ptp ptp0: new virtual clock ptp1 [ 333.247646][T12866] ptp ptp0: new virtual clock ptp2 [ 333.287665][T12866] ptp ptp0: new virtual clock ptp3 [ 333.319499][T12866] ptp ptp0: guarantee physical clock free running [ 333.538080][T12876] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2759'. [ 333.577879][T12876] vcan0: entered promiscuous mode [ 334.127206][T12901] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2768'. [ 334.227166][T12905] FAULT_INJECTION: forcing a failure. [ 334.227166][T12905] name failslab, interval 1, probability 0, space 0, times 0 [ 334.261772][T12905] CPU: 1 UID: 0 PID: 12905 Comm: syz.1.2770 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 334.261815][T12905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.261828][T12905] Call Trace: [ 334.261833][T12905] [ 334.261839][T12905] dump_stack_lvl+0x16c/0x1f0 [ 334.261866][T12905] should_fail_ex+0x512/0x640 [ 334.261885][T12905] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 334.261909][T12905] should_failslab+0xc2/0x120 [ 334.261923][T12905] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 334.261942][T12905] ? trace_kmalloc+0x2b/0xd0 [ 334.261955][T12905] ? seq_open+0x55/0x170 [ 334.261971][T12905] seq_open+0x55/0x170 [ 334.261985][T12905] __seq_open_private+0x3e/0xd0 [ 334.262001][T12905] sysvipc_proc_open+0x29/0x2d0 [ 334.262019][T12905] ? __pfx_sysvipc_proc_open+0x10/0x10 [ 334.262037][T12905] proc_reg_open+0x119/0x610 [ 334.262058][T12905] do_dentry_open+0x744/0x1c10 [ 334.262078][T12905] ? __pfx_proc_reg_open+0x10/0x10 [ 334.262101][T12905] vfs_open+0x82/0x3f0 [ 334.262117][T12905] path_openat+0x1de4/0x2cb0 [ 334.262150][T12905] ? __pfx_path_openat+0x10/0x10 [ 334.262170][T12905] ? __lock_acquire+0xb8a/0x1c90 [ 334.262191][T12905] do_filp_open+0x20b/0x470 [ 334.262213][T12905] ? __pfx_do_filp_open+0x10/0x10 [ 334.262246][T12905] ? alloc_fd+0x471/0x7d0 [ 334.262268][T12905] do_sys_openat2+0x11b/0x1d0 [ 334.262283][T12905] ? __pfx_do_sys_openat2+0x10/0x10 [ 334.262305][T12905] __x64_sys_openat+0x174/0x210 [ 334.262321][T12905] ? __pfx___x64_sys_openat+0x10/0x10 [ 334.262343][T12905] do_syscall_64+0xcd/0x490 [ 334.262365][T12905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.262380][T12905] RIP: 0033:0x7f8413f8e929 [ 334.262392][T12905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.262406][T12905] RSP: 002b:00007f8414dfc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 334.262420][T12905] RAX: ffffffffffffffda RBX: 00007f84141b5fa0 RCX: 00007f8413f8e929 [ 334.262429][T12905] RDX: 0000000000000082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 334.262438][T12905] RBP: 00007f8414010b39 R08: 0000000000000000 R09: 0000000000000000 [ 334.262446][T12905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.262454][T12905] R13: 0000000000000000 R14: 00007f84141b5fa0 R15: 00007ffcd4bc0d28 [ 334.262472][T12905] [ 334.582186][T12907] netlink: 'syz.3.2771': attribute type 27 has an invalid length. [ 334.595663][T12907] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2771'. [ 335.616770][T12928] FAULT_INJECTION: forcing a failure. [ 335.616770][T12928] name failslab, interval 1, probability 0, space 0, times 0 [ 335.654605][T12928] CPU: 1 UID: 0 PID: 12928 Comm: syz.3.2780 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 335.654631][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.654640][T12928] Call Trace: [ 335.654645][T12928] [ 335.654651][T12928] dump_stack_lvl+0x16c/0x1f0 [ 335.654677][T12928] should_fail_ex+0x512/0x640 [ 335.654697][T12928] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 335.654719][T12928] should_failslab+0xc2/0x120 [ 335.654733][T12928] __kmalloc_cache_noprof+0x6a/0x3e0 [ 335.654750][T12928] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.654771][T12928] ? snd_seq_fifo_new+0x42/0x260 [ 335.654789][T12928] ? seq_create_client1+0x420/0x5e0 [ 335.654810][T12928] ? __pfx_snd_seq_open+0x10/0x10 [ 335.654831][T12928] snd_seq_fifo_new+0x42/0x260 [ 335.654848][T12928] snd_seq_open+0x15c/0x550 [ 335.654870][T12928] ? __pfx_snd_seq_open+0x10/0x10 [ 335.654890][T12928] snd_open+0x201/0x450 [ 335.654903][T12928] ? __pfx_snd_open+0x10/0x10 [ 335.654915][T12928] chrdev_open+0x231/0x6a0 [ 335.654935][T12928] ? __pfx_apparmor_file_open+0x10/0x10 [ 335.654953][T12928] ? __pfx_chrdev_open+0x10/0x10 [ 335.654975][T12928] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 335.654997][T12928] do_dentry_open+0x744/0x1c10 [ 335.655017][T12928] ? __pfx_chrdev_open+0x10/0x10 [ 335.655041][T12928] vfs_open+0x82/0x3f0 [ 335.655058][T12928] path_openat+0x1de4/0x2cb0 [ 335.655091][T12928] ? __pfx_path_openat+0x10/0x10 [ 335.655112][T12928] ? __lock_acquire+0xb8a/0x1c90 [ 335.655134][T12928] do_filp_open+0x20b/0x470 [ 335.655155][T12928] ? __pfx_do_filp_open+0x10/0x10 [ 335.655189][T12928] ? alloc_fd+0x471/0x7d0 [ 335.655213][T12928] do_sys_openat2+0x11b/0x1d0 [ 335.655228][T12928] ? __pfx_do_sys_openat2+0x10/0x10 [ 335.655250][T12928] __x64_sys_openat+0x174/0x210 [ 335.655266][T12928] ? __pfx___x64_sys_openat+0x10/0x10 [ 335.655289][T12928] do_syscall_64+0xcd/0x490 [ 335.655311][T12928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.655325][T12928] RIP: 0033:0x7fd706f8e929 [ 335.655338][T12928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.655352][T12928] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 335.655366][T12928] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 335.655375][T12928] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 335.655383][T12928] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 335.655392][T12928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.655400][T12928] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 335.655419][T12928] [ 336.840407][T12957] Console: switching to colour VGA+ 80x25 [ 336.908651][T12957] ================================================================== [ 336.908664][T12957] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 336.908693][T12957] Read of size 256 at addr ffff88807a9d2860 by task syz.3.2792/12957 [ 336.908706][T12957] [ 336.908714][T12957] CPU: 1 UID: 0 PID: 12957 Comm: syz.3.2792 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 336.908732][T12957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.908740][T12957] Call Trace: [ 336.908745][T12957] [ 336.908751][T12957] dump_stack_lvl+0x116/0x1f0 [ 336.908781][T12957] print_report+0xcd/0x680 [ 336.908804][T12957] ? __virt_addr_valid+0x81/0x610 [ 336.908818][T12957] ? __phys_addr+0xe8/0x180 [ 336.908832][T12957] ? fbcon_prepare_logo+0xa03/0xc70 [ 336.908851][T12957] kasan_report+0xe0/0x110 [ 336.908864][T12957] ? fbcon_prepare_logo+0xa03/0xc70 [ 336.908888][T12957] kasan_check_range+0x100/0x1b0 [ 336.908903][T12957] __asan_memcpy+0x23/0x60 [ 336.908921][T12957] fbcon_prepare_logo+0xa03/0xc70 [ 336.908944][T12957] fbcon_init+0xd77/0x1900 [ 336.908972][T12957] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 336.908997][T12957] visual_init+0x31d/0x620 [ 336.909015][T12957] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 336.909038][T12957] store_bind+0x61d/0x760 [ 336.909058][T12957] ? sysfs_file_kobj+0xe4/0x290 [ 336.909075][T12957] ? __pfx_store_bind+0x10/0x10 [ 336.909093][T12957] dev_attr_store+0x55/0x80 [ 336.909105][T12957] ? __pfx_dev_attr_store+0x10/0x10 [ 336.909117][T12957] sysfs_kf_write+0xf2/0x150 [ 336.909132][T12957] kernfs_fop_write_iter+0x351/0x510 [ 336.909146][T12957] ? __pfx_sysfs_kf_write+0x10/0x10 [ 336.909162][T12957] vfs_write+0x6c4/0x1150 [ 336.909180][T12957] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 336.909195][T12957] ? __pfx___mutex_lock+0x10/0x10 [ 336.909215][T12957] ? __pfx_vfs_write+0x10/0x10 [ 336.909239][T12957] ksys_write+0x12a/0x250 [ 336.909257][T12957] ? __pfx_ksys_write+0x10/0x10 [ 336.909277][T12957] do_syscall_64+0xcd/0x490 [ 336.909298][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.909312][T12957] RIP: 0033:0x7fd706f8e929 [ 336.909324][T12957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.909337][T12957] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 336.909351][T12957] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 336.909360][T12957] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 336.909369][T12957] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 336.909377][T12957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.909385][T12957] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 336.909400][T12957] [ 336.909404][T12957] [ 336.909408][T12957] Allocated by task 7875: [ 336.909415][T12957] kasan_save_stack+0x33/0x60 [ 336.909433][T12957] kasan_save_track+0x14/0x30 [ 336.909451][T12957] __kasan_kmalloc+0xaa/0xb0 [ 336.909468][T12957] nbp_vlan_add+0x1f4/0x410 [ 336.909488][T12957] nbp_vlan_init+0x373/0x500 [ 336.909506][T12957] br_add_if+0xfcf/0x1b70 [ 336.909525][T12957] add_del_if+0x114/0x160 [ 336.909535][T12957] br_dev_siocdevprivate+0x908/0x1650 [ 336.909547][T12957] dev_ifsioc+0x8eb/0x1ee0 [ 336.909565][T12957] dev_ioctl+0x1b2/0x1060 [ 336.909582][T12957] sock_ioctl+0x5b3/0x6b0 [ 336.909596][T12957] __x64_sys_ioctl+0x18b/0x210 [ 336.909610][T12957] do_syscall_64+0xcd/0x490 [ 336.909628][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.909641][T12957] [ 336.909644][T12957] The buggy address belongs to the object at ffff88807a9d2000 [ 336.909644][T12957] which belongs to the cache kmalloc-2k of size 2048 [ 336.909655][T12957] The buggy address is located 1096 bytes to the right of [ 336.909655][T12957] allocated 1048-byte region [ffff88807a9d2000, ffff88807a9d2418) [ 336.909669][T12957] [ 336.909672][T12957] The buggy address belongs to the physical page: [ 336.909684][T12957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a9d0 [ 336.909697][T12957] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 336.909708][T12957] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 336.909722][T12957] page_type: f5(slab) [ 336.909734][T12957] raw: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 336.909747][T12957] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 336.909760][T12957] head: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 336.909773][T12957] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 336.909785][T12957] head: 00fff00000000003 ffffea0001ea7401 00000000ffffffff 00000000ffffffff [ 336.909798][T12957] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 336.909806][T12957] page dumped because: kasan: bad access detected [ 336.909816][T12957] page_owner tracks the page as allocated [ 336.909821][T12957] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 88647110910, free_ts 88645216483 [ 336.909845][T12957] post_alloc_hook+0x1c0/0x230 [ 336.909864][T12957] get_page_from_freelist+0x1321/0x3890 [ 336.909883][T12957] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 336.909901][T12957] alloc_pages_mpol+0x1fb/0x550 [ 336.909912][T12957] new_slab+0x23b/0x330 [ 336.909927][T12957] ___slab_alloc+0xd9c/0x1940 [ 336.909942][T12957] __slab_alloc.constprop.0+0x56/0xb0 [ 336.909958][T12957] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 336.909984][T12957] kmalloc_reserve+0xef/0x2c0 [ 336.909997][T12957] pskb_expand_head+0x238/0x1030 [ 336.910017][T12957] netlink_trim+0x22d/0x310 [ 336.910036][T12957] netlink_broadcast_filtered+0xca/0xf10 [ 336.910050][T12957] nlmsg_notify+0x9e/0x220 [ 336.910063][T12957] rtnetlink_event+0x177/0x1f0 [ 336.910075][T12957] notifier_call_chain+0xbc/0x410 [ 336.910090][T12957] call_netdevice_notifiers_info+0xbe/0x140 [ 336.910105][T12957] page last free pid 5827 tgid 5827 stack trace: [ 336.910112][T12957] __free_frozen_pages+0x7fe/0x1180 [ 336.910128][T12957] qlist_free_all+0x4d/0x120 [ 336.910145][T12957] kasan_quarantine_reduce+0x195/0x1e0 [ 336.910162][T12957] __kasan_slab_alloc+0x69/0x90 [ 336.910181][T12957] kmem_cache_alloc_lru_noprof+0x1d0/0x3b0 [ 336.910200][T12957] sock_alloc_inode+0x25/0x1c0 [ 336.910212][T12957] alloc_inode+0x64/0x240 [ 336.910224][T12957] sock_alloc+0x40/0x280 [ 336.910235][T12957] __sock_create+0xc1/0x8d0 [ 336.910248][T12957] __sys_socket+0x14d/0x260 [ 336.910262][T12957] __x64_sys_socket+0x72/0xb0 [ 336.910277][T12957] do_syscall_64+0xcd/0x490 [ 336.910295][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.910308][T12957] [ 336.910311][T12957] Memory state around the buggy address: [ 336.910318][T12957] ffff88807a9d2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 336.910328][T12957] ffff88807a9d2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 336.910337][T12957] >ffff88807a9d2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 336.910344][T12957] ^ [ 336.910352][T12957] ffff88807a9d2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 336.910362][T12957] ffff88807a9d2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 336.910369][T12957] ================================================================== [ 336.912590][T12957] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 336.912604][T12957] CPU: 1 UID: 0 PID: 12957 Comm: syz.3.2792 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 336.912625][T12957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.912633][T12957] Call Trace: [ 336.912639][T12957] [ 336.912645][T12957] dump_stack_lvl+0x3d/0x1f0 [ 336.912669][T12957] panic+0x71c/0x800 [ 336.912689][T12957] ? __pfx_panic+0x10/0x10 [ 336.912706][T12957] ? irqentry_exit+0x3b/0x90 [ 336.912726][T12957] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.912746][T12957] ? preempt_schedule_thunk+0x16/0x30 [ 336.912763][T12957] ? fbcon_prepare_logo+0xa03/0xc70 [ 336.912783][T12957] ? preempt_schedule_common+0x44/0xc0 [ 336.912804][T12957] ? fbcon_prepare_logo+0xa03/0xc70 [ 336.912823][T12957] check_panic_on_warn+0xab/0xb0 [ 336.912842][T12957] end_report+0x107/0x170 [ 336.912864][T12957] kasan_report+0xee/0x110 [ 336.912876][T12957] ? fbcon_prepare_logo+0xa03/0xc70 [ 336.912898][T12957] kasan_check_range+0x100/0x1b0 [ 336.912913][T12957] __asan_memcpy+0x23/0x60 [ 336.912931][T12957] fbcon_prepare_logo+0xa03/0xc70 [ 336.912954][T12957] fbcon_init+0xd77/0x1900 [ 336.912983][T12957] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 336.913008][T12957] visual_init+0x31d/0x620 [ 336.913025][T12957] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 336.913048][T12957] store_bind+0x61d/0x760 [ 336.913068][T12957] ? sysfs_file_kobj+0xe4/0x290 [ 336.913084][T12957] ? __pfx_store_bind+0x10/0x10 [ 336.913103][T12957] dev_attr_store+0x55/0x80 [ 336.913115][T12957] ? __pfx_dev_attr_store+0x10/0x10 [ 336.913127][T12957] sysfs_kf_write+0xf2/0x150 [ 336.913144][T12957] kernfs_fop_write_iter+0x351/0x510 [ 336.913157][T12957] ? __pfx_sysfs_kf_write+0x10/0x10 [ 336.913174][T12957] vfs_write+0x6c4/0x1150 [ 336.913193][T12957] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 336.913208][T12957] ? __pfx___mutex_lock+0x10/0x10 [ 336.913228][T12957] ? __pfx_vfs_write+0x10/0x10 [ 336.913252][T12957] ksys_write+0x12a/0x250 [ 336.913271][T12957] ? __pfx_ksys_write+0x10/0x10 [ 336.913292][T12957] do_syscall_64+0xcd/0x490 [ 336.913313][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.913327][T12957] RIP: 0033:0x7fd706f8e929 [ 336.913338][T12957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.913352][T12957] RSP: 002b:00007fd707dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 336.913366][T12957] RAX: ffffffffffffffda RBX: 00007fd7071b5fa0 RCX: 00007fd706f8e929 [ 336.913376][T12957] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 336.913385][T12957] RBP: 00007fd707010b39 R08: 0000000000000000 R09: 0000000000000000 [ 336.913394][T12957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.913403][T12957] R13: 0000000000000000 R14: 00007fd7071b5fa0 R15: 00007ffd45f63d08 [ 336.913417][T12957] [ 336.913474][T12957] Kernel Offset: disabled