last executing test programs: 22.320042674s ago: executing program 1 (id=2336): mbind$auto(0x0, 0x7, 0x10000000000008, 0x0, 0x80000000, 0x10000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) fchown$auto(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x86873cbd, 0xa, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) 19.654650543s ago: executing program 1 (id=2348): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) socket(0x10, 0x3, 0x6) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, 0x0, 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fedbdf25080000000400870005003e00040000000800f800040000000c001d8008000080040004"], 0x34}, 0x1, 0x0, 0x0, 0xd5}, 0x20000010) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r1, &(0x7f0000000000)='/dev/\xe9nput/event0\x00', 0x7fe) 19.499440011s ago: executing program 1 (id=2349): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, r0, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 19.268721446s ago: executing program 1 (id=2353): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 18.72995625s ago: executing program 1 (id=2358): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000fa03"], 0x5f}, 0x1, 0x0, 0x0, 0x40040094}, 0x40) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 18.13123253s ago: executing program 1 (id=2362): write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\x00\xab\x01\xcd\x92I}\xe8N\x94\xf2\xa2\x00\x00\f\x15\xd8a\x8b\x06\x9e\xae\x87\\\xfd\x01U\xc8\x911.\xb0`T\xd3M\x8a\xbf\xe9\x83\xea8\xd1\xda\xcf9\x02u@\xeb\xcd\xb2\tBAh\xe3\x02K\xfcS_X\xe3\xd7\x84\xb8o\xe6\xac>d\xf8', 0x7e) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 17.568586793s ago: executing program 32 (id=2362): write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\x00\xab\x01\xcd\x92I}\xe8N\x94\xf2\xa2\x00\x00\f\x15\xd8a\x8b\x06\x9e\xae\x87\\\xfd\x01U\xc8\x911.\xb0`T\xd3M\x8a\xbf\xe9\x83\xea8\xd1\xda\xcf9\x02u@\xeb\xcd\xb2\tBAh\xe3\x02K\xfcS_X\xe3\xd7\x84\xb8o\xe6\xac>d\xf8', 0x7e) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 6.699791004s ago: executing program 2 (id=2417): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x8}, 0x3, 0x0) 6.051680028s ago: executing program 2 (id=2420): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) 5.963543057s ago: executing program 3 (id=2421): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x20000010) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0x7) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 5.48249653s ago: executing program 2 (id=2423): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001480)='/proc/self/net/rxrpc/locals\x00', 0x40, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001800), 0x101101, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, 0x0) 5.399492157s ago: executing program 3 (id=2425): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 4.030292573s ago: executing program 0 (id=2428): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x6}, 0x7, 0x0, 0x0, 0x8) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800009}, 0x1, 0x20000000) sendmsg$auto_NL80211_CMD_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x14, 0x0, 0x8, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c884}, 0x4044010) 4.030145198s ago: executing program 3 (id=2429): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa}) r2 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) writev$auto(r2, &(0x7f00000003c0)={0x0, 0x8}, 0x3) 3.229069104s ago: executing program 2 (id=2430): r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128\x00', 0x129800, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)=')[\x00', 0x5) 3.047595582s ago: executing program 0 (id=2431): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) epoll_create$auto(0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) 2.887631561s ago: executing program 0 (id=2432): io_uring_setup$auto(0x9e6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) kill$auto(0x0, 0x7fff) 2.720648182s ago: executing program 2 (id=2433): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x2, 0x1, 0x106) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x6, 0x19, 0x0, 0xfb3) bind$auto(0x3, 0x0, 0x6a) close_range$auto(0x2, 0xa, 0x0) 2.540861379s ago: executing program 3 (id=2434): mmap$auto(0x0, 0x99, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) inotify_init1$auto(0x3000000000000) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x11, 0x3, 0x9) unshare$auto(0x40000080) 2.179278168s ago: executing program 2 (id=2435): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x80040, 0x0) unshare$auto(0x40000080) socket(0x28, 0x1, 0x0) r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_PEER_GET(r1, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r0, 0x711, 0x70b52c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848) 1.678109151s ago: executing program 3 (id=2436): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r0 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r0, 0x11) 946.856069ms ago: executing program 3 (id=2437): msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5607, 0x7) inotify_add_watch$auto(r0, 0x0, 0x9) 486.325375ms ago: executing program 0 (id=2438): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) landlock_restrict_self$auto(r1, 0x1) gettid() socket(0x2a, 0x2, 0x1) 80.306516ms ago: executing program 0 (id=2439): recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) mprotect$auto(0x0, 0x3ff, 0x6) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video17\x00', 0x80800, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000001c0)=""/191, 0x234) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video15\x00', 0x180, 0x0) read$auto_v4l2_fops_v4l2_dev(r1, &(0x7f0000000000)=""/188, 0xbc) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 0 (id=2440): mmap$auto(0x0, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0xa801, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) kernel console output (not intermixed with test programs): T_INJECTION: forcing a failure. [ 264.431282][ T9786] name failslab, interval 1, probability 0, space 0, times 0 [ 264.462606][ T9786] CPU: 1 UID: 0 PID: 9786 Comm: syz.3.1506 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 264.462646][ T9786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.462673][ T9786] Call Trace: [ 264.462683][ T9786] [ 264.462694][ T9786] dump_stack_lvl+0x16c/0x1f0 [ 264.462748][ T9786] should_fail_ex+0x512/0x640 [ 264.462791][ T9786] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 264.462840][ T9786] should_failslab+0xc2/0x120 [ 264.462869][ T9786] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 264.462912][ T9786] ? d_instantiate+0x77/0x90 [ 264.462935][ T9786] ? alloc_empty_file+0x55/0x1e0 [ 264.462972][ T9786] alloc_empty_file+0x55/0x1e0 [ 264.463004][ T9786] alloc_file_pseudo+0x13a/0x230 [ 264.463037][ T9786] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 264.463071][ T9786] ? hugetlbfs_get_inode+0x31f/0x730 [ 264.463105][ T9786] hugetlb_file_setup+0x4cd/0x620 [ 264.463141][ T9786] ksys_mmap_pgoff+0x189/0x5c0 [ 264.463173][ T9786] ? get_ruleset_from_fd+0x8c/0x240 [ 264.463222][ T9786] __x64_sys_mmap+0x125/0x190 [ 264.463267][ T9786] do_syscall_64+0xcd/0x490 [ 264.463296][ T9786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.463324][ T9786] RIP: 0033:0x7f830878e929 [ 264.463347][ T9786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.463376][ T9786] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 264.463403][ T9786] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 264.463423][ T9786] RDX: 00004000000000df RSI: 0000000000000003 RDI: 0000000000000000 [ 264.463440][ T9786] RBP: 00007f8308810b39 R08: 0000000000000401 R09: 0000300000000000 [ 264.463458][ T9786] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 264.463476][ T9786] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 264.463512][ T9786] [ 265.762311][ T9829] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1524'. [ 266.108550][ T9846] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1530'. [ 266.285589][ T9854] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1532'. [ 266.653109][ T9875] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1542'. [ 266.733941][ T9878] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1543'. [ 266.779752][ T9880] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1544'. [ 266.840369][ T9882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1545'. [ 266.852923][ T9882] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1545'. [ 266.956309][ T9887] sctp: [Deprecated]: syz.3.1547 (pid 9887) Use of struct sctp_assoc_value in delayed_ack socket option. [ 266.956309][ T9887] Use struct sctp_sack_info instead [ 268.417670][ T9937] FAULT_INJECTION: forcing a failure. [ 268.417670][ T9937] name failslab, interval 1, probability 0, space 0, times 0 [ 268.441477][ T9937] CPU: 1 UID: 0 PID: 9937 Comm: syz.2.1568 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 268.441518][ T9937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.441536][ T9937] Call Trace: [ 268.441546][ T9937] [ 268.441557][ T9937] dump_stack_lvl+0x16c/0x1f0 [ 268.441609][ T9937] should_fail_ex+0x512/0x640 [ 268.441652][ T9937] ? fs_reclaim_acquire+0xae/0x150 [ 268.441690][ T9937] should_failslab+0xc2/0x120 [ 268.441718][ T9937] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 268.441763][ T9937] ? __kernfs_new_node+0xd2/0x8e0 [ 268.441808][ T9937] __kernfs_new_node+0xd2/0x8e0 [ 268.441853][ T9937] ? __pfx___kernfs_new_node+0x10/0x10 [ 268.441902][ T9937] ? find_held_lock+0x2b/0x80 [ 268.441932][ T9937] ? kernfs_root+0xee/0x2a0 [ 268.441979][ T9937] kernfs_new_node+0x13c/0x1e0 [ 268.442030][ T9937] __kernfs_create_file+0x53/0x350 [ 268.442067][ T9937] sysfs_add_file_mode_ns+0x207/0x3c0 [ 268.442114][ T9937] internal_create_group+0x578/0xf30 [ 268.442165][ T9937] ? __pfx_internal_create_group+0x10/0x10 [ 268.442209][ T9937] ? sysfs_create_dir_ns+0x14c/0x2b0 [ 268.442248][ T9937] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 268.442285][ T9937] ? sysfs_create_dir_ns+0x14c/0x2b0 [ 268.442321][ T9937] ? sysfs_create_dir_ns+0x18a/0x2b0 [ 268.442365][ T9937] internal_create_groups+0x9d/0x150 [ 268.442419][ T9937] kobject_add_internal+0x311/0x9b0 [ 268.442457][ T9937] kobject_add+0x16e/0x240 [ 268.442487][ T9937] ? __pfx_kobject_add+0x10/0x10 [ 268.442520][ T9937] ? __pfx_kobject_add+0x10/0x10 [ 268.442565][ T9937] blk_register_queue+0x98/0x4f0 [ 268.442598][ T9937] __add_disk+0x74a/0xf00 [ 268.442646][ T9937] add_disk_fwnode+0x13f/0x5d0 [ 268.442691][ T9937] loop_add+0x911/0xb70 [ 268.442723][ T9937] ? do_vfs_ioctl+0x523/0x1a60 [ 268.442756][ T9937] ? __pfx_loop_add+0x10/0x10 [ 268.442785][ T9937] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 268.442844][ T9937] ? find_held_lock+0x2b/0x80 [ 268.442877][ T9937] loop_control_ioctl+0x13e/0x630 [ 268.442913][ T9937] ? __pfx_loop_control_ioctl+0x10/0x10 [ 268.442952][ T9937] ? __pfx_loop_control_ioctl+0x10/0x10 [ 268.442989][ T9937] __x64_sys_ioctl+0x18e/0x210 [ 268.443025][ T9937] do_syscall_64+0xcd/0x490 [ 268.443054][ T9937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.443084][ T9937] RIP: 0033:0x7fadbc58e929 [ 268.443106][ T9937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.443135][ T9937] RSP: 002b:00007fadbd384038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 268.443163][ T9937] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 268.443182][ T9937] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 268.443201][ T9937] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 268.443218][ T9937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.443235][ T9937] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 268.443272][ T9937] [ 268.444224][ T9937] kobject: kobject_add_internal failed for queue (error: -12 parent: loop32) [ 268.979393][ T9956] netlink: 'syz.2.1575': attribute type 21 has an invalid length. [ 269.319373][ T9968] netlink: 'syz.2.1580': attribute type 28 has an invalid length. [ 269.337011][ T9968] __nla_validate_parse: 4 callbacks suppressed [ 269.337029][ T9968] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1580'. [ 269.416712][ T9972] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1581'. [ 270.148805][T10000] netlink: 122 bytes leftover after parsing attributes in process `syz.0.1595'. [ 270.218636][ T9997] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 270.690579][T10022] netlink: 'syz.3.1605': attribute type 4 has an invalid length. [ 270.715325][T10022] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1605'. [ 270.872823][T10032] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1608'. [ 271.045153][T10034] FAULT_INJECTION: forcing a failure. [ 271.045153][T10034] name failslab, interval 1, probability 0, space 0, times 0 [ 271.085609][T10034] CPU: 0 UID: 0 PID: 10034 Comm: syz.1.1610 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 271.085649][T10034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.085666][T10034] Call Trace: [ 271.085676][T10034] [ 271.085686][T10034] dump_stack_lvl+0x16c/0x1f0 [ 271.085739][T10034] should_fail_ex+0x512/0x640 [ 271.085780][T10034] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 271.085828][T10034] should_failslab+0xc2/0x120 [ 271.085855][T10034] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 271.085899][T10034] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 271.085946][T10034] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 271.085995][T10034] idr_get_free+0x528/0xa30 [ 271.086051][T10034] idr_alloc_u32+0x190/0x2f0 [ 271.086096][T10034] ? __pfx_idr_alloc_u32+0x10/0x10 [ 271.086143][T10034] ? __pfx___mutex_lock+0x10/0x10 [ 271.086176][T10034] idr_alloc+0xc0/0x130 [ 271.086214][T10034] ? __pfx_idr_alloc+0x10/0x10 [ 271.086270][T10034] ? __radix_tree_lookup+0x21f/0x2c0 [ 271.086320][T10034] ppp_dev_configure+0x905/0xc80 [ 271.086363][T10034] ppp_ioctl+0x17e0/0x2660 [ 271.086401][T10034] ? find_held_lock+0x2b/0x80 [ 271.086429][T10034] ? __pfx_ppp_ioctl+0x10/0x10 [ 271.086476][T10034] ? __fget_files+0x20e/0x3c0 [ 271.086523][T10034] ? __pfx_ppp_ioctl+0x10/0x10 [ 271.086560][T10034] __x64_sys_ioctl+0x18e/0x210 [ 271.086598][T10034] do_syscall_64+0xcd/0x490 [ 271.086627][T10034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.086656][T10034] RIP: 0033:0x7fbea9f8e929 [ 271.086679][T10034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.086709][T10034] RSP: 002b:00007fbeaadd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.086735][T10034] RAX: ffffffffffffffda RBX: 00007fbeaa1b5fa0 RCX: 00007fbea9f8e929 [ 271.086753][T10034] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 271.086771][T10034] RBP: 00007fbeaa010b39 R08: 0000000000000000 R09: 0000000000000000 [ 271.086788][T10034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.086805][T10034] R13: 0000000000000000 R14: 00007fbeaa1b5fa0 R15: 00007ffe1e87e268 [ 271.086843][T10034] [ 271.677825][T10055] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1617'. [ 272.674823][T10090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1631'. [ 272.687924][T10090] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1631'. [ 273.111448][T10105] netlink: 74 bytes leftover after parsing attributes in process `syz.0.1639'. [ 273.889692][T10127] [U] ',i@SGEHÅX]"k<:ɟE&;k<"í3_:7l/ zNm M}^һq)EZỼ4Ő8sM(-ҷBT($߲{ ]2tT?R GsUjǹh8&;Izśurq.oEu5١l ۧIN`;#D]k x9=-(5vdIמ^Xs" :ثH`fhCSS:dA+$ [p [ 273.975346][T10127] [U] URGh/cXn&N3273G[7Wi0-0FU9"0&cF}c6P s& lBg}/ۓ,Y Wgq:ҩDI$L؝:2yuU{i=G(O5DA`٭ ~->U| QN@=,Iخ̄=rbA_ [ 274.054880][T10127] [U] Ca; /nXBwiQܦ?GePWK۰ [ 274.063861][T10127] [U] H*w*XH [ 274.075740][T10127] [U] ް>^N{[y횦8KDlF%(77b!UO6~-0oA.`Z{N؊x>Try [ 274.089169][T10127] [U] w=aysh0;PQr [ 274.094939][T10127] [U] ]W"a.xⳍ-}: $5^L#5v`o1Cܶol2=}n%?<Ի:͞|z6W ,SCAᬎ撗#H# [ 274.156097][T10127] [U] [0 B{jRz9w [ 274.160553][T10127] [U] C 螚~Y17\pNtF)>=X [ 274.183600][T10127] [U] YwJdX۷:M#h #3X3cϻXr~}5?Kf*kTy =sakAf̗pgQGwfE[ [ 274.214912][T10127] [U] zEz#u oZy‚ ք:|(|rS1V [ 274.222080][T10127] [U] gvqCnqE63 ^4+=ŧ҆Zam=!+0.lH?-o*C mƗȇ|!$M [ 274.234369][T10127] [U] TXZׄOf,+ۢʾU?~EyyE7C& ù\5 xVniTi-}4Q$ [ 274.236488][T10135] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1650'. [ 274.266747][T10127] [U] gbFZXB覲(Y8?J ü \Ͻ)̋]~F8H`0 eRd? (E`#])d R* e OY3u^i8@~XÓqܙ> =ACJiʼ֫VP$xdpz^`f3[[QaYX5\mr"_<2K̎>dbўu~E&eGkSDO؊ [ 274.305944][T10127] [U] p9 Vmf,9o$- 2Rr[~Aa [ 274.311642][T10127] [U] ]h/o+ff[\zWbfg__ [ 274.345642][T10127] [U] KOm%WzU_GQ_BɲV* m8,pQKSUP<|DKVF [ 274.385367][T10127] [U] @BA&[V-ͻs1KI]ʖ<1ax6##oue * [ 274.394352][T10127] [U] Kc3݌nl'&nRnk59DWqcI#֭d0ɟ9`7mi@IRZ.>$%w/"LqÝ$ML[dʭfJw\ [ 274.435388][T10127] [U] \=W88VLa "RB2N;n Cua/9P$YęRJvT9)*K &^f!i-&}9XֲzjqJFx%7'jYstecI4C*W2Hacna(+izaq[;l';Qf5L]tդmGaep [ 274.460440][T10127] [U] @ͻD0 _m.Q୙9rhL%2#2DVc !LpeUlw*5'>ÛprSmK.,"V; z잺PTKշ&XGo+<`Wnt}fNc/ [ 274.478743][T10127] [U] 4)y'<Ͱ +]ހ!]o&?jB#RsX] ޯNEeMkp [ 274.491661][T10127] [U] i2V0e {GB72%f%.1)w|Ջdg [ 274.536035][T10127] [U] *kԜ~xn:H8Տ\?WS 7sոUG}X';0ȞWa`3Rܬ45I􄣅uyC˭>lZ80Φ<CۗIXox(A~}UvU['KZަjTֶS w 11'`F1NXt׵M5oTl }&܏p ԦS*#B 0AHLz{9 [6nhq#K4/is<렕_;<$(~M_gݹ[2Mg2ek+zrm [ 274.605452][T10127] [U] d6iICbn~e/k?PG |/b'X>B*KGL\ [ 274.613121][T10127] [U] `Q&~l [ 274.635515][T10127] [U] d;e 3-T6/n#P5( [ 274.658245][T10127] [U] HW*4RKvC6` 4 x0 cNfߊ [ 274.821148][T10127] [U] pa3m@âg1V~] 4F6b2PLW\E:zQK?5e:,B>ZG7ety{㎮Kz=v=mxaCRlkNæ wxYE>"xUm߱W_CRwDR "ۦ4Fm [htlZʙ>~+8AmU"=]{r; [ 274.875451][T10127] [U] ]m[,U=#AGeu=0ME4O45+i [ 275.311040][T10153] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 276.630683][T10179] netlink: 'syz.3.1666': attribute type 27 has an invalid length. [ 276.648038][T10179] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1666'. [ 277.918556][T10198] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1672'. [ 277.935425][T10187] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 277.962310][T10198] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1672'. [ 278.115921][T10202] sctp: [Deprecated]: syz.0.1674 (pid 10202) Use of struct sctp_assoc_value in delayed_ack socket option. [ 278.115921][T10202] Use struct sctp_sack_info instead [ 278.766403][T10224] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 279.263958][T10236] sctp: [Deprecated]: syz.2.1687 (pid 10236) Use of struct sctp_assoc_value in delayed_ack socket option. [ 279.263958][T10236] Use struct sctp_sack_info instead [ 279.410497][T10239] netlink: 86 bytes leftover after parsing attributes in process `syz.3.1690'. [ 282.374593][T10274] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1701'. [ 282.861422][T10289] netlink: 74 bytes leftover after parsing attributes in process `syz.3.1709'. [ 283.198696][T10306] netlink: 'syz.1.1713': attribute type 27 has an invalid length. [ 283.235395][T10306] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1713'. [ 284.780944][T10359] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1735'. [ 284.985440][T10364] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1737'. [ 285.006960][T10364] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1737'. [ 285.021106][T10364] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1737'. [ 287.239944][T10429] netlink: 'syz.3.1766': attribute type 19 has an invalid length. [ 287.248574][T10429] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1766'. [ 287.397422][ T5155] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 289.127572][T10476] FAULT_INJECTION: forcing a failure. [ 289.127572][T10476] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 289.185351][T10476] CPU: 1 UID: 0 PID: 10476 Comm: syz.1.1783 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 289.185392][T10476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.185411][T10476] Call Trace: [ 289.185421][T10476] [ 289.185433][T10476] dump_stack_lvl+0x16c/0x1f0 [ 289.185492][T10476] should_fail_ex+0x512/0x640 [ 289.185544][T10476] should_fail_alloc_page+0xe7/0x130 [ 289.185577][T10476] prepare_alloc_pages+0x3c2/0x610 [ 289.185621][T10476] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 289.185675][T10476] ? __kasan_slab_alloc+0x89/0x90 [ 289.185734][T10476] ? lock_acquire+0x179/0x350 [ 289.185775][T10476] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 289.185820][T10476] ? find_held_lock+0x2b/0x80 [ 289.185851][T10476] ? page_table_check_set+0x627/0x750 [ 289.185918][T10476] ? __page_table_check_ptes_set+0x1ae/0x420 [ 289.185970][T10476] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 289.186019][T10476] ? policy_nodemask+0xea/0x4e0 [ 289.186081][T10476] alloc_pages_mpol+0x1fb/0x550 [ 289.186113][T10476] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 289.186155][T10476] alloc_pages_noprof+0x131/0x390 [ 289.186185][T10476] pte_alloc_one+0x1c/0x3a0 [ 289.186234][T10476] __pte_alloc+0x6d/0x3c0 [ 289.186263][T10476] ? __pfx___pte_alloc+0x10/0x10 [ 289.186294][T10476] ? __pfx___might_resched+0x10/0x10 [ 289.186325][T10476] ? copy_page_range+0x13f0/0x5740 [ 289.186371][T10476] copy_page_range+0x1aed/0x5740 [ 289.186427][T10476] ? __lock_acquire+0x622/0x1c90 [ 289.186498][T10476] ? __pfx_copy_page_range+0x10/0x10 [ 289.186549][T10476] ? __pfx___might_resched+0x10/0x10 [ 289.186579][T10476] ? __vma_enter_locked+0x163/0x3f0 [ 289.186623][T10476] ? dup_mmap+0xe38/0x21d0 [ 289.186658][T10476] ? down_write+0x14d/0x200 [ 289.186693][T10476] ? up_write+0x1b2/0x520 [ 289.186743][T10476] dup_mmap+0xe88/0x21d0 [ 289.186794][T10476] ? __pfx_dup_mmap+0x10/0x10 [ 289.186859][T10476] copy_process+0x4081/0x76a0 [ 289.186894][T10476] ? preempt_schedule_thunk+0x16/0x30 [ 289.186951][T10476] ? __pfx_copy_process+0x10/0x10 [ 289.186986][T10476] ? plist_check_head+0xa3/0x150 [ 289.187033][T10476] ? futex_private_hash_put+0xc7/0x240 [ 289.187083][T10476] kernel_clone+0xfc/0x960 [ 289.187122][T10476] ? __pfx_futex_wake+0x10/0x10 [ 289.187165][T10476] ? __pfx_kernel_clone+0x10/0x10 [ 289.187226][T10476] __do_sys_clone+0xce/0x120 [ 289.187264][T10476] ? __pfx___do_sys_clone+0x10/0x10 [ 289.187301][T10476] ? ksys_unshare+0x687/0xa40 [ 289.187359][T10476] ? xfd_validate_state+0x61/0x180 [ 289.187413][T10476] do_syscall_64+0xcd/0x490 [ 289.187444][T10476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.187476][T10476] RIP: 0033:0x7fbea9f8e929 [ 289.187500][T10476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.187532][T10476] RSP: 002b:00007fbeaadd6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 289.187559][T10476] RAX: ffffffffffffffda RBX: 00007fbeaa1b5fa0 RCX: 00007fbea9f8e929 [ 289.187580][T10476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 289.187599][T10476] RBP: 00007fbeaa010b39 R08: 0000000000000000 R09: 0000000000000000 [ 289.187618][T10476] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 289.187636][T10476] R13: 0000000000000000 R14: 00007fbeaa1b5fa0 R15: 00007ffe1e87e268 [ 289.187677][T10476] [ 290.114702][T10490] zswap: compressor not available [ 291.945389][T10505] Process accounting resumed [ 292.256165][T10549] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1811'. [ 292.282722][T10549] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1811'. [ 294.460634][T10589] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1827'. [ 296.394656][T10617] FAULT_INJECTION: forcing a failure. [ 296.394656][T10617] name failslab, interval 1, probability 0, space 0, times 0 [ 296.415683][T10617] CPU: 1 UID: 0 PID: 10617 Comm: syz.0.1846 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 296.415720][T10617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.415737][T10617] Call Trace: [ 296.415747][T10617] [ 296.415759][T10617] dump_stack_lvl+0x16c/0x1f0 [ 296.415819][T10617] should_fail_ex+0x512/0x640 [ 296.415862][T10617] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 296.415911][T10617] should_failslab+0xc2/0x120 [ 296.415939][T10617] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 296.415983][T10617] ? __pmd_alloc+0xbf/0x930 [ 296.416020][T10617] __pmd_alloc+0xbf/0x930 [ 296.416050][T10617] ? __pud_alloc+0x526/0x750 [ 296.416084][T10617] copy_page_range+0x2419/0x5740 [ 296.416124][T10617] ? dup_mmap+0x152e/0x21d0 [ 296.416155][T10617] ? copy_process+0x4081/0x76a0 [ 296.416188][T10617] ? kernel_clone+0xfc/0x960 [ 296.416221][T10617] ? __do_sys_clone+0xce/0x120 [ 296.416261][T10617] ? __lock_acquire+0x622/0x1c90 [ 296.416329][T10617] ? __pfx_copy_page_range+0x10/0x10 [ 296.416367][T10617] ? mas_store+0x7a9/0x1160 [ 296.416399][T10617] ? find_held_lock+0x2b/0x80 [ 296.416428][T10617] ? __pfx_mas_store+0x10/0x10 [ 296.416455][T10617] ? __vma_enter_locked+0x163/0x3f0 [ 296.416513][T10617] dup_mmap+0xe88/0x21d0 [ 296.416560][T10617] ? __pfx_dup_mmap+0x10/0x10 [ 296.416622][T10617] copy_process+0x4081/0x76a0 [ 296.416657][T10617] ? __pfx___futex_wait+0x10/0x10 [ 296.416715][T10617] ? __pfx_copy_process+0x10/0x10 [ 296.416770][T10617] kernel_clone+0xfc/0x960 [ 296.416812][T10617] ? __pfx_kernel_clone+0x10/0x10 [ 296.416871][T10617] __do_sys_clone+0xce/0x120 [ 296.416907][T10617] ? __pfx___do_sys_clone+0x10/0x10 [ 296.416943][T10617] ? ksys_unshare+0x687/0xa40 [ 296.416997][T10617] ? xfd_validate_state+0x61/0x180 [ 296.417047][T10617] do_syscall_64+0xcd/0x490 [ 296.417076][T10617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.417105][T10617] RIP: 0033:0x7fbeffd8e929 [ 296.417127][T10617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.417156][T10617] RSP: 002b:00007fbf00bd9fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 296.417183][T10617] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 296.417202][T10617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 296.417219][T10617] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 296.417237][T10617] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 296.417254][T10617] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 296.417293][T10617] [ 296.938479][T10625] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1841'. [ 298.417600][T10655] FAULT_INJECTION: forcing a failure. [ 298.417600][T10655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 298.444897][T10660] netlink: 'syz.0.1854': attribute type 1 has an invalid length. [ 298.478759][T10655] CPU: 0 UID: 0 PID: 10655 Comm: syz.3.1853 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 298.478820][T10655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.478848][T10655] Call Trace: [ 298.478863][T10655] [ 298.478880][T10655] dump_stack_lvl+0x16c/0x1f0 [ 298.478961][T10655] should_fail_ex+0x512/0x640 [ 298.479041][T10655] should_fail_alloc_page+0xe7/0x130 [ 298.479091][T10655] prepare_alloc_pages+0x3c2/0x610 [ 298.479136][T10655] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 298.479192][T10655] ? __lock_acquire+0x622/0x1c90 [ 298.479237][T10655] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 298.479297][T10655] ? is_bpf_text_address+0x8a/0x1a0 [ 298.479336][T10655] ? bpf_ksym_find+0x124/0x1c0 [ 298.479366][T10655] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 298.479401][T10655] ? is_bpf_text_address+0x94/0x1a0 [ 298.479439][T10655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 298.479487][T10655] ? policy_nodemask+0xea/0x4e0 [ 298.479538][T10655] alloc_pages_mpol+0x1fb/0x550 [ 298.479567][T10655] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 298.479606][T10655] alloc_pages_noprof+0x131/0x390 [ 298.479635][T10655] __pud_alloc+0x3b/0x750 [ 298.479679][T10655] copy_page_range+0x23b6/0x5740 [ 298.479719][T10655] ? dup_mmap+0x152e/0x21d0 [ 298.479750][T10655] ? copy_process+0x4081/0x76a0 [ 298.479784][T10655] ? kernel_clone+0xfc/0x960 [ 298.479816][T10655] ? __do_sys_clone+0xce/0x120 [ 298.479856][T10655] ? __lock_acquire+0x622/0x1c90 [ 298.479923][T10655] ? __pfx_copy_page_range+0x10/0x10 [ 298.479963][T10655] ? mas_store+0x7a9/0x1160 [ 298.479994][T10655] ? find_held_lock+0x2b/0x80 [ 298.480024][T10655] ? __pfx_mas_store+0x10/0x10 [ 298.480051][T10655] ? __vma_enter_locked+0x163/0x3f0 [ 298.480111][T10655] dup_mmap+0xe88/0x21d0 [ 298.480160][T10655] ? __pfx_dup_mmap+0x10/0x10 [ 298.480221][T10655] copy_process+0x4081/0x76a0 [ 298.480256][T10655] ? __pfx___futex_wait+0x10/0x10 [ 298.480313][T10655] ? __pfx_copy_process+0x10/0x10 [ 298.480367][T10655] kernel_clone+0xfc/0x960 [ 298.480405][T10655] ? __pfx_kernel_clone+0x10/0x10 [ 298.480463][T10655] __do_sys_clone+0xce/0x120 [ 298.480498][T10655] ? __pfx___do_sys_clone+0x10/0x10 [ 298.480533][T10655] ? ksys_unshare+0x687/0xa40 [ 298.480588][T10655] ? xfd_validate_state+0x61/0x180 [ 298.480638][T10655] do_syscall_64+0xcd/0x490 [ 298.480672][T10655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.480702][T10655] RIP: 0033:0x7f830878e929 [ 298.480725][T10655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.480753][T10655] RSP: 002b:00007f83095b4fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 298.480780][T10655] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 298.480799][T10655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 298.480818][T10655] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 298.480836][T10655] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 298.480853][T10655] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 298.480892][T10655] [ 298.505463][T10660] netlink: 318 bytes leftover after parsing attributes in process `syz.0.1854'. [ 299.107271][T10671] FAULT_INJECTION: forcing a failure. [ 299.107271][T10671] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 299.147983][T10671] CPU: 0 UID: 0 PID: 10671 Comm: syz.0.1859 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 299.148024][T10671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.148042][T10671] Call Trace: [ 299.148050][T10671] [ 299.148061][T10671] dump_stack_lvl+0x16c/0x1f0 [ 299.148113][T10671] should_fail_ex+0x512/0x640 [ 299.148161][T10671] should_fail_alloc_page+0xe7/0x130 [ 299.148193][T10671] prepare_alloc_pages+0x3c2/0x610 [ 299.148228][T10671] ? rcu_is_watching+0x12/0xc0 [ 299.148261][T10671] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 299.148308][T10671] ? __lock_acquire+0xb8a/0x1c90 [ 299.148362][T10671] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 299.148414][T10671] ? do_raw_spin_lock+0x12c/0x2b0 [ 299.148459][T10671] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 299.148504][T10671] ? find_held_lock+0x2b/0x80 [ 299.148544][T10671] ? __lock_acquire+0xb8a/0x1c90 [ 299.148582][T10671] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 299.148628][T10671] ? policy_nodemask+0xea/0x4e0 [ 299.148679][T10671] alloc_pages_mpol+0x1fb/0x550 [ 299.148709][T10671] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 299.148748][T10671] folio_alloc_mpol_noprof+0x36/0x2f0 [ 299.148784][T10671] shmem_alloc_folio+0x135/0x160 [ 299.148821][T10671] shmem_alloc_and_add_folio+0x499/0xc20 [ 299.148871][T10671] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 299.148917][T10671] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 299.148966][T10671] shmem_get_folio_gfp+0x67f/0x1600 [ 299.149022][T10671] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 299.149066][T10671] ? __pfx___might_resched+0x10/0x10 [ 299.149103][T10671] shmem_fallocate+0x795/0xf50 [ 299.149162][T10671] ? __pfx_shmem_fallocate+0x10/0x10 [ 299.149202][T10671] ? aa_file_perm+0x4d6/0xfb0 [ 299.149254][T10671] ? __lock_acquire+0xb8a/0x1c90 [ 299.149296][T10671] ? __lock_acquire+0x622/0x1c90 [ 299.149355][T10671] ? __pfx_shmem_fallocate+0x10/0x10 [ 299.149405][T10671] vfs_fallocate+0x608/0x10c0 [ 299.149455][T10671] ? __pfx_vfs_fallocate+0x10/0x10 [ 299.149511][T10671] __x64_sys_fallocate+0xd5/0x150 [ 299.149559][T10671] do_syscall_64+0xcd/0x490 [ 299.149588][T10671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.149618][T10671] RIP: 0033:0x7fbeffd8e929 [ 299.149640][T10671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.149669][T10671] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 299.149696][T10671] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 299.149715][T10671] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 299.149732][T10671] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 299.149749][T10671] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 299.149765][T10671] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 299.149801][T10671] [ 301.621401][T10715] FAULT_INJECTION: forcing a failure. [ 301.621401][T10715] name failslab, interval 1, probability 0, space 0, times 0 [ 301.668227][T10715] CPU: 1 UID: 0 PID: 10715 Comm: syz.2.1878 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 301.668274][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 301.668293][T10715] Call Trace: [ 301.668302][T10715] [ 301.668314][T10715] dump_stack_lvl+0x16c/0x1f0 [ 301.668367][T10715] should_fail_ex+0x512/0x640 [ 301.668410][T10715] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 301.668459][T10715] should_failslab+0xc2/0x120 [ 301.668487][T10715] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 301.668533][T10715] ? ptlock_alloc+0x1f/0x70 [ 301.668575][T10715] ptlock_alloc+0x1f/0x70 [ 301.668612][T10715] pte_alloc_one+0x82/0x3a0 [ 301.668658][T10715] __pte_alloc+0x6d/0x3c0 [ 301.668686][T10715] ? __pfx___pte_alloc+0x10/0x10 [ 301.668713][T10715] ? __pfx___might_resched+0x10/0x10 [ 301.668742][T10715] ? copy_page_range+0x13f0/0x5740 [ 301.668786][T10715] copy_page_range+0x1aed/0x5740 [ 301.668839][T10715] ? __lock_acquire+0x622/0x1c90 [ 301.668905][T10715] ? __pfx_copy_page_range+0x10/0x10 [ 301.668954][T10715] ? __pfx___might_resched+0x10/0x10 [ 301.668984][T10715] ? __vma_enter_locked+0x163/0x3f0 [ 301.669030][T10715] ? dup_mmap+0xe38/0x21d0 [ 301.669063][T10715] ? down_write+0x14d/0x200 [ 301.669097][T10715] ? up_write+0x1b2/0x520 [ 301.669143][T10715] dup_mmap+0xe88/0x21d0 [ 301.669192][T10715] ? __pfx_dup_mmap+0x10/0x10 [ 301.669259][T10715] copy_process+0x4081/0x76a0 [ 301.669296][T10715] ? __pfx___futex_wait+0x10/0x10 [ 301.669354][T10715] ? __pfx_copy_process+0x10/0x10 [ 301.669412][T10715] kernel_clone+0xfc/0x960 [ 301.669452][T10715] ? __pfx_kernel_clone+0x10/0x10 [ 301.669510][T10715] __do_sys_clone+0xce/0x120 [ 301.669547][T10715] ? __pfx___do_sys_clone+0x10/0x10 [ 301.669581][T10715] ? ksys_unshare+0x687/0xa40 [ 301.669635][T10715] ? xfd_validate_state+0x61/0x180 [ 301.669686][T10715] do_syscall_64+0xcd/0x490 [ 301.669716][T10715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.669746][T10715] RIP: 0033:0x7fadbc58e929 [ 301.669769][T10715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.669798][T10715] RSP: 002b:00007fadbd383fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 301.669826][T10715] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 301.669845][T10715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 301.669862][T10715] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 301.669879][T10715] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 301.669896][T10715] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 301.669935][T10715] [ 302.505071][T10725] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1880'. [ 302.518693][T10725] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1880'. [ 303.062514][T10730] workqueue: max_active 105721856 requested for writeback is out of range, clamping between 1 and 2048 [ 304.352235][T10753] FAULT_INJECTION: forcing a failure. [ 304.352235][T10753] name failslab, interval 1, probability 0, space 0, times 0 [ 304.409242][T10753] CPU: 1 UID: 0 PID: 10753 Comm: syz.0.1891 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 304.409280][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.409299][T10753] Call Trace: [ 304.409307][T10753] [ 304.409319][T10753] dump_stack_lvl+0x16c/0x1f0 [ 304.409372][T10753] should_fail_ex+0x512/0x640 [ 304.409414][T10753] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 304.409462][T10753] should_failslab+0xc2/0x120 [ 304.409490][T10753] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 304.409540][T10753] ? __pfx___might_resched+0x10/0x10 [ 304.409569][T10753] ? __anon_vma_prepare+0x344/0x5e0 [ 304.409618][T10753] __anon_vma_prepare+0x344/0x5e0 [ 304.409664][T10753] __vmf_anon_prepare+0x11c/0x240 [ 304.409699][T10753] __handle_mm_fault+0x27f6/0x5490 [ 304.409748][T10753] ? __pfx___handle_mm_fault+0x10/0x10 [ 304.409789][T10753] ? __pte_offset_map_lock+0x174/0x310 [ 304.409818][T10753] ? find_held_lock+0x2b/0x80 [ 304.409845][T10753] ? find_held_lock+0x2b/0x80 [ 304.409881][T10753] ? follow_page_pte+0x3af/0x14c0 [ 304.409922][T10753] handle_mm_fault+0x589/0xd10 [ 304.409966][T10753] __get_user_pages+0x589/0x3b80 [ 304.410007][T10753] ? __pfx_mt_find+0x10/0x10 [ 304.410042][T10753] ? __pfx___get_user_pages+0x10/0x10 [ 304.410089][T10753] populate_vma_page_range+0x278/0x3a0 [ 304.410127][T10753] ? __pfx_populate_vma_page_range+0x10/0x10 [ 304.410161][T10753] ? __pfx_find_vma_intersection+0x10/0x10 [ 304.410196][T10753] ? do_mmap+0x69c/0x1210 [ 304.410233][T10753] __mm_populate+0x1d8/0x380 [ 304.410268][T10753] ? __pfx___mm_populate+0x10/0x10 [ 304.410306][T10753] ? up_write+0x1b2/0x520 [ 304.410351][T10753] vm_mmap_pgoff+0x362/0x450 [ 304.410385][T10753] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 304.410422][T10753] ? __x64_sys_futex+0x1e0/0x4c0 [ 304.410456][T10753] ? __x64_sys_futex+0x1e9/0x4c0 [ 304.410497][T10753] ksys_mmap_pgoff+0x7d/0x5c0 [ 304.410527][T10753] ? xfd_validate_state+0x61/0x180 [ 304.410570][T10753] __x64_sys_mmap+0x125/0x190 [ 304.410613][T10753] do_syscall_64+0xcd/0x490 [ 304.410643][T10753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.410672][T10753] RIP: 0033:0x7fbeffd8e929 [ 304.410695][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.410723][T10753] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 304.410751][T10753] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 304.410769][T10753] RDX: 00000000000000df RSI: 0000000000000008 RDI: 0000000000000000 [ 304.410786][T10753] RBP: 00007fbeffe10b39 R08: 0000000000000002 R09: 0000000000008000 [ 304.410803][T10753] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 304.410820][T10753] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 304.410857][T10753] [ 304.722854][T10755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1893'. [ 305.339923][T10769] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1900'. [ 306.251604][T10794] ovs_: entered promiscuous mode [ 307.128798][T10808] sd 0:0:1:0: PR command failed: 1026 [ 307.134287][T10808] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 307.165406][T10808] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 307.800293][T10823] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1920'. [ 308.025970][ T5790] smpboot: CPU 1 is now offline [ 308.292448][T10834] netlink: 'syz.0.1922': attribute type 16 has an invalid length. [ 308.383492][T10834] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1922'. [ 308.512079][T10833] Process accounting resumed [ 308.921297][T10843] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1926'. [ 309.283159][T10851] workqueue: max_active 106400153 requested for writeback is out of range, clamping between 1 and 2048 [ 309.707715][T10858] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1933'. [ 309.948379][T10864] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1934'. [ 311.131874][T10874] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1938'. [ 312.770157][T10891] mkiss: ax0: crc mode is auto. [ 313.347048][T10899] FAULT_INJECTION: forcing a failure. [ 313.347048][T10899] name failslab, interval 1, probability 0, space 0, times 0 [ 313.451235][T10899] CPU: 0 UID: 0 PID: 10899 Comm: syz.0.1955 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 313.451263][T10899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.451275][T10899] Call Trace: [ 313.451281][T10899] [ 313.451289][T10899] dump_stack_lvl+0x16c/0x1f0 [ 313.451325][T10899] should_fail_ex+0x512/0x640 [ 313.451356][T10899] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 313.451387][T10899] should_failslab+0xc2/0x120 [ 313.451406][T10899] __kmalloc_cache_noprof+0x6a/0x3e0 [ 313.451439][T10899] ? trace_kmalloc+0x2b/0xd0 [ 313.451459][T10899] ? snd_virmidi_input_open+0xc8/0x4a0 [ 313.451485][T10899] snd_virmidi_input_open+0xc8/0x4a0 [ 313.451511][T10899] open_substream+0x47b/0x9b0 [ 313.451539][T10899] rawmidi_open_priv+0x513/0x6e0 [ 313.451570][T10899] snd_rawmidi_open+0x4cc/0xbf0 [ 313.451603][T10899] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 313.451632][T10899] ? __pfx_default_wake_function+0x10/0x10 [ 313.451655][T10899] ? kobject_get_unless_zero+0x156/0x1e0 [ 313.451679][T10899] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 313.451706][T10899] snd_open+0x1fe/0x450 [ 313.451726][T10899] ? __pfx_snd_open+0x10/0x10 [ 313.451745][T10899] chrdev_open+0x234/0x6a0 [ 313.451776][T10899] ? __pfx_apparmor_file_open+0x10/0x10 [ 313.451803][T10899] ? __pfx_chrdev_open+0x10/0x10 [ 313.451837][T10899] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 313.451869][T10899] do_dentry_open+0x741/0x1c10 [ 313.451900][T10899] ? __pfx_chrdev_open+0x10/0x10 [ 313.451936][T10899] vfs_open+0x82/0x3f0 [ 313.451961][T10899] path_openat+0x1de4/0x2cb0 [ 313.451998][T10899] ? __pfx_path_openat+0x10/0x10 [ 313.452029][T10899] ? __lock_acquire+0xb8a/0x1c90 [ 313.452059][T10899] do_filp_open+0x20b/0x470 [ 313.452089][T10899] ? __pfx_do_filp_open+0x10/0x10 [ 313.452137][T10899] ? alloc_fd+0x471/0x7d0 [ 313.452171][T10899] do_sys_openat2+0x11b/0x1d0 [ 313.452193][T10899] ? __pfx_do_sys_openat2+0x10/0x10 [ 313.452225][T10899] __x64_sys_openat+0x174/0x210 [ 313.452248][T10899] ? __pfx___x64_sys_openat+0x10/0x10 [ 313.452286][T10899] do_syscall_64+0xcd/0x490 [ 313.452307][T10899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.452328][T10899] RIP: 0033:0x7fbeffd8e929 [ 313.452343][T10899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.452363][T10899] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 313.452382][T10899] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 313.452396][T10899] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 313.452410][T10899] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 313.452422][T10899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.452438][T10899] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 313.452464][T10899] [ 314.200359][T10904] netlink: 'syz.0.1949': attribute type 4 has an invalid length. [ 315.810591][T10926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'. [ 315.858312][T10926] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1959'. [ 315.998587][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.108263][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.443444][ T36] bridge0: port 3(netdevsim1) entered disabled state [ 316.497035][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode [ 316.544374][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): left promiscuous mode [ 316.574213][ T36] bridge0: port 3(netdevsim1) entered disabled state [ 316.647956][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.921955][T10936] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1964'. [ 317.133030][T10939] netlink: 'syz.2.1965': attribute type 19 has an invalid length. [ 317.190924][T10939] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1965'. [ 317.242150][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.268176][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 317.276916][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 317.288755][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 317.311463][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 317.321519][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 317.846030][ T36] bridge_slave_1: left allmulticast mode [ 317.851820][ T36] bridge_slave_1: left promiscuous mode [ 317.914112][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.978262][T10953] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1968'. [ 318.059077][ T36] bridge_slave_0: left allmulticast mode [ 318.073204][ T36] bridge_slave_0: left promiscuous mode [ 318.104758][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.120579][T10948] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1968'. [ 318.972957][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 319.012976][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 319.053217][ T36] bond0 (unregistering): Released all slaves [ 319.396050][ T5840] Bluetooth: hci1: command tx timeout [ 319.977267][T10940] chnl_net:caif_netlink_parms(): no params data found [ 320.760524][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.766906][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.317759][T10940] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.324871][T10940] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.396042][T10940] bridge_slave_0: entered allmulticast mode [ 321.403172][T10940] bridge_slave_0: entered promiscuous mode [ 321.468541][T10940] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.479760][ T5840] Bluetooth: hci1: command tx timeout [ 321.524139][T10940] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.547389][T10940] bridge_slave_1: entered allmulticast mode [ 321.588238][T10940] bridge_slave_1: entered promiscuous mode [ 322.197029][ T36] hsr_slave_0: left promiscuous mode [ 322.221657][ T36] hsr_slave_1: left promiscuous mode [ 322.240519][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.265012][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.302999][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.325841][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.390867][ T36] veth1_macvtap: left promiscuous mode [ 322.422174][ T36] veth0_macvtap: left promiscuous mode [ 323.032490][ T36] team0 (unregistering): Port device team_slave_1 removed [ 323.097299][ T36] team0 (unregistering): Port device team_slave_0 removed [ 323.555616][ T5840] Bluetooth: hci1: command tx timeout [ 323.716705][T10940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.745827][T11004] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1975'. [ 323.809664][T10940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.031593][T11015] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1978'. [ 324.049641][T10940] team0: Port device team_slave_0 added [ 324.106300][T10940] team0: Port device team_slave_1 added [ 324.258254][T10940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.303708][T10940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.463304][T10940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.562591][T10940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.628957][T10940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.777565][T10940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.256355][T10940] hsr_slave_0: entered promiscuous mode [ 325.298307][T10940] hsr_slave_1: entered promiscuous mode [ 325.352349][T10940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.408821][T10940] Cannot create hsr debugfs directory [ 325.638140][ T5840] Bluetooth: hci1: command tx timeout [ 327.310377][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1993'. [ 327.367087][T11082] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1993'. [ 327.407369][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1993'. [ 328.076236][T10940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 328.137858][T10940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 328.204224][T10940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 328.280621][T10940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 328.438372][T11105] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2000'. [ 328.520838][T11105] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2000'. [ 328.646266][T10940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.729035][T10940] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.806897][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.814152][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.950525][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.957670][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.202096][T10940] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 329.233588][T11126] FAULT_INJECTION: forcing a failure. [ 329.233588][T11126] name failslab, interval 1, probability 0, space 0, times 0 [ 329.320060][T11126] CPU: 0 UID: 0 PID: 11126 Comm: syz.3.2004 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 329.320089][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.320102][T11126] Call Trace: [ 329.320108][T11126] [ 329.320115][T11126] dump_stack_lvl+0x16c/0x1f0 [ 329.320152][T11126] should_fail_ex+0x512/0x640 [ 329.320186][T11126] should_failslab+0xc2/0x120 [ 329.320205][T11126] __kmalloc_cache_noprof+0x6a/0x3e0 [ 329.320233][T11126] ? nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 329.320261][T11126] nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 329.320287][T11126] notifier_call_chain+0xbc/0x410 [ 329.320309][T11126] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10 [ 329.320340][T11126] blocking_notifier_call_chain+0x69/0xa0 [ 329.320367][T11126] netlink_release+0x186b/0x2020 [ 329.320401][T11126] ? netlink_release+0x1de/0x2020 [ 329.320426][T11126] ? __pfx_netlink_release+0x10/0x10 [ 329.320451][T11126] ? __pfx_locks_remove_file+0x10/0x10 [ 329.320478][T11126] __sock_release+0xb0/0x270 [ 329.320499][T11126] ? __pfx_sock_close+0x10/0x10 [ 329.320517][T11126] sock_close+0x1c/0x30 [ 329.320535][T11126] __fput+0x402/0xb70 [ 329.320560][T11126] task_work_run+0x150/0x240 [ 329.320591][T11126] ? __pfx_task_work_run+0x10/0x10 [ 329.320622][T11126] ? __pfx___do_sys_close_range+0x10/0x10 [ 329.320657][T11126] exit_to_user_mode_loop+0xeb/0x110 [ 329.320690][T11126] do_syscall_64+0x3f6/0x490 [ 329.320711][T11126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.320732][T11126] RIP: 0033:0x7f830878e929 [ 329.320747][T11126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.320767][T11126] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 329.320787][T11126] RAX: 0000000000000000 RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 329.320800][T11126] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 329.320812][T11126] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 329.320825][T11126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.320837][T11126] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 329.320862][T11126] [ 330.533560][T10940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.561916][T11144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2008'. [ 330.607675][T11144] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2008'. [ 330.689256][T10940] veth0_vlan: entered promiscuous mode [ 330.757806][T10940] veth1_vlan: entered promiscuous mode [ 330.893879][T10940] veth0_macvtap: entered promiscuous mode [ 330.970352][T10940] veth1_macvtap: entered promiscuous mode [ 331.082228][T10940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 331.140633][T10940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 331.198305][T10940] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.239221][T10940] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.295292][T10940] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.345925][T10940] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.859500][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.908443][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.014695][ T3517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.081781][ T3517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.220950][T11186] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2016'. [ 333.305344][T11186] IPv6: NLM_F_CREATE should be specified when creating new route [ 333.414316][T11185] FAULT_INJECTION: forcing a failure. [ 333.414316][T11185] name failslab, interval 1, probability 0, space 0, times 0 [ 333.729050][T11185] CPU: 0 UID: 0 PID: 11185 Comm: syz.0.2014 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 333.729079][T11185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 333.729092][T11185] Call Trace: [ 333.729098][T11185] [ 333.729112][T11185] dump_stack_lvl+0x16c/0x1f0 [ 333.729149][T11185] should_fail_ex+0x512/0x640 [ 333.729180][T11185] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 333.729217][T11185] should_failslab+0xc2/0x120 [ 333.729236][T11185] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 333.729269][T11185] ? find_held_lock+0x2b/0x80 [ 333.729288][T11185] ? fib_rules_register+0x30/0x500 [ 333.729309][T11185] ? __pfx_ipmr_net_init+0x10/0x10 [ 333.729334][T11185] kmemdup_noprof+0x29/0x60 [ 333.729365][T11185] fib_rules_register+0x30/0x500 [ 333.729384][T11185] ? fib_notifier_ops_register+0x123/0x270 [ 333.729405][T11185] ? __pfx_ipmr_net_init+0x10/0x10 [ 333.729428][T11185] ipmr_net_init+0xb8/0x4e0 [ 333.729451][T11185] ? __pfx_ipmr_net_init+0x10/0x10 [ 333.729473][T11185] ops_init+0x1e2/0x5f0 [ 333.729495][T11185] setup_net+0x1ff/0x510 [ 333.729514][T11185] ? lockdep_init_map_type+0x5c/0x280 [ 333.729543][T11185] ? __pfx_setup_net+0x10/0x10 [ 333.729565][T11185] ? debug_mutex_init+0x37/0x70 [ 333.729586][T11185] copy_net_ns+0x2a6/0x5f0 [ 333.729611][T11185] create_new_namespaces+0x3ea/0xa90 [ 333.729638][T11185] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 333.729663][T11185] ksys_unshare+0x45b/0xa40 [ 333.729690][T11185] ? __pfx_ksys_unshare+0x10/0x10 [ 333.729718][T11185] ? xfd_validate_state+0x61/0x180 [ 333.729752][T11185] __x64_sys_unshare+0x31/0x40 [ 333.729778][T11185] do_syscall_64+0xcd/0x490 [ 333.729799][T11185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.729819][T11185] RIP: 0033:0x7fbeffd8e929 [ 333.729835][T11185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.729854][T11185] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 333.729873][T11185] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 333.729887][T11185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 333.729899][T11185] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 333.729912][T11185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.729923][T11185] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 333.729950][T11185] [ 334.966489][T11211] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2024'. [ 335.323070][T11220] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2020'. [ 335.864463][T11232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2030'. [ 336.440531][T11225] raw_sendmsg: syz.3.2028 forgot to set AF_INET. Fix it! [ 336.501853][T11240] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2030'. [ 337.340747][T11245] zswap: compressor not available [ 338.605116][T11282] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2039'. [ 338.645004][T11270] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 338.705968][T11270] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 338.809975][T11270] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 338.829331][T11270] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 338.893590][T11270] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 338.921895][T11270] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 338.970151][T11270] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 339.008152][T11270] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 339.068380][T11270] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 339.455723][T11304] netlink: 'syz.1.2045': attribute type 28 has an invalid length. [ 339.524753][T11304] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2045'. [ 339.580027][T11304] netlink: 'syz.1.2045': attribute type 28 has an invalid length. [ 339.603274][T11304] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2045'. [ 340.355228][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 340.837183][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 340.925365][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 340.995338][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.435302][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 342.791831][T11384] netlink: 322 bytes leftover after parsing attributes in process `syz.3.2067'. [ 342.915387][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 342.995261][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 343.075380][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 343.716179][T11405] : renamed from gre0 [ 345.158178][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 345.526452][T11434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2085'. [ 346.087854][T11439] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2085'. [ 346.639166][T11448] FAULT_INJECTION: forcing a failure. [ 346.639166][T11448] name failslab, interval 1, probability 0, space 0, times 0 [ 346.723986][T11448] CPU: 0 UID: 0 PID: 11448 Comm: syz.0.2090 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 346.724015][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 346.724027][T11448] Call Trace: [ 346.724034][T11448] [ 346.724041][T11448] dump_stack_lvl+0x16c/0x1f0 [ 346.724077][T11448] should_fail_ex+0x512/0x640 [ 346.724107][T11448] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 346.724144][T11448] should_failslab+0xc2/0x120 [ 346.724164][T11448] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 346.724197][T11448] ? __split_page_owner+0x23b/0x3b0 [ 346.724228][T11448] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 346.724257][T11448] krealloc_noprof+0x1fc/0x370 [ 346.724290][T11448] snd_pcm_hw_rule_add+0x414/0x5a0 [ 346.724310][T11448] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 346.724338][T11448] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 346.724359][T11448] ? lockdep_init_map_type+0x5c/0x280 [ 346.724389][T11448] ? debug_mutex_init+0x37/0x70 [ 346.724409][T11448] ? snd_pcm_attach_substream+0x89d/0xd60 [ 346.724443][T11448] snd_pcm_open_substream+0x534/0x17f0 [ 346.724474][T11448] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 346.724505][T11448] ? rcu_is_watching+0x12/0xc0 [ 346.724529][T11448] snd_pcm_open+0x29e/0x730 [ 346.724561][T11448] ? __pfx_snd_pcm_open+0x10/0x10 [ 346.724591][T11448] ? __pfx_default_wake_function+0x10/0x10 [ 346.724620][T11448] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 346.724647][T11448] snd_pcm_capture_open+0x89/0xe0 [ 346.724675][T11448] snd_open+0x1fe/0x450 [ 346.724695][T11448] ? __pfx_snd_open+0x10/0x10 [ 346.724714][T11448] chrdev_open+0x234/0x6a0 [ 346.724746][T11448] ? __pfx_chrdev_open+0x10/0x10 [ 346.724779][T11448] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 346.724810][T11448] do_dentry_open+0x741/0x1c10 [ 346.724841][T11448] ? __pfx_chrdev_open+0x10/0x10 [ 346.724877][T11448] vfs_open+0x82/0x3f0 [ 346.724901][T11448] path_openat+0x1de4/0x2cb0 [ 346.724938][T11448] ? __pfx_path_openat+0x10/0x10 [ 346.724968][T11448] ? __lock_acquire+0xb8a/0x1c90 [ 346.724997][T11448] do_filp_open+0x20b/0x470 [ 346.725026][T11448] ? __pfx_do_filp_open+0x10/0x10 [ 346.725074][T11448] ? alloc_fd+0x471/0x7d0 [ 346.725108][T11448] do_sys_openat2+0x11b/0x1d0 [ 346.725130][T11448] ? __pfx_do_sys_openat2+0x10/0x10 [ 346.725162][T11448] __x64_sys_openat+0x174/0x210 [ 346.725185][T11448] ? __pfx___x64_sys_openat+0x10/0x10 [ 346.725218][T11448] do_syscall_64+0xcd/0x490 [ 346.725239][T11448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.725267][T11448] RIP: 0033:0x7fbeffd8e929 [ 346.725282][T11448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.725302][T11448] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 346.725321][T11448] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 346.725335][T11448] RDX: 0000000000001200 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 346.725348][T11448] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 346.725360][T11448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 346.725372][T11448] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 346.725398][T11448] [ 348.440658][T11463] netlink: 'syz.2.2096': attribute type 16 has an invalid length. [ 348.478417][T11463] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2096'. [ 348.703644][T11468] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2098'. [ 349.214116][T11477] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2102'. [ 349.291280][T11479] FAULT_INJECTION: forcing a failure. [ 349.291280][T11479] name failslab, interval 1, probability 0, space 0, times 0 [ 349.380354][T11479] CPU: 0 UID: 0 PID: 11479 Comm: syz.3.2103 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 349.380382][T11479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 349.380394][T11479] Call Trace: [ 349.380401][T11479] [ 349.380408][T11479] dump_stack_lvl+0x16c/0x1f0 [ 349.380444][T11479] should_fail_ex+0x512/0x640 [ 349.380474][T11479] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 349.380508][T11479] should_failslab+0xc2/0x120 [ 349.380527][T11479] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 349.380559][T11479] ? __kernfs_new_node+0xd2/0x8e0 [ 349.380591][T11479] __kernfs_new_node+0xd2/0x8e0 [ 349.380622][T11479] ? __pfx___kernfs_new_node+0x10/0x10 [ 349.380657][T11479] ? find_held_lock+0x2b/0x80 [ 349.380678][T11479] ? kernfs_root+0xee/0x2a0 [ 349.380711][T11479] kernfs_new_node+0x13c/0x1e0 [ 349.380743][T11479] ? current_in_userns+0x120/0x190 [ 349.380776][T11479] __kernfs_create_file+0x53/0x350 [ 349.380801][T11479] sysfs_add_file_mode_ns+0x207/0x3c0 [ 349.380834][T11479] internal_create_group+0x578/0xf30 [ 349.380868][T11479] ? kobject_init_and_add+0x123/0x190 [ 349.380891][T11479] ? __pfx_internal_create_group+0x10/0x10 [ 349.380919][T11479] ? __pfx_kobject_init_and_add+0x10/0x10 [ 349.380940][T11479] ? __x64_sys_ioctl+0x18e/0x210 [ 349.380972][T11479] internal_create_groups+0x9d/0x150 [ 349.381004][T11479] netdev_queue_update_kobjects+0x115/0x720 [ 349.381036][T11479] netdev_register_kobject+0x28c/0x3a0 [ 349.381062][T11479] register_netdevice+0x13dc/0x2270 [ 349.381097][T11479] ? idr_alloc+0xdd/0x130 [ 349.381125][T11479] ? __pfx_register_netdevice+0x10/0x10 [ 349.381159][T11479] ppp_dev_configure+0x99b/0xc80 [ 349.381189][T11479] ppp_ioctl+0x17e0/0x2660 [ 349.381216][T11479] ? find_held_lock+0x2b/0x80 [ 349.381235][T11479] ? __pfx_ppp_ioctl+0x10/0x10 [ 349.381264][T11479] ? __fget_files+0x20e/0x3c0 [ 349.381296][T11479] ? __pfx_ppp_ioctl+0x10/0x10 [ 349.381321][T11479] __x64_sys_ioctl+0x18e/0x210 [ 349.381347][T11479] do_syscall_64+0xcd/0x490 [ 349.381367][T11479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.381393][T11479] RIP: 0033:0x7f830878e929 [ 349.381409][T11479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.381428][T11479] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 349.381448][T11479] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 349.381461][T11479] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005 [ 349.381473][T11479] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 349.381486][T11479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.381498][T11479] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 349.381524][T11479] [ 349.957584][T11475] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 350.801417][ T5840] Bluetooth: hci2: ACL packet too small [ 350.816102][ T5840] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 350.823652][ T5840] Bluetooth: hci2: Invalid handle: 0xe200 > 0x0eff [ 352.034701][T11523] netlink: 'syz.0.2119': attribute type 4 has an invalid length. [ 352.077098][T11523] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2119'. [ 353.062633][T11543] netlink: 'syz.2.2126': attribute type 4 has an invalid length. [ 353.337848][ T5155] Bluetooth: hci3: unexpected event 0x06 length: 440 > 3 [ 353.826155][T11556] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2132'. [ 354.075224][T11561] bond0: mtu greater than device maximum [ 354.811365][T11577] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2141'. [ 355.037721][T11581] FAULT_INJECTION: forcing a failure. [ 355.037721][T11581] name failslab, interval 1, probability 0, space 0, times 0 [ 355.067340][T11583] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2144'. [ 355.124455][T11581] CPU: 0 UID: 0 PID: 11581 Comm: syz.3.2143 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 355.124484][T11581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.124498][T11581] Call Trace: [ 355.124505][T11581] [ 355.124513][T11581] dump_stack_lvl+0x16c/0x1f0 [ 355.124552][T11581] should_fail_ex+0x512/0x640 [ 355.124582][T11581] ? __kmalloc_noprof+0xbf/0x510 [ 355.124616][T11581] ? __vb2_queue_alloc+0x23e/0x1280 [ 355.124637][T11581] should_failslab+0xc2/0x120 [ 355.124658][T11581] __kmalloc_noprof+0xd2/0x510 [ 355.124689][T11581] ? bitmap_find_next_zero_area_off+0xb4/0xd0 [ 355.124725][T11581] __vb2_queue_alloc+0x23e/0x1280 [ 355.124748][T11581] ? __kmalloc_noprof+0x242/0x510 [ 355.124789][T11581] vb2_core_reqbufs+0xa90/0xfe0 [ 355.124818][T11581] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 355.124857][T11581] __vb2_init_fileio+0x3f1/0x1100 [ 355.124881][T11581] ? __mutex_lock+0x1ca/0xb90 [ 355.124901][T11581] ? __pfx___futex_wait+0x10/0x10 [ 355.124932][T11581] ? vb2_fop_write+0xe6/0x3f0 [ 355.124965][T11581] __vb2_perform_fileio+0x9c2/0x1660 [ 355.124994][T11581] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 355.125025][T11581] vb2_fop_write+0x207/0x3f0 [ 355.125048][T11581] v4l2_write+0x226/0x360 [ 355.125076][T11581] ? __pfx_v4l2_write+0x10/0x10 [ 355.125102][T11581] vfs_write+0x2a0/0x1150 [ 355.125139][T11581] ? __pfx_vfs_write+0x10/0x10 [ 355.125166][T11581] ? find_held_lock+0x2b/0x80 [ 355.125186][T11581] ? __fget_files+0x204/0x3c0 [ 355.125217][T11581] ? __fget_files+0x20e/0x3c0 [ 355.125251][T11581] ksys_write+0x12a/0x250 [ 355.125279][T11581] ? __pfx_ksys_write+0x10/0x10 [ 355.125315][T11581] do_syscall_64+0xcd/0x490 [ 355.125335][T11581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.125356][T11581] RIP: 0033:0x7f830878e929 [ 355.125371][T11581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.125391][T11581] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 355.125410][T11581] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 355.125423][T11581] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 355.125435][T11581] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 355.125447][T11581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.125459][T11581] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 355.125484][T11581] [ 356.667259][T11599] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 357.048249][T11610] serio: Serial port pty233 [ 358.080005][T11622] FAULT_INJECTION: forcing a failure. [ 358.080005][T11622] name failslab, interval 1, probability 0, space 0, times 0 [ 358.137856][T11622] CPU: 0 UID: 0 PID: 11622 Comm: syz.2.2159 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 358.137890][T11622] Tainted: [I]=FIRMWARE_WORKAROUND [ 358.137897][T11622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 358.137909][T11622] Call Trace: [ 358.137915][T11622] [ 358.137923][T11622] dump_stack_lvl+0x16c/0x1f0 [ 358.137959][T11622] should_fail_ex+0x512/0x640 [ 358.137989][T11622] ? fs_reclaim_acquire+0xae/0x150 [ 358.138016][T11622] should_failslab+0xc2/0x120 [ 358.138035][T11622] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 358.138067][T11622] ? security_inode_alloc+0x3b/0x2b0 [ 358.138094][T11622] security_inode_alloc+0x3b/0x2b0 [ 358.138117][T11622] inode_init_always_gfp+0xce4/0x1030 [ 358.138150][T11622] alloc_inode+0x86/0x240 [ 358.138171][T11622] alloc_anon_inode+0x28/0x3e0 [ 358.138201][T11622] ioctx_alloc+0x4ad/0x2120 [ 358.138237][T11622] ? find_held_lock+0x2b/0x80 [ 358.138257][T11622] ? __pfx_ioctx_alloc+0x10/0x10 [ 358.138281][T11622] ? __might_fault+0x13b/0x190 [ 358.138317][T11622] __x64_sys_io_setup+0xc9/0x210 [ 358.138346][T11622] do_syscall_64+0xcd/0x490 [ 358.138367][T11622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.138387][T11622] RIP: 0033:0x7fadbc58e929 [ 358.138403][T11622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.138422][T11622] RSP: 002b:00007fadbd384038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 358.138441][T11622] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 358.138455][T11622] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 358.138467][T11622] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 358.138479][T11622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.138491][T11622] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 358.138522][T11622] [ 358.882520][T11628] netlink: 30 bytes leftover after parsing attributes in process `syz.1.2160'. [ 358.993374][T11631] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2162'. [ 359.143623][T11633] netlink: 'syz.2.2164': attribute type 21 has an invalid length. [ 359.191400][T11633] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2164'. [ 359.447296][T11640] program syz.2.2166 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.071864][T11666] netlink: 266 bytes leftover after parsing attributes in process `syz.1.2175'. [ 361.125235][T11666] IPv6: NLM_F_CREATE should be specified when creating new route [ 361.511037][T11614] kexec: Could not allocate control_code_buffer [ 361.631329][T11675] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2179'. [ 361.841037][T11682] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2182'. [ 361.986289][T11686] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2183'. [ 362.128220][T11691] bond0: mtu greater than device maximum [ 362.453370][T11701] FAULT_INJECTION: forcing a failure. [ 362.453370][T11701] name failslab, interval 1, probability 0, space 0, times 0 [ 362.492312][ T5155] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 362.492340][ T5155] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 362.510079][ T5155] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 362.510115][ T5155] Bluetooth: hci1: adv larger than maximum supported [ 362.517712][ T5155] Bluetooth: hci1: adv larger than maximum supported [ 362.525330][ T5155] Bluetooth: hci1: Malformed LE Event: 0x0d [ 362.552113][T11701] CPU: 0 UID: 0 PID: 11701 Comm: syz.3.2190 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 362.552144][T11701] Tainted: [I]=FIRMWARE_WORKAROUND [ 362.552152][T11701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.552164][T11701] Call Trace: [ 362.552170][T11701] [ 362.552177][T11701] dump_stack_lvl+0x16c/0x1f0 [ 362.552220][T11701] should_fail_ex+0x512/0x640 [ 362.552249][T11701] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 362.552284][T11701] should_failslab+0xc2/0x120 [ 362.552303][T11701] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 362.552333][T11701] ? acpi_evaluate_integer+0xdd/0x200 [ 362.552356][T11701] ? status_show+0xa0/0x120 [ 362.552384][T11701] ? dev_attr_show+0x56/0xe0 [ 362.552402][T11701] ? acpi_ps_alloc_op+0x25f/0x310 [ 362.552437][T11701] acpi_ps_alloc_op+0x25f/0x310 [ 362.552468][T11701] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 362.552501][T11701] acpi_ps_create_op+0x3dc/0xc20 [ 362.552534][T11701] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 362.552575][T11701] acpi_ps_parse_loop+0xdd8/0x1d00 [ 362.552612][T11701] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 362.552647][T11701] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 362.552679][T11701] ? acpi_ut_create_thread_state+0x63/0x170 [ 362.552714][T11701] acpi_ps_parse_aml+0x3c1/0xcb0 [ 362.552749][T11701] acpi_ps_execute_method+0x55a/0xb30 [ 362.552786][T11701] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 362.552812][T11701] acpi_ns_evaluate+0x76c/0xca0 [ 362.552834][T11701] ? kasan_save_track+0x14/0x30 [ 362.552866][T11701] acpi_evaluate_object+0x1fa/0xa90 [ 362.552897][T11701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.552923][T11701] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 362.552954][T11701] ? __mutex_trylock_common+0xe9/0x250 [ 362.552986][T11701] acpi_evaluate_integer+0xdd/0x200 [ 362.553011][T11701] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 362.553048][T11701] ? __pfx_status_show+0x10/0x10 [ 362.553077][T11701] status_show+0xa0/0x120 [ 362.553107][T11701] ? __pfx_status_show+0x10/0x10 [ 362.553144][T11701] dev_attr_show+0x56/0xe0 [ 362.553165][T11701] ? __pfx_dev_attr_show+0x10/0x10 [ 362.553183][T11701] sysfs_kf_seq_show+0x216/0x3e0 [ 362.553220][T11701] seq_read_iter+0x509/0x12c0 [ 362.553257][T11701] kernfs_fop_read_iter+0x40f/0x5a0 [ 362.553278][T11701] ? rw_verify_area+0xcf/0x680 [ 362.553307][T11701] vfs_read+0x8bc/0xc60 [ 362.553339][T11701] ? __pfx___mutex_lock+0x10/0x10 [ 362.553358][T11701] ? __pfx_vfs_read+0x10/0x10 [ 362.553407][T11701] ksys_read+0x12a/0x250 [ 362.553436][T11701] ? __pfx_ksys_read+0x10/0x10 [ 362.553473][T11701] do_syscall_64+0xcd/0x490 [ 362.553493][T11701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.553513][T11701] RIP: 0033:0x7f830878e929 [ 362.553529][T11701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.553549][T11701] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 362.553568][T11701] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 362.553581][T11701] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 362.553594][T11701] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 362.553606][T11701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.553618][T11701] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 362.553644][T11701] [ 362.974960][T11701] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250404/psparse-529) [ 363.135353][T11708] netlink: zone id is out of range [ 363.140499][T11708] netlink: zone id is out of range [ 363.145874][T11708] netlink: zone id is out of range [ 363.150986][T11708] netlink: zone id is out of range [ 363.157516][T11708] netlink: zone id is out of range [ 363.162643][T11708] netlink: zone id is out of range [ 363.168016][T11708] netlink: zone id is out of range [ 363.173124][T11708] netlink: zone id is out of range [ 363.178845][T11708] netlink: zone id is out of range [ 363.938418][T11728] FAULT_INJECTION: forcing a failure. [ 363.938418][T11728] name failslab, interval 1, probability 0, space 0, times 0 [ 364.014593][T11728] CPU: 0 UID: 0 PID: 11728 Comm: syz.0.2198 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 364.014628][T11728] Tainted: [I]=FIRMWARE_WORKAROUND [ 364.014636][T11728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 364.014648][T11728] Call Trace: [ 364.014654][T11728] [ 364.014661][T11728] dump_stack_lvl+0x16c/0x1f0 [ 364.014697][T11728] should_fail_ex+0x512/0x640 [ 364.014727][T11728] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 364.014760][T11728] should_failslab+0xc2/0x120 [ 364.014780][T11728] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 364.014811][T11728] ? copy_net_ns+0xe8/0x5f0 [ 364.014838][T11728] copy_net_ns+0xe8/0x5f0 [ 364.014858][T11728] ? copy_cgroup_ns+0x71/0x700 [ 364.014881][T11728] create_new_namespaces+0x3ea/0xa90 [ 364.014910][T11728] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 364.014934][T11728] ksys_unshare+0x45b/0xa40 [ 364.014961][T11728] ? __pfx_ksys_unshare+0x10/0x10 [ 364.014988][T11728] ? xfd_validate_state+0x61/0x180 [ 364.015021][T11728] __x64_sys_unshare+0x31/0x40 [ 364.015046][T11728] do_syscall_64+0xcd/0x490 [ 364.015066][T11728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.015086][T11728] RIP: 0033:0x7fbeffd8e929 [ 364.015102][T11728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.015132][T11728] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 364.015151][T11728] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 364.015165][T11728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 364.015177][T11728] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 364.015190][T11728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.015202][T11728] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 364.015227][T11728] [ 364.991332][T11741] netlink: 'syz.1.2202': attribute type 16 has an invalid length. [ 365.035222][T11741] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2202'. [ 365.105756][T11741] veth1_macvtap: left promiscuous mode [ 366.176967][T11761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2210'. [ 366.642799][T11773] FAULT_INJECTION: forcing a failure. [ 366.642799][T11773] name failslab, interval 1, probability 0, space 0, times 0 [ 366.702222][T11773] CPU: 0 UID: 0 PID: 11773 Comm: syz.2.2214 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 366.702260][T11773] Tainted: [I]=FIRMWARE_WORKAROUND [ 366.702268][T11773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.702282][T11773] Call Trace: [ 366.702289][T11773] [ 366.702298][T11773] dump_stack_lvl+0x16c/0x1f0 [ 366.702338][T11773] should_fail_ex+0x512/0x640 [ 366.702385][T11773] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 366.702416][T11773] ? __pfx_mon_text_open+0x10/0x10 [ 366.702458][T11773] should_failslab+0xc2/0x120 [ 366.702477][T11773] __kmalloc_cache_noprof+0x6a/0x3e0 [ 366.702503][T11773] ? lockdep_init_map_type+0x5c/0x280 [ 366.702531][T11773] ? mon_text_open+0xd5/0x4f0 [ 366.702563][T11773] ? __pfx_mon_text_open+0x10/0x10 [ 366.702593][T11773] mon_text_open+0xd5/0x4f0 [ 366.702625][T11773] ? __pfx_mon_text_open+0x10/0x10 [ 366.702654][T11773] ? __debugfs_file_get+0x1fe/0x840 [ 366.702673][T11773] ? __pfx___debugfs_file_get+0x10/0x10 [ 366.702693][T11773] ? __pfx_apparmor_file_open+0x10/0x10 [ 366.702718][T11773] ? lockdown_is_locked_down+0x3f/0x130 [ 366.702746][T11773] ? bpf_lsm_locked_down+0x9/0x10 [ 366.702774][T11773] ? __pfx_mon_text_open+0x10/0x10 [ 366.702803][T11773] full_proxy_open_regular+0x1b9/0x360 [ 366.702827][T11773] do_dentry_open+0x741/0x1c10 [ 366.702858][T11773] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 366.702885][T11773] vfs_open+0x82/0x3f0 [ 366.702909][T11773] path_openat+0x1de4/0x2cb0 [ 366.702954][T11773] ? __pfx_path_openat+0x10/0x10 [ 366.702987][T11773] ? __lock_acquire+0xb8a/0x1c90 [ 366.703017][T11773] do_filp_open+0x20b/0x470 [ 366.703046][T11773] ? __pfx_do_filp_open+0x10/0x10 [ 366.703095][T11773] ? alloc_fd+0x471/0x7d0 [ 366.703130][T11773] do_sys_openat2+0x11b/0x1d0 [ 366.703152][T11773] ? __pfx_do_sys_openat2+0x10/0x10 [ 366.703184][T11773] __x64_sys_openat+0x174/0x210 [ 366.703207][T11773] ? __pfx___x64_sys_openat+0x10/0x10 [ 366.703240][T11773] do_syscall_64+0xcd/0x490 [ 366.703260][T11773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.703281][T11773] RIP: 0033:0x7fadbc58e929 [ 366.703296][T11773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.703317][T11773] RSP: 002b:00007fadbd384038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 366.703336][T11773] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 366.703349][T11773] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 366.703362][T11773] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 366.703374][T11773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.703386][T11773] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 366.703412][T11773] [ 367.158620][T11781] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2219'. [ 367.168889][T11781] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2219'. [ 368.577320][T11816] FAULT_INJECTION: forcing a failure. [ 368.577320][T11816] name failslab, interval 1, probability 0, space 0, times 0 [ 368.633491][T11816] CPU: 0 UID: 0 PID: 11816 Comm: syz.0.2233 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 368.633524][T11816] Tainted: [I]=FIRMWARE_WORKAROUND [ 368.633531][T11816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.633544][T11816] Call Trace: [ 368.633550][T11816] [ 368.633558][T11816] dump_stack_lvl+0x16c/0x1f0 [ 368.633594][T11816] should_fail_ex+0x512/0x640 [ 368.633624][T11816] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 368.633657][T11816] should_failslab+0xc2/0x120 [ 368.633676][T11816] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 368.633707][T11816] ? proc_net_ns_init+0x42/0x410 [ 368.633730][T11816] ? __pfx_proc_net_ns_init+0x10/0x10 [ 368.633749][T11816] proc_net_ns_init+0x42/0x410 [ 368.633768][T11816] ? __pfx_proc_net_ns_init+0x10/0x10 [ 368.633786][T11816] ops_init+0x1e2/0x5f0 [ 368.633808][T11816] setup_net+0x1ff/0x510 [ 368.633826][T11816] ? lockdep_init_map_type+0x5c/0x280 [ 368.633855][T11816] ? __pfx_setup_net+0x10/0x10 [ 368.633876][T11816] ? debug_mutex_init+0x37/0x70 [ 368.633903][T11816] copy_net_ns+0x2a6/0x5f0 [ 368.633928][T11816] create_new_namespaces+0x3ea/0xa90 [ 368.633956][T11816] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 368.633980][T11816] ksys_unshare+0x45b/0xa40 [ 368.634008][T11816] ? __pfx_ksys_unshare+0x10/0x10 [ 368.634035][T11816] ? xfd_validate_state+0x61/0x180 [ 368.634069][T11816] __x64_sys_unshare+0x31/0x40 [ 368.634094][T11816] do_syscall_64+0xcd/0x490 [ 368.634114][T11816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.634134][T11816] RIP: 0033:0x7fbeffd8e929 [ 368.634149][T11816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.634169][T11816] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 368.634189][T11816] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 368.634203][T11816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 368.634215][T11816] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 368.634227][T11816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.634239][T11816] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 368.634265][T11816] [ 368.857114][ C0] vkms_vblank_simulate: vblank timer overrun [ 368.933485][T11822] netlink: 222 bytes leftover after parsing attributes in process `syz.3.2234'. [ 368.948339][T11822] netlink: 222 bytes leftover after parsing attributes in process `syz.3.2234'. [ 369.029828][T11824] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2237'. [ 369.039170][T11824] IPv6: NLM_F_CREATE should be specified when creating new route [ 369.084822][T11826] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2238'. [ 369.763234][T11845] netlink: 'syz.3.2244': attribute type 21 has an invalid length. [ 369.784485][T11845] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2244'. [ 370.393494][T11864] FAULT_INJECTION: forcing a failure. [ 370.393494][T11864] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 370.494950][T11864] CPU: 0 UID: 0 PID: 11864 Comm: syz.3.2252 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 370.494983][T11864] Tainted: [I]=FIRMWARE_WORKAROUND [ 370.494990][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 370.495003][T11864] Call Trace: [ 370.495009][T11864] [ 370.495017][T11864] dump_stack_lvl+0x16c/0x1f0 [ 370.495053][T11864] should_fail_ex+0x512/0x640 [ 370.495087][T11864] should_fail_alloc_page+0xe7/0x130 [ 370.495116][T11864] prepare_alloc_pages+0x3c2/0x610 [ 370.495141][T11864] ? rcu_is_watching+0x12/0xc0 [ 370.495164][T11864] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 370.495196][T11864] ? __lock_acquire+0xb8a/0x1c90 [ 370.495233][T11864] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 370.495265][T11864] ? do_raw_spin_lock+0x12c/0x2b0 [ 370.495296][T11864] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 370.495328][T11864] ? find_held_lock+0x2b/0x80 [ 370.495355][T11864] ? __lock_acquire+0xb8a/0x1c90 [ 370.495380][T11864] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 370.495413][T11864] ? policy_nodemask+0xea/0x4e0 [ 370.495448][T11864] alloc_pages_mpol+0x1fb/0x550 [ 370.495468][T11864] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 370.495495][T11864] folio_alloc_mpol_noprof+0x36/0x2f0 [ 370.495519][T11864] shmem_alloc_folio+0x135/0x160 [ 370.495545][T11864] shmem_alloc_and_add_folio+0x499/0xc20 [ 370.495579][T11864] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 370.495611][T11864] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 370.495646][T11864] shmem_get_folio_gfp+0x67f/0x1600 [ 370.495681][T11864] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 370.495719][T11864] ? __lock_acquire+0x622/0x1c90 [ 370.495749][T11864] shmem_fault+0x1fe/0xa30 [ 370.495780][T11864] ? __pfx_shmem_fault+0x10/0x10 [ 370.495815][T11864] ? __lock_acquire+0xb8a/0x1c90 [ 370.495848][T11864] __do_fault+0x10d/0x490 [ 370.495879][T11864] ? __pfx_filemap_map_pages+0x10/0x10 [ 370.495910][T11864] __handle_mm_fault+0x374c/0x5490 [ 370.495944][T11864] ? __pfx___handle_mm_fault+0x10/0x10 [ 370.495972][T11864] ? __pte_offset_map_lock+0x174/0x310 [ 370.495994][T11864] ? find_held_lock+0x2b/0x80 [ 370.496012][T11864] ? find_held_lock+0x2b/0x80 [ 370.496037][T11864] ? follow_page_pte+0x3af/0x14c0 [ 370.496066][T11864] handle_mm_fault+0x589/0xd10 [ 370.496102][T11864] __get_user_pages+0x589/0x3b80 [ 370.496135][T11864] ? __pfx___get_user_pages+0x10/0x10 [ 370.496158][T11864] ? __pfx_down_read_killable+0x10/0x10 [ 370.496191][T11864] ? __lock_acquire+0xb8a/0x1c90 [ 370.496222][T11864] faultin_page_range+0x249/0x980 [ 370.496252][T11864] madvise_do_behavior+0x268/0x3f0 [ 370.496277][T11864] ? __pfx_madvise_do_behavior+0x10/0x10 [ 370.496313][T11864] do_madvise+0x161/0x230 [ 370.496334][T11864] ? __pfx_do_madvise+0x10/0x10 [ 370.496367][T11864] ? xfd_validate_state+0x61/0x180 [ 370.496392][T11864] ? __pfx_do_writev+0x10/0x10 [ 370.496424][T11864] __x64_sys_madvise+0xa9/0x110 [ 370.496445][T11864] ? lockdep_hardirqs_on+0x7c/0x110 [ 370.496475][T11864] do_syscall_64+0xcd/0x490 [ 370.496495][T11864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.496515][T11864] RIP: 0033:0x7f830878e929 [ 370.496531][T11864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.496551][T11864] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 370.496570][T11864] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 370.496583][T11864] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 370.496596][T11864] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 370.496608][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.496620][T11864] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 370.496646][T11864] [ 370.865685][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.890239][T11868] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 371.325428][T11870] mkiss: ax0: crc mode is auto. [ 371.496342][T11872] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2255'. [ 371.538075][T11872] IPv6: NLM_F_CREATE should be specified when creating new route [ 371.561451][T11872] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 371.568979][T11872] IPv6: NLM_F_CREATE should be set when creating new route [ 371.576213][T11872] IPv6: NLM_F_CREATE should be set when creating new route [ 371.667303][T11874] FAULT_INJECTION: forcing a failure. [ 371.667303][T11874] name failslab, interval 1, probability 0, space 0, times 0 [ 371.717099][T11874] CPU: 0 UID: 0 PID: 11874 Comm: syz.1.2256 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 371.717132][T11874] Tainted: [I]=FIRMWARE_WORKAROUND [ 371.717139][T11874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 371.717151][T11874] Call Trace: [ 371.717158][T11874] [ 371.717165][T11874] dump_stack_lvl+0x16c/0x1f0 [ 371.717202][T11874] should_fail_ex+0x512/0x640 [ 371.717231][T11874] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 371.717264][T11874] should_failslab+0xc2/0x120 [ 371.717284][T11874] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 371.717315][T11874] ? __kernfs_new_node+0xd2/0x8e0 [ 371.717346][T11874] __kernfs_new_node+0xd2/0x8e0 [ 371.717377][T11874] ? __pfx___kernfs_new_node+0x10/0x10 [ 371.717411][T11874] ? find_held_lock+0x2b/0x80 [ 371.717432][T11874] ? kernfs_root+0xee/0x2a0 [ 371.717465][T11874] kernfs_new_node+0x13c/0x1e0 [ 371.717500][T11874] __kernfs_create_file+0x53/0x350 [ 371.717525][T11874] sysfs_add_file_mode_ns+0x207/0x3c0 [ 371.717558][T11874] internal_create_group+0x578/0xf30 [ 371.717594][T11874] ? __pfx_internal_create_group+0x10/0x10 [ 371.717634][T11874] ? kernfs_create_link+0x1bd/0x240 [ 371.717661][T11874] internal_create_groups+0x9d/0x150 [ 371.717693][T11874] device_add+0x6d1/0x1a70 [ 371.717717][T11874] ? __pfx_device_add+0x10/0x10 [ 371.717738][T11874] ? lockdep_init_map_type+0x5c/0x280 [ 371.717766][T11874] ? __init_waitqueue_head+0xca/0x150 [ 371.717804][T11874] netdev_register_kobject+0x182/0x3a0 [ 371.717831][T11874] register_netdevice+0x13dc/0x2270 [ 371.717857][T11874] ? __pfx_register_netdevice+0x10/0x10 [ 371.717886][T11874] slip_open+0xb86/0x1150 [ 371.717917][T11874] ? __pfx_slip_open+0x10/0x10 [ 371.717941][T11874] ? down_write+0x14d/0x200 [ 371.717963][T11874] ? __pfx_slip_open+0x10/0x10 [ 371.717988][T11874] tty_ldisc_open+0x9f/0x120 [ 371.718018][T11874] tty_set_ldisc+0x32b/0x780 [ 371.718049][T11874] tty_ioctl+0xc2e/0x1640 [ 371.718082][T11874] ? __pfx_tty_ioctl+0x10/0x10 [ 371.718121][T11874] ? find_held_lock+0x2b/0x80 [ 371.718142][T11874] ? hook_file_ioctl_common+0x145/0x410 [ 371.718170][T11874] ? __fget_files+0x20e/0x3c0 [ 371.718201][T11874] ? __pfx_tty_ioctl+0x10/0x10 [ 371.718234][T11874] __x64_sys_ioctl+0x18e/0x210 [ 371.718259][T11874] do_syscall_64+0xcd/0x490 [ 371.718279][T11874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.718300][T11874] RIP: 0033:0x7f6bdc18e929 [ 371.718316][T11874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.718336][T11874] RSP: 002b:00007f6bdcf6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 371.718355][T11874] RAX: ffffffffffffffda RBX: 00007f6bdc3b5fa0 RCX: 00007f6bdc18e929 [ 371.718368][T11874] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 371.718380][T11874] RBP: 00007f6bdc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 371.718393][T11874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.718405][T11874] R13: 0000000000000000 R14: 00007f6bdc3b5fa0 R15: 00007ffce0ad9708 [ 371.718430][T11874] [ 372.026564][ C0] vkms_vblank_simulate: vblank timer overrun [ 372.265941][T11883] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2260'. [ 372.366318][T11887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2262'. [ 372.376995][T11887] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2262'. [ 372.695272][T11895] FAULT_INJECTION: forcing a failure. [ 372.695272][T11895] name failslab, interval 1, probability 0, space 0, times 0 [ 372.714944][T11895] CPU: 0 UID: 0 PID: 11895 Comm: syz.3.2265 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 372.714976][T11895] Tainted: [I]=FIRMWARE_WORKAROUND [ 372.714983][T11895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.714999][T11895] Call Trace: [ 372.715006][T11895] [ 372.715013][T11895] dump_stack_lvl+0x16c/0x1f0 [ 372.715049][T11895] should_fail_ex+0x512/0x640 [ 372.715079][T11895] ? __kvmalloc_node_noprof+0x124/0x620 [ 372.715116][T11895] should_failslab+0xc2/0x120 [ 372.715135][T11895] __kvmalloc_node_noprof+0x137/0x620 [ 372.715163][T11895] ? lockdep_init_map_type+0x5c/0x280 [ 372.715192][T11895] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 372.715228][T11895] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 372.715258][T11895] v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 372.715291][T11895] vicodec_open+0x1a9/0xf90 [ 372.715323][T11895] v4l2_open+0x225/0x490 [ 372.715350][T11895] ? __pfx_v4l2_open+0x10/0x10 [ 372.715377][T11895] chrdev_open+0x234/0x6a0 [ 372.715408][T11895] ? __pfx_apparmor_file_open+0x10/0x10 [ 372.715435][T11895] ? __pfx_chrdev_open+0x10/0x10 [ 372.715468][T11895] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 372.715499][T11895] do_dentry_open+0x741/0x1c10 [ 372.715530][T11895] ? __pfx_chrdev_open+0x10/0x10 [ 372.715573][T11895] vfs_open+0x82/0x3f0 [ 372.715597][T11895] path_openat+0x1de4/0x2cb0 [ 372.715635][T11895] ? __pfx_path_openat+0x10/0x10 [ 372.715666][T11895] ? __lock_acquire+0xb8a/0x1c90 [ 372.715695][T11895] do_filp_open+0x20b/0x470 [ 372.715724][T11895] ? __pfx_do_filp_open+0x10/0x10 [ 372.715771][T11895] ? alloc_fd+0x471/0x7d0 [ 372.715805][T11895] do_sys_openat2+0x11b/0x1d0 [ 372.715827][T11895] ? __pfx_do_sys_openat2+0x10/0x10 [ 372.715859][T11895] __x64_sys_openat+0x174/0x210 [ 372.715882][T11895] ? __pfx___x64_sys_openat+0x10/0x10 [ 372.715915][T11895] do_syscall_64+0xcd/0x490 [ 372.715935][T11895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.715956][T11895] RIP: 0033:0x7f830878e929 [ 372.715971][T11895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.715991][T11895] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 372.716010][T11895] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 372.716024][T11895] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 372.716037][T11895] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.716049][T11895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.716060][T11895] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 372.716086][T11895] [ 372.979882][ C0] vkms_vblank_simulate: vblank timer overrun [ 373.836569][T11907] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2268'. [ 375.173599][ T30] audit: type=1800 audit(4294967581.601:11): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2281" name="lu_gp_id" dev="configfs" ino=36769 res=0 errno=0 [ 375.215038][T11935] ALUA lu_gp_id: 654336 exceeds maximum: 0x0000ffff [ 376.074276][T11951] netlink: 302 bytes leftover after parsing attributes in process `syz.3.2288'. [ 376.688951][T11962] zram: Removed device: zram0 [ 376.961817][T11967] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2294'. [ 377.440814][T11981] FAULT_INJECTION: forcing a failure. [ 377.440814][T11981] name failslab, interval 1, probability 0, space 0, times 0 [ 377.515730][T11981] CPU: 0 UID: 0 PID: 11981 Comm: syz.1.2300 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 377.515763][T11981] Tainted: [I]=FIRMWARE_WORKAROUND [ 377.515771][T11981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.515783][T11981] Call Trace: [ 377.515790][T11981] [ 377.515798][T11981] dump_stack_lvl+0x16c/0x1f0 [ 377.515834][T11981] should_fail_ex+0x512/0x640 [ 377.515864][T11981] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 377.515898][T11981] should_failslab+0xc2/0x120 [ 377.515918][T11981] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 377.515947][T11981] ? __asan_memcpy+0x3c/0x60 [ 377.515974][T11981] ? __kernfs_new_node+0xd2/0x8e0 [ 377.516006][T11981] __kernfs_new_node+0xd2/0x8e0 [ 377.516035][T11981] ? __pfx_number+0x10/0x10 [ 377.516058][T11981] ? __pfx___kernfs_new_node+0x10/0x10 [ 377.516093][T11981] ? find_held_lock+0x2b/0x80 [ 377.516113][T11981] ? kernfs_root+0xee/0x2a0 [ 377.516146][T11981] kernfs_new_node+0x13c/0x1e0 [ 377.516183][T11981] kernfs_create_dir_ns+0x4c/0x1a0 [ 377.516223][T11981] sysfs_create_dir_ns+0x13a/0x2b0 [ 377.516252][T11981] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 377.516278][T11981] ? find_held_lock+0x2b/0x80 [ 377.516301][T11981] ? do_raw_spin_unlock+0x172/0x230 [ 377.516335][T11981] kobject_add_internal+0x2c4/0x9b0 [ 377.516361][T11981] kobject_init_and_add+0x11b/0x190 [ 377.516384][T11981] ? __pfx_kobject_init_and_add+0x10/0x10 [ 377.516406][T11981] ? __x64_sys_ioctl+0x18e/0x210 [ 377.516436][T11981] ? internal_create_groups+0x11a/0x150 [ 377.516469][T11981] netdev_queue_update_kobjects+0x32d/0x720 [ 377.516502][T11981] netdev_register_kobject+0x28c/0x3a0 [ 377.516528][T11981] register_netdevice+0x13dc/0x2270 [ 377.516552][T11981] ? idr_alloc+0xdd/0x130 [ 377.516581][T11981] ? __pfx_register_netdevice+0x10/0x10 [ 377.516613][T11981] ppp_dev_configure+0x99b/0xc80 [ 377.516643][T11981] ppp_ioctl+0x17e0/0x2660 [ 377.516669][T11981] ? find_held_lock+0x2b/0x80 [ 377.516688][T11981] ? __pfx_ppp_ioctl+0x10/0x10 [ 377.516716][T11981] ? __fget_files+0x20e/0x3c0 [ 377.516748][T11981] ? __pfx_ppp_ioctl+0x10/0x10 [ 377.516773][T11981] __x64_sys_ioctl+0x18e/0x210 [ 377.516798][T11981] do_syscall_64+0xcd/0x490 [ 377.516819][T11981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.516840][T11981] RIP: 0033:0x7f6bdc18e929 [ 377.516855][T11981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.516875][T11981] RSP: 002b:00007f6bdcf6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 377.516894][T11981] RAX: ffffffffffffffda RBX: 00007f6bdc3b5fa0 RCX: 00007f6bdc18e929 [ 377.516907][T11981] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005 [ 377.516920][T11981] RBP: 00007f6bdc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 377.516932][T11981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 377.516944][T11981] R13: 0000000000000000 R14: 00007f6bdc3b5fa0 R15: 00007ffce0ad9708 [ 377.516970][T11981] [ 377.518141][T11981] kobject: kobject_add_internal failed for tx-0 (error: -12 parent: queues) [ 377.868209][T11984] FAULT_INJECTION: forcing a failure. [ 377.868209][T11984] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 377.902942][T11984] CPU: 0 UID: 0 PID: 11984 Comm: syz.2.2302 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 377.902975][T11984] Tainted: [I]=FIRMWARE_WORKAROUND [ 377.902983][T11984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.902995][T11984] Call Trace: [ 377.903002][T11984] [ 377.903009][T11984] dump_stack_lvl+0x16c/0x1f0 [ 377.903045][T11984] should_fail_ex+0x512/0x640 [ 377.903079][T11984] should_fail_alloc_page+0xe7/0x130 [ 377.903100][T11984] prepare_alloc_pages+0x3c2/0x610 [ 377.903125][T11984] ? rcu_is_watching+0x12/0xc0 [ 377.903148][T11984] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 377.903181][T11984] ? __lock_acquire+0xb8a/0x1c90 [ 377.903223][T11984] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 377.903255][T11984] ? do_raw_spin_lock+0x12c/0x2b0 [ 377.903287][T11984] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 377.903319][T11984] ? find_held_lock+0x2b/0x80 [ 377.903347][T11984] ? __lock_acquire+0xb8a/0x1c90 [ 377.903372][T11984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 377.903405][T11984] ? policy_nodemask+0xea/0x4e0 [ 377.903441][T11984] alloc_pages_mpol+0x1fb/0x550 [ 377.903461][T11984] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 377.903487][T11984] folio_alloc_mpol_noprof+0x36/0x2f0 [ 377.903511][T11984] shmem_alloc_folio+0x135/0x160 [ 377.903537][T11984] shmem_alloc_and_add_folio+0x499/0xc20 [ 377.903572][T11984] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 377.903604][T11984] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 377.903638][T11984] shmem_get_folio_gfp+0x67f/0x1600 [ 377.903673][T11984] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 377.903705][T11984] ? __lock_acquire+0x622/0x1c90 [ 377.903734][T11984] shmem_fault+0x1fe/0xa30 [ 377.903764][T11984] ? __pfx_shmem_fault+0x10/0x10 [ 377.903799][T11984] ? __lock_acquire+0xb8a/0x1c90 [ 377.903831][T11984] __do_fault+0x10d/0x490 [ 377.903862][T11984] ? __pfx_filemap_map_pages+0x10/0x10 [ 377.903894][T11984] __handle_mm_fault+0x374c/0x5490 [ 377.903928][T11984] ? __pfx___handle_mm_fault+0x10/0x10 [ 377.903956][T11984] ? __pte_offset_map_lock+0x174/0x310 [ 377.903977][T11984] ? find_held_lock+0x2b/0x80 [ 377.903994][T11984] ? find_held_lock+0x2b/0x80 [ 377.904020][T11984] ? follow_page_pte+0x3af/0x14c0 [ 377.904049][T11984] handle_mm_fault+0x589/0xd10 [ 377.904080][T11984] __get_user_pages+0x589/0x3b80 [ 377.904113][T11984] ? __pfx___get_user_pages+0x10/0x10 [ 377.904136][T11984] ? __pfx_down_read_killable+0x10/0x10 [ 377.904160][T11984] ? __lock_acquire+0xb8a/0x1c90 [ 377.904191][T11984] faultin_page_range+0x249/0x980 [ 377.904226][T11984] madvise_do_behavior+0x268/0x3f0 [ 377.904250][T11984] ? __pfx_madvise_do_behavior+0x10/0x10 [ 377.904287][T11984] do_madvise+0x161/0x230 [ 377.904308][T11984] ? __pfx_do_madvise+0x10/0x10 [ 377.904342][T11984] ? xfd_validate_state+0x61/0x180 [ 377.904368][T11984] ? __pfx_do_writev+0x10/0x10 [ 377.904399][T11984] __x64_sys_madvise+0xa9/0x110 [ 377.904420][T11984] ? lockdep_hardirqs_on+0x7c/0x110 [ 377.904451][T11984] do_syscall_64+0xcd/0x490 [ 377.904471][T11984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.904492][T11984] RIP: 0033:0x7fadbc58e929 [ 377.904507][T11984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.904527][T11984] RSP: 002b:00007fadbd384038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 377.904546][T11984] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 377.904559][T11984] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 377.904571][T11984] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 377.904584][T11984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 377.904596][T11984] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 377.904622][T11984] [ 378.363199][T11988] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2303'. [ 379.139003][T11988] veth1_macvtap: entered allmulticast mode [ 380.240502][T12018] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2312'. [ 380.263327][T12018] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2312'. [ 380.634524][T12026] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2316'. [ 380.684800][T12028] netlink: 'syz.3.2317': attribute type 19 has an invalid length. [ 380.717244][T12028] netlink: 114 bytes leftover after parsing attributes in process `syz.3.2317'. [ 382.522523][T12074] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2334'. [ 382.611072][T12074] veth1_macvtap: entered allmulticast mode [ 383.250553][T12088] FAULT_INJECTION: forcing a failure. [ 383.250553][T12088] name failslab, interval 1, probability 0, space 0, times 0 [ 383.310342][T12088] CPU: 0 UID: 0 PID: 12088 Comm: syz.3.2339 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 383.310374][T12088] Tainted: [I]=FIRMWARE_WORKAROUND [ 383.310382][T12088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.310394][T12088] Call Trace: [ 383.310400][T12088] [ 383.310408][T12088] dump_stack_lvl+0x16c/0x1f0 [ 383.310443][T12088] should_fail_ex+0x512/0x640 [ 383.310473][T12088] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 383.310505][T12088] should_failslab+0xc2/0x120 [ 383.310525][T12088] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 383.310556][T12088] ? __kernfs_new_node+0xd2/0x8e0 [ 383.310587][T12088] __kernfs_new_node+0xd2/0x8e0 [ 383.310618][T12088] ? __pfx___kernfs_new_node+0x10/0x10 [ 383.310652][T12088] ? find_held_lock+0x2b/0x80 [ 383.310673][T12088] ? kernfs_root+0xee/0x2a0 [ 383.310705][T12088] kernfs_new_node+0x13c/0x1e0 [ 383.310741][T12088] __kernfs_create_file+0x53/0x350 [ 383.310766][T12088] sysfs_add_file_mode_ns+0x207/0x3c0 [ 383.310799][T12088] internal_create_group+0x578/0xf30 [ 383.310834][T12088] ? __pfx_internal_create_group+0x10/0x10 [ 383.310874][T12088] ? kernfs_create_link+0x1bd/0x240 [ 383.310901][T12088] internal_create_groups+0x9d/0x150 [ 383.310932][T12088] device_add+0x6d1/0x1a70 [ 383.310957][T12088] ? __pfx_device_add+0x10/0x10 [ 383.310982][T12088] ? lockdep_init_map_type+0x5c/0x280 [ 383.311010][T12088] ? __init_waitqueue_head+0xca/0x150 [ 383.311048][T12088] netdev_register_kobject+0x182/0x3a0 [ 383.311075][T12088] register_netdevice+0x13dc/0x2270 [ 383.311102][T12088] ? __pfx_register_netdevice+0x10/0x10 [ 383.311130][T12088] slip_open+0xb86/0x1150 [ 383.311161][T12088] ? __pfx_slip_open+0x10/0x10 [ 383.311185][T12088] ? down_write+0x14d/0x200 [ 383.311207][T12088] ? __pfx_slip_open+0x10/0x10 [ 383.311232][T12088] tty_ldisc_open+0x9f/0x120 [ 383.311261][T12088] tty_set_ldisc+0x32b/0x780 [ 383.311293][T12088] tty_ioctl+0xc2e/0x1640 [ 383.311326][T12088] ? __pfx_tty_ioctl+0x10/0x10 [ 383.311365][T12088] ? find_held_lock+0x2b/0x80 [ 383.311383][T12088] ? hook_file_ioctl_common+0x145/0x410 [ 383.311411][T12088] ? __fget_files+0x20e/0x3c0 [ 383.311443][T12088] ? __pfx_tty_ioctl+0x10/0x10 [ 383.311475][T12088] __x64_sys_ioctl+0x18e/0x210 [ 383.311501][T12088] do_syscall_64+0xcd/0x490 [ 383.311520][T12088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.311541][T12088] RIP: 0033:0x7f830878e929 [ 383.311557][T12088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.311576][T12088] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 383.311595][T12088] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 383.311608][T12088] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 383.311620][T12088] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 383.311632][T12088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.311644][T12088] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 383.311670][T12088] [ 384.093892][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.100254][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.630507][ T30] audit: type=1800 audit(4294967592.061:12): pid=12118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2351" name="dbroot" dev="configfs" ino=37552 res=0 errno=0 [ 386.141890][T12131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 386.998035][ T3517] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.175810][ T3517] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.444624][T12147] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2365'. [ 387.609834][ T3517] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.850676][ T3517] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.916596][T12155] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2368'. [ 388.140628][T12158] netlink: 'syz.3.2370': attribute type 4 has an invalid length. [ 388.219407][T12158] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2370'. [ 388.245566][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 388.257724][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 388.267798][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 388.277498][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 388.285268][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 388.473545][ T3517] bridge_slave_1: left allmulticast mode [ 388.518016][ T3517] bridge_slave_1: left promiscuous mode [ 388.523723][ T3517] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.648150][ T3517] bridge_slave_0: left allmulticast mode [ 388.695196][ T3517] bridge_slave_0: left promiscuous mode [ 388.722411][ T3517] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.696951][T12194] capability: warning: `syz.0.2378' uses 32-bit capabilities (legacy support in use) [ 389.755506][T12196] netlink: 29 bytes leftover after parsing attributes in process `syz.0.2378'. [ 390.355349][ T5840] Bluetooth: hci1: command tx timeout [ 390.652202][T12212] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2384'. [ 391.352886][T12219] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2386'. [ 391.500056][ T3517] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.524873][ T3517] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.552453][ T3517] bond0 (unregistering): Released all slaves [ 391.862630][T12225] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2389'. [ 392.444200][ T5840] Bluetooth: hci1: command tx timeout [ 392.593120][T12244] FAULT_INJECTION: forcing a failure. [ 392.593120][T12244] name failslab, interval 1, probability 0, space 0, times 0 [ 392.606264][ T3517] hsr_slave_0: left promiscuous mode [ 392.655338][T12244] CPU: 0 UID: 0 PID: 12244 Comm: syz.0.2394 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 392.655370][T12244] Tainted: [I]=FIRMWARE_WORKAROUND [ 392.655378][T12244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.655390][T12244] Call Trace: [ 392.655397][T12244] [ 392.655404][T12244] dump_stack_lvl+0x16c/0x1f0 [ 392.655440][T12244] should_fail_ex+0x512/0x640 [ 392.655470][T12244] ? __kmalloc_noprof+0xbf/0x510 [ 392.655502][T12244] ? __register_sysctl_table+0xea2/0x1900 [ 392.655534][T12244] should_failslab+0xc2/0x120 [ 392.655552][T12244] __kmalloc_noprof+0xd2/0x510 [ 392.655580][T12244] ? __register_sysctl_table+0xe8e/0x1900 [ 392.655618][T12244] __register_sysctl_table+0xea2/0x1900 [ 392.655661][T12244] ? __pfx___register_sysctl_table+0x10/0x10 [ 392.655697][T12244] ? __asan_memcpy+0x3c/0x60 [ 392.655726][T12244] register_pidns_sysctls+0x119/0x1b0 [ 392.655759][T12244] copy_pid_ns+0x564/0xce0 [ 392.655781][T12244] ? __pfx_copy_pid_ns+0x10/0x10 [ 392.655806][T12244] ? copy_mnt_ns+0xac/0xac0 [ 392.655836][T12244] ? trace_kmem_cache_alloc+0x28/0xc0 [ 392.655857][T12244] ? trace_cap_capable+0x18d/0x200 [ 392.655877][T12244] ? copy_ipcs+0xb6/0x610 [ 392.655904][T12244] create_new_namespaces+0x2aa/0xa90 [ 392.655932][T12244] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 392.655956][T12244] ksys_unshare+0x45b/0xa40 [ 392.655982][T12244] ? __pfx_ksys_unshare+0x10/0x10 [ 392.656016][T12244] ? xfd_validate_state+0x61/0x180 [ 392.656049][T12244] __x64_sys_unshare+0x31/0x40 [ 392.656075][T12244] do_syscall_64+0xcd/0x490 [ 392.656095][T12244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.656115][T12244] RIP: 0033:0x7fbeffd8e929 [ 392.656130][T12244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.656150][T12244] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 392.656169][T12244] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 392.656182][T12244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 392.656194][T12244] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 392.656206][T12244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.656218][T12244] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 392.656250][T12244] [ 392.899975][T12244] sysctl could not get directory: /kernel -12 [ 393.267570][ T3517] hsr_slave_1: left promiscuous mode [ 393.285307][ T3517] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.324665][ T3517] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.415683][ T3517] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.423087][ T3517] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.622779][ T3517] veth0_macvtap: left promiscuous mode [ 393.647300][T12256] FAULT_INJECTION: forcing a failure. [ 393.647300][T12256] name failslab, interval 1, probability 0, space 0, times 0 [ 393.675547][ T3517] veth1_vlan: left promiscuous mode [ 393.688657][ T3517] veth0_vlan: left promiscuous mode [ 393.734275][T12256] CPU: 0 UID: 0 PID: 12256 Comm: syz.2.2398 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 393.734308][T12256] Tainted: [I]=FIRMWARE_WORKAROUND [ 393.734315][T12256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 393.734327][T12256] Call Trace: [ 393.734334][T12256] [ 393.734341][T12256] dump_stack_lvl+0x16c/0x1f0 [ 393.734377][T12256] should_fail_ex+0x512/0x640 [ 393.734419][T12256] should_failslab+0xc2/0x120 [ 393.734438][T12256] __kmalloc_cache_noprof+0x6a/0x3e0 [ 393.734467][T12256] ? sctp_add_bind_addr+0xae/0x3f0 [ 393.734503][T12256] sctp_add_bind_addr+0xae/0x3f0 [ 393.734537][T12256] sctp_copy_local_addr_list+0x39d/0x5a0 [ 393.734564][T12256] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 393.734590][T12256] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 393.734618][T12256] ? sctp_bind_addr_copy+0xe0/0x530 [ 393.734650][T12256] sctp_bind_addr_copy+0xe0/0x530 [ 393.734688][T12256] sctp_connect_new_asoc+0x1d7/0x790 [ 393.734718][T12256] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 393.734747][T12256] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.734781][T12256] ? sctp_get_af_specific+0x62/0x70 [ 393.734804][T12256] __sctp_connect+0x3f3/0xc60 [ 393.734833][T12256] ? do_raw_spin_lock+0x12c/0x2b0 [ 393.734866][T12256] ? __pfx___sctp_connect+0x10/0x10 [ 393.734894][T12256] ? __pfx_sctp_inet_connect+0x10/0x10 [ 393.734922][T12256] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.734955][T12256] ? __pfx_sctp_inet_connect+0x10/0x10 [ 393.734980][T12256] sctp_inet_connect+0x15f/0x200 [ 393.735007][T12256] __sys_connect_file+0x141/0x1a0 [ 393.735039][T12256] __sys_connect+0x13b/0x160 [ 393.735067][T12256] ? __pfx___sys_connect+0x10/0x10 [ 393.735104][T12256] ? xfd_validate_state+0x61/0x180 [ 393.735130][T12256] ? __pfx_do_writev+0x10/0x10 [ 393.735161][T12256] __x64_sys_connect+0x72/0xb0 [ 393.735196][T12256] ? lockdep_hardirqs_on+0x7c/0x110 [ 393.735227][T12256] do_syscall_64+0xcd/0x490 [ 393.735248][T12256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.735269][T12256] RIP: 0033:0x7fadbc58e929 [ 393.735284][T12256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.735304][T12256] RSP: 002b:00007fadbd384038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 393.735323][T12256] RAX: ffffffffffffffda RBX: 00007fadbc7b5fa0 RCX: 00007fadbc58e929 [ 393.735337][T12256] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 393.735349][T12256] RBP: 00007fadbc610b39 R08: 0000000000000000 R09: 0000000000000000 [ 393.735362][T12256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.735373][T12256] R13: 0000000000000000 R14: 00007fadbc7b5fa0 R15: 00007fffa657de38 [ 393.735399][T12256] [ 394.517163][ T5840] Bluetooth: hci1: command tx timeout [ 395.454559][T12283] dlm: Unknown command passed to DLM device : 0 [ 395.454559][T12283] [ 395.586619][ T3517] team0 (unregistering): Port device team_slave_1 removed [ 395.659948][ T3517] team0 (unregistering): Port device team_slave_0 removed [ 396.596167][ T5840] Bluetooth: hci1: command tx timeout [ 396.653523][T12296] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2409'. [ 396.963843][T12161] chnl_net:caif_netlink_parms(): no params data found [ 397.906499][T12161] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.928811][T12161] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.966661][T12161] bridge_slave_0: entered allmulticast mode [ 397.999255][T12161] bridge_slave_0: entered promiscuous mode [ 398.055833][T12161] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.110437][T12161] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.167118][T12161] bridge_slave_1: entered allmulticast mode [ 398.216235][T12161] bridge_slave_1: entered promiscuous mode [ 398.639876][T12161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 398.716023][T12161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.538107][T12161] team0: Port device team_slave_0 added [ 399.636838][T12161] team0: Port device team_slave_1 added [ 400.058888][T12161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.088762][T12161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.206598][T12161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.388343][T12161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.405470][T12161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.524043][T12161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.855968][T12376] FAULT_INJECTION: forcing a failure. [ 400.855968][T12376] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 400.896927][T12161] hsr_slave_0: entered promiscuous mode [ 400.903142][T12161] hsr_slave_1: entered promiscuous mode [ 400.924066][T12376] CPU: 0 UID: 0 PID: 12376 Comm: syz.3.2429 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 400.924098][T12376] Tainted: [I]=FIRMWARE_WORKAROUND [ 400.924106][T12376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.924118][T12376] Call Trace: [ 400.924125][T12376] [ 400.924132][T12376] dump_stack_lvl+0x16c/0x1f0 [ 400.924168][T12376] should_fail_ex+0x512/0x640 [ 400.924202][T12376] _copy_from_iter+0x463/0x16f0 [ 400.924240][T12376] ? __pfx__copy_from_iter+0x10/0x10 [ 400.924270][T12376] ? do_raw_spin_lock+0x12c/0x2b0 [ 400.924302][T12376] ? find_held_lock+0x2b/0x80 [ 400.924323][T12376] ? rcu_is_watching+0x12/0xc0 [ 400.924342][T12376] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 400.924376][T12376] write_pool_user+0xe8/0x2f0 [ 400.924399][T12376] ? __pfx_write_pool_user+0x10/0x10 [ 400.924426][T12376] ? __futex_wait+0x24c/0x2f0 [ 400.924455][T12376] ? copy_iovec_from_user+0x131/0x170 [ 400.924488][T12376] do_iter_readv_writev+0x654/0x950 [ 400.924517][T12376] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 400.924548][T12376] ? bpf_lsm_file_permission+0x9/0x10 [ 400.924570][T12376] ? security_file_permission+0x71/0x210 [ 400.924597][T12376] ? rw_verify_area+0xcf/0x680 [ 400.924624][T12376] vfs_writev+0x35f/0xde0 [ 400.924657][T12376] ? __pfx_vfs_writev+0x10/0x10 [ 400.924691][T12376] ? kmem_cache_free+0x2d1/0x4d0 [ 400.924740][T12376] ? __fget_files+0x20e/0x3c0 [ 400.924775][T12376] ? do_writev+0x132/0x340 [ 400.924799][T12376] do_writev+0x132/0x340 [ 400.924825][T12376] ? __pfx_do_writev+0x10/0x10 [ 400.924859][T12376] do_syscall_64+0xcd/0x490 [ 400.924880][T12376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.924900][T12376] RIP: 0033:0x7f830878e929 [ 400.924916][T12376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.924935][T12376] RSP: 002b:00007f83095b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 400.924954][T12376] RAX: ffffffffffffffda RBX: 00007f83089b5fa0 RCX: 00007f830878e929 [ 400.924968][T12376] RDX: 0000000000000003 RSI: 00002000000003c0 RDI: 0000000000000005 [ 400.924980][T12376] RBP: 00007f8308810b39 R08: 0000000000000000 R09: 0000000000000000 [ 400.924992][T12376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.925005][T12376] R13: 0000000000000000 R14: 00007f83089b5fa0 R15: 00007ffee11e7498 [ 400.925030][T12376] [ 401.415672][T12161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 401.423247][T12161] Cannot create hsr debugfs directory [ 402.547033][T12161] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 402.689530][T12161] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 402.776394][T12161] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 402.887699][T12161] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 403.870410][T12161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.070062][T12161] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.194693][T12213] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.201832][T12213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.264447][T12213] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.271618][T12213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.433290][T12428] FAULT_INJECTION: forcing a failure. [ 404.433290][T12428] name failslab, interval 1, probability 0, space 0, times 0 [ 404.477741][T12428] CPU: 0 UID: 0 PID: 12428 Comm: syz.0.2438 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 404.477773][T12428] Tainted: [I]=FIRMWARE_WORKAROUND [ 404.477781][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.477793][T12428] Call Trace: [ 404.477799][T12428] [ 404.477806][T12428] dump_stack_lvl+0x16c/0x1f0 [ 404.477842][T12428] should_fail_ex+0x512/0x640 [ 404.477872][T12428] ? __kmalloc_noprof+0xbf/0x510 [ 404.477904][T12428] ? lsm_blob_alloc+0x68/0x90 [ 404.477933][T12428] should_failslab+0xc2/0x120 [ 404.477952][T12428] __kmalloc_noprof+0xd2/0x510 [ 404.477987][T12428] lsm_blob_alloc+0x68/0x90 [ 404.478018][T12428] security_sk_alloc+0x30/0x270 [ 404.478041][T12428] sk_prot_alloc+0xfb/0x2a0 [ 404.478066][T12428] sk_alloc+0x36/0xc20 [ 404.478097][T12428] qrtr_create+0x84/0x1d0 [ 404.478117][T12428] __sock_create+0x338/0x8d0 [ 404.478146][T12428] __sys_socket+0x14d/0x260 [ 404.478171][T12428] ? __pfx___sys_socket+0x10/0x10 [ 404.478196][T12428] ? xfd_validate_state+0x61/0x180 [ 404.478222][T12428] ? __task_pid_nr_ns+0x17c/0x500 [ 404.478253][T12428] __x64_sys_socket+0x72/0xb0 [ 404.478277][T12428] ? lockdep_hardirqs_on+0x7c/0x110 [ 404.478308][T12428] do_syscall_64+0xcd/0x490 [ 404.478328][T12428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.478348][T12428] RIP: 0033:0x7fbeffd8e929 [ 404.478363][T12428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.478383][T12428] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 404.478402][T12428] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 404.478415][T12428] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 000000000000002a [ 404.478427][T12428] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 404.478439][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.478460][T12428] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 404.478485][T12428] [ 404.812733][T12433] ================================================================== [ 404.821067][T12433] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 404.828801][T12433] Read of size 8 at addr ffff88802a69ac18 by task syz.0.2440/12433 [ 404.836686][T12433] [ 404.839013][T12433] CPU: 0 UID: 0 PID: 12433 Comm: syz.0.2440 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 404.839044][T12433] Tainted: [I]=FIRMWARE_WORKAROUND [ 404.839051][T12433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.839064][T12433] Call Trace: [ 404.839071][T12433] [ 404.839078][T12433] dump_stack_lvl+0x116/0x1f0 [ 404.839112][T12433] print_report+0xcd/0x680 [ 404.839145][T12433] ? __virt_addr_valid+0x81/0x610 [ 404.839166][T12433] ? __phys_addr+0xe8/0x180 [ 404.839187][T12433] ? dvb_device_open+0x36a/0x3b0 [ 404.839217][T12433] kasan_report+0xe0/0x110 [ 404.839234][T12433] ? dvb_device_open+0x36a/0x3b0 [ 404.839267][T12433] ? __pfx_dvb_device_open+0x10/0x10 [ 404.839298][T12433] dvb_device_open+0x36a/0x3b0 [ 404.839329][T12433] ? __pfx_dvb_device_open+0x10/0x10 [ 404.839360][T12433] chrdev_open+0x234/0x6a0 [ 404.839390][T12433] ? __pfx_apparmor_file_open+0x10/0x10 [ 404.839416][T12433] ? __pfx_chrdev_open+0x10/0x10 [ 404.839452][T12433] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 404.839482][T12433] do_dentry_open+0x741/0x1c10 [ 404.839512][T12433] ? __pfx_chrdev_open+0x10/0x10 [ 404.839545][T12433] vfs_open+0x82/0x3f0 [ 404.839567][T12433] path_openat+0x1de4/0x2cb0 [ 404.839599][T12433] ? __pfx_path_openat+0x10/0x10 [ 404.839628][T12433] ? __lock_acquire+0xb8a/0x1c90 [ 404.839656][T12433] do_filp_open+0x20b/0x470 [ 404.839683][T12433] ? __pfx_do_filp_open+0x10/0x10 [ 404.839722][T12433] ? alloc_fd+0x471/0x7d0 [ 404.839752][T12433] do_sys_openat2+0x11b/0x1d0 [ 404.839773][T12433] ? __pfx_do_sys_openat2+0x10/0x10 [ 404.839795][T12433] ? __pfx_do_sys_openat2+0x10/0x10 [ 404.839817][T12433] ? __pfx___might_resched+0x10/0x10 [ 404.839841][T12433] __x64_sys_openat+0x174/0x210 [ 404.839863][T12433] ? __pfx___x64_sys_openat+0x10/0x10 [ 404.839891][T12433] do_syscall_64+0xcd/0x490 [ 404.839910][T12433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.839930][T12433] RIP: 0033:0x7fbeffd8e929 [ 404.839945][T12433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.839965][T12433] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 404.839984][T12433] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 404.839998][T12433] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 404.840011][T12433] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 404.840024][T12433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.840036][T12433] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 404.840055][T12433] [ 404.840063][T12433] [ 405.103225][T12433] Allocated by task 12395: [ 405.107636][T12433] kasan_save_stack+0x33/0x60 [ 405.112325][T12433] kasan_save_track+0x14/0x30 [ 405.117013][T12433] __kasan_kmalloc+0xaa/0xb0 [ 405.121612][T12433] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 405.128066][T12433] kmemdup_noprof+0x29/0x60 [ 405.132575][T12433] ip6_route_net_init+0xe2/0x8b0 [ 405.137522][T12433] ops_init+0x1e2/0x5f0 [ 405.141678][T12433] setup_net+0x1ff/0x510 [ 405.145920][T12433] copy_net_ns+0x2a6/0x5f0 [ 405.150335][T12433] create_new_namespaces+0x3ea/0xa90 [ 405.155638][T12433] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 405.161272][T12433] ksys_unshare+0x45b/0xa40 [ 405.165777][T12433] __x64_sys_unshare+0x31/0x40 [ 405.170559][T12433] do_syscall_64+0xcd/0x490 [ 405.175060][T12433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.180951][T12433] [ 405.183267][T12433] Freed by task 49: [ 405.187063][T12433] kasan_save_stack+0x33/0x60 [ 405.191750][T12433] kasan_save_track+0x14/0x30 [ 405.196445][T12433] kasan_save_free_info+0x3b/0x60 [ 405.201480][T12433] __kasan_slab_free+0x51/0x70 [ 405.206266][T12433] kfree+0x2b4/0x4d0 [ 405.210164][T12433] ip6_route_net_exit+0x69/0x100 [ 405.215114][T12433] ops_undo_list+0x2ee/0xab0 [ 405.219725][T12433] cleanup_net+0x408/0x890 [ 405.224142][T12433] process_one_work+0x9cf/0x1b70 [ 405.229093][T12433] worker_thread+0x6c8/0xf10 [ 405.233792][T12433] kthread+0x3c2/0x780 [ 405.237875][T12433] ret_from_fork+0x5d4/0x6f0 [ 405.242478][T12433] ret_from_fork_asm+0x1a/0x30 [ 405.247266][T12433] [ 405.249599][T12433] The buggy address belongs to the object at ffff88802a69ac00 [ 405.249599][T12433] which belongs to the cache kmalloc-256 of size 256 [ 405.263654][T12433] The buggy address is located 24 bytes inside of [ 405.263654][T12433] freed 256-byte region [ffff88802a69ac00, ffff88802a69ad00) [ 405.277366][T12433] [ 405.279726][T12433] The buggy address belongs to the physical page: [ 405.286139][T12433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a69a [ 405.294916][T12433] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 405.303418][T12433] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 405.310960][T12433] page_type: f5(slab) [ 405.314941][T12433] raw: 00fff00000000040 ffff88801b841b40 dead000000000100 dead000000000122 [ 405.323788][T12433] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 405.332367][T12433] head: 00fff00000000040 ffff88801b841b40 dead000000000100 dead000000000122 [ 405.341040][T12433] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 405.349710][T12433] head: 00fff00000000001 ffffea0000a9a681 00000000ffffffff 00000000ffffffff [ 405.358378][T12433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 405.367049][T12433] page dumped because: kasan: bad access detected [ 405.373454][T12433] page_owner tracks the page as allocated [ 405.379156][T12433] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 23044233257, free_ts 0 [ 405.398868][T12433] post_alloc_hook+0x1c0/0x230 [ 405.403641][T12433] get_page_from_freelist+0x1321/0x3890 [ 405.409201][T12433] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 405.415107][T12433] alloc_pages_mpol+0x1fb/0x550 [ 405.419955][T12433] new_slab+0x23b/0x330 [ 405.424118][T12433] ___slab_alloc+0xd9c/0x1940 [ 405.428811][T12433] __slab_alloc.constprop.0+0x56/0xb0 [ 405.434192][T12433] __kmalloc_cache_noprof+0xfb/0x3e0 [ 405.439479][T12433] bus_add_driver+0x92/0x690 [ 405.444072][T12433] driver_register+0x15c/0x4b0 [ 405.448834][T12433] usb_register_driver+0x216/0x4d0 [ 405.453952][T12433] do_one_initcall+0x120/0x6e0 [ 405.458711][T12433] kernel_init_freeable+0x5c2/0x900 [ 405.463915][T12433] kernel_init+0x1c/0x2b0 [ 405.468246][T12433] ret_from_fork+0x5d4/0x6f0 [ 405.472842][T12433] ret_from_fork_asm+0x1a/0x30 [ 405.477606][T12433] page_owner free stack trace missing [ 405.482965][T12433] [ 405.485286][T12433] Memory state around the buggy address: [ 405.490908][T12433] ffff88802a69ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 405.498965][T12433] ffff88802a69ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 405.507020][T12433] >ffff88802a69ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 405.515074][T12433] ^ [ 405.519913][T12433] ffff88802a69ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 405.527971][T12433] ffff88802a69ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 405.536023][T12433] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 406.845837][T12433] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 406.853058][T12433] CPU: 0 UID: 0 PID: 12433 Comm: syz.0.2440 Tainted: G I 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 406.864952][T12433] Tainted: [I]=FIRMWARE_WORKAROUND [ 406.870054][T12433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 406.880106][T12433] Call Trace: [ 406.883383][T12433] [ 406.886312][T12433] dump_stack_lvl+0x3d/0x1f0 [ 406.890917][T12433] panic+0x71c/0x800 [ 406.894820][T12433] ? __pfx_panic+0x10/0x10 [ 406.899243][T12433] ? mark_held_locks+0x49/0x80 [ 406.904017][T12433] ? preempt_schedule_thunk+0x16/0x30 [ 406.909394][T12433] ? dvb_device_open+0x36a/0x3b0 [ 406.914343][T12433] ? preempt_schedule_common+0x44/0xc0 [ 406.919815][T12433] ? dvb_device_open+0x36a/0x3b0 [ 406.924765][T12433] check_panic_on_warn+0xab/0xb0 [ 406.929713][T12433] end_report+0x107/0x170 [ 406.934055][T12433] kasan_report+0xee/0x110 [ 406.938468][T12433] ? dvb_device_open+0x36a/0x3b0 [ 406.943418][T12433] ? __pfx_dvb_device_open+0x10/0x10 [ 406.948716][T12433] dvb_device_open+0x36a/0x3b0 [ 406.953490][T12433] ? __pfx_dvb_device_open+0x10/0x10 [ 406.958787][T12433] chrdev_open+0x234/0x6a0 [ 406.963218][T12433] ? __pfx_apparmor_file_open+0x10/0x10 [ 406.968769][T12433] ? __pfx_chrdev_open+0x10/0x10 [ 406.973721][T12433] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 406.980491][T12433] do_dentry_open+0x741/0x1c10 [ 406.985267][T12433] ? __pfx_chrdev_open+0x10/0x10 [ 406.990221][T12433] vfs_open+0x82/0x3f0 [ 406.994294][T12433] path_openat+0x1de4/0x2cb0 [ 406.998901][T12433] ? __pfx_path_openat+0x10/0x10 [ 407.003846][T12433] ? __lock_acquire+0xb8a/0x1c90 [ 407.008790][T12433] do_filp_open+0x20b/0x470 [ 407.013313][T12433] ? __pfx_do_filp_open+0x10/0x10 [ 407.018357][T12433] ? alloc_fd+0x471/0x7d0 [ 407.022696][T12433] do_sys_openat2+0x11b/0x1d0 [ 407.027378][T12433] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.032575][T12433] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.037775][T12433] ? __pfx___might_resched+0x10/0x10 [ 407.043066][T12433] __x64_sys_openat+0x174/0x210 [ 407.047918][T12433] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.053302][T12433] do_syscall_64+0xcd/0x490 [ 407.057802][T12433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.063694][T12433] RIP: 0033:0x7fbeffd8e929 [ 407.068107][T12433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.087720][T12433] RSP: 002b:00007fbf00bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 407.096142][T12433] RAX: ffffffffffffffda RBX: 00007fbefffb5fa0 RCX: 00007fbeffd8e929 [ 407.104109][T12433] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 407.112079][T12433] RBP: 00007fbeffe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 407.120044][T12433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.128012][T12433] R13: 0000000000000000 R14: 00007fbefffb5fa0 R15: 00007fff531857d8 [ 407.135989][T12433] [ 407.139055][T12433] Kernel Offset: disabled [ 407.143376][T12433] Rebooting in 86400 seconds..