last executing test programs: 2m31.990171612s ago: executing program 3 (id=4886): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x400001d, 0x2, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x1, 0x3e, 0x0, 0x7) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e21, @rand_addr=0x64010102}, 0x55) ioctl$auto(0x3, 0x800005411, 0x38) 2m31.022405916s ago: executing program 3 (id=4895): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x29, 0x0, 0x28) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m30.595615118s ago: executing program 3 (id=4899): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m30.451436357s ago: executing program 3 (id=4903): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 2m29.94258585s ago: executing program 3 (id=4906): unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) time$auto(0xffffffffffffffff) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x9, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) 2m29.540215683s ago: executing program 3 (id=4912): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={0x0, 0x7}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) 2m29.187575633s ago: executing program 32 (id=4912): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={0x0, 0x7}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) 5.899653918s ago: executing program 2 (id=6008): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x15, 0x5, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) bind$auto(r0, &(0x7f0000000080)=@in={0x2, 0x2, @loopback}, 0x6b) sendmsg$auto_OVS_DP_CMD_GET(r0, 0x0, 0x0) 5.461068424s ago: executing program 2 (id=6013): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 4.770544445s ago: executing program 2 (id=6020): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xc040aed4, r0) 4.306297427s ago: executing program 4 (id=6021): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) 4.087141329s ago: executing program 2 (id=6024): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xc8, 0x400454ca, 0x5c8d) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) mlockall$auto(0x6) setreuid$auto(0x40000000003, 0xdf36) brk$auto(0x7b5900000000) setsockopt$auto(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x1ff) ioctl$auto(0xc8, 0x800454df, 0x5c8d) 3.08345927s ago: executing program 4 (id=6029): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/6-0:1.0/usb6-port1/early_stop\x00', 0x80302, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r0 = socket(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) prctl$auto(0x59616d61, 0x1, 0x1, 0xfffffffffffffffb, 0xffffffffffffffe5) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000680)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6ecd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c2155143618b0da8414d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d5f20b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb0ff45ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af726afa9084d8e9460cfbb6b30d8104cad7da3758670944859266de7de42452f156055efa33d28d7254446855d4d621193c1b462bbc41c98c03e749f06ed4ab5bd520475bae611984b29e37f29b81785c9f59f35059f78d08b8636e61937c86ec305a158ae71870a944f33308f23ddbd7735d43d7c8411301cc0384d5b53a813f683bb2afe0e0da26c3ad93adf6c6a4b722836fd19573e92bd8aeb4d79ac39dfff8064abd00f2f5340efb93c69bd6a055df72374bb2849b1296bb0290f634c5d06d406d653fbeb9a86154407440b543bcf073c3877b547e9b5b6c11c1e23718f4708c11102da8165fe00f589644d166bc45a7e63176ada8dde31a9955f7defa6ba209fc9efb6fc5e7482eaf44cdf6882eeeb00cb143932ac3f11444dd595e946debbdb57f24642a19e2f3e58959e362bcd5c6fcf8ef16e22b33a155426e663101a1b31ad91bf206822a78b5452503b972b91368f1dd69b18f8caac702076eb481b3112715d831a11774ea4c655f721000a929f753829f86f2e74edd75aceccc16b84ce9cc7c6b11bbcd6f7fe304ca0833b9bd5193171cd15bd3028d056c0c4f621e78dc3699861cb2018fc5f7afb8e724e1573bd9645243eb3e758559c9108b6a902f1b996e9380187a809fd2853e9e4bd0b40383b68220fcdbf10f8dce737ba6508ba21173304b63290421d01fe129409a4c626b72a1b05ebd512f0c32e0590000005a06791c2a24166be04b06ed132f02f24b9cb6c2c5e5697b6248bc0b041e5dd0183c257e3bbc58ec2425f1870e93b3d77add107d5d7e83fc02ef69e082d46fdf6045cad2682681d18265e35030abecc48372b0deb5bea50f445d846922a14fd3ac1f1183b148136a6a35c1932be0af0cd870dbf390ebf1d8ee7d8d4d4a44d9a4e4ec1b206ae70131356b8d220be5b98757e78ab1496f07b152232792fceeed3c19b78263a68a1fab8755b9f9559239e00f035a8753a49aaa7eac8574c830b2e4b59a0400ec4f4e80cae74ce56b80107ce3950523dc53c3f1f06e6c277b3d6e45dcc9708e41e0aa010f31c1392d8ebccf1401462636c752449b5803b2c9d5141f68c26e44241fccb1f1af2c839096c319ba9a626212cdb8664f1e02445278b4f5fc4280a3a1d62a8f5dae9de9c6066262247b867193e2b85c92803c4f2dad056d4d945fd8f8d45829e59d15263796c0df81069df72370e890", 0x658) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x36}, 0x5, &(0x7f0000000140), 0x7, 0x1000}, 0x5}, 0xfffffff3, 0x100) 2.891769259s ago: executing program 2 (id=6030): socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) prctl$auto_PR_SET_ENDIAN(0x14, 0x5ac, 0x0, 0x5, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x5412, 0x38) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 2.577985737s ago: executing program 4 (id=6032): mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) r0 = socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) memfd_create$auto(0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(r0, &(0x7f00000006c0)={{0x0, 0x5ab, &(0x7f0000000100)={0x0, 0x49}, 0x1, &(0x7f0000000040), 0x4c, 0x1}, 0x5}, 0x2, 0x100) 2.132550524s ago: executing program 0 (id=6035): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/rotate\x00', 0xb02, 0x0) socket(0xa, 0x5, 0x84) socket(0x11, 0x3, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 2.052044622s ago: executing program 4 (id=6036): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x84, 0x18, 0x0, &(0x7f0000000080)=0x9c8) 1.909539261s ago: executing program 0 (id=6037): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend\x00', 0x1a1942, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) read$auto(0x3, 0x0, 0x80) read$auto(0xffffffffffffffff, 0x0, 0x7) write$auto(r0, 0x0, 0x9) 1.722568995s ago: executing program 4 (id=6038): setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa00c0, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) eventfd$auto(0x20007) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) mq_getsetattr$auto(r0, 0x0, 0x0) 1.445922195s ago: executing program 1 (id=6039): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, r0) r1 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_IOCTL_VM_SOCKETS_GET_LOCAL_CID(r1, 0x7b9, 0x0) io_uring_register$auto(0x2, 0xf, 0x0, 0x20) 1.251659948s ago: executing program 1 (id=6040): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) r0 = open(0x0, 0x161342, 0x100) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) read$auto(r1, 0x0, 0x20) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r2, 0x8, 0x1) fcntl$auto(r2, 0x10, 0x2) ioctl$NS_GET_PARENT(r0, 0x40305828, 0x0) 916.583631ms ago: executing program 0 (id=6041): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 705.328243ms ago: executing program 0 (id=6042): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf252100000008000300", @ANYRES32=r2], 0x28}}, 0x400c080) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7100f97bf53b7200000408000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) 685.402443ms ago: executing program 1 (id=6043): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, &(0x7f00000010c0)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G\xf68\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8fQ\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\xe9\xf2\x0e\xc8\x00\x00\x00\x00', 0x100) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, 0x0, 0x6f3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 617.886446ms ago: executing program 2 (id=6044): socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) read$auto(0x3, 0x0, 0x80) setsockopt$auto(0x3, 0x0, 0xa, 0x0, 0x10000) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 424.723915ms ago: executing program 1 (id=6045): close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000300)=@test={r1, 0x4, 0x10, 0x9, 0x133, 0x9, 0xf4, 0xec56, 0x1, 0x90, 0x2, 0x1, 0x5, 0x7, 0x714c}, 0x10) bpf$auto(0x18, &(0x7f0000000040)=@raw_tracepoint={0x7, r0, 0x0, 0xff}, 0x92) 305.534705ms ago: executing program 4 (id=6046): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xab7}, @HSR_A_IF2_SEQ={0x3732ad93cefa422c, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0x6}, @HSR_A_IFINDEX={0x0, 0x2, r1}, @HSR_A_IF1_SEQ={0xfffffd18, 0x6, 0x5}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 223.565532ms ago: executing program 1 (id=6047): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) read$auto(0x3, 0x0, 0x7) r0 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) write$auto(r0, 0x0, 0x1) pipe$auto(0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) 160.101625ms ago: executing program 0 (id=6048): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x5, 0x200000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, 0x0, 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 36.036016ms ago: executing program 1 (id=6049): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x6d, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008801}, 0x24000802) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf251bee05ba000000000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 0s ago: executing program 0 (id=6050): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="110325"], 0x14}}, 0x10040) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) read$auto(r0, 0x0, 0x80000001) open(0x0, 0x2a4c0, 0x20) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r2, 0x40045542, r1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) kernel console output (not intermixed with test programs): CPU0 is offline. [ 611.936378][T18719] mkiss: ax0: crc mode is auto. [ 612.185966][T18724] netlink: 146 bytes leftover after parsing attributes in process `syz.4.5120'. [ 612.515087][T18734] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 612.521863][T18734] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 612.602771][ T5828] Bluetooth: hci0: command 0x0406 tx timeout [ 612.723893][T18740] sp0: Synchronizing with TNC [ 613.368770][T18767] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5139'. [ 613.486725][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 613.492784][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 614.217544][T18792] netlink: 'syz.4.5147': attribute type 32 has an invalid length. [ 614.245376][T18792] netlink: 'syz.4.5147': attribute type 33 has an invalid length. [ 614.266388][T18792] netlink: 'syz.4.5147': attribute type 35 has an invalid length. [ 614.284558][T18792] netlink: 'syz.4.5147': attribute type 37 has an invalid length. [ 614.303372][T18792] netlink: 'syz.4.5147': attribute type 39 has an invalid length. [ 614.322614][T18792] netlink: 'syz.4.5147': attribute type 40 has an invalid length. [ 614.335725][T18800] syz.0.5149(18800): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 614.371690][T18792] netlink: 'syz.4.5147': attribute type 41 has an invalid length. [ 614.393652][T18792] netlink: 'syz.4.5147': attribute type 44 has an invalid length. [ 614.440201][T18792] netlink: 'syz.4.5147': attribute type 46 has an invalid length. [ 614.482510][T18792] netlink: 'syz.4.5147': attribute type 47 has an invalid length. [ 614.519334][T18792] netlink: 2 bytes leftover after parsing attributes in process `syz.4.5147'. [ 614.684095][ T5828] Bluetooth: hci0: command 0x0406 tx timeout [ 615.176214][T18826] sctp: [Deprecated]: syz.0.5160 (pid 18826) Use of struct sctp_assoc_value in delayed_ack socket option. [ 615.176214][T18826] Use struct sctp_sack_info instead [ 615.389143][T18832] KVM: debugfs: duplicate directory 18832-4 [ 615.569500][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 615.575688][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 615.686762][T18841] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5175'. [ 615.859439][T18847] [U]  [ 615.862248][T18847] [U] [ 615.864921][T18847] [U] [ 615.867591][T18847] [U] [ 615.917646][T18847] [U] [ 615.920378][T18847] [U] [ 615.923048][T18847] [U] [ 615.925721][T18847] [U] [ 615.969304][T18847] [U] [ 615.972022][T18847] [U] [ 615.974696][T18847] [U] [ 615.977364][T18847] [U] [ 616.030040][T18847] [U] [ 616.032755][T18847] [U] [ 616.035429][T18847] [U] [ 616.038098][T18847] [U] [ 616.085890][T18847] [U] [ 616.088608][T18847] [U] [ 616.091280][T18847] [U] [ 616.093951][T18847] [U] [ 616.138911][T18847] [U] [ 616.141627][T18847] [U] [ 616.144299][T18847] [U] [ 616.146971][T18847] [U] [ 616.189067][T18847] [U] [ 617.539010][T18884] ima: policy update failed [ 617.548256][ T30] audit: type=1802 audit(4294969640.904:16): pid=18884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.5184" res=0 errno=0 [ 617.812491][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 617.821468][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 617.830149][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 617.838791][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 617.846458][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 618.368828][T18893] chnl_net:caif_netlink_parms(): no params data found [ 618.553316][T18893] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.572529][T18893] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.591795][T18893] bridge_slave_0: entered allmulticast mode [ 618.610941][T18893] bridge_slave_0: entered promiscuous mode [ 618.627918][T18893] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.645227][T18893] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.668286][T18893] bridge_slave_1: entered allmulticast mode [ 618.694622][T18893] bridge_slave_1: entered promiscuous mode [ 618.774117][T18893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.801648][T18893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.878745][T18893] team0: Port device team_slave_0 added [ 618.900566][T18893] team0: Port device team_slave_1 added [ 618.964640][T18893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 618.982236][T18893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.058913][T18893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.105298][T18893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.135484][T18893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.261666][T18893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.298971][T18927] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5198'. [ 619.427185][T18931] netlink: 'syz.2.5199': attribute type 16 has an invalid length. [ 619.464877][T18893] hsr_slave_0: entered promiscuous mode [ 619.495302][T18893] hsr_slave_1: entered promiscuous mode [ 619.534341][T18931] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5199'. [ 619.545126][T18893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 619.579295][T18893] Cannot create hsr debugfs directory [ 619.680794][T18936] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5201'. [ 619.888549][ T5828] Bluetooth: hci3: command tx timeout [ 620.150024][T18893] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.222465][T18944] mkiss: ax0: crc mode is auto. [ 620.314971][T18893] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.460180][T18893] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.589294][T18893] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.900866][T18893] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 620.966478][T18893] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 621.002332][T18893] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 621.049911][T18893] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 621.370788][T18962] kvm: kvm [18961]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x2 [ 621.391622][T18893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.456152][T18893] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.513355][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.520509][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.583293][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.590437][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 621.694600][T18893] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 621.768313][T18893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 621.824109][T18972] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 621.965103][T18976] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 621.975666][ T5828] Bluetooth: hci3: command tx timeout [ 622.381175][T18893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 623.104521][T18893] veth0_vlan: entered promiscuous mode [ 623.153678][T18893] veth1_vlan: entered promiscuous mode [ 623.276371][T18893] veth0_macvtap: entered promiscuous mode [ 623.318697][T18893] veth1_macvtap: entered promiscuous mode [ 623.380553][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.429618][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.476818][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.527581][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.565436][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.610872][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.650195][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.690045][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.735624][T18893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 623.787410][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.827747][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.897780][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.940119][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.988272][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 624.039785][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.050419][ T5828] Bluetooth: hci3: command tx timeout [ 624.111519][T18893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 624.157997][T18893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.200968][T18893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 624.218667][T18998] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 624.260092][T18893] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.337958][T18893] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.401033][T18893] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.430667][T18893] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.454604][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.463807][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.816427][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.857792][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.960767][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.969430][T19032] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5231'. [ 624.993011][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 625.034640][T19033] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5231'. [ 625.836601][T19057] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5239'. [ 626.104375][T19063] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 626.131837][ T5828] Bluetooth: hci3: command tx timeout [ 627.522109][T19083] erspan0: entered allmulticast mode [ 627.687528][T19098] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5252'. [ 628.913752][T19118] netlink: 130 bytes leftover after parsing attributes in process `syz.4.5260'. [ 629.771795][T19145] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5271'. [ 630.057618][T19151] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 630.228953][T19155] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5275'. [ 630.290637][T19157] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5275'. [ 631.397889][T19179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5283'. [ 631.450153][T19179] netlink: 13 bytes leftover after parsing attributes in process `syz.0.5283'. [ 631.879016][T19184] FAULT_INJECTION: forcing a failure. [ 631.879016][T19184] name failslab, interval 1, probability 0, space 0, times 0 [ 631.931084][T19184] CPU: 1 UID: 0 PID: 19184 Comm: syz.1.5286 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 631.931111][T19184] Tainted: [I]=FIRMWARE_WORKAROUND [ 631.931117][T19184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 631.931125][T19184] Call Trace: [ 631.931130][T19184] [ 631.931136][T19184] dump_stack_lvl+0x16c/0x1f0 [ 631.931160][T19184] should_fail_ex+0x512/0x640 [ 631.931179][T19184] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 631.931197][T19184] should_failslab+0xc2/0x120 [ 631.931213][T19184] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 631.931228][T19184] ? acpi_ut_create_thread_state+0x63/0x170 [ 631.931244][T19184] acpi_ut_create_thread_state+0x63/0x170 [ 631.931258][T19184] acpi_ps_parse_aml+0x79/0xcb0 [ 631.931277][T19184] acpi_ps_execute_method+0x55a/0xb30 [ 631.931295][T19184] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 631.931314][T19184] acpi_ns_evaluate+0x76c/0xca0 [ 631.931333][T19184] ? kasan_save_track+0x14/0x30 [ 631.931349][T19184] acpi_evaluate_object+0x1fa/0xa90 [ 631.931364][T19184] ? do_syscall_64+0xcd/0x230 [ 631.931381][T19184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.931395][T19184] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 631.931410][T19184] ? __mutex_trylock_common+0xe9/0x250 [ 631.931430][T19184] acpi_evaluate_integer+0xdd/0x200 [ 631.931451][T19184] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 631.931479][T19184] ? __pfx_status_show+0x10/0x10 [ 631.931493][T19184] status_show+0xa0/0x120 [ 631.931507][T19184] ? __pfx_status_show+0x10/0x10 [ 631.931526][T19184] dev_attr_show+0x53/0xe0 [ 631.931544][T19184] ? __pfx_dev_attr_show+0x10/0x10 [ 631.931559][T19184] sysfs_kf_seq_show+0x213/0x3e0 [ 631.931582][T19184] seq_read_iter+0x506/0x12c0 [ 631.931609][T19184] kernfs_fop_read_iter+0x40f/0x5a0 [ 631.931625][T19184] ? rw_verify_area+0xcf/0x680 [ 631.931646][T19184] vfs_read+0x8c8/0xc70 [ 631.931660][T19184] ? __pfx___mutex_lock+0x10/0x10 [ 631.931678][T19184] ? __pfx_vfs_read+0x10/0x10 [ 631.931703][T19184] ksys_read+0x12a/0x240 [ 631.931715][T19184] ? __pfx_ksys_read+0x10/0x10 [ 631.931726][T19184] ? rcu_is_watching+0x12/0xc0 [ 631.931744][T19184] do_syscall_64+0xcd/0x230 [ 631.931763][T19184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.931776][T19184] RIP: 0033:0x7fc209d8e969 [ 631.931789][T19184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.931801][T19184] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 631.931815][T19184] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 631.931824][T19184] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 631.931832][T19184] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 631.931841][T19184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.931849][T19184] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 631.931877][T19184] [ 631.931943][T19184] ACPI Error: ffff888035a90000 walk still has a scope list (20240827/dswstate-694) [ 633.880928][T19218] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5297'. [ 633.918255][T19218] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5297'. [ 633.934174][T19223] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5299'. [ 633.961815][T19223] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5299'. [ 634.327841][T19229] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5302'. [ 634.899780][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18 [ 636.383080][T19285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5324'. [ 637.001488][T19285] bond0: (slave bond_slave_1): Releasing backup interface [ 637.642819][T19310] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5332'. [ 638.391718][T19325] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5339'. [ 638.544972][T19327] mkiss: ax0: crc mode is auto. [ 638.654204][T19333] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5343'. [ 638.684414][T19333] veth1_macvtap: entered allmulticast mode [ 639.073994][T19345] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5348'. [ 639.467945][T19351] FAULT_INJECTION: forcing a failure. [ 639.467945][T19351] name failslab, interval 1, probability 0, space 0, times 0 [ 639.524478][T19351] CPU: 1 UID: 0 PID: 19351 Comm: syz.2.5351 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 639.524506][T19351] Tainted: [I]=FIRMWARE_WORKAROUND [ 639.524511][T19351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 639.524520][T19351] Call Trace: [ 639.524525][T19351] [ 639.524531][T19351] dump_stack_lvl+0x16c/0x1f0 [ 639.524554][T19351] should_fail_ex+0x512/0x640 [ 639.524574][T19351] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 639.524591][T19351] should_failslab+0xc2/0x120 [ 639.524608][T19351] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 639.524622][T19351] ? d_instantiate+0x77/0x90 [ 639.524636][T19351] ? alloc_empty_file+0x55/0x1e0 [ 639.524655][T19351] alloc_empty_file+0x55/0x1e0 [ 639.524671][T19351] alloc_file_pseudo+0x13a/0x230 [ 639.524688][T19351] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 639.524709][T19351] __shmem_file_setup+0x210/0x300 [ 639.524726][T19351] shmem_zero_setup+0x93/0x1a0 [ 639.524743][T19351] __mmap_region+0x2036/0x27c0 [ 639.524760][T19351] ? __pfx___mmap_region+0x10/0x10 [ 639.524774][T19351] ? mark_held_locks+0x49/0x80 [ 639.524794][T19351] ? rcu_is_watching+0x12/0xc0 [ 639.524839][T19351] ? mmap_region+0xac/0x3f0 [ 639.524855][T19351] mmap_region+0x1ab/0x3f0 [ 639.524873][T19351] do_mmap+0xd8e/0x11b0 [ 639.524895][T19351] ? __pfx_do_mmap+0x10/0x10 [ 639.524913][T19351] ? __pfx_down_write_killable+0x10/0x10 [ 639.524932][T19351] ? percpu_counter_add_batch+0xb8/0x1f0 [ 639.524951][T19351] vm_mmap_pgoff+0x281/0x450 [ 639.524972][T19351] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 639.524994][T19351] ? __x64_sys_futex+0x1e0/0x4c0 [ 639.525007][T19351] ? __x64_sys_futex+0x1e9/0x4c0 [ 639.525023][T19351] ksys_mmap_pgoff+0x7d/0x5c0 [ 639.525041][T19351] ? rcu_is_watching+0x12/0xc0 [ 639.525055][T19351] __x64_sys_mmap+0x125/0x190 [ 639.525070][T19351] do_syscall_64+0xcd/0x230 [ 639.525111][T19351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.525125][T19351] RIP: 0033:0x7f840618e969 [ 639.525138][T19351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.525150][T19351] RSP: 002b:00007f8406f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 639.525164][T19351] RAX: ffffffffffffffda RBX: 00007f84063b5fa0 RCX: 00007f840618e969 [ 639.525173][T19351] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 639.525180][T19351] RBP: 00007f8406210ab1 R08: fffffffffffffffa R09: 0000000000008000 [ 639.525189][T19351] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 639.525197][T19351] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 639.525215][T19351] [ 639.837294][T19354] netlink: 2 bytes leftover after parsing attributes in process `syz.4.5352'. [ 640.272928][T19360] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5354'. [ 641.331156][T19386] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5364'. [ 641.455506][T19388] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5365'. [ 642.081184][T19404] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5371'. [ 642.169258][T19407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5372'. [ 642.195725][T19404] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5371'. [ 642.231402][T19407] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5372'. [ 643.419990][T19444] netlink: 'syz.2.5388': attribute type 33 has an invalid length. [ 643.465976][T19444] netlink: 322 bytes leftover after parsing attributes in process `syz.2.5388'. [ 643.722625][T19454] FAULT_INJECTION: forcing a failure. [ 643.722625][T19454] name failslab, interval 1, probability 0, space 0, times 0 [ 643.737125][T19456] FAULT_INJECTION: forcing a failure. [ 643.737125][T19456] name failslab, interval 1, probability 0, space 0, times 0 [ 643.784253][T19454] CPU: 1 UID: 0 PID: 19454 Comm: syz.2.5391 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 643.784280][T19454] Tainted: [I]=FIRMWARE_WORKAROUND [ 643.784285][T19454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 643.784293][T19454] Call Trace: [ 643.784298][T19454] [ 643.784304][T19454] dump_stack_lvl+0x16c/0x1f0 [ 643.784327][T19454] should_fail_ex+0x512/0x640 [ 643.784347][T19454] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 643.784371][T19454] should_failslab+0xc2/0x120 [ 643.784387][T19454] __kmalloc_cache_noprof+0x6a/0x3e0 [ 643.784408][T19454] ? find_held_lock+0x2b/0x80 [ 643.784420][T19454] ? udmabuf_create+0xbf/0x11a0 [ 643.784436][T19454] udmabuf_create+0xbf/0x11a0 [ 643.784449][T19454] ? __lock_acquire+0xaa4/0x1ba0 [ 643.784467][T19454] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 643.784487][T19454] ? __pfx_udmabuf_create+0x10/0x10 [ 643.784499][T19454] ? find_held_lock+0x2b/0x80 [ 643.784510][T19454] ? __might_fault+0xe3/0x190 [ 643.784525][T19454] ? __might_fault+0xe3/0x190 [ 643.784537][T19454] ? __might_fault+0x13b/0x190 [ 643.784558][T19454] udmabuf_ioctl+0x192/0x310 [ 643.784571][T19454] ? __pfx_udmabuf_ioctl+0x10/0x10 [ 643.784582][T19454] ? find_held_lock+0x2b/0x80 [ 643.784599][T19454] ? __fget_files+0x20e/0x3c0 [ 643.784621][T19454] ? __pfx_udmabuf_ioctl+0x10/0x10 [ 643.784634][T19454] __x64_sys_ioctl+0x190/0x200 [ 643.784653][T19454] do_syscall_64+0xcd/0x230 [ 643.784672][T19454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.784708][T19454] RIP: 0033:0x7f840618e969 [ 643.784720][T19454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.784734][T19454] RSP: 002b:00007f8406f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 643.784747][T19454] RAX: ffffffffffffffda RBX: 00007f84063b5fa0 RCX: 00007f840618e969 [ 643.784758][T19454] RDX: 0000000000000000 RSI: 0000000040187542 RDI: 0000000000000003 [ 643.784766][T19454] RBP: 00007f8406210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 643.784774][T19454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.784781][T19454] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 643.784798][T19454] [ 644.016915][T19456] CPU: 1 UID: 0 PID: 19456 Comm: syz.1.5393 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 644.016944][T19456] Tainted: [I]=FIRMWARE_WORKAROUND [ 644.016950][T19456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 644.016959][T19456] Call Trace: [ 644.016964][T19456] [ 644.016971][T19456] dump_stack_lvl+0x16c/0x1f0 [ 644.016995][T19456] should_fail_ex+0x512/0x640 [ 644.017014][T19456] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 644.017032][T19456] should_failslab+0xc2/0x120 [ 644.017049][T19456] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 644.017063][T19456] ? find_held_lock+0x2b/0x80 [ 644.017075][T19456] ? pidfs_alloc_inode+0x25/0x80 [ 644.017092][T19456] ? stashed_dentry_get+0xec/0x2a0 [ 644.017106][T19456] ? __pfx_pidfs_alloc_inode+0x10/0x10 [ 644.017122][T19456] pidfs_alloc_inode+0x25/0x80 [ 644.017137][T19456] alloc_inode+0x61/0x240 [ 644.017153][T19456] path_from_stashed+0x2be/0xb00 [ 644.017168][T19456] ? __pfx_path_from_stashed+0x10/0x10 [ 644.017179][T19456] ? find_held_lock+0x2b/0x80 [ 644.017192][T19456] ? alloc_fd+0x471/0x7d0 [ 644.017213][T19456] pidfs_alloc_file+0xf8/0x320 [ 644.017230][T19456] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 644.017249][T19456] ? find_get_pid+0x19b/0x310 [ 644.017268][T19456] pidfd_prepare+0xa8/0x130 [ 644.017285][T19456] __x64_sys_pidfd_open+0x105/0x1a0 [ 644.017303][T19456] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 644.017324][T19456] ? rcu_is_watching+0x12/0xc0 [ 644.017338][T19456] do_syscall_64+0xcd/0x230 [ 644.017357][T19456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.017370][T19456] RIP: 0033:0x7fc209d8e969 [ 644.017382][T19456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.017395][T19456] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 644.017408][T19456] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 644.017417][T19456] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000bdf [ 644.017425][T19456] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 644.017432][T19456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 644.017439][T19456] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 644.017456][T19456] [ 645.283497][T19478] netlink: 'syz.4.5402': attribute type 21 has an invalid length. [ 645.316830][T19478] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5402'. [ 645.543531][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 5 < 18 [ 646.814362][T19526] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5416'. [ 647.154909][T19526] bond0: (slave bond_slave_1): Releasing backup interface [ 647.218558][T19541] FAULT_INJECTION: forcing a failure. [ 647.218558][T19541] name failslab, interval 1, probability 0, space 0, times 0 [ 647.282135][ T5828] Bluetooth: hci2: unexpected subevent 0x01 length: 5 < 18 [ 647.309928][T19541] CPU: 1 UID: 0 PID: 19541 Comm: syz.1.5419 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 647.309954][T19541] Tainted: [I]=FIRMWARE_WORKAROUND [ 647.309959][T19541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 647.309967][T19541] Call Trace: [ 647.309972][T19541] [ 647.309977][T19541] dump_stack_lvl+0x16c/0x1f0 [ 647.310000][T19541] should_fail_ex+0x512/0x640 [ 647.310018][T19541] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 647.310036][T19541] should_failslab+0xc2/0x120 [ 647.310054][T19541] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 647.310068][T19541] ? __pfx___might_resched+0x10/0x10 [ 647.310083][T19541] ? __anon_vma_prepare+0xae/0x5e0 [ 647.310100][T19541] __anon_vma_prepare+0xae/0x5e0 [ 647.310112][T19541] ? __pfx___pte_alloc+0x10/0x10 [ 647.310131][T19541] __vmf_anon_prepare+0x11c/0x240 [ 647.310150][T19541] do_pte_missing+0x1194/0x3fb0 [ 647.310166][T19541] ? _raw_spin_unlock+0x28/0x50 [ 647.310181][T19541] ? __pmd_alloc+0x3c2/0x870 [ 647.310201][T19541] __handle_mm_fault+0x103d/0x2a40 [ 647.310219][T19541] ? __pfx___handle_mm_fault+0x10/0x10 [ 647.310247][T19541] handle_mm_fault+0x3fe/0xad0 [ 647.310264][T19541] __get_user_pages+0x771/0x36f0 [ 647.310288][T19541] ? __pfx_mt_find+0x10/0x10 [ 647.310307][T19541] ? __pfx___get_user_pages+0x10/0x10 [ 647.310333][T19541] populate_vma_page_range+0x278/0x3a0 [ 647.310346][T19541] ? __pfx_populate_vma_page_range+0x10/0x10 [ 647.310358][T19541] ? __pfx_find_vma_intersection+0x10/0x10 [ 647.310378][T19541] ? do_mmap+0x69c/0x11b0 [ 647.310398][T19541] __mm_populate+0x1d8/0x380 [ 647.310411][T19541] ? __pfx___mm_populate+0x10/0x10 [ 647.310425][T19541] ? up_write+0x1b2/0x520 [ 647.310445][T19541] vm_mmap_pgoff+0x362/0x450 [ 647.310465][T19541] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 647.310488][T19541] ? __x64_sys_futex+0x1e0/0x4c0 [ 647.310501][T19541] ? __x64_sys_futex+0x1e9/0x4c0 [ 647.310517][T19541] ksys_mmap_pgoff+0x7d/0x5c0 [ 647.310535][T19541] ? rcu_is_watching+0x12/0xc0 [ 647.310550][T19541] __x64_sys_mmap+0x125/0x190 [ 647.310565][T19541] do_syscall_64+0xcd/0x230 [ 647.310585][T19541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.310598][T19541] RIP: 0033:0x7fc209d8e969 [ 647.310618][T19541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.310633][T19541] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 647.310646][T19541] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 647.310655][T19541] RDX: 00800000000000df RSI: 0000000000400005 RDI: 0000000000000000 [ 647.310663][T19541] RBP: 00007fc209e10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 647.310672][T19541] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 647.310680][T19541] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 647.310698][T19541] [ 648.075568][T19551] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5421'. [ 648.411480][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 648.431998][T19558] mkiss: ax0: crc mode is auto. [ 649.091791][T19569] mkiss: ax0: crc mode is auto. [ 650.564820][ T5831] Bluetooth: hci0: unexpected event 0x03 length: 18 > 11 [ 651.037673][T19634] FAULT_INJECTION: forcing a failure. [ 651.037673][T19634] name failslab, interval 1, probability 0, space 0, times 0 [ 651.139204][T19634] CPU: 1 UID: 0 PID: 19634 Comm: syz.1.5445 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 651.139232][T19634] Tainted: [I]=FIRMWARE_WORKAROUND [ 651.139237][T19634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 651.139245][T19634] Call Trace: [ 651.139250][T19634] [ 651.139256][T19634] dump_stack_lvl+0x16c/0x1f0 [ 651.139281][T19634] should_fail_ex+0x512/0x640 [ 651.139301][T19634] ? __kmalloc_noprof+0xbf/0x510 [ 651.139317][T19634] ? lsm_blob_alloc+0x68/0x90 [ 651.139336][T19634] should_failslab+0xc2/0x120 [ 651.139353][T19634] __kmalloc_noprof+0xd2/0x510 [ 651.139371][T19634] lsm_blob_alloc+0x68/0x90 [ 651.139390][T19634] security_sk_alloc+0x30/0x270 [ 651.139405][T19634] sk_prot_alloc+0x1c7/0x2a0 [ 651.139425][T19634] sk_alloc+0x36/0xc20 [ 651.139439][T19634] __netlink_create+0x5e/0x2c0 [ 651.139455][T19634] __netlink_kernel_create+0xed/0x750 [ 651.139472][T19634] ? __pfx___netlink_kernel_create+0x10/0x10 [ 651.139493][T19634] fib_net_init+0x26d/0x3f0 [ 651.139508][T19634] ? __pfx___register_sysctl_table+0x10/0x10 [ 651.139524][T19634] ? __pfx_fib_net_init+0x10/0x10 [ 651.139538][T19634] ? lockdep_init_map_type+0x5c/0x280 [ 651.139555][T19634] ? __pfx_nl_fib_input+0x10/0x10 [ 651.139572][T19634] ? devinet_init_net+0x5c2/0x910 [ 651.139590][T19634] ? __pfx_fib_net_init+0x10/0x10 [ 651.139603][T19634] ops_init+0x1df/0x5f0 [ 651.139621][T19634] setup_net+0x21e/0x850 [ 651.139638][T19634] ? __pfx_setup_net+0x10/0x10 [ 651.139652][T19634] ? lockdep_init_map_type+0x5c/0x280 [ 651.139669][T19634] ? __pfx_down_read_killable+0x10/0x10 [ 651.139691][T19634] ? debug_mutex_init+0x37/0x70 [ 651.139706][T19634] copy_net_ns+0x2a6/0x5f0 [ 651.139724][T19634] create_new_namespaces+0x3ea/0xad0 [ 651.139743][T19634] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 651.139759][T19634] ksys_unshare+0x45b/0xa40 [ 651.139777][T19634] ? __pfx_ksys_unshare+0x10/0x10 [ 651.139793][T19634] ? xfd_validate_state+0x5d/0x180 [ 651.139814][T19634] ? rcu_is_watching+0x12/0xc0 [ 651.139830][T19634] __x64_sys_unshare+0x31/0x40 [ 651.139847][T19634] do_syscall_64+0xcd/0x230 [ 651.139866][T19634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.139880][T19634] RIP: 0033:0x7fc209d8e969 [ 651.139892][T19634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 651.139904][T19634] RSP: 002b:00007fc20abfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 651.139917][T19634] RAX: ffffffffffffffda RBX: 00007fc209fb6080 RCX: 00007fc209d8e969 [ 651.139926][T19634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 651.139935][T19634] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 651.139943][T19634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.139951][T19634] R13: 0000000000000000 R14: 00007fc209fb6080 R15: 00007ffd8f31f108 [ 651.139969][T19634] [ 652.923699][T19670] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5458'. [ 653.008709][T19672] FAULT_INJECTION: forcing a failure. [ 653.008709][T19672] name fail_futex, interval 1, probability 0, space 0, times 0 [ 653.067179][T19672] CPU: 1 UID: 0 PID: 19672 Comm: syz.1.5460 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 653.067206][T19672] Tainted: [I]=FIRMWARE_WORKAROUND [ 653.067212][T19672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 653.067220][T19672] Call Trace: [ 653.067226][T19672] [ 653.067231][T19672] dump_stack_lvl+0x16c/0x1f0 [ 653.067254][T19672] should_fail_ex+0x512/0x640 [ 653.067277][T19672] get_futex_key+0x49e/0x1000 [ 653.067294][T19672] ? __pfx_get_futex_key+0x10/0x10 [ 653.067309][T19672] ? __destroy_inode+0x2e4/0x730 [ 653.067324][T19672] ? __pfx_sock_free_inode+0x10/0x10 [ 653.067346][T19672] futex_wake+0xe7/0x4e0 [ 653.067362][T19672] ? __pfx_evict+0x10/0x10 [ 653.067375][T19672] ? __pfx_futex_wake+0x10/0x10 [ 653.067393][T19672] ? iput+0x519/0x880 [ 653.067412][T19672] do_futex+0x1e3/0x350 [ 653.067427][T19672] ? __pfx_do_futex+0x10/0x10 [ 653.067440][T19672] ? __sock_release+0x20b/0x270 [ 653.067459][T19672] __x64_sys_futex+0x1e0/0x4c0 [ 653.067474][T19672] ? __sys_socket+0xac/0x260 [ 653.067492][T19672] ? __pfx___x64_sys_futex+0x10/0x10 [ 653.067507][T19672] ? rcu_is_watching+0x12/0xc0 [ 653.067524][T19672] do_syscall_64+0xcd/0x230 [ 653.067543][T19672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.067556][T19672] RIP: 0033:0x7fc209d8e969 [ 653.067568][T19672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.067580][T19672] RSP: 002b:00007fc20ac1f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 653.067593][T19672] RAX: ffffffffffffffda RBX: 00007fc209fb5fa8 RCX: 00007fc209d8e969 [ 653.067601][T19672] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc209fb5fac [ 653.067609][T19672] RBP: 00007fc209fb5fa0 R08: 00007fc20ac20000 R09: 0000000000000000 [ 653.067617][T19672] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fc209fb5fac [ 653.067625][T19672] R13: 0000000000000000 R14: 00007ffd8f31f020 R15: 00007ffd8f31f108 [ 653.067641][T19672] [ 654.059340][T19670] bond0: (slave bond_slave_1): Releasing backup interface [ 654.238198][T19683] erspan0: entered allmulticast mode [ 654.816260][T19693] could not allocate digest TFM handle [ 655.200858][T19715] netlink: 'syz.2.5474': attribute type 4 has an invalid length. [ 655.238943][T19715] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5474'. [ 655.315808][T19715] IPv6: NLM_F_CREATE should be specified when creating new route [ 655.366284][T19715] IPv6: Can't replace route, no match found [ 655.940877][T19739] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5486'. [ 656.123024][T19735] FAULT_INJECTION: forcing a failure. [ 656.123024][T19735] name failslab, interval 1, probability 0, space 0, times 0 [ 656.174859][T19735] CPU: 1 UID: 0 PID: 19735 Comm: syz.4.5484 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 656.174886][T19735] Tainted: [I]=FIRMWARE_WORKAROUND [ 656.174891][T19735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 656.174900][T19735] Call Trace: [ 656.174905][T19735] [ 656.174910][T19735] dump_stack_lvl+0x16c/0x1f0 [ 656.174934][T19735] should_fail_ex+0x512/0x640 [ 656.174954][T19735] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 656.174978][T19735] should_failslab+0xc2/0x120 [ 656.174994][T19735] __kmalloc_cache_noprof+0x6a/0x3e0 [ 656.175014][T19735] ? __asan_memset+0x23/0x50 [ 656.175033][T19735] ? snd_pcm_oss_change_params_locked+0x6f4/0x3b40 [ 656.175056][T19735] snd_pcm_oss_change_params_locked+0x6f4/0x3b40 [ 656.175077][T19735] ? rcu_is_watching+0x12/0xc0 [ 656.175097][T19735] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 656.175117][T19735] ? __pfx___mutex_lock+0x10/0x10 [ 656.175146][T19735] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 656.175165][T19735] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 656.175182][T19735] snd_pcm_oss_sync+0x1de/0x840 [ 656.175202][T19735] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 656.175220][T19735] snd_pcm_oss_release+0x28b/0x310 [ 656.175239][T19735] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 656.175256][T19735] __fput+0x3ff/0xb70 [ 656.175275][T19735] task_work_run+0x14d/0x240 [ 656.175300][T19735] ? __pfx_task_work_run+0x10/0x10 [ 656.175319][T19735] ? __pfx___do_sys_close_range+0x10/0x10 [ 656.175332][T19735] ? rcu_is_watching+0x12/0xc0 [ 656.175348][T19735] syscall_exit_to_user_mode+0x27b/0x2a0 [ 656.175369][T19735] do_syscall_64+0xda/0x230 [ 656.175389][T19735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.175403][T19735] RIP: 0033:0x7f9d3858e969 [ 656.175414][T19735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.175427][T19735] RSP: 002b:00007f9d39351038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 656.175440][T19735] RAX: 0000000000000000 RBX: 00007f9d387b5fa0 RCX: 00007f9d3858e969 [ 656.175449][T19735] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 656.175457][T19735] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 656.175465][T19735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.175473][T19735] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 656.175492][T19735] [ 656.717923][T19764] netlink: 'syz.0.5495': attribute type 21 has an invalid length. [ 656.730588][T19764] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5495'. [ 656.739808][T19764] IPv6: NLM_F_CREATE should be specified when creating new route [ 656.813687][T19767] netlink: 'syz.2.5497': attribute type 4 has an invalid length. [ 656.844040][T19767] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5497'. [ 657.540225][T19787] sp0: Synchronizing with TNC [ 657.985616][T19800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5507'. [ 658.037819][T19800] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5507'. [ 658.095066][T19804] FAULT_INJECTION: forcing a failure. [ 658.095066][T19804] name failslab, interval 1, probability 0, space 0, times 0 [ 658.196644][T19804] CPU: 1 UID: 0 PID: 19804 Comm: syz.2.5509 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 658.196673][T19804] Tainted: [I]=FIRMWARE_WORKAROUND [ 658.196678][T19804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 658.196686][T19804] Call Trace: [ 658.196691][T19804] [ 658.196696][T19804] dump_stack_lvl+0x16c/0x1f0 [ 658.196720][T19804] should_fail_ex+0x512/0x640 [ 658.196740][T19804] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 658.196757][T19804] should_failslab+0xc2/0x120 [ 658.196775][T19804] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 658.196790][T19804] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 658.196807][T19804] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 658.196822][T19804] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 658.196837][T19804] alloc_inode+0x61/0x240 [ 658.196852][T19804] new_inode+0x22/0x1c0 [ 658.196868][T19804] hugetlbfs_get_inode+0x354/0x730 [ 658.196886][T19804] hugetlb_file_setup+0x15b/0x620 [ 658.196904][T19804] ksys_mmap_pgoff+0x189/0x5c0 [ 658.196922][T19804] ? rcu_is_watching+0x12/0xc0 [ 658.196936][T19804] __x64_sys_mmap+0x125/0x190 [ 658.196952][T19804] do_syscall_64+0xcd/0x230 [ 658.196970][T19804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.196984][T19804] RIP: 0033:0x7f840618e969 [ 658.196995][T19804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 658.197007][T19804] RSP: 002b:00007f8406f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 658.197020][T19804] RAX: ffffffffffffffda RBX: 00007f84063b5fa0 RCX: 00007f840618e969 [ 658.197028][T19804] RDX: 00004000000000df RSI: 0000000000200004 RDI: 0000000000000000 [ 658.197036][T19804] RBP: 00007f8406210ab1 R08: ffffffffffffffff R09: 0000300004000000 [ 658.197044][T19804] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 658.197051][T19804] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 658.197067][T19804] [ 658.467634][T19809] netlink: 266 bytes leftover after parsing attributes in process `syz.2.5513'. [ 658.476765][T19809] IPv6: NLM_F_CREATE should be specified when creating new route [ 658.652123][ T5831] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 659.271454][T19825] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5518'. [ 659.409667][T19825] hsr_slave_1 (unregistering): left promiscuous mode [ 660.303766][T19850] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5528'. [ 660.433125][T19852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5530'. [ 660.470904][T19852] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5530'. [ 660.682585][T19860] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5532'. [ 660.738412][T19860] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5532'. [ 661.237387][T19877] FAULT_INJECTION: forcing a failure. [ 661.237387][T19877] name failslab, interval 1, probability 0, space 0, times 0 [ 661.281683][T19877] CPU: 1 UID: 0 PID: 19877 Comm: syz.2.5538 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 661.281710][T19877] Tainted: [I]=FIRMWARE_WORKAROUND [ 661.281715][T19877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 661.281724][T19877] Call Trace: [ 661.281729][T19877] [ 661.281735][T19877] dump_stack_lvl+0x16c/0x1f0 [ 661.281759][T19877] should_fail_ex+0x512/0x640 [ 661.281778][T19877] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 661.281802][T19877] should_failslab+0xc2/0x120 [ 661.281819][T19877] __kmalloc_cache_noprof+0x6a/0x3e0 [ 661.281839][T19877] ? lockdep_init_map_type+0x5c/0x280 [ 661.281856][T19877] ? dummy_hrtimer_create+0x45/0x170 [ 661.281878][T19877] dummy_hrtimer_create+0x45/0x170 [ 661.281898][T19877] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 661.281917][T19877] dummy_pcm_open+0xd1/0x5b0 [ 661.281937][T19877] snd_pcm_open_substream+0xa5d/0x17f0 [ 661.281959][T19877] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 661.281980][T19877] ? rcu_is_watching+0x12/0xc0 [ 661.281995][T19877] snd_pcm_open+0x29e/0x730 [ 661.282017][T19877] ? __pfx_snd_pcm_open+0x10/0x10 [ 661.282039][T19877] ? __pfx_default_wake_function+0x10/0x10 [ 661.282058][T19877] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 661.282078][T19877] snd_pcm_playback_open+0x86/0xe0 [ 661.282106][T19877] snd_open+0x1fe/0x450 [ 661.282124][T19877] ? __pfx_snd_open+0x10/0x10 [ 661.282139][T19877] chrdev_open+0x231/0x6a0 [ 661.282154][T19877] ? __pfx_apparmor_file_open+0x10/0x10 [ 661.282170][T19877] ? __pfx_chrdev_open+0x10/0x10 [ 661.282185][T19877] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 661.282208][T19877] do_dentry_open+0x741/0x1c10 [ 661.282222][T19877] ? __pfx_chrdev_open+0x10/0x10 [ 661.282239][T19877] vfs_open+0x82/0x3f0 [ 661.282258][T19877] path_openat+0x1e5e/0x2d40 [ 661.282277][T19877] ? __pfx_path_openat+0x10/0x10 [ 661.282295][T19877] do_filp_open+0x20b/0x470 [ 661.282308][T19877] ? __pfx_do_filp_open+0x10/0x10 [ 661.282333][T19877] ? alloc_fd+0x471/0x7d0 [ 661.282358][T19877] do_sys_openat2+0x11b/0x1d0 [ 661.282374][T19877] ? __pfx_do_sys_openat2+0x10/0x10 [ 661.282398][T19877] __x64_sys_openat+0x174/0x210 [ 661.282415][T19877] ? __pfx___x64_sys_openat+0x10/0x10 [ 661.282432][T19877] ? rcu_is_watching+0x12/0xc0 [ 661.282449][T19877] do_syscall_64+0xcd/0x230 [ 661.282469][T19877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.282483][T19877] RIP: 0033:0x7f840618e969 [ 661.282495][T19877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.282508][T19877] RSP: 002b:00007f8406f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 661.282521][T19877] RAX: ffffffffffffffda RBX: 00007f84063b5fa0 RCX: 00007f840618e969 [ 661.282530][T19877] RDX: 000000000016b042 RSI: 0000200000005480 RDI: ffffffffffffff9c [ 661.282538][T19877] RBP: 00007f8406210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 661.282546][T19877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.282553][T19877] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 661.282572][T19877] [ 661.937390][T19890] type: 4278190080 invalid [ 663.073239][T19910] FAULT_INJECTION: forcing a failure. [ 663.073239][T19910] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 663.155546][T19910] CPU: 1 UID: 0 PID: 19910 Comm: syz.4.5549 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 663.155572][T19910] Tainted: [I]=FIRMWARE_WORKAROUND [ 663.155578][T19910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 663.155586][T19910] Call Trace: [ 663.155591][T19910] [ 663.155597][T19910] dump_stack_lvl+0x16c/0x1f0 [ 663.155621][T19910] should_fail_ex+0x512/0x640 [ 663.155643][T19910] should_fail_alloc_page+0xe7/0x130 [ 663.155662][T19910] prepare_alloc_pages+0x3c2/0x610 [ 663.155683][T19910] ? rcu_is_watching+0x12/0xc0 [ 663.155697][T19910] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 663.155713][T19910] ? __kernel_text_address+0xd/0x40 [ 663.155732][T19910] ? unwind_get_return_address+0x59/0xa0 [ 663.155748][T19910] ? arch_stack_walk+0xa6/0x100 [ 663.155769][T19910] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 663.155784][T19910] ? stack_trace_save+0x8e/0xc0 [ 663.155798][T19910] ? __pfx_stack_trace_save+0x10/0x10 [ 663.155810][T19910] ? stack_depot_save_flags+0x28/0xa50 [ 663.155828][T19910] ? find_held_lock+0x2b/0x80 [ 663.155850][T19910] ? kasan_save_stack+0x42/0x60 [ 663.155866][T19910] ? __lock_acquire+0xaa4/0x1ba0 [ 663.155883][T19910] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 663.155903][T19910] ? policy_nodemask+0xea/0x4e0 [ 663.155920][T19910] alloc_pages_mpol+0x1fb/0x550 [ 663.155936][T19910] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 663.155950][T19910] ? __page_table_check_ptes_set+0x1ae/0x420 [ 663.155966][T19910] ? find_held_lock+0x2b/0x80 [ 663.155981][T19910] alloc_pages_noprof+0x131/0x390 [ 663.155997][T19910] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 663.156009][T19910] get_free_pages_noprof+0xc/0x40 [ 663.156026][T19910] kasan_populate_vmalloc_pte+0x2d/0x160 [ 663.156039][T19910] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 663.156052][T19910] __apply_to_page_range+0x617/0xd60 [ 663.156074][T19910] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 663.156090][T19910] ? __pfx___apply_to_page_range+0x10/0x10 [ 663.156109][T19910] ? alloc_vmap_area+0x872/0x2970 [ 663.156130][T19910] alloc_vmap_area+0x919/0x2970 [ 663.156155][T19910] ? __pfx_alloc_vmap_area+0x10/0x10 [ 663.156177][T19910] __get_vm_area_node+0x1a7/0x300 [ 663.156200][T19910] __vmalloc_node_range_noprof+0x277/0x1540 [ 663.156221][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.156244][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.156277][T19910] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 663.156305][T19910] __kvmalloc_node_noprof+0x2ff/0x600 [ 663.156321][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.156340][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.156361][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.156377][T19910] __do_sys_listmount+0x1c2/0xed0 [ 663.156398][T19910] ? __x64_sys_futex+0x1e0/0x4c0 [ 663.156412][T19910] ? __x64_sys_futex+0x1e9/0x4c0 [ 663.156426][T19910] ? __pfx___do_sys_listmount+0x10/0x10 [ 663.156443][T19910] ? xfd_validate_state+0x5d/0x180 [ 663.156470][T19910] do_syscall_64+0xcd/0x230 [ 663.156490][T19910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.156504][T19910] RIP: 0033:0x7f9d3858e969 [ 663.156516][T19910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.156528][T19910] RSP: 002b:00007f9d39330038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 663.156541][T19910] RAX: ffffffffffffffda RBX: 00007f9d387b6080 RCX: 00007f9d3858e969 [ 663.156550][T19910] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 663.156561][T19910] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 663.156569][T19910] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 663.156577][T19910] R13: 0000000000000000 R14: 00007f9d387b6080 R15: 00007ffd5b5bdff8 [ 663.156593][T19910] [ 663.541272][T19910] syz.4.5549: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 663.556617][T19910] CPU: 1 UID: 0 PID: 19910 Comm: syz.4.5549 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 663.556641][T19910] Tainted: [I]=FIRMWARE_WORKAROUND [ 663.556646][T19910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 663.556655][T19910] Call Trace: [ 663.556659][T19910] [ 663.556664][T19910] dump_stack_lvl+0x16c/0x1f0 [ 663.556688][T19910] warn_alloc+0x248/0x3a0 [ 663.556706][T19910] ? __pfx_warn_alloc+0x10/0x10 [ 663.556721][T19910] ? kfree+0x2b6/0x4d0 [ 663.556737][T19910] ? __get_vm_area_node+0x1e5/0x300 [ 663.556761][T19910] __vmalloc_node_range_noprof+0xd31/0x1540 [ 663.556787][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.556810][T19910] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 663.556837][T19910] __kvmalloc_node_noprof+0x2ff/0x600 [ 663.556857][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.556876][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.556898][T19910] ? __do_sys_listmount+0x1c2/0xed0 [ 663.556916][T19910] __do_sys_listmount+0x1c2/0xed0 [ 663.556938][T19910] ? __x64_sys_futex+0x1e0/0x4c0 [ 663.556952][T19910] ? __x64_sys_futex+0x1e9/0x4c0 [ 663.556966][T19910] ? __pfx___do_sys_listmount+0x10/0x10 [ 663.556984][T19910] ? xfd_validate_state+0x5d/0x180 [ 663.557012][T19910] do_syscall_64+0xcd/0x230 [ 663.557031][T19910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.557045][T19910] RIP: 0033:0x7f9d3858e969 [ 663.557056][T19910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.557069][T19910] RSP: 002b:00007f9d39330038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 663.557081][T19910] RAX: ffffffffffffffda RBX: 00007f9d387b6080 RCX: 00007f9d3858e969 [ 663.557090][T19910] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 663.557098][T19910] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 663.557106][T19910] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 663.557113][T19910] R13: 0000000000000000 R14: 00007f9d387b6080 R15: 00007ffd5b5bdff8 [ 663.557129][T19910] [ 663.557134][T19910] Mem-Info: [ 663.782647][T19910] active_anon:54394 inactive_anon:1 isolated_anon:0 [ 663.782647][T19910] active_file:2180 inactive_file:56926 isolated_file:0 [ 663.782647][T19910] unevictable:768 dirty:457 writeback:0 [ 663.782647][T19910] slab_reclaimable:11341 slab_unreclaimable:102765 [ 663.782647][T19910] mapped:29897 shmem:41000 pagetables:1208 [ 663.782647][T19910] sec_pagetables:0 bounce:0 [ 663.782647][T19910] kernel_misc_reclaimable:0 [ 663.782647][T19910] free:1260161 free_pcp:17421 free_cma:0 [ 663.828631][T19910] Node 0 active_anon:217576kB inactive_anon:4kB active_file:8720kB inactive_file:217780kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119212kB dirty:1676kB writeback:0kB shmem:162464kB shmem_thp:12288kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:11248kB pagetables:4832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 663.863710][T19910] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:376kB dirty:152kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 663.896190][T19910] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 663.944036][T19910] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 663.952657][T19910] Node 0 DMA32 free:1188784kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:217528kB inactive_anon:4kB active_file:8720kB inactive_file:215964kB unevictable:1536kB writepending:1676kB present:3129332kB managed:2544168kB mlocked:0kB bounce:0kB free_pcp:1532kB local_pcp:1532kB free_cma:0kB [ 663.983613][T19910] lowmem_reserve[]: 0 0 1 1 1 [ 663.988931][T19910] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 664.016816][T19910] lowmem_reserve[]: 0 0 0 0 0 [ 664.021856][T19910] Node 1 Normal free:3836296kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB writepending:152kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:68220kB local_pcp:68220kB free_cma:0kB [ 664.072123][T19910] lowmem_reserve[]: 0 0 0 0 0 [ 664.076859][T19910] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 664.100806][T19910] Node 0 DMA32: 6*4kB (UM) 6*8kB (UME) 108*16kB (UME) 155*32kB (UME) 894*64kB (UME) 524*128kB (UME) 169*256kB (UME) 74*512kB (UME) 43*1024kB (UM) 6*2048kB (UM) 225*4096kB (UME) = 1190120kB [ 664.136018][T19910] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 664.168537][T19910] Node 1 Normal: 11*4kB (UME) 5*8kB (ME) 9*16kB (ME) 23*32kB (UME) 261*64kB (UME) 39*128kB (UME) 18*256kB (UME) 10*512kB (UM) 9*1024kB (UME) 7*2048kB (UME) 923*4096kB (M) = 3836548kB [ 664.217405][T19910] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.252726][T19910] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 664.310259][T19910] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.362964][T19910] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 664.413312][T19910] 100112 total pagecache pages [ 664.424114][T19910] 2 pages in swap cache [ 664.434407][T19910] Free swap = 121920kB [ 664.447203][T19910] Total swap = 124996kB [ 664.454677][T19910] 2097051 pages RAM [ 664.465635][T19910] 0 pages HighMem/MovableOnly [ 664.481122][T19910] 428903 pages reserved [ 664.485387][T19910] 0 pages cma reserved [ 664.507247][T19921] netlink: 'syz.2.5556': attribute type 4 has an invalid length. [ 664.534445][T19921] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5556'. [ 664.564980][T19924] netlink: 'syz.2.5556': attribute type 4 has an invalid length. [ 664.583305][T19924] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5556'. [ 665.343689][T19948] i2c i2c-0: new_device: Extra parameters [ 665.701950][T19955] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 667.306301][T19990] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5580'. [ 667.370624][T19990] netlink: 298 bytes leftover after parsing attributes in process `syz.2.5580'. [ 667.631355][T20002] netlink: 346 bytes leftover after parsing attributes in process `syz.0.5586'. [ 668.290534][T20021] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5594'. [ 668.498267][T20026] program syz.2.5597 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 669.071446][T20042] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5602'. [ 669.262582][T20046] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 669.306470][T20042] hsr_slave_1 (unregistering): left promiscuous mode [ 670.665988][T20078] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5615'. [ 671.340944][T20094] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5622'. [ 671.415447][T20094] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.422796][T20094] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.705293][T20181] FAULT_INJECTION: forcing a failure. [ 674.705293][T20181] name failslab, interval 1, probability 0, space 0, times 0 [ 674.775870][T20181] CPU: 1 UID: 0 PID: 20181 Comm: syz.4.5655 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 674.775898][T20181] Tainted: [I]=FIRMWARE_WORKAROUND [ 674.775903][T20181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 674.775912][T20181] Call Trace: [ 674.775917][T20181] [ 674.775923][T20181] dump_stack_lvl+0x16c/0x1f0 [ 674.775947][T20181] should_fail_ex+0x512/0x640 [ 674.775968][T20181] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 674.775985][T20181] should_failslab+0xc2/0x120 [ 674.776002][T20181] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 674.776017][T20181] ? __kernfs_new_node+0xd2/0x8a0 [ 674.776041][T20181] __kernfs_new_node+0xd2/0x8a0 [ 674.776063][T20181] ? __pfx___kernfs_new_node+0x10/0x10 [ 674.776087][T20181] ? find_held_lock+0x2b/0x80 [ 674.776100][T20181] ? kernfs_root+0xee/0x2a0 [ 674.776116][T20181] kernfs_new_node+0x13c/0x1e0 [ 674.776134][T20181] __kernfs_create_file+0x53/0x350 [ 674.776153][T20181] sysfs_add_file_mode_ns+0x207/0x3c0 [ 674.776177][T20181] internal_create_group+0x578/0xf30 [ 674.776195][T20181] ? __pfx_internal_create_group+0x10/0x10 [ 674.776211][T20181] ? kernfs_create_link+0x1bd/0x240 [ 674.776231][T20181] internal_create_groups+0x9d/0x150 [ 674.776245][T20181] device_add+0xf30/0x1a70 [ 674.776265][T20181] ? __pfx_device_add+0x10/0x10 [ 674.776282][T20181] ? lockdep_init_map_type+0x5c/0x280 [ 674.776300][T20181] ? __init_waitqueue_head+0xca/0x150 [ 674.776324][T20181] netdev_register_kobject+0x182/0x3a0 [ 674.776345][T20181] register_netdevice+0x13dc/0x2270 [ 674.776365][T20181] ? __pfx_register_netdevice+0x10/0x10 [ 674.776389][T20181] internal_dev_create+0x2d3/0x520 [ 674.776411][T20181] ovs_vport_add+0x144/0x4d0 [ 674.776431][T20181] new_vport+0x16/0x1d0 [ 674.776447][T20181] ovs_dp_cmd_new+0x6ba/0xe60 [ 674.776469][T20181] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 674.776489][T20181] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 674.776508][T20181] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 674.776530][T20181] genl_family_rcv_msg_doit+0x206/0x2f0 [ 674.776550][T20181] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 674.776568][T20181] ? trace_cap_capable+0x18d/0x200 [ 674.776586][T20181] ? bpf_lsm_capable+0x9/0x10 [ 674.776599][T20181] ? security_capable+0x7e/0x260 [ 674.776612][T20181] ? ns_capable+0xd7/0x110 [ 674.776628][T20181] genl_rcv_msg+0x55c/0x800 [ 674.776648][T20181] ? __pfx_genl_rcv_msg+0x10/0x10 [ 674.776665][T20181] ? __pfx___dev_queue_xmit+0x10/0x10 [ 674.776685][T20181] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 674.776703][T20181] ? __lock_acquire+0xaa4/0x1ba0 [ 674.776722][T20181] netlink_rcv_skb+0x16a/0x440 [ 674.776738][T20181] ? __pfx_genl_rcv_msg+0x10/0x10 [ 674.776765][T20181] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 674.776791][T20181] ? __pfx_down_read+0x10/0x10 [ 674.776813][T20181] ? netlink_deliver_tap+0x1ae/0xd30 [ 674.776832][T20181] genl_rcv+0x28/0x40 [ 674.776849][T20181] netlink_unicast+0x53a/0x7f0 [ 674.776867][T20181] ? __pfx_netlink_unicast+0x10/0x10 [ 674.776881][T20181] ? __lock_acquire+0xaa4/0x1ba0 [ 674.776905][T20181] netlink_sendmsg+0x8d1/0xdd0 [ 674.776924][T20181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 674.776947][T20181] ____sys_sendmsg+0xa95/0xc70 [ 674.776967][T20181] ? copy_msghdr_from_user+0x10a/0x160 [ 674.776981][T20181] ? __pfx_____sys_sendmsg+0x10/0x10 [ 674.777003][T20181] ? try_to_wake_up+0xa2f/0x1680 [ 674.777019][T20181] ___sys_sendmsg+0x134/0x1d0 [ 674.777035][T20181] ? __pfx____sys_sendmsg+0x10/0x10 [ 674.777073][T20181] __sys_sendmsg+0x16d/0x220 [ 674.777088][T20181] ? __pfx___sys_sendmsg+0x10/0x10 [ 674.777102][T20181] ? __x64_sys_futex+0x1e0/0x4c0 [ 674.777121][T20181] ? rcu_is_watching+0x12/0xc0 [ 674.777139][T20181] do_syscall_64+0xcd/0x230 [ 674.777159][T20181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.777172][T20181] RIP: 0033:0x7f9d3858e969 [ 674.777185][T20181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.777198][T20181] RSP: 002b:00007f9d39351038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 674.777211][T20181] RAX: ffffffffffffffda RBX: 00007f9d387b5fa0 RCX: 00007f9d3858e969 [ 674.777220][T20181] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 674.777229][T20181] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 674.777236][T20181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.777244][T20181] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 674.777263][T20181] [ 675.576481][T20192] FAULT_INJECTION: forcing a failure. [ 675.576481][T20192] name failslab, interval 1, probability 0, space 0, times 0 [ 675.589192][T20192] CPU: 1 UID: 0 PID: 20192 Comm: syz.4.5660 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 675.589217][T20192] Tainted: [I]=FIRMWARE_WORKAROUND [ 675.589222][T20192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 675.589231][T20192] Call Trace: [ 675.589237][T20192] [ 675.589243][T20192] dump_stack_lvl+0x16c/0x1f0 [ 675.589266][T20192] should_fail_ex+0x512/0x640 [ 675.589285][T20192] ? __kmalloc_noprof+0xbf/0x510 [ 675.589301][T20192] ? memcg_list_lru_alloc+0x4e9/0x740 [ 675.589317][T20192] should_failslab+0xc2/0x120 [ 675.589333][T20192] __kmalloc_noprof+0xd2/0x510 [ 675.589346][T20192] ? __lock_acquire+0x5ca/0x1ba0 [ 675.589366][T20192] memcg_list_lru_alloc+0x4e9/0x740 [ 675.589387][T20192] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 675.589407][T20192] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 675.589431][T20192] __memcg_slab_post_alloc_hook+0x131/0x940 [ 675.589451][T20192] ? kasan_save_track+0x14/0x30 [ 675.589466][T20192] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 675.589482][T20192] ? alloc_inode+0xc3/0x240 [ 675.589500][T20192] alloc_inode+0xc3/0x240 [ 675.589516][T20192] path_from_stashed+0x2be/0xb00 [ 675.589530][T20192] ? do_raw_spin_lock+0x12c/0x2b0 [ 675.589550][T20192] ? __pfx_path_from_stashed+0x10/0x10 [ 675.589563][T20192] ? do_raw_spin_unlock+0x172/0x230 [ 675.589585][T20192] ns_get_path+0x5f/0x80 [ 675.589604][T20192] proc_ns_get_link+0x121/0x260 [ 675.589624][T20192] ? __pfx_proc_ns_get_link+0x10/0x10 [ 675.589643][T20192] ? __pfx___might_resched+0x10/0x10 [ 675.589660][T20192] ? __pfx_proc_ns_get_link+0x10/0x10 [ 675.589680][T20192] step_into+0x1b22/0x2270 [ 675.589702][T20192] ? __pfx_step_into+0x10/0x10 [ 675.589727][T20192] ? find_held_lock+0x2b/0x80 [ 675.589747][T20192] path_openat+0x749/0x2d40 [ 675.589768][T20192] ? __pfx_path_openat+0x10/0x10 [ 675.589786][T20192] do_filp_open+0x20b/0x470 [ 675.589799][T20192] ? __pfx_do_filp_open+0x10/0x10 [ 675.589825][T20192] ? alloc_fd+0x471/0x7d0 [ 675.589849][T20192] do_sys_openat2+0x11b/0x1d0 [ 675.589866][T20192] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.589889][T20192] __x64_sys_openat+0x174/0x210 [ 675.589906][T20192] ? __pfx___x64_sys_openat+0x10/0x10 [ 675.589924][T20192] ? rcu_is_watching+0x12/0xc0 [ 675.589942][T20192] do_syscall_64+0xcd/0x230 [ 675.589961][T20192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.589975][T20192] RIP: 0033:0x7f9d3858d2d0 [ 675.589987][T20192] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 675.590001][T20192] RSP: 002b:00007f9d39350f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 675.590014][T20192] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9d3858d2d0 [ 675.590023][T20192] RDX: 0000000000000002 RSI: 00007f9d39350fa0 RDI: 00000000ffffff9c [ 675.590031][T20192] RBP: 00007f9d39350fa0 R08: 0000000000000000 R09: 0000000000000000 [ 675.590039][T20192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 675.590048][T20192] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 675.590065][T20192] [ 677.176758][T20207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5665'. [ 677.217050][T20209] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5666'. [ 677.283277][T20209] netlink: 98 bytes leftover after parsing attributes in process `syz.1.5666'. [ 677.402444][T20213] FAULT_INJECTION: forcing a failure. [ 677.402444][T20213] name failslab, interval 1, probability 0, space 0, times 0 [ 677.466861][T20213] CPU: 1 UID: 0 PID: 20213 Comm: syz.4.5668 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 677.466888][T20213] Tainted: [I]=FIRMWARE_WORKAROUND [ 677.466893][T20213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 677.466901][T20213] Call Trace: [ 677.466906][T20213] [ 677.466912][T20213] dump_stack_lvl+0x16c/0x1f0 [ 677.466936][T20213] should_fail_ex+0x512/0x640 [ 677.466955][T20213] ? fs_reclaim_acquire+0xae/0x150 [ 677.466978][T20213] ? tomoyo_encode2+0x100/0x3e0 [ 677.466996][T20213] should_failslab+0xc2/0x120 [ 677.467013][T20213] __kmalloc_noprof+0xd2/0x510 [ 677.467026][T20213] ? d_absolute_path+0x136/0x1a0 [ 677.467045][T20213] tomoyo_encode2+0x100/0x3e0 [ 677.467065][T20213] tomoyo_encode+0x29/0x50 [ 677.467080][T20213] tomoyo_realpath_from_path+0x18f/0x6e0 [ 677.467104][T20213] tomoyo_check_open_permission+0x2ab/0x3c0 [ 677.467120][T20213] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 677.467154][T20213] ? do_raw_spin_lock+0x12c/0x2b0 [ 677.467178][T20213] tomoyo_file_open+0x6b/0x90 [ 677.467199][T20213] security_file_open+0x84/0x1e0 [ 677.467216][T20213] do_dentry_open+0x596/0x1c10 [ 677.467235][T20213] vfs_open+0x82/0x3f0 [ 677.467254][T20213] path_openat+0x1e5e/0x2d40 [ 677.467274][T20213] ? __pfx_path_openat+0x10/0x10 [ 677.467291][T20213] do_filp_open+0x20b/0x470 [ 677.467304][T20213] ? __pfx_do_filp_open+0x10/0x10 [ 677.467330][T20213] ? alloc_fd+0x471/0x7d0 [ 677.467354][T20213] do_sys_openat2+0x11b/0x1d0 [ 677.467371][T20213] ? __pfx_do_sys_openat2+0x10/0x10 [ 677.467394][T20213] __x64_sys_openat+0x174/0x210 [ 677.467411][T20213] ? __pfx___x64_sys_openat+0x10/0x10 [ 677.467429][T20213] ? rcu_is_watching+0x12/0xc0 [ 677.467447][T20213] do_syscall_64+0xcd/0x230 [ 677.467466][T20213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.467486][T20213] RIP: 0033:0x7f9d3858e969 [ 677.467499][T20213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.467514][T20213] RSP: 002b:00007f9d39351038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 677.467528][T20213] RAX: ffffffffffffffda RBX: 00007f9d387b5fa0 RCX: 00007f9d3858e969 [ 677.467537][T20213] RDX: 0000000000000002 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 677.467546][T20213] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 677.467554][T20213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 677.467563][T20213] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 677.467581][T20213] [ 677.467599][T20213] ERROR: Out of memory at tomoyo_realpath_from_path. [ 677.766867][T20215] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 677.805303][T20215] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 678.580130][T20220] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.600924][T20220] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.627292][T20220] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.653728][T20220] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 678.700255][T20220] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.770045][T20220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 678.794154][T20220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 678.878848][T20220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 678.954792][T20220] CPU0 is offline. [ 679.749275][T20258] FAULT_INJECTION: forcing a failure. [ 679.749275][T20258] name failslab, interval 1, probability 0, space 0, times 0 [ 679.827229][T20258] CPU: 1 UID: 0 PID: 20258 Comm: syz.4.5682 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 679.827257][T20258] Tainted: [I]=FIRMWARE_WORKAROUND [ 679.827262][T20258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 679.827270][T20258] Call Trace: [ 679.827281][T20258] [ 679.827287][T20258] dump_stack_lvl+0x16c/0x1f0 [ 679.827313][T20258] should_fail_ex+0x512/0x640 [ 679.827332][T20258] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 679.827357][T20258] should_failslab+0xc2/0x120 [ 679.827374][T20258] __kmalloc_cache_noprof+0x6a/0x3e0 [ 679.827394][T20258] ? ww_mutex_lock+0x37/0x160 [ 679.827411][T20258] ? vkms_plane_duplicate_state+0x45/0x130 [ 679.827432][T20258] ? modeset_lock+0x114/0x6e0 [ 679.827446][T20258] vkms_plane_duplicate_state+0x45/0x130 [ 679.827467][T20258] drm_atomic_get_plane_state+0x20b/0x590 [ 679.827486][T20258] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 679.827504][T20258] ? __pfx___might_resched+0x10/0x10 [ 679.827524][T20258] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 679.827561][T20258] drm_client_modeset_commit_locked+0x14d/0x580 [ 679.827580][T20258] drm_client_modeset_commit+0x4f/0x80 [ 679.827597][T20258] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 679.827612][T20258] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 679.827631][T20258] drm_fbdev_client_restore+0x2c/0x40 [ 679.827649][T20258] drm_client_dev_restore+0x1f3/0x2a0 [ 679.827668][T20258] drm_release+0x2c4/0x360 [ 679.827685][T20258] ? __pfx_drm_release+0x10/0x10 [ 679.827699][T20258] __fput+0x3ff/0xb70 [ 679.827719][T20258] task_work_run+0x14d/0x240 [ 679.827739][T20258] ? __pfx_task_work_run+0x10/0x10 [ 679.827758][T20258] ? __pfx___do_sys_close_range+0x10/0x10 [ 679.827770][T20258] ? rcu_is_watching+0x12/0xc0 [ 679.827787][T20258] syscall_exit_to_user_mode+0x27b/0x2a0 [ 679.827807][T20258] do_syscall_64+0xda/0x230 [ 679.827826][T20258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.827843][T20258] RIP: 0033:0x7f9d3858e969 [ 679.827856][T20258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.827869][T20258] RSP: 002b:00007f9d39351038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 679.827883][T20258] RAX: 0000000000000000 RBX: 00007f9d387b5fa0 RCX: 00007f9d3858e969 [ 679.827892][T20258] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 679.827899][T20258] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 679.827907][T20258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 679.827915][T20258] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 679.827933][T20258] [ 680.294764][T20263] FAULT_INJECTION: forcing a failure. [ 680.294764][T20263] name failslab, interval 1, probability 0, space 0, times 0 [ 680.307499][T20263] CPU: 1 UID: 0 PID: 20263 Comm: syz.1.5683 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 680.307523][T20263] Tainted: [I]=FIRMWARE_WORKAROUND [ 680.307528][T20263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 680.307537][T20263] Call Trace: [ 680.307542][T20263] [ 680.307547][T20263] dump_stack_lvl+0x16c/0x1f0 [ 680.307572][T20263] should_fail_ex+0x512/0x640 [ 680.307591][T20263] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 680.307609][T20263] should_failslab+0xc2/0x120 [ 680.307626][T20263] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 680.307642][T20263] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 680.307659][T20263] acpi_ut_create_generic_state+0x5c/0xb0 [ 680.307672][T20263] acpi_ds_scope_stack_push+0x4b/0x1d0 [ 680.307690][T20263] acpi_ds_init_aml_walk+0x2bb/0x590 [ 680.307708][T20263] acpi_ps_execute_method+0x32d/0xb30 [ 680.307727][T20263] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 680.307748][T20263] acpi_ns_evaluate+0x76c/0xca0 [ 680.307765][T20263] ? kasan_save_track+0x14/0x30 [ 680.307781][T20263] acpi_evaluate_object+0x1fa/0xa90 [ 680.307797][T20263] ? do_syscall_64+0xcd/0x230 [ 680.307813][T20263] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.307828][T20263] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 680.307843][T20263] ? __mutex_trylock_common+0xe9/0x250 [ 680.307864][T20263] acpi_evaluate_integer+0xdd/0x200 [ 680.307884][T20263] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 680.307912][T20263] ? __pfx_status_show+0x10/0x10 [ 680.307926][T20263] status_show+0xa0/0x120 [ 680.307940][T20263] ? __pfx_status_show+0x10/0x10 [ 680.307959][T20263] dev_attr_show+0x53/0xe0 [ 680.307977][T20263] ? __pfx_dev_attr_show+0x10/0x10 [ 680.307992][T20263] sysfs_kf_seq_show+0x213/0x3e0 [ 680.308014][T20263] seq_read_iter+0x506/0x12c0 [ 680.308042][T20263] kernfs_fop_read_iter+0x40f/0x5a0 [ 680.308057][T20263] ? rw_verify_area+0xcf/0x680 [ 680.308080][T20263] vfs_read+0x8c8/0xc70 [ 680.308095][T20263] ? __pfx___mutex_lock+0x10/0x10 [ 680.308112][T20263] ? __pfx_vfs_read+0x10/0x10 [ 680.308137][T20263] ksys_read+0x12a/0x240 [ 680.308150][T20263] ? __pfx_ksys_read+0x10/0x10 [ 680.308161][T20263] ? rcu_is_watching+0x12/0xc0 [ 680.308179][T20263] do_syscall_64+0xcd/0x230 [ 680.308216][T20263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.308232][T20263] RIP: 0033:0x7fc209d8e969 [ 680.308245][T20263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 680.308259][T20263] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 680.308271][T20263] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 680.308281][T20263] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 680.308289][T20263] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 680.308297][T20263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.308305][T20263] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 680.308324][T20263] [ 680.308332][T20263] ACPI Error: [ 680.657023][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 680.666643][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 680.672665][ T5828] Bluetooth: hci0: command 0x0406 tx timeout [ 680.761968][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 680.886269][T20263] ffff88806df4f000 walk still has a scope list (20240827/dswstate-694) [ 681.707313][T20288] netlink: 'syz.0.5692': attribute type 16 has an invalid length. [ 681.722081][T20289] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5693'. [ 681.738819][T20288] netlink: 50 bytes leftover after parsing attributes in process `syz.0.5692'. [ 681.988035][T20291] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5694'. [ 682.721699][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 682.797695][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 683.248921][ T5831] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 683.694235][T20335] tipc: Started in network mode [ 683.734444][T20338] FAULT_INJECTION: forcing a failure. [ 683.734444][T20338] name failslab, interval 1, probability 0, space 0, times 0 [ 683.753950][T20335] tipc: Node identity ffffffff, cluster identity 4711 [ 683.773805][T20335] tipc: Node number set to 4294967295 [ 683.802076][T20338] CPU: 1 UID: 0 PID: 20338 Comm: syz.1.5710 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 683.802104][T20338] Tainted: [I]=FIRMWARE_WORKAROUND [ 683.802109][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 683.802118][T20338] Call Trace: [ 683.802124][T20338] [ 683.802130][T20338] dump_stack_lvl+0x16c/0x1f0 [ 683.802154][T20338] should_fail_ex+0x512/0x640 [ 683.802174][T20338] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 683.802191][T20338] should_failslab+0xc2/0x120 [ 683.802208][T20338] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 683.802223][T20338] ? __d_alloc+0x31/0xaa0 [ 683.802239][T20338] __d_alloc+0x31/0xaa0 [ 683.802255][T20338] d_alloc+0x4a/0x1e0 [ 683.802269][T20338] d_alloc_parallel+0xe3/0x12e0 [ 683.802286][T20338] ? kasan_save_stack+0x42/0x60 [ 683.802299][T20338] ? kasan_save_track+0x14/0x30 [ 683.802312][T20338] ? kasan_save_free_info+0x3b/0x60 [ 683.802329][T20338] ? kfree+0x2b6/0x4d0 [ 683.802339][T20338] ? walk_component+0x1a2/0x5b0 [ 683.802356][T20338] ? link_path_walk.part.0.constprop.0+0x553/0xd60 [ 683.802378][T20338] ? __lock_acquire+0xaa4/0x1ba0 [ 683.802395][T20338] ? __pfx_d_alloc_parallel+0x10/0x10 [ 683.802414][T20338] ? lockdep_init_map_type+0x5c/0x280 [ 683.802431][T20338] ? lockdep_init_map_type+0x5c/0x280 [ 683.802451][T20338] __lookup_slow+0x193/0x460 [ 683.802468][T20338] ? __pfx___lookup_slow+0x10/0x10 [ 683.802499][T20338] ? lookup_fast+0x156/0x610 [ 683.802519][T20338] walk_component+0x353/0x5b0 [ 683.802539][T20338] link_path_walk.part.0.constprop.0+0x685/0xd60 [ 683.802566][T20338] path_openat+0x227/0x2d40 [ 683.802577][T20338] ? __x64_sys_openat+0x174/0x210 [ 683.802602][T20338] ? __pfx_path_openat+0x10/0x10 [ 683.802619][T20338] do_filp_open+0x20b/0x470 [ 683.802632][T20338] ? __pfx_do_filp_open+0x10/0x10 [ 683.802651][T20338] ? __pfx_kfree_link+0x10/0x10 [ 683.802673][T20338] ? alloc_fd+0x471/0x7d0 [ 683.802697][T20338] do_sys_openat2+0x11b/0x1d0 [ 683.802714][T20338] ? __pfx_do_sys_openat2+0x10/0x10 [ 683.802738][T20338] __x64_sys_openat+0x174/0x210 [ 683.802755][T20338] ? __pfx___x64_sys_openat+0x10/0x10 [ 683.802773][T20338] ? rcu_is_watching+0x12/0xc0 [ 683.802791][T20338] do_syscall_64+0xcd/0x230 [ 683.802811][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.802825][T20338] RIP: 0033:0x7fc209d8d2d0 [ 683.802836][T20338] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 683.802850][T20338] RSP: 002b:00007fc20ac1ef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 683.802863][T20338] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc209d8d2d0 [ 683.802872][T20338] RDX: 0000000000000002 RSI: 00007fc20ac1efa0 RDI: 00000000ffffff9c [ 683.802887][T20338] RBP: 00007fc20ac1efa0 R08: 0000000000000000 R09: 0000000000000000 [ 683.802896][T20338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 683.802904][T20338] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 683.802922][T20338] [ 684.149355][T20339] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.878791][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 685.296973][T20373] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 685.527766][T20380] FAULT_INJECTION: forcing a failure. [ 685.527766][T20380] name failslab, interval 1, probability 0, space 0, times 0 [ 685.580365][T20380] CPU: 1 UID: 0 PID: 20380 Comm: syz.1.5727 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 685.580392][T20380] Tainted: [I]=FIRMWARE_WORKAROUND [ 685.580398][T20380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 685.580407][T20380] Call Trace: [ 685.580412][T20380] [ 685.580418][T20380] dump_stack_lvl+0x16c/0x1f0 [ 685.580443][T20380] should_fail_ex+0x512/0x640 [ 685.580463][T20380] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 685.580481][T20380] should_failslab+0xc2/0x120 [ 685.580498][T20380] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 685.580513][T20380] ? __kernfs_new_node+0xd2/0x8a0 [ 685.580536][T20380] __kernfs_new_node+0xd2/0x8a0 [ 685.580558][T20380] ? __pfx___kernfs_new_node+0x10/0x10 [ 685.580582][T20380] ? find_held_lock+0x2b/0x80 [ 685.580596][T20380] ? kernfs_root+0xee/0x2a0 [ 685.580611][T20380] kernfs_new_node+0x13c/0x1e0 [ 685.580629][T20380] __kernfs_create_file+0x53/0x350 [ 685.580648][T20380] sysfs_add_file_mode_ns+0x207/0x3c0 [ 685.580672][T20380] internal_create_group+0x578/0xf30 [ 685.580690][T20380] ? __pfx_internal_create_group+0x10/0x10 [ 685.580722][T20380] ? kernfs_create_link+0x1bd/0x240 [ 685.580749][T20380] internal_create_groups+0x9d/0x150 [ 685.580764][T20380] device_add+0x6d1/0x1a70 [ 685.580784][T20380] ? __pfx_device_add+0x10/0x10 [ 685.580802][T20380] ? lockdep_init_map_type+0x5c/0x280 [ 685.580819][T20380] ? __init_waitqueue_head+0xca/0x150 [ 685.580843][T20380] netdev_register_kobject+0x182/0x3a0 [ 685.580864][T20380] register_netdevice+0x13dc/0x2270 [ 685.580885][T20380] ? __pfx_register_netdevice+0x10/0x10 [ 685.580902][T20380] ? alloc_netdev_mqs+0xe7e/0x1570 [ 685.580922][T20380] ? __pfx_loopback_net_init+0x10/0x10 [ 685.580939][T20380] register_netdev+0x34/0x50 [ 685.580955][T20380] loopback_net_init+0x7a/0x170 [ 685.580971][T20380] ? __pfx_loopback_net_init+0x10/0x10 [ 685.580987][T20380] ops_init+0x1df/0x5f0 [ 685.581005][T20380] setup_net+0x21e/0x850 [ 685.581022][T20380] ? __pfx_setup_net+0x10/0x10 [ 685.581036][T20380] ? lockdep_init_map_type+0x5c/0x280 [ 685.581053][T20380] ? __pfx_down_read_killable+0x10/0x10 [ 685.581074][T20380] ? debug_mutex_init+0x37/0x70 [ 685.581088][T20380] copy_net_ns+0x2a6/0x5f0 [ 685.581107][T20380] create_new_namespaces+0x3ea/0xad0 [ 685.581126][T20380] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 685.581143][T20380] ksys_unshare+0x45b/0xa40 [ 685.581161][T20380] ? __pfx_ksys_unshare+0x10/0x10 [ 685.581177][T20380] ? xfd_validate_state+0x5d/0x180 [ 685.581198][T20380] ? rcu_is_watching+0x12/0xc0 [ 685.581216][T20380] __x64_sys_unshare+0x31/0x40 [ 685.581232][T20380] do_syscall_64+0xcd/0x230 [ 685.581252][T20380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.581266][T20380] RIP: 0033:0x7fc209d8e969 [ 685.581278][T20380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.581291][T20380] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 685.581305][T20380] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 685.581314][T20380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 685.581323][T20380] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 685.581331][T20380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.581339][T20380] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 685.581357][T20380] [ 685.988082][T20384] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 686.445543][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.459625][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.810153][T20398] openvswitch: netlink: IP tunnel dst address not specified [ 686.981273][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 687.185813][T20407] netlink: 504 bytes leftover after parsing attributes in process `syz.4.5737'. [ 687.239555][T20407] netlink: 350 bytes leftover after parsing attributes in process `syz.4.5737'. [ 687.822133][T20420] FAULT_INJECTION: forcing a failure. [ 687.822133][T20420] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 687.950635][T20420] CPU: 1 UID: 0 PID: 20420 Comm: syz.1.5741 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 687.950662][T20420] Tainted: [I]=FIRMWARE_WORKAROUND [ 687.950667][T20420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 687.950675][T20420] Call Trace: [ 687.950681][T20420] [ 687.950686][T20420] dump_stack_lvl+0x16c/0x1f0 [ 687.950713][T20420] should_fail_ex+0x512/0x640 [ 687.950735][T20420] should_fail_alloc_page+0xe7/0x130 [ 687.950753][T20420] prepare_alloc_pages+0x3c2/0x610 [ 687.950774][T20420] ? rcu_is_watching+0x12/0xc0 [ 687.950789][T20420] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 687.950804][T20420] ? finish_task_switch.isra.0+0x221/0xc10 [ 687.950819][T20420] ? rcu_is_watching+0x12/0xc0 [ 687.950831][T20420] ? trace_sched_exit_tp+0xde/0x130 [ 687.950846][T20420] ? __schedule+0x1186/0x5de0 [ 687.950865][T20420] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 687.950881][T20420] ? __pfx_stack_trace_save+0x10/0x10 [ 687.950898][T20420] ? __pfx___schedule+0x10/0x10 [ 687.950916][T20420] ? __lock_acquire+0xaa4/0x1ba0 [ 687.950931][T20420] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 687.950950][T20420] ? policy_nodemask+0xea/0x4e0 [ 687.950967][T20420] alloc_pages_mpol+0x1fb/0x550 [ 687.950983][T20420] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 687.950997][T20420] ? __page_table_check_ptes_set+0x1ae/0x420 [ 687.951013][T20420] ? find_held_lock+0x2b/0x80 [ 687.951028][T20420] alloc_pages_noprof+0x131/0x390 [ 687.951043][T20420] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 687.951056][T20420] get_free_pages_noprof+0xc/0x40 [ 687.951072][T20420] kasan_populate_vmalloc_pte+0x2d/0x160 [ 687.951086][T20420] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 687.951099][T20420] __apply_to_page_range+0x617/0xd60 [ 687.951120][T20420] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 687.951136][T20420] ? __pfx___apply_to_page_range+0x10/0x10 [ 687.951155][T20420] ? alloc_vmap_area+0x872/0x2970 [ 687.951176][T20420] alloc_vmap_area+0x919/0x2970 [ 687.951201][T20420] ? __pfx_alloc_vmap_area+0x10/0x10 [ 687.951224][T20420] __get_vm_area_node+0x1a7/0x300 [ 687.951246][T20420] __vmalloc_node_range_noprof+0x277/0x1540 [ 687.951267][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 687.951291][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 687.951312][T20420] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 687.951339][T20420] __kvmalloc_node_noprof+0x2ff/0x600 [ 687.951353][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 687.951372][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 687.951393][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 687.951409][T20420] __do_sys_listmount+0x1c2/0xed0 [ 687.951431][T20420] ? __x64_sys_futex+0x1e0/0x4c0 [ 687.951444][T20420] ? __x64_sys_futex+0x1e9/0x4c0 [ 687.951458][T20420] ? __pfx___do_sys_listmount+0x10/0x10 [ 687.951476][T20420] ? xfd_validate_state+0x5d/0x180 [ 687.951512][T20420] do_syscall_64+0xcd/0x230 [ 687.951532][T20420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.951547][T20420] RIP: 0033:0x7fc209d8e969 [ 687.951559][T20420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.951571][T20420] RSP: 002b:00007fc20abfe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 687.951584][T20420] RAX: ffffffffffffffda RBX: 00007fc209fb6080 RCX: 00007fc209d8e969 [ 687.951593][T20420] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 687.951602][T20420] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 687.951610][T20420] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 687.951618][T20420] R13: 0000000000000000 R14: 00007fc209fb6080 R15: 00007ffd8f31f108 [ 687.951635][T20420] [ 688.707525][T20420] warn_alloc: 1 callbacks suppressed [ 688.707541][T20420] syz.1.5741: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 688.888763][T20420] CPU: 1 UID: 0 PID: 20420 Comm: syz.1.5741 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 688.888789][T20420] Tainted: [I]=FIRMWARE_WORKAROUND [ 688.888794][T20420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 688.888803][T20420] Call Trace: [ 688.888808][T20420] [ 688.888814][T20420] dump_stack_lvl+0x16c/0x1f0 [ 688.888837][T20420] warn_alloc+0x248/0x3a0 [ 688.888854][T20420] ? __pfx_warn_alloc+0x10/0x10 [ 688.888869][T20420] ? kfree+0x2b6/0x4d0 [ 688.888885][T20420] ? __get_vm_area_node+0x1e5/0x300 [ 688.888910][T20420] __vmalloc_node_range_noprof+0xd31/0x1540 [ 688.888936][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 688.888959][T20420] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 688.888985][T20420] __kvmalloc_node_noprof+0x2ff/0x600 [ 688.888999][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 688.889017][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 688.889038][T20420] ? __do_sys_listmount+0x1c2/0xed0 [ 688.889054][T20420] __do_sys_listmount+0x1c2/0xed0 [ 688.889075][T20420] ? __x64_sys_futex+0x1e0/0x4c0 [ 688.889088][T20420] ? __x64_sys_futex+0x1e9/0x4c0 [ 688.889102][T20420] ? __pfx___do_sys_listmount+0x10/0x10 [ 688.889120][T20420] ? xfd_validate_state+0x5d/0x180 [ 688.889147][T20420] do_syscall_64+0xcd/0x230 [ 688.889166][T20420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.889184][T20420] RIP: 0033:0x7fc209d8e969 [ 688.889196][T20420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.889216][T20420] RSP: 002b:00007fc20abfe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 688.889229][T20420] RAX: ffffffffffffffda RBX: 00007fc209fb6080 RCX: 00007fc209d8e969 [ 688.889238][T20420] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 688.889246][T20420] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 688.889254][T20420] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 688.889262][T20420] R13: 0000000000000000 R14: 00007fc209fb6080 R15: 00007ffd8f31f108 [ 688.889279][T20420] [ 688.889958][T20420] Mem-Info: [ 689.620621][T20420] active_anon:65207 inactive_anon:1 isolated_anon:0 [ 689.620621][T20420] active_file:2210 inactive_file:56922 isolated_file:0 [ 689.620621][T20420] unevictable:768 dirty:286 writeback:6 [ 689.620621][T20420] slab_reclaimable:11180 slab_unreclaimable:103206 [ 689.620621][T20420] mapped:32676 shmem:52821 pagetables:1203 [ 689.620621][T20420] sec_pagetables:0 bounce:0 [ 689.620621][T20420] kernel_misc_reclaimable:0 [ 689.620621][T20420] free:1248754 free_pcp:17869 free_cma:0 [ 689.711432][T20432] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5745'. [ 689.799997][T20420] Node 0 active_anon:256824kB inactive_anon:4kB active_file:8840kB inactive_file:217764kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134332kB dirty:984kB writeback:24kB shmem:203468kB shmem_thp:12288kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:11312kB pagetables:4864kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 689.893346][T20432] ›: renamed from hsr0 (while UP) [ 689.943326][T20420] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:376kB dirty:160kB writeback:0kB shmem:3552kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 690.130096][T20420] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 690.284226][T20420] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 690.290058][T20420] Node 0 DMA32 free:1157572kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:247620kB inactive_anon:4kB active_file:8840kB inactive_file:215952kB unevictable:1536kB writepending:1024kB present:3129332kB managed:2544168kB mlocked:0kB bounce:0kB free_pcp:2068kB local_pcp:2068kB free_cma:0kB [ 690.493327][T20420] lowmem_reserve[]: 0 0 1 1 1 [ 690.498060][T20420] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 690.667964][T20420] lowmem_reserve[]: 0 0 0 0 0 [ 690.730300][T20420] Node 1 Normal free:3836736kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB writepending:176kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:67792kB local_pcp:67792kB free_cma:0kB [ 690.873591][T20420] lowmem_reserve[]: 0 0 0 0 0 [ 690.904962][T20420] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 690.959962][T20420] Node 0 DMA32: 5726*4kB (UME) 615*8kB (UME) 653*16kB (UME) 530*32kB (UME) 156*64kB (UME) 403*128kB (UME) 184*256kB (UME) 81*512kB (UME) 48*1024kB (UM) 5*2048kB (UM) 221*4096kB (UME) = 1169984kB [ 691.053736][T20420] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 691.130402][T20420] Node 1 Normal: 12*4kB (UME) 6*8kB (UME) 12*16kB (UME) 61*32kB (UME) 308*64kB (UME) 39*128kB (UME) 18*256kB (UME) 10*512kB (UM) 9*1024kB (UME) 5*2048kB (UME) 923*4096kB (M) = 3836736kB [ 691.241867][T20420] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.280870][T20420] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 691.326559][T20420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.372079][T20420] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 691.414081][T20420] 103575 total pagecache pages [ 691.441959][T20420] 29 pages in swap cache [ 691.446294][T20420] Free swap = 122344kB [ 691.456415][T20420] Total swap = 124996kB [ 691.485884][T20420] 2097051 pages RAM [ 691.524948][T20420] 0 pages HighMem/MovableOnly [ 691.550500][T20420] 428903 pages reserved [ 691.564955][T20420] 0 pages cma reserved [ 692.013117][ T5831] Bluetooth: hci0: unexpected subevent 0x19 length: 252 > 28 [ 692.020541][ T5831] Bluetooth: hci0: Unable to find connection with handle 0xc3d2 [ 693.514960][T20486] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 693.688699][T20491] netlink: 'syz.1.5765': attribute type 32 has an invalid length. [ 694.164309][T20500] netlink: 158 bytes leftover after parsing attributes in process `syz.1.5769'. [ 694.298991][T20488] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 694.615621][T20508] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5773'. [ 694.668248][T20508] ›: renamed from hsr0 (while UP) [ 694.854226][T20510] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5775'. [ 695.397951][T20523] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5779'. [ 695.508872][T20526] netlink: 302 bytes leftover after parsing attributes in process `syz.1.5779'. [ 695.749813][T20530] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5782'. [ 698.466691][T20584] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5802'. [ 698.573544][T20584] geneve1: entered allmulticast mode [ 698.582354][ T5831] Bluetooth: hci2: unexpected subevent 0x19 length: 252 > 28 [ 698.589989][ T5831] Bluetooth: hci2: Unable to find connection with handle 0xc3d2 [ 699.625119][T20610] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5810'. [ 700.315534][T20618] FAULT_INJECTION: forcing a failure. [ 700.315534][T20618] name failslab, interval 1, probability 0, space 0, times 0 [ 700.460393][T20618] CPU: 1 UID: 0 PID: 20618 Comm: syz.4.5812 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 700.460420][T20618] Tainted: [I]=FIRMWARE_WORKAROUND [ 700.460425][T20618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 700.460434][T20618] Call Trace: [ 700.460439][T20618] [ 700.460445][T20618] dump_stack_lvl+0x16c/0x1f0 [ 700.460471][T20618] should_fail_ex+0x512/0x640 [ 700.460490][T20618] ? fs_reclaim_acquire+0xae/0x150 [ 700.460512][T20618] should_failslab+0xc2/0x120 [ 700.460529][T20618] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 700.460545][T20618] ? security_inode_alloc+0x3b/0x2b0 [ 700.460563][T20618] security_inode_alloc+0x3b/0x2b0 [ 700.460578][T20618] inode_init_always_gfp+0xce4/0x1030 [ 700.460601][T20618] alloc_inode+0x86/0x240 [ 700.460617][T20618] sock_alloc+0x40/0x280 [ 700.460634][T20618] __sock_create+0xc1/0x8d0 [ 700.460655][T20618] __sys_socket+0x14d/0x260 [ 700.460674][T20618] ? __pfx___sys_socket+0x10/0x10 [ 700.460693][T20618] ? rcu_is_watching+0x12/0xc0 [ 700.460709][T20618] __x64_sys_socket+0x72/0xb0 [ 700.460727][T20618] ? lockdep_hardirqs_on+0x7c/0x110 [ 700.460744][T20618] do_syscall_64+0xcd/0x230 [ 700.460762][T20618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.460776][T20618] RIP: 0033:0x7f9d3858e969 [ 700.460788][T20618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.460801][T20618] RSP: 002b:00007f9d39351038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 700.460814][T20618] RAX: ffffffffffffffda RBX: 00007f9d387b5fa0 RCX: 00007f9d3858e969 [ 700.460823][T20618] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 700.460831][T20618] RBP: 00007f9d38610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 700.460838][T20618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 700.460846][T20618] R13: 0000000000000000 R14: 00007f9d387b5fa0 R15: 00007ffd5b5bdff8 [ 700.460863][T20618] [ 700.460886][T20618] socket: no more sockets [ 700.775922][T20621] FAULT_INJECTION: forcing a failure. [ 700.775922][T20621] name failslab, interval 1, probability 0, space 0, times 0 [ 700.806716][T20621] CPU: 1 UID: 0 PID: 20621 Comm: syz.2.5814 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 700.806744][T20621] Tainted: [I]=FIRMWARE_WORKAROUND [ 700.806749][T20621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 700.806758][T20621] Call Trace: [ 700.806762][T20621] [ 700.806768][T20621] dump_stack_lvl+0x16c/0x1f0 [ 700.806792][T20621] should_fail_ex+0x512/0x640 [ 700.806812][T20621] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 700.806831][T20621] should_failslab+0xc2/0x120 [ 700.806847][T20621] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 700.806862][T20621] ? security_file_alloc+0x34/0x2b0 [ 700.806882][T20621] security_file_alloc+0x34/0x2b0 [ 700.806898][T20621] init_file+0x93/0x4c0 [ 700.806914][T20621] alloc_empty_file+0x73/0x1e0 [ 700.806931][T20621] path_openat+0xe0/0x2d40 [ 700.806942][T20621] ? __x64_sys_openat+0x174/0x210 [ 700.806958][T20621] ? do_syscall_64+0xcd/0x230 [ 700.806974][T20621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.806994][T20621] ? __pfx_path_openat+0x10/0x10 [ 700.807011][T20621] do_filp_open+0x20b/0x470 [ 700.807023][T20621] ? __pfx_do_filp_open+0x10/0x10 [ 700.807048][T20621] ? alloc_fd+0x471/0x7d0 [ 700.807072][T20621] do_sys_openat2+0x11b/0x1d0 [ 700.807088][T20621] ? __pfx_do_sys_openat2+0x10/0x10 [ 700.807111][T20621] __x64_sys_openat+0x174/0x210 [ 700.807128][T20621] ? __pfx___x64_sys_openat+0x10/0x10 [ 700.807146][T20621] ? rcu_is_watching+0x12/0xc0 [ 700.807164][T20621] do_syscall_64+0xcd/0x230 [ 700.807182][T20621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.807195][T20621] RIP: 0033:0x7f840618d2d0 [ 700.807207][T20621] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 700.807219][T20621] RSP: 002b:00007f8406f36f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 700.807232][T20621] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f840618d2d0 [ 700.807241][T20621] RDX: 0000000000000002 RSI: 00007f8406f36fa0 RDI: 00000000ffffff9c [ 700.807249][T20621] RBP: 00007f8406f36fa0 R08: 0000000000000000 R09: 0000000000000000 [ 700.807257][T20621] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 700.807264][T20621] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 700.807280][T20621] [ 702.524646][T20649] misc userio: The device must be registered before sending interrupts [ 703.263986][T20665] FAULT_INJECTION: forcing a failure. [ 703.263986][T20665] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 703.430771][T20665] CPU: 1 UID: 0 PID: 20665 Comm: syz.2.5829 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 703.430798][T20665] Tainted: [I]=FIRMWARE_WORKAROUND [ 703.430807][T20665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 703.430815][T20665] Call Trace: [ 703.430820][T20665] [ 703.430826][T20665] dump_stack_lvl+0x16c/0x1f0 [ 703.430849][T20665] should_fail_ex+0x512/0x640 [ 703.430871][T20665] should_fail_alloc_page+0xe7/0x130 [ 703.430889][T20665] prepare_alloc_pages+0x3c2/0x610 [ 703.430910][T20665] ? rcu_is_watching+0x12/0xc0 [ 703.430924][T20665] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 703.430940][T20665] ? __kernel_text_address+0xd/0x40 [ 703.430959][T20665] ? unwind_get_return_address+0x59/0xa0 [ 703.430974][T20665] ? arch_stack_walk+0xa6/0x100 [ 703.430995][T20665] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 703.431009][T20665] ? stack_trace_save+0x8e/0xc0 [ 703.431029][T20665] ? __pfx_stack_trace_save+0x10/0x10 [ 703.431042][T20665] ? stack_depot_save_flags+0x28/0xa50 [ 703.431061][T20665] ? find_held_lock+0x2b/0x80 [ 703.431077][T20665] ? kasan_save_stack+0x42/0x60 [ 703.431094][T20665] ? __lock_acquire+0xaa4/0x1ba0 [ 703.431109][T20665] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 703.431128][T20665] ? policy_nodemask+0xea/0x4e0 [ 703.431145][T20665] alloc_pages_mpol+0x1fb/0x550 [ 703.431161][T20665] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 703.431174][T20665] ? __page_table_check_ptes_set+0x1ae/0x420 [ 703.431190][T20665] ? find_held_lock+0x2b/0x80 [ 703.431205][T20665] alloc_pages_noprof+0x131/0x390 [ 703.431220][T20665] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 703.431233][T20665] get_free_pages_noprof+0xc/0x40 [ 703.431249][T20665] kasan_populate_vmalloc_pte+0x2d/0x160 [ 703.431263][T20665] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 703.431275][T20665] __apply_to_page_range+0x617/0xd60 [ 703.431297][T20665] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 703.431312][T20665] ? __pfx___apply_to_page_range+0x10/0x10 [ 703.431331][T20665] ? alloc_vmap_area+0x872/0x2970 [ 703.431352][T20665] alloc_vmap_area+0x919/0x2970 [ 703.431377][T20665] ? __pfx_alloc_vmap_area+0x10/0x10 [ 703.431399][T20665] __get_vm_area_node+0x1a7/0x300 [ 703.431421][T20665] __vmalloc_node_range_noprof+0x277/0x1540 [ 703.431441][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 703.431464][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 703.431486][T20665] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 703.431512][T20665] __kvmalloc_node_noprof+0x2ff/0x600 [ 703.431526][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 703.431544][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 703.431565][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 703.431581][T20665] __do_sys_listmount+0x1c2/0xed0 [ 703.431602][T20665] ? __x64_sys_futex+0x1e0/0x4c0 [ 703.431615][T20665] ? __x64_sys_futex+0x1e9/0x4c0 [ 703.431629][T20665] ? __pfx___do_sys_listmount+0x10/0x10 [ 703.431647][T20665] ? xfd_validate_state+0x5d/0x180 [ 703.431673][T20665] do_syscall_64+0xcd/0x230 [ 703.431693][T20665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.431707][T20665] RIP: 0033:0x7f840618e969 [ 703.431720][T20665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.431732][T20665] RSP: 002b:00007f8406f16038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 703.431745][T20665] RAX: ffffffffffffffda RBX: 00007f84063b6080 RCX: 00007f840618e969 [ 703.431754][T20665] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 703.431763][T20665] RBP: 00007f8406210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 703.431771][T20665] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 703.431779][T20665] R13: 0000000000000000 R14: 00007f84063b6080 R15: 00007ffee5841aa8 [ 703.431796][T20665] [ 703.433103][T20665] warn_alloc: 1 callbacks suppressed [ 703.433113][T20665] syz.2.5829: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 704.873889][T20681] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5833'. [ 707.438400][T20665] ,cpuset=/,mems_allowed=0-1 [ 707.487076][T20665] CPU: 1 UID: 0 PID: 20665 Comm: syz.2.5829 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 707.487102][T20665] Tainted: [I]=FIRMWARE_WORKAROUND [ 707.487107][T20665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 707.487116][T20665] Call Trace: [ 707.487121][T20665] [ 707.487127][T20665] dump_stack_lvl+0x16c/0x1f0 [ 707.487151][T20665] warn_alloc+0x248/0x3a0 [ 707.487169][T20665] ? __pfx_warn_alloc+0x10/0x10 [ 707.487185][T20665] ? kfree+0x2b6/0x4d0 [ 707.487201][T20665] ? __get_vm_area_node+0x1e5/0x300 [ 707.487225][T20665] __vmalloc_node_range_noprof+0xd31/0x1540 [ 707.487252][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 707.487275][T20665] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 707.487304][T20665] __kvmalloc_node_noprof+0x2ff/0x600 [ 707.487319][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 707.487338][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 707.487360][T20665] ? __do_sys_listmount+0x1c2/0xed0 [ 707.487377][T20665] __do_sys_listmount+0x1c2/0xed0 [ 707.487399][T20665] ? __x64_sys_futex+0x1e0/0x4c0 [ 707.487414][T20665] ? __x64_sys_futex+0x1e9/0x4c0 [ 707.487428][T20665] ? __pfx___do_sys_listmount+0x10/0x10 [ 707.487447][T20665] ? xfd_validate_state+0x5d/0x180 [ 707.487476][T20665] do_syscall_64+0xcd/0x230 [ 707.487496][T20665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.487511][T20665] RIP: 0033:0x7f840618e969 [ 707.487524][T20665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 707.487538][T20665] RSP: 002b:00007f8406f16038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 707.487552][T20665] RAX: ffffffffffffffda RBX: 00007f84063b6080 RCX: 00007f840618e969 [ 707.487562][T20665] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 707.487571][T20665] RBP: 00007f8406210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 707.487580][T20665] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 707.487588][T20665] R13: 0000000000000000 R14: 00007f84063b6080 R15: 00007ffee5841aa8 [ 707.487605][T20665] [ 707.487610][T20665] Mem-Info: [ 708.205121][T20712] netlink: 206 bytes leftover after parsing attributes in process `syz.0.5844'. [ 709.650264][T20665] active_anon:100408 inactive_anon:1 isolated_anon:0 [ 709.650264][T20665] active_file:2243 inactive_file:56926 isolated_file:0 [ 709.650264][T20665] unevictable:768 dirty:558 writeback:0 [ 709.650264][T20665] slab_reclaimable:11340 slab_unreclaimable:103347 [ 709.650264][T20665] mapped:41873 shmem:87475 pagetables:1305 [ 709.650264][T20665] sec_pagetables:0 bounce:0 [ 709.650264][T20665] kernel_misc_reclaimable:0 [ 709.650264][T20665] free:1214286 free_pcp:16668 free_cma:0 [ 710.148548][T20665] Node 0 active_anon:361428kB inactive_anon:12kB active_file:8968kB inactive_file:217788kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:164796kB dirty:1888kB writeback:0kB shmem:306084kB shmem_thp:12288kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:11248kB pagetables:5028kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 710.406273][T20665] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:376kB dirty:344kB writeback:0kB shmem:3552kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 710.580591][T20735] [U] [ 710.583420][T20735] [U] [ 710.586095][T20735] [U] [ 710.588770][T20735] [U] [ 710.631461][T20665] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 710.719921][T20735] [U] [ 710.722635][T20735] [U] [ 710.725305][T20735] [U] [ 710.727979][T20735] [U] [ 710.762511][T20665] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 710.796427][T20665] Node 0 DMA32 free:1109184kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:293104kB inactive_anon:12kB active_file:8968kB inactive_file:215972kB unevictable:1536kB writepending:1888kB present:3129332kB managed:2544168kB mlocked:0kB bounce:0kB free_pcp:2892kB local_pcp:2892kB free_cma:0kB [ 710.908325][T20735] [U] [ 710.911056][T20735] [U] [ 710.913733][T20735] [U] [ 710.916405][T20735] [U] [ 710.928740][T20665] lowmem_reserve[]: 0 0 1 1 1 [ 710.953071][T20665] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 711.074442][T20665] lowmem_reserve[]: 0 0 0 0 0 [ 711.099734][T20665] Node 1 Normal free:3838456kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:9924kB unevictable:1536kB writepending:344kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:66028kB local_pcp:66028kB free_cma:0kB [ 711.134309][T20735] [U] [ 711.137018][T20735] [U] [ 711.139695][T20735] [U] [ 711.142370][T20735] [U] [ 711.240753][T20665] lowmem_reserve[]: 0 0 0 0 0 [ 711.270492][T20665] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 711.295594][T20735] [U] [ 711.333058][T20665] Node 0 DMA32: 555*4kB (UME) 1096*8kB (UME) 726*16kB (ME) 789*32kB (UME) 509*64kB (UME) 320*128kB (UME) 132*256kB (UME) 75*512kB (UME) 37*1024kB (UM) 2*2048kB (U) 211*4096kB (UME) = 1099820kB [ 711.422009][T20665] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 711.475592][T20665] Node 1 Normal: 195*4kB (UME) 7*8kB (UME) 14*16kB (UME) 92*32kB (UME) 308*64kB (UME) 39*128kB (UME) 18*256kB (UME) 10*512kB (UM) 9*1024kB (UME) 5*2048kB (UME) 923*4096kB (M) = 3838500kB [ 711.596477][T20665] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.638881][T20665] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 711.683834][T20665] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 711.737480][T20665] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 711.777559][T20665] 123827 total pagecache pages [ 711.812206][T20665] 1 pages in swap cache [ 711.822550][T20665] Free swap = 121508kB [ 711.826734][T20665] Total swap = 124996kB [ 711.872187][T20665] 2097051 pages RAM [ 711.885072][T20665] 0 pages HighMem/MovableOnly [ 711.889770][T20665] 428903 pages reserved [ 711.923914][T20665] 0 pages cma reserved [ 712.132633][T20753] FAULT_INJECTION: forcing a failure. [ 712.132633][T20753] name failslab, interval 1, probability 0, space 0, times 0 [ 712.188779][T20753] CPU: 1 UID: 0 PID: 20753 Comm: syz.2.5857 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 712.188805][T20753] Tainted: [I]=FIRMWARE_WORKAROUND [ 712.188810][T20753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 712.188819][T20753] Call Trace: [ 712.188823][T20753] [ 712.188830][T20753] dump_stack_lvl+0x16c/0x1f0 [ 712.188854][T20753] should_fail_ex+0x512/0x640 [ 712.188873][T20753] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 712.188897][T20753] should_failslab+0xc2/0x120 [ 712.188913][T20753] __kmalloc_cache_noprof+0x6a/0x3e0 [ 712.188934][T20753] ? alloc_fs_context+0x57/0x9c0 [ 712.188949][T20753] alloc_fs_context+0x57/0x9c0 [ 712.188965][T20753] path_mount+0xb06/0x1f20 [ 712.188981][T20753] ? kmem_cache_free+0x2d4/0x4d0 [ 712.188994][T20753] ? __pfx_path_mount+0x10/0x10 [ 712.189009][T20753] ? putname+0x154/0x1a0 [ 712.189026][T20753] __x64_sys_mount+0x28d/0x310 [ 712.189040][T20753] ? __pfx___x64_sys_mount+0x10/0x10 [ 712.189053][T20753] ? rcu_is_watching+0x12/0xc0 [ 712.189071][T20753] do_syscall_64+0xcd/0x230 [ 712.189090][T20753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.189104][T20753] RIP: 0033:0x7f840618e969 [ 712.189116][T20753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.189129][T20753] RSP: 002b:00007f8406f37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 712.189142][T20753] RAX: ffffffffffffffda RBX: 00007f84063b5fa0 RCX: 00007f840618e969 [ 712.189151][T20753] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 712.189158][T20753] RBP: 00007f8406210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 712.189173][T20753] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 712.189181][T20753] R13: 0000000000000000 R14: 00007f84063b5fa0 R15: 00007ffee5841aa8 [ 712.189199][T20753] [ 713.337807][T20768] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5863'. [ 713.397751][T20770] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5863'. [ 714.196875][T20790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5870'. [ 714.233003][T20790] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5870'. [ 715.705969][T20826] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5884'. [ 716.313052][T20838] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 717.668196][T20866] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 717.726965][T20866] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 718.712928][T20887] netlink: 158 bytes leftover after parsing attributes in process `syz.4.5906'. [ 718.782789][T20880] FAULT_INJECTION: forcing a failure. [ 718.782789][T20880] name failslab, interval 1, probability 0, space 0, times 0 [ 718.931201][T20880] CPU: 1 UID: 0 PID: 20880 Comm: syz.1.5904 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 718.931229][T20880] Tainted: [I]=FIRMWARE_WORKAROUND [ 718.931234][T20880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 718.931242][T20880] Call Trace: [ 718.931248][T20880] [ 718.931253][T20880] dump_stack_lvl+0x16c/0x1f0 [ 718.931276][T20880] should_fail_ex+0x512/0x640 [ 718.931295][T20880] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 718.931320][T20880] should_failslab+0xc2/0x120 [ 718.931336][T20880] __kmalloc_cache_noprof+0x6a/0x3e0 [ 718.931356][T20880] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 718.931373][T20880] ? ktime_get_coarse_real_ts64_mg+0x200/0x320 [ 718.931388][T20880] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 718.931405][T20880] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 718.931419][T20880] hugetlb_reserve_pages+0x149/0xd90 [ 718.931441][T20880] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 718.931461][T20880] ? atime_needs_update+0x8b/0x710 [ 718.931483][T20880] hugetlbfs_file_mmap+0x4a1/0x730 [ 718.931502][T20880] __mmap_region+0x1485/0x27c0 [ 718.931520][T20880] ? __pfx___mmap_region+0x10/0x10 [ 718.931540][T20880] ? kernel_text_address+0x8d/0x100 [ 718.931576][T20880] ? stack_depot_save_flags+0x28/0xa50 [ 718.931618][T20880] ? rcu_is_watching+0x12/0xc0 [ 718.931637][T20880] mmap_region+0x32b/0x3f0 [ 718.931656][T20880] do_mmap+0xd8e/0x11b0 [ 718.931678][T20880] ? __pfx_do_mmap+0x10/0x10 [ 718.931697][T20880] ? __pfx_down_write_killable+0x10/0x10 [ 718.931720][T20880] vm_mmap_pgoff+0x281/0x450 [ 718.931742][T20880] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 718.931759][T20880] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 718.931777][T20880] ? hugetlbfs_get_inode+0x31f/0x730 [ 718.931798][T20880] ksys_mmap_pgoff+0x1c8/0x5c0 [ 718.931816][T20880] ? rcu_is_watching+0x12/0xc0 [ 718.931830][T20880] __x64_sys_mmap+0x125/0x190 [ 718.931846][T20880] do_syscall_64+0xcd/0x230 [ 718.931866][T20880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.931880][T20880] RIP: 0033:0x7fc209d8e969 [ 718.931892][T20880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.931904][T20880] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 718.931918][T20880] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 718.931927][T20880] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 718.931935][T20880] RBP: 00007fc209e10ab1 R08: 0000000000000602 R09: 0000300000000000 [ 718.931945][T20880] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 718.931953][T20880] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 718.931972][T20880] [ 718.931977][T20880] HugeTLB: unable to allocate vma specific lock [ 721.405261][T20929] netlink: 18 bytes leftover after parsing attributes in process `syz.0.5918'. [ 721.686832][T20924] mkiss: ax0: crc mode is auto. [ 721.744149][T20934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5920'. [ 724.889537][T20997] random: crng reseeded on system resumption [ 726.223637][ T30] audit: type=1806 audit(4294967306.499:17): xattr="0" res=-22 [ 727.019860][T21028] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 727.136464][T21028] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 727.595638][T21048] FAULT_INJECTION: forcing a failure. [ 727.595638][T21048] name failslab, interval 1, probability 0, space 0, times 0 [ 727.660135][T21048] CPU: 1 UID: 0 PID: 21048 Comm: syz.1.5960 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 727.660163][T21048] Tainted: [I]=FIRMWARE_WORKAROUND [ 727.660169][T21048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 727.660177][T21048] Call Trace: [ 727.660182][T21048] [ 727.660188][T21048] dump_stack_lvl+0x16c/0x1f0 [ 727.660213][T21048] should_fail_ex+0x512/0x640 [ 727.660232][T21048] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 727.660249][T21048] should_failslab+0xc2/0x120 [ 727.660266][T21048] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 727.660282][T21048] ? ptlock_alloc+0x1f/0x70 [ 727.660298][T21048] ptlock_alloc+0x1f/0x70 [ 727.660311][T21048] pte_alloc_one+0x6d/0x380 [ 727.660328][T21048] __pte_alloc+0x6d/0x3c0 [ 727.660345][T21048] ? __pfx___pte_alloc+0x10/0x10 [ 727.660361][T21048] ? __pfx___might_resched+0x10/0x10 [ 727.660377][T21048] ? copy_page_range+0x197d/0x5fe0 [ 727.660399][T21048] copy_page_range+0x3a29/0x5fe0 [ 727.660438][T21048] ? __pfx_copy_page_range+0x10/0x10 [ 727.660463][T21048] ? __pfx___might_resched+0x10/0x10 [ 727.660476][T21048] ? __pfx_mas_store+0x10/0x10 [ 727.660494][T21048] ? __vma_enter_locked+0x163/0x3f0 [ 727.660512][T21048] ? copy_process+0x85dd/0x91a0 [ 727.660527][T21048] ? down_write+0x14d/0x200 [ 727.660547][T21048] ? up_write+0x1b2/0x520 [ 727.660567][T21048] copy_process+0x862b/0x91a0 [ 727.660597][T21048] ? __pfx_copy_process+0x10/0x10 [ 727.660611][T21048] ? __pfx___futex_wait+0x10/0x10 [ 727.660645][T21048] kernel_clone+0xfc/0x960 [ 727.660662][T21048] ? __pfx_kernel_clone+0x10/0x10 [ 727.660689][T21048] __do_sys_clone+0xce/0x120 [ 727.660705][T21048] ? __pfx___do_sys_clone+0x10/0x10 [ 727.660720][T21048] ? ksys_unshare+0x687/0xa40 [ 727.660746][T21048] ? rcu_is_watching+0x12/0xc0 [ 727.660764][T21048] do_syscall_64+0xcd/0x230 [ 727.660783][T21048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.660803][T21048] RIP: 0033:0x7fc209d8e969 [ 727.660816][T21048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.660829][T21048] RSP: 002b:00007fc20ac1efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 727.660843][T21048] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 727.660852][T21048] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 727.660861][T21048] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 727.660869][T21048] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 727.660877][T21048] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 727.660895][T21048] [ 727.924316][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.563127][T21059] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5964'. [ 729.199283][T21071] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5969'. [ 729.263155][T21071] netlink: 302 bytes leftover after parsing attributes in process `syz.1.5969'. [ 730.940663][T21096] could not allocate digest TFM handle [ 731.514112][T21113] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5985'. [ 732.163379][T21132] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5993'. [ 732.233037][T21132] vcan0: left promiscuous mode [ 733.914788][T21166] netlink: 266 bytes leftover after parsing attributes in process `syz.0.6007'. [ 734.653459][T21179] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 734.720985][T21179] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 734.938727][T21191] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6017'. [ 734.989208][T21191] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6017'. [ 735.354915][T21196] could not allocate digest TFM handle [ 735.871171][T21212] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6025'. [ 736.054025][ T5831] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 736.101371][T21212] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6025'. [ 736.151984][T21217] netlink: 286 bytes leftover after parsing attributes in process `syz.1.6025'. [ 737.298598][T21236] [U]  [ 737.301401][T21236] [U] [ 737.304098][T21236] [U] [ 737.306765][T21236] [U] [ 737.609029][T21236] [U] [ 737.611756][T21236] [U] [ 737.614434][T21236] [U] [ 737.617100][T21236] [U] [ 737.780657][T21236] [U] [ 737.783389][T21236] [U] [ 737.786061][T21236] [U] [ 737.788731][T21236] [U] [ 738.043304][T21236] [U] [ 738.046031][T21236] [U] [ 738.048740][T21236] [U] [ 738.051413][T21236] [U] [ 738.256578][T21236] [U] [ 738.259310][T21236] [U] [ 738.261991][T21236] [U] [ 738.264665][T21236] [U] [ 738.448933][T21236] [U] [ 738.451650][T21236] [U] [ 738.454334][T21236] [U] [ 738.457008][T21236] [U] [ 738.647546][T21242] [U] [ 739.308584][ T5831] Bluetooth: hci0: Malformed LE Event: 0x1d [ 739.345804][T21297] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6042'. [ 739.467946][T21298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6042'. [ 739.758796][T21310] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6046'. [ 739.945987][T21313] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6049'. [ 740.008535][T21313] [ 740.010894][T21313] ============================= [ 740.016008][T21313] WARNING: suspicious RCU usage [ 740.020856][T21313] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Tainted: G I [ 740.029603][T21313] ----------------------------- [ 740.034547][T21313] net/mpls/af_mpls.c:84 suspicious rcu_dereference_check() usage! [ 740.042332][T21313] [ 740.042332][T21313] other info that might help us debug this: [ 740.042332][T21313] [ 740.053123][T21313] [ 740.053123][T21313] rcu_scheduler_active = 2, debug_locks = 1 [ 740.061603][T21313] 1 lock held by syz.1.6049/21313: [ 740.066975][T21313] #0: ffffffff901265e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 740.076456][T21313] [ 740.076456][T21313] stack backtrace: [ 740.082332][T21313] CPU: 1 UID: 0 PID: 21313 Comm: syz.1.6049 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 740.082363][T21313] Tainted: [I]=FIRMWARE_WORKAROUND [ 740.082369][T21313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 740.082377][T21313] Call Trace: [ 740.082382][T21313] [ 740.082387][T21313] dump_stack_lvl+0x16c/0x1f0 [ 740.082410][T21313] lockdep_rcu_suspicious+0x166/0x260 [ 740.082429][T21313] mpls_route_input_rcu+0x1d4/0x200 [ 740.082448][T21313] mpls_getroute+0x621/0x1ea0 [ 740.082470][T21313] ? __lock_acquire+0xaa4/0x1ba0 [ 740.082487][T21313] ? __pfx_mpls_getroute+0x10/0x10 [ 740.082520][T21313] ? rcu_is_watching+0x12/0xc0 [ 740.082551][T21313] ? __pfx_mpls_getroute+0x10/0x10 [ 740.082569][T21313] rtnetlink_rcv_msg+0x3c6/0xe90 [ 740.082587][T21313] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 740.082613][T21313] netlink_rcv_skb+0x16a/0x440 [ 740.082629][T21313] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 740.082646][T21313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 740.082671][T21313] ? netlink_deliver_tap+0x1ae/0xd30 [ 740.082689][T21313] netlink_unicast+0x53a/0x7f0 [ 740.082706][T21313] ? __pfx_netlink_unicast+0x10/0x10 [ 740.082720][T21313] ? __lock_acquire+0xaa4/0x1ba0 [ 740.082741][T21313] netlink_sendmsg+0x8d1/0xdd0 [ 740.082759][T21313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 740.082781][T21313] ____sys_sendmsg+0xa95/0xc70 [ 740.082800][T21313] ? copy_msghdr_from_user+0x10a/0x160 [ 740.082814][T21313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 740.082834][T21313] ? kfree+0x252/0x4d0 [ 740.082844][T21313] ? schedule+0x2d7/0x3a0 [ 740.082863][T21313] ___sys_sendmsg+0x134/0x1d0 [ 740.082879][T21313] ? __pfx____sys_sendmsg+0x10/0x10 [ 740.082909][T21313] ? __pfx___might_resched+0x10/0x10 [ 740.082927][T21313] __sys_sendmmsg+0x200/0x420 [ 740.082944][T21313] ? __pfx___sys_sendmmsg+0x10/0x10 [ 740.082963][T21313] ? __pfx_do_futex+0x10/0x10 [ 740.082985][T21313] ? xfd_validate_state+0x5d/0x180 [ 740.083007][T21313] ? rcu_is_watching+0x12/0xc0 [ 740.083021][T21313] __x64_sys_sendmmsg+0x9c/0x100 [ 740.083036][T21313] ? lockdep_hardirqs_on+0x7c/0x110 [ 740.083052][T21313] do_syscall_64+0xcd/0x230 [ 740.083072][T21313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.083085][T21313] RIP: 0033:0x7fc209d8e969 [ 740.083098][T21313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.083111][T21313] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 740.083123][T21313] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 740.083132][T21313] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 740.083141][T21313] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 740.083149][T21313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.083157][T21313] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 740.083174][T21313] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 740.934574][T21313] [ 740.936965][T21313] ============================= [ 740.941794][T21313] WARNING: suspicious RCU usage [ 740.946711][T21313] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Tainted: G I [ 740.955398][T21313] ----------------------------- [ 740.960237][T21313] net/mpls/af_mpls.c:85 suspicious rcu_dereference_check() usage! [ 740.968725][T21313] [ 740.968725][T21313] other info that might help us debug this: [ 740.968725][T21313] [ 740.979697][T21313] [ 740.979697][T21313] rcu_scheduler_active = 2, debug_locks = 1 [ 740.987823][T21313] 1 lock held by syz.1.6049/21313: [ 740.992914][T21313] #0: ffffffff901265e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 741.002398][T21313] [ 741.002398][T21313] stack backtrace: [ 741.008412][T21313] CPU: 1 UID: 0 PID: 21313 Comm: syz.1.6049 Tainted: G I 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 741.008435][T21313] Tainted: [I]=FIRMWARE_WORKAROUND [ 741.008440][T21313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 741.008449][T21313] Call Trace: [ 741.008454][T21313] [ 741.008459][T21313] dump_stack_lvl+0x16c/0x1f0 [ 741.008490][T21313] lockdep_rcu_suspicious+0x166/0x260 [ 741.008510][T21313] mpls_route_input_rcu+0x153/0x200 [ 741.008531][T21313] mpls_getroute+0x621/0x1ea0 [ 741.008553][T21313] ? __lock_acquire+0xaa4/0x1ba0 [ 741.008570][T21313] ? __pfx_mpls_getroute+0x10/0x10 [ 741.008599][T21313] ? rcu_is_watching+0x12/0xc0 [ 741.008630][T21313] ? __pfx_mpls_getroute+0x10/0x10 [ 741.008650][T21313] rtnetlink_rcv_msg+0x3c6/0xe90 [ 741.008669][T21313] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 741.008693][T21313] netlink_rcv_skb+0x16a/0x440 [ 741.008709][T21313] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 741.008726][T21313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 741.008752][T21313] ? netlink_deliver_tap+0x1ae/0xd30 [ 741.008770][T21313] netlink_unicast+0x53a/0x7f0 [ 741.008788][T21313] ? __pfx_netlink_unicast+0x10/0x10 [ 741.008803][T21313] ? __lock_acquire+0xaa4/0x1ba0 [ 741.008824][T21313] netlink_sendmsg+0x8d1/0xdd0 [ 741.008843][T21313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 741.008866][T21313] ____sys_sendmsg+0xa95/0xc70 [ 741.008884][T21313] ? copy_msghdr_from_user+0x10a/0x160 [ 741.008899][T21313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 741.008919][T21313] ? kfree+0x252/0x4d0 [ 741.008930][T21313] ? schedule+0x2d7/0x3a0 [ 741.008949][T21313] ___sys_sendmsg+0x134/0x1d0 [ 741.008965][T21313] ? __pfx____sys_sendmsg+0x10/0x10 [ 741.008996][T21313] ? __pfx___might_resched+0x10/0x10 [ 741.009014][T21313] __sys_sendmmsg+0x200/0x420 [ 741.009031][T21313] ? __pfx___sys_sendmmsg+0x10/0x10 [ 741.009051][T21313] ? __pfx_do_futex+0x10/0x10 [ 741.009073][T21313] ? xfd_validate_state+0x5d/0x180 [ 741.009095][T21313] ? rcu_is_watching+0x12/0xc0 [ 741.009110][T21313] __x64_sys_sendmmsg+0x9c/0x100 [ 741.009125][T21313] ? lockdep_hardirqs_on+0x7c/0x110 [ 741.009142][T21313] do_syscall_64+0xcd/0x230 [ 741.009161][T21313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.009175][T21313] RIP: 0033:0x7fc209d8e969 [ 741.009188][T21313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.009201][T21313] RSP: 002b:00007fc20ac1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 741.009214][T21313] RAX: ffffffffffffffda RBX: 00007fc209fb5fa0 RCX: 00007fc209d8e969 [ 741.009223][T21313] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 741.009231][T21313] RBP: 00007fc209e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 741.009239][T21313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.009246][T21313] R13: 0000000000000000 R14: 00007fc209fb5fa0 R15: 00007ffd8f31f108 [ 741.009264][T21313] [ 742.306898][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.519212][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.643828][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.740269][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.106421][ T12] bridge_slave_1: left allmulticast mode [ 743.112107][ T12] bridge_slave_1: left promiscuous mode [ 743.145640][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.213410][ T12] bridge_slave_0: left allmulticast mode [ 743.246673][ T12] bridge_slave_0: left promiscuous mode [ 743.252395][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.846482][ T12] erspan0 (unregistering): left allmulticast mode [ 744.576538][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.609703][ T12] bond0 (unregistering): Released all slaves [ 745.158028][T21140] syz.2.5995 (21140) used greatest stack depth: 20312 bytes left [ 745.379461][ T12] hsr_slave_0: left promiscuous mode [ 745.415097][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 745.422520][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.456548][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 745.464007][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 745.524214][ T12] veth1_macvtap: left promiscuous mode [ 745.536653][ T12] veth0_macvtap: left promiscuous mode [ 745.542252][ T12] veth1_vlan: left promiscuous mode [ 745.564888][ T12] veth0_vlan: left promiscuous mode [ 746.274187][T21055] syz.2.5962 (21055) used greatest stack depth: 19704 bytes left [ 746.338205][ T12] team0 (unregistering): Port device team_slave_1 removed [ 746.387262][ T12] team0 (unregistering): Port device team_slave_0 removed [ 747.379426][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.385912][ T1295] ieee802154 phy1 wpan1: encryption failed: -22