last executing test programs: 2.450182122s ago: executing program 3 (id=7072): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) 1.934262012s ago: executing program 1 (id=7075): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x2003ec, 0x14) 1.912231359s ago: executing program 2 (id=7076): mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x8001, 0x4200000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, 0x0) 1.865644249s ago: executing program 3 (id=7077): socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) 1.711760186s ago: executing program 2 (id=7080): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r0, 0x4010744d, &(0x7f00000001c0)={&(0x7f00000000c0)='\x12\x04\x8f~\xa7 \xcf\x1fg7\n\xd8\xbd\xd3&\xa7\xa6_\xaa\xe2;\xb5\x82\x9dA\x8f|\xf3\xd7\xc6X\xdf\xdaC\x9aoqM2\x10\xb1\xd1\xbd\xca0\x9f\xe7\x00\x00\x00\x00\x00\x00\x00\x00T\r\xbfZO\x7f\xbd\x91\xf2\xbd\xc6.\xa2*\xdb\xd7\f\xebM\xba\x15P\as\x82\x17\xa3\xf5\xf6\xcd\x19P&\x88*\xf9\xdd\xc3t[`\xf3h\xc0\"\xd2\xa5\x81\xd6l\xc2k|\rX]XP\xfe\xc9\xe3\xea\xa4P\x95!3\xce\x9f\x9f<\x1eI\xfd\x80\x1c\xf9~\x06\x1b{K\x04\x85\xfa\x14\xbf\t\xc0\xced?j\xb2\xf1~T\xb2i\n\x15\x0e\xf7G9\'}^B=\xfc\x11\xfa\x0f\x0fd4^`\xc2\xb0\xaf\\\x1duPu\x02\xce:`c\xb0\xd0\xde\x13\xb4\xe0\xfcn\x98%\x1d\xff(\xa3\x10d\x89', 0x16, 0x80}) 1.659714378s ago: executing program 3 (id=7081): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_QUEUES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) 1.493665113s ago: executing program 2 (id=7083): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) read$auto(r0, 0x0, 0x1) 1.463123952s ago: executing program 3 (id=7084): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000080)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x36}, @ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x0) 1.342862768s ago: executing program 3 (id=7086): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x6, 0x9, 0x0, 0x0, 0x6) 1.27250379s ago: executing program 1 (id=7087): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) getsockname$auto(0x5, 0x0, 0x0) 1.257031373s ago: executing program 0 (id=7088): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x17, 0xfffffffffffffffc, 0x0) 1.148838933s ago: executing program 0 (id=7089): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r0, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 1.050288313s ago: executing program 1 (id=7090): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff) setreuid$auto(0x15, 0x5) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048c40}, 0x4) 844.965525ms ago: executing program 1 (id=7091): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x80081270, 0x0) 583.822261ms ago: executing program 0 (id=7092): mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f0000000080), 0xd) 539.523133ms ago: executing program 1 (id=7093): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) chdir$auto(&(0x7f0000000200)='./cgroup\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(r0, 0x0, 0x40002) 493.112636ms ago: executing program 2 (id=7094): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x20, 0x0, 0x0) 452.688556ms ago: executing program 3 (id=7095): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(0x8000000000000003, 0x0, 0x8000000d, 0x2cbd5d) mmap$auto(0x0, 0x3872, 0x3e, 0x410, r0, 0x8000) 357.549435ms ago: executing program 0 (id=7096): r0 = socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 331.059168ms ago: executing program 2 (id=7097): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) ioctl$auto(r0, 0x4008af13, r0) 180.460908ms ago: executing program 0 (id=7098): ioctl$auto_TIOCVHANGUP(0xffffffffffffffff, 0x5437, &(0x7f0000000240)="95c67dc82c7f492508ca739576f9100e99ca2cc17df415a6be47a0aa55cca354ae3e437cf6426f4c681007b3936d50f652110447c1fcd444541bfb0ad2ab3205259ea443ece07341f400c567e1fff325e666d021a3520e35548f07beeb01b43771dc5d6908f9a59d8563b497314dd8a21761ada2a8a81f61de07394984f1bf809c2943f7a01aa3123645f2a12d32b79e0ea6a612a09c4294bfdf8769adbb24bc8fb86ff3c8e2e6ae477ed8a39a90a0a050771da4573cec4d907146c4fadacc7c9bbff5249353177788f7cbad27b9008414ad0559842ddad4035d26e716bdbf44efe1e379104bb89a0d643bcf34d72ce16c3254be9d56657c016478b5808ee911684c77113e437c46c1554c095fc4ff4e223dad2fa8c5659d820933d6ebaa9eb04531f4968ff0ce45052d464c2fba85990d55d806214763ccdcec44aee705f86a56c815009ad7e671a72e72ce88e22c950bafd5ac9cb75aa845ab042ad79e4be16d624e1fae989b2898a7b1172a06cffeddc0d7dcf767c98c9a3713847622266900ee9baaacde57121eb6a85a5c315906116cd84ab8d3f976d52561cbd9544ef9f0aac8d3d7e07c131d24258a09f4520092ecb7bee147f928b38c95f785c562069a437a89f2935a6ec019940d5d3b2b1270b1caf36b1c4b399db2860d136fe7832a27eb8f47d58f3dbe6de6bfa54a6db0a83e91831012aa48f62ee259575558ce42182df6ded3122a0aec01cf57ad2399f9919f6183928a0fc14ea58d4b8309f5005b8beb8a8ceb581508f226ce6e2e8f54644eb01ae1fa4f97267cbe8ee22f3ff24983d31737d1d653f66a894409784611d53a36a42bba2425deabb346be44c15b8978012be6dd6373b9417a24e8ace4ab9a24cc14c33e596f395207e4cd5a7e3d213cce1e66b3329ca1eaa7f2c718797a05355ca68123ac2e19c07b068e377ea5b5b0c52b2b14ee779b8d43cacd7a355fc1cb6b26e515d1a224e2108cbe2bc4ddf055bfb787e57e8c6723c7445d687a6747e6223211f53875fa6218fe1dbbc73cb4a96b0d0f2e827e8f54b33fcb0ef629d0398c2b8a694e1c46d7937bc906fc6817325965f6c1f1c6ced17deaf8f5a94660bc8432cb20a29b50b0fba9242abf59efb632b49b0913078dfbcd464b071da305b510186561eeb63bf009e38eb31d7138dd5efcd37c08b4d3f5b095bac49c724607202a7db4d23bccabea182e1be09288e6787a21727b7a71e70b77460d66ff08b820c691845f6ca68f2d24c398f215a031b3") statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x759, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000005, 0x384, 0x9, 0xb10, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x7, 0x0, 0x25c3, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x196fc46e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fa, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0)) 167.751393ms ago: executing program 1 (id=7099): close_range$auto(0x2, 0xa, 0x0) socket(0x29, 0x2, 0x0) socket(0x21, 0x2, 0x2) listen$auto(0x3, 0x81) 112.946349ms ago: executing program 2 (id=7100): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r0, 0x2275, &(0x7f0000000040)="d93ca7") write$auto(r0, 0x0, 0x1ffd8) 0s ago: executing program 0 (id=7101): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_0={0x7, 0x10000b3, 0x0, 0x3, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0xf, 0x7, 0x7, 0x100000001}, 0x10) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0xa821, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f00000001c0)=ANY=[@ANYBLOB="02"]) kernel console output (not intermixed with test programs): 9684][ T7174] sysfs_service_op_show: Client not running :-5: [ 142.821201][ T7196] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 143.148059][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.159097][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.235501][ T7210] ima: policy update failed [ 143.245371][ T31] audit: type=1802 audit(1753603961.318:3): pid=7210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.617" res=0 errno=0 [ 145.162485][ T7281] vhci_hcd: invalid port number 16 [ 145.170668][ T7281] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 145.602237][ T7297] kAFS: Invalid Command on /proc/fs/afs/cells file [ 145.819349][ T7307] QAT: Stopping all acceleration devices. [ 146.809396][ T7338] ubi0: attaching mtd0 [ 146.823443][ T7338] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 147.124302][ T7352] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 148.853875][ T7422] bond0: option packets_per_slave: invalid value ( Xnp) [ 148.861725][ T7422] bond0: option packets_per_slave: allowed values 0 - 65535 [ 150.303204][ T7484] rtc_cmos 00:00: Alarms can be up to one day in the future [ 152.784057][ T7570] WARNING! power/level is deprecated; use power/control instead [ 155.311607][ T7664] block2mtd: parameter too long [ 155.908253][ T5847] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 156.377474][ T7707] i2c i2c-0: delete_device: Can't find device in list [ 157.972288][ T7770] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 159.617653][ T7839] Setting dangerous option i915.mitigations - tainting kernel [ 160.478336][ T7872] bond0: no command found in slaves file - use +ifname or -ifname [ 160.730248][ T7883] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 160.833016][ T7883] CIFS mount error: No usable UNC path provided in device string! [ 160.833016][ T7883] [ 160.856096][ T7883] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 162.522456][ T7933] program syz.1.971 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 163.762220][ T7965] kmem.limit_in_bytes is deprecated and will be removed. Writing any value to this file has no effect. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 164.302864][ T7979] : Can't lookup blockdev [ 164.343632][ T7980] ima: policy update failed [ 164.366611][ T31] audit: type=1802 audit(1753603982.438:4): pid=7980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.995" res=0 errno=0 [ 167.782848][ T8060] vivid-003: ================= START STATUS ================= [ 167.834909][ T8060] vivid-003: Radio HW Seek Mode: Bounded [ 167.848027][ T8060] vivid-003: Radio Programmable HW Seek: false [ 167.854755][ T8060] vivid-003: RDS Rx I/O Mode: Block I/O [ 167.860517][ T8060] vivid-003: Generate RBDS Instead of RDS: false [ 167.886554][ T8060] vivid-003: RDS Reception: true [ 167.895537][ T8060] vivid-003: RDS Program Type: 0 inactive [ 167.912610][ T8060] vivid-003: RDS PS Name: inactive [ 167.920825][ T8060] vivid-003: RDS Radio Text: inactive [ 167.930002][ T8060] vivid-003: RDS Traffic Announcement: false inactive [ 167.946569][ T8060] vivid-003: RDS Traffic Program: false inactive [ 167.957365][ T8060] vivid-003: RDS Music: false inactive [ 167.967476][ T8060] vivid-003: ================== END STATUS ================== [ 168.312536][ T8074] aoe: can't write to that file. [ 168.844330][ T8090] vhci_hcd: invalid port number 16 [ 168.849534][ T8090] vhci_hcd: invalid port number 16 [ 169.052511][ T31] audit: type=1800 audit(1753603987.128:5): pid=8096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1052" name="features" dev="configfs" ino=13735 res=0 errno=0 [ 169.082569][ T8098] block nbd0: NBD_DISCONNECT [ 169.176328][ T8100] binder: 8099:8100 ioctl c0306201 0 returned -14 [ 169.606482][ T8114] syz.3.1061: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 169.660096][ T8114] CPU: 0 UID: 0 PID: 8114 Comm: syz.3.1061 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 169.660151][ T8114] Tainted: [U]=USER [ 169.660162][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.660180][ T8114] Call Trace: [ 169.660191][ T8114] [ 169.660216][ T8114] dump_stack_lvl+0x16c/0x1f0 [ 169.660261][ T8114] warn_alloc+0x248/0x3a0 [ 169.660298][ T8114] ? __pfx_warn_alloc+0x10/0x10 [ 169.660338][ T8114] ? __lock_acquire+0xb8a/0x1c90 [ 169.660400][ T8114] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 169.660441][ T8114] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 169.660490][ T8114] ? __pfx___mutex_trylock_common+0x10/0x10 [ 169.660541][ T8114] ? __pfx___might_resched+0x10/0x10 [ 169.660579][ T8114] ? rcu_is_watching+0x12/0xc0 [ 169.660616][ T8114] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 169.660654][ T8114] ? __mutex_lock+0x1ca/0xb90 [ 169.660686][ T8114] ? tomoyo_path_number_perm+0x295/0x580 [ 169.660735][ T8114] ? dvb_dvr_do_ioctl+0x7e/0x290 [ 169.660777][ T8114] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 169.660826][ T8114] ? __pfx___mutex_lock+0x10/0x10 [ 169.660862][ T8114] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 169.660918][ T8114] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 169.660956][ T8114] __vmalloc_node_noprof+0xad/0xf0 [ 169.661004][ T8114] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 169.661055][ T8114] dvb_dvr_do_ioctl+0x15d/0x290 [ 169.661102][ T8114] dvb_usercopy+0x167/0x340 [ 169.661138][ T8114] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 169.661181][ T8114] ? __pfx_dvb_usercopy+0x10/0x10 [ 169.661235][ T8114] ? __fget_files+0x20e/0x3c0 [ 169.661295][ T8114] dvb_dvr_ioctl+0x29/0x40 [ 169.661332][ T8114] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 169.661371][ T8114] __x64_sys_ioctl+0x18e/0x210 [ 169.661421][ T8114] do_syscall_64+0xcd/0x490 [ 169.661458][ T8114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.661491][ T8114] RIP: 0033:0x7f0a78f8e9a9 [ 169.661521][ T8114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.661552][ T8114] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.661582][ T8114] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 169.661605][ T8114] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 169.661625][ T8114] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 169.661645][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.661665][ T8114] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 169.661705][ T8114] [ 169.661717][ T8114] Mem-Info: [ 169.929550][ T8114] active_anon:4908 inactive_anon:1796 isolated_anon:0 [ 169.929550][ T8114] active_file:4707 inactive_file:46800 isolated_file:0 [ 169.929550][ T8114] unevictable:768 dirty:299 writeback:0 [ 169.929550][ T8114] slab_reclaimable:10012 slab_unreclaimable:93717 [ 169.929550][ T8114] mapped:24213 shmem:3034 pagetables:1040 [ 169.929550][ T8114] sec_pagetables:0 bounce:0 [ 169.929550][ T8114] kernel_misc_reclaimable:0 [ 169.929550][ T8114] free:1320651 free_pcp:24214 free_cma:0 [ 169.979422][ T8114] Node 0 active_anon:19632kB inactive_anon:7084kB active_file:18744kB inactive_file:187000kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96796kB dirty:1196kB writeback:0kB shmem:10500kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11328kB pagetables:4016kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 169.979527][ T8114] Node 1 active_anon:0kB inactive_anon:0kB active_file:84kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 169.979617][ T8114] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 169.979715][ T8114] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 169.979794][ T8114] Node 0 DMA32 free:1373400kB boost:0kB min:34328kB low:42908kB high:51488kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19584kB inactive_anon:7084kB active_file:18256kB inactive_file:186164kB unevictable:1536kB writepending:1196kB present:3129332kB managed:2540444kB mlocked:0kB bounce:0kB free_pcp:74612kB local_pcp:36400kB free_cma:0kB [ 169.979897][ T8114] lowmem_reserve[]: 0 0 1 1 1 [ 169.979962][ T8114] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:488kB inactive_file:836kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 169.980058][ T8114] lowmem_reserve[]: 0 0 0 0 0 [ 169.980123][ T8114] Node 1 Normal free:3893836kB boost:0kB min:55552kB low:69440kB high:83328kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:84kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:22084kB local_pcp:11556kB free_cma:0kB [ 169.980222][ T8114] lowmem_reserve[]: 0 0 0 0 0 [ 169.980286][ T8114] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 169.980534][ T8114] Node 0 DMA32: 662*4kB (UME) 608*8kB (UME) 402*16kB (UM) 276*32kB (UME) 123*64kB (UME) 17*128kB (UME) 3*256kB (UM) 5*512kB (UME) 2*1024kB (UM) 2*2048kB (ME) 325*4096kB (M) = 1373496kB [ 169.980840][ T8114] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 169.981033][ T8114] Node 1 Normal: 195*4kB (U) 60*8kB (UME) 46*16kB (UE) 110*32kB (UME) 27*64kB (UME) 10*128kB (UM) 5*256kB (UME) 2*512kB (M) 2*1024kB (UM) 1*2048kB (U) 947*4096kB (ME) = 3893836kB [ 169.981334][ T8114] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 169.981363][ T8114] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 169.981391][ T8114] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 169.981419][ T8114] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 169.981447][ T8114] 54512 total pagecache pages [ 169.981460][ T8114] 0 pages in swap cache [ 169.981471][ T8114] Free swap = 124996kB [ 169.981484][ T8114] Total swap = 124996kB [ 169.981497][ T8114] 2097051 pages RAM [ 169.981509][ T8114] 0 pages HighMem/MovableOnly [ 169.981522][ T8114] 429962 pages reserved [ 169.981534][ T8114] 0 pages cma reserved [ 171.718559][ T8183] ICMPv6: process `syz.0.1095' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 171.920546][ T8191] random: crng reseeded on system resumption [ 173.400081][ T8250] random: crng reseeded on system resumption [ 174.491102][ T8294] binder: 8293:8294 ioctl c0306201 2000000000c0 returned -14 [ 175.186473][ T8318] vhci_hcd: invalid port number 23 [ 175.226330][ T8318] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 176.966317][ T8389] ima: policy update failed [ 176.972895][ T31] audit: type=1802 audit(1753603995.048:6): pid=8389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1197" res=0 errno=0 [ 178.772754][ T8463] delete_channel: no stack [ 178.872298][ T8467] misc userio: Invalid payload size [ 179.057094][ T8475] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 179.086319][ T8479] ptrace attach of "./syz-executor exec"[5845] was attempted by ""[8479] [ 180.841485][ T5847] Bluetooth: hci3: unexpected event 0x3e length: 728 > 260 [ 180.841529][ T5847] Bluetooth: hci3: unexpected subevent 0x03 length: 727 > 9 [ 181.074906][ T8552] sysfs_service_op_store: Client not running :-5: [ 183.508948][ T5850] Process accounting resumed [ 185.063815][ T8702] [ 185.492662][ T31] audit: type=1806 audit(1753604003.568:7): res=-14 [ 185.805941][ T8734] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 186.362042][ T8761] binder: 8760:8761 ioctl c00c6211 0 returned -14 [ 186.510722][ T5899] Process accounting resumed [ 189.232601][ T8846] bdi 43:96: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 190.200345][ T8880] vhci_hcd: invalid port number 16 [ 190.211977][ T8880] vhci_hcd: invalid port number 16 [ 192.833914][ T8992] CIFS mount error: No usable UNC path provided in device string! [ 192.833914][ T8992] [ 192.893515][ T8992] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 193.140360][ T9004] hub 1-0:1.0: USB hub found [ 193.154386][ T9004] hub 1-0:1.0: 1 port detected [ 193.682763][ T9026] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 193.699525][ T9026] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 193.745411][ T9026] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 193.778176][ T9026] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 193.822594][ T9026] page dumped because: unmovable page [ 193.843416][ T9026] page_owner info is not present (never set?) [ 194.376971][ T9052] vhci_hcd: invalid port number 23 [ 194.382201][ T9052] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 194.819429][ T9069] hub 1-0:1.0: USB hub found [ 194.826616][ T9069] hub 1-0:1.0: 1 port detected [ 194.886407][ T9073] synth uevent: /module/l2tp_ip6: unknown uevent action string [ 195.693569][ T9108] block nbd14: the capability attribute has been deprecated. [ 195.796659][ T31] audit: type=1800 audit(1753604013.878:8): pid=9111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1549" name="dbroot" dev="configfs" ino=16924 res=0 errno=0 [ 195.831472][ T9111] db_root: not a directory: /dev/audio1 [ 196.622702][ T9142] vhci_hcd: invalid port number 16 [ 196.827613][ T9149] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 204.378724][ T9494] ICMPv6: process `syz.2.1734' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 204.592229][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.599911][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 208.518819][ T9694] usb usb36: usbfs: process 9694 (syz.3.1829) did not claim interface 0 before use [ 210.641133][ T9792] kAFS: unparsable volume name [ 211.516484][ T9837] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 211.539366][ T9837] ep_00: uevent: failed to send synthetic uevent: -22 [ 212.405481][ T9882] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 215.558294][T10030] binder: 10029:10030 ioctl c0046209 0 returned -22 [ 215.928184][T10045] ACPI: Can not change Invalid GPE/Fixed Event status [ 217.463625][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 217.472810][ T5899] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 218.810187][T10176] cougar: G6 mapped to F18 [ 219.542711][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.550980][ T5899] Bluetooth: hci2: Opcode 0x0406 failed: -110 [ 220.539112][T10248] Scaler: ================= START STATUS ================= [ 220.556990][T10248] Scaler: ================== END STATUS ================== [ 221.702562][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 221.708754][ T5899] Bluetooth: hci2: Opcode 0x0406 failed: -110 [ 221.882634][T10296] Line length is too long: Should be less than 4094 [ 222.030150][ T5857] Bluetooth: hci3: command 0x0406 tx timeout [ 222.036767][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 222.043039][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 222.844226][T10336] kafs: addr_prefs: Invalid Command [ 224.916266][T10417] random: crng reseeded on system resumption [ 225.597515][T10443] usb usb24: usbfs: process 10443 (syz.3.2197) did not claim interface 0 before use [ 227.562651][T10542] writes to the poll attribute are ignored. [ 227.583033][T10542] please use driver specific parameters instead. [ 227.627476][T10546] Invalid input. Must be >= 4608 [ 227.660776][ T31] audit: type=1806 audit(1753604045.738:9): xattr="" res=-22 [ 228.439648][T10584] warning: `syz.1.2266' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 230.903489][T10674] ptp ptp0: only physical clock in use now [ 232.960457][T10747] bond0: Unable to set down delay as MII monitoring is disabled [ 233.207215][T10757] syz.1.2352 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 235.053911][T10827] XFS: irix_symlink_mode sysctl option is deprecated. [ 236.501091][T10880] block2mtd: illegal erase size [ 237.448005][T10919] delete_channel: no stack [ 237.799419][T10931] binder: 10930:10931 ioctl c0306201 2000000011c0 returned -14 [ 238.516856][T10964] kafs: addr_prefs: Too many elements in string [ 238.817985][T10976] syz.0.2458 uses obsolete (PF_INET,SOCK_PACKET) [ 239.038456][T10986] nfsd: Unknown parameter '^B-' [ 239.654062][T11005] process 'syz.1.2472' launched '/dev/fd/3' with NULL argv: empty string added [ 242.130946][T11089] QAT: failed to copy from user cfg_data. [ 243.606130][T11136] synth uevent: /devices/virtual/net/lapb1: unknown uevent action string [ 243.659047][T11136] net lapb1: uevent: failed to send synthetic uevent: -22 [ 244.277430][T11158] syz.1.2547 (11158): drop_caches: 0 [ 244.588795][T11168] bond0: option mode: unable to set because the bond device is up [ 247.098832][T11267] : Can't lookup blockdev [ 247.692528][T11290] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[11290] [ 247.935634][T11301] ecryptfs_miscdev_write: Invalid packet size [192] [ 248.145952][T11310] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 248.510845][T11329] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 249.087806][T11353] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.652630][T11382] QAT: failed to copy from user. [ 249.856589][T11394] ICMPv6: process `syz.0.2663' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 250.819783][T11440] usb usb2: usbfs: process 11440 (syz.3.2685) did not claim interface 1 before use [ 251.627310][T11482] synth uevent: /devices/virtual/block/nbd6: unknown uevent action string [ 251.638492][T11482] block nbd6: uevent: failed to send synthetic uevent: -22 [ 251.919060][T11498] __vm_enough_memory: pid: 11498, comm: syz.3.2713, bytes: 4398046511104 not enough memory for the allocation [ 253.842752][T11573] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 254.608997][ T31] audit: type=1400 audit(6048571376.681:10): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=11600 comm="syz.0.2762" [ 256.996161][T11713] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 259.759310][T11841] vivid-007: ================= START STATUS ================= [ 259.771391][T11841] vivid-007: Generate PTS: true [ 259.812461][T11841] vivid-007: Generate SCR: true [ 259.827483][T11841] tpg source WxH: 320x240 (Y'CbCr) [ 259.848032][T11841] tpg field: 1 [ 259.851507][T11841] tpg crop: (0,0)/320x240 [ 259.858180][T11841] tpg compose: (0,0)/320x240 [ 259.867947][T11841] tpg colorspace: 8 [ 259.871820][T11841] tpg transfer function: 0/0 [ 259.876978][T11841] tpg Y'CbCr encoding: 0/0 [ 259.881588][T11841] tpg quantization: 0/0 [ 259.893068][T11841] tpg RGB range: 0/2 [ 259.897681][T11841] vivid-007: ================== END STATUS ================== [ 262.684619][T11978] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 263.038859][T11996] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 263.057895][T11996] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 263.756579][T12027] openvswitch: netlink: IP tunnel dst address not specified [ 264.051268][T12040] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2960'. [ 264.169054][T12043] netlink: 'syz.1.2962': attribute type 1 has an invalid length. [ 264.277205][T12047] openvswitch: netlink: IP tunnel dst address not specified [ 265.549694][T12105] ALSA: mixer_oss: invalid OSS volume '' [ 266.028078][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.043269][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.403620][T12186] block nbd0: not configured, cannot reconfigure [ 268.172320][T12214] svc: failed to register nfsdv3 RPC service (errno 111). [ 268.194512][T12214] svc: failed to register nfsaclv3 RPC service (errno 111). [ 268.298334][T12225] ALSA: mixer_oss: invalid OSS volume '' [ 268.941317][T12251] ALSA: mixer_oss: invalid OSS volume '' [ 269.220390][T12259] svc: failed to register nfsdv3 RPC service (errno 111). [ 269.250084][T12259] svc: failed to register nfsaclv3 RPC service (errno 111). [ 269.421669][T12270] CIFS: VFS: Invalid SecurityFlags: [ 270.565859][T12308] openvswitch: netlink: Key type 261 is out of range max 32 [ 272.396253][T12384] cifs: Unknown parameter '' [ 272.548925][T12394] futex_wake_op: syz.2.3119 tries to shift op by -9; fix this program [ 272.872827][T12406] CIFS: VFS: Invalid SecurityFlags: [ 273.339225][T12423] netlink: zone id is out of range [ 273.353905][T12423] netlink: zone id is out of range [ 273.361247][T12423] netlink: zone id is out of range [ 273.372551][T12423] netlink: zone id is out of range [ 273.377905][T12423] netlink: zone id is out of range [ 273.384680][T12423] netlink: zone id is out of range [ 273.391792][T12423] netlink: zone id is out of range [ 273.397776][T12423] netlink: zone id is out of range [ 273.403321][T12423] netlink: zone id is out of range [ 274.576024][T12475] program syz.1.3165 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 274.978888][T12490] sg_read: process 1721 (syz.1.3163) changed security contexts after opening file descriptor, this is not allowed. [ 275.121270][T12494] ======================================================= [ 275.121270][T12494] WARNING: The mand mount option has been deprecated and [ 275.121270][T12494] and is ignored by this kernel. Remove the mand [ 275.121270][T12494] option from the mount to silence this warning. [ 275.121270][T12494] ======================================================= [ 275.482624][T12510] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3172'. [ 276.943090][T12563] nbd: must specify a size in bytes for the device [ 277.156854][T12572] FAULT_INJECTION: forcing a failure. [ 277.156854][T12572] name failslab, interval 1, probability 0, space 0, times 1 [ 277.216511][T12572] CPU: 1 UID: 0 PID: 12572 Comm: syz.0.3200 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 277.216574][T12572] Tainted: [U]=USER [ 277.216584][T12572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 277.216604][T12572] Call Trace: [ 277.216615][T12572] [ 277.216628][T12572] dump_stack_lvl+0x16c/0x1f0 [ 277.216670][T12572] should_fail_ex+0x512/0x640 [ 277.216702][T12572] ? fs_reclaim_acquire+0xae/0x150 [ 277.216751][T12572] should_failslab+0xc2/0x120 [ 277.216790][T12572] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 277.216826][T12572] ? security_inode_alloc+0x3b/0x2b0 [ 277.216878][T12572] security_inode_alloc+0x3b/0x2b0 [ 277.216926][T12572] inode_init_always_gfp+0xce4/0x1030 [ 277.216988][T12572] alloc_inode+0x86/0x240 [ 277.217029][T12572] new_inode+0x22/0x1c0 [ 277.217073][T12572] mqueue_get_inode+0x2e/0xdd0 [ 277.217118][T12572] mqueue_create_attr+0x261/0x440 [ 277.217165][T12572] vfs_mkobj+0x3d8/0x620 [ 277.217210][T12572] ? __pfx_mqueue_create_attr+0x10/0x10 [ 277.217255][T12572] do_mq_open+0x71e/0x8c0 [ 277.217299][T12572] ? __pfx_do_mq_open+0x10/0x10 [ 277.217348][T12572] __x64_sys_mq_open+0x155/0x1e0 [ 277.217389][T12572] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 277.217428][T12572] ? fput+0x70/0xf0 [ 277.217484][T12572] do_syscall_64+0xcd/0x490 [ 277.217521][T12572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.217560][T12572] RIP: 0033:0x7efcd618e9a9 [ 277.217586][T12572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.217618][T12572] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 277.217649][T12572] RAX: ffffffffffffffda RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 277.217671][T12572] RDX: 000000000000b9fb RSI: 00000000000061df RDI: 0000200000000040 [ 277.217690][T12572] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 277.217709][T12572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 277.217728][T12572] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 277.217770][T12572] [ 277.272969][T12575] Zero length message leads to an empty skb [ 277.485756][T12581] netlink: 'syz.0.3205': attribute type 11 has an invalid length. [ 277.505805][T12581] netlink: 'syz.0.3205': attribute type 11 has an invalid length. [ 277.515174][T12581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3205'. [ 277.524757][T12581] netlink: 67 bytes leftover after parsing attributes in process `syz.0.3205'. [ 277.536677][T12581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3205'. [ 277.595679][T12581] netlink: 200 bytes leftover after parsing attributes in process `syz.0.3205'. [ 279.807270][T12683] FAULT_INJECTION: forcing a failure. [ 279.807270][T12683] name failslab, interval 1, probability 0, space 0, times 0 [ 279.823840][T12683] CPU: 0 UID: 0 PID: 12683 Comm: syz.3.3253 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 279.823896][T12683] Tainted: [U]=USER [ 279.823907][T12683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 279.823926][T12683] Call Trace: [ 279.823937][T12683] [ 279.823951][T12683] dump_stack_lvl+0x16c/0x1f0 [ 279.823991][T12683] should_fail_ex+0x512/0x640 [ 279.824024][T12683] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 279.824065][T12683] should_failslab+0xc2/0x120 [ 279.824105][T12683] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 279.824140][T12683] ? d_instantiate+0x77/0x90 [ 279.824175][T12683] ? alloc_empty_file+0x55/0x1e0 [ 279.824224][T12683] alloc_empty_file+0x55/0x1e0 [ 279.824268][T12683] alloc_file_pseudo+0x13a/0x230 [ 279.824314][T12683] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 279.824363][T12683] ? do_raw_spin_unlock+0x172/0x230 [ 279.824432][T12683] __anon_inode_getfile+0xe8/0x280 [ 279.824494][T12683] anon_inode_getfile_fmode+0x37/0xa0 [ 279.824553][T12683] __do_sys_fanotify_init+0x96d/0xc00 [ 279.824602][T12683] do_syscall_64+0xcd/0x490 [ 279.824640][T12683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.824673][T12683] RIP: 0033:0x7f0a78f8e9a9 [ 279.824700][T12683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.824737][T12683] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 279.824768][T12683] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 279.824790][T12683] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000005 [ 279.824811][T12683] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 279.824831][T12683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.824851][T12683] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 279.824891][T12683] [ 280.178467][T12691] net_ratelimit: 68 callbacks suppressed [ 280.178493][T12691] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 280.785609][T12713] openvswitch: netlink: IP tunnel dst address not specified [ 280.816862][T12715] netlink: 'syz.0.3269': attribute type 2 has an invalid length. [ 281.975435][T12753] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 282.816972][ T31] audit: type=1107 audit(6048571404.891:11): pid=12782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 282.869362][ T31] audit: type=1107 audit(6048571404.891:12): pid=12782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 282.871705][T12785] capability: warning: `syz.1.3300' uses 32-bit capabilities (legacy support in use) [ 284.003624][T12830] netlink: 25520 bytes leftover after parsing attributes in process `syz.1.3322'. [ 284.293143][T12838] netlink: set zone limit has 8 unknown bytes [ 284.513995][T12846] nbd: couldn't find a device at index 1023 [ 285.009885][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 285.137132][T12868] .RRo\&p: entered promiscuous mode [ 285.643022][T12888] netlink: 206 bytes leftover after parsing attributes in process `syz.2.3349'. [ 286.283691][T12913] FAULT_INJECTION: forcing a failure. [ 286.283691][T12913] name failslab, interval 1, probability 0, space 0, times 0 [ 286.332448][T12913] CPU: 1 UID: 0 PID: 12913 Comm: syz.1.3361 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 286.332508][T12913] Tainted: [U]=USER [ 286.332519][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.332539][T12913] Call Trace: [ 286.332548][T12913] [ 286.332559][T12913] dump_stack_lvl+0x16c/0x1f0 [ 286.332592][T12913] should_fail_ex+0x512/0x640 [ 286.332622][T12913] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 286.332655][T12913] should_failslab+0xc2/0x120 [ 286.332688][T12913] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 286.332718][T12913] ? sock_alloc_inode+0x25/0x1c0 [ 286.332758][T12913] ? __pfx_sock_alloc_inode+0x10/0x10 [ 286.332804][T12913] sock_alloc_inode+0x25/0x1c0 [ 286.332839][T12913] alloc_inode+0x61/0x240 [ 286.332875][T12913] sock_alloc+0x40/0x280 [ 286.332920][T12913] __sock_create+0xc1/0x8d0 [ 286.332957][T12913] ? lockdep_init_map_type+0x5c/0x280 [ 286.333000][T12913] smc_create+0x15d/0x2a0 [ 286.333042][T12913] __sock_create+0x335/0x8d0 [ 286.333086][T12913] __sys_socket+0x14d/0x260 [ 286.333122][T12913] ? fput+0x70/0xf0 [ 286.333152][T12913] ? __pfx___sys_socket+0x10/0x10 [ 286.333190][T12913] ? xfd_validate_state+0x61/0x180 [ 286.333226][T12913] ? __pfx_ksys_write+0x10/0x10 [ 286.333257][T12913] __x64_sys_socket+0x72/0xb0 [ 286.333294][T12913] ? lockdep_hardirqs_on+0x7c/0x110 [ 286.333320][T12913] do_syscall_64+0xcd/0x490 [ 286.333349][T12913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.333377][T12913] RIP: 0033:0x7f3c0d58e9a9 [ 286.333398][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.333423][T12913] RSP: 002b:00007f3c0e4a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 286.333448][T12913] RAX: ffffffffffffffda RBX: 00007f3c0d7b5fa0 RCX: 00007f3c0d58e9a9 [ 286.333466][T12913] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 286.333482][T12913] RBP: 00007f3c0d610d69 R08: 0000000000000000 R09: 0000000000000000 [ 286.333498][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.333514][T12913] R13: 0000000000000000 R14: 00007f3c0d7b5fa0 R15: 00007fff9b2e1c78 [ 286.333546][T12913] [ 286.333612][T12913] socket: no more sockets [ 286.831020][T12919] FAULT_INJECTION: forcing a failure. [ 286.831020][T12919] name fail_futex, interval 1, probability 0, space 0, times 1 [ 286.922516][T12919] CPU: 0 UID: 0 PID: 12919 Comm: syz.2.3363 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 286.922571][T12919] Tainted: [U]=USER [ 286.922581][T12919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.922600][T12919] Call Trace: [ 286.922610][T12919] [ 286.922623][T12919] dump_stack_lvl+0x16c/0x1f0 [ 286.922662][T12919] should_fail_ex+0x512/0x640 [ 286.922713][T12919] get_futex_key+0x1d0/0x1540 [ 286.922758][T12919] ? __pfx_get_futex_key+0x10/0x10 [ 286.922801][T12919] ? __destroy_inode+0x2e4/0x730 [ 286.922840][T12919] ? __pfx_sock_free_inode+0x10/0x10 [ 286.922889][T12919] futex_wake+0xe7/0x4e0 [ 286.922937][T12919] ? __pfx_evict+0x10/0x10 [ 286.922973][T12919] ? __pfx_futex_wake+0x10/0x10 [ 286.923024][T12919] ? iput+0x519/0x880 [ 286.923070][T12919] do_futex+0x1e3/0x350 [ 286.923109][T12919] ? __pfx_do_futex+0x10/0x10 [ 286.923148][T12919] ? __sock_release+0x20b/0x270 [ 286.923195][T12919] __x64_sys_futex+0x1e0/0x4c0 [ 286.923238][T12919] ? __sys_socket+0xac/0x260 [ 286.923284][T12919] ? fput+0x70/0xf0 [ 286.923337][T12919] ? __pfx___x64_sys_futex+0x10/0x10 [ 286.923377][T12919] ? xfd_validate_state+0x61/0x180 [ 286.923418][T12919] ? __pfx_ksys_write+0x10/0x10 [ 286.923461][T12919] do_syscall_64+0xcd/0x490 [ 286.923498][T12919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.923530][T12919] RIP: 0033:0x7f0294f8e9a9 [ 286.923556][T12919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.923586][T12919] RSP: 002b:00007f0295d490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 286.923615][T12919] RAX: ffffffffffffffda RBX: 00007f02951b5fa8 RCX: 00007f0294f8e9a9 [ 286.923637][T12919] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f02951b5fac [ 286.923657][T12919] RBP: 00007f02951b5fa0 R08: 00007f0295d4a000 R09: 0000000000000000 [ 286.923676][T12919] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f02951b5fac [ 286.923696][T12919] R13: 0000000000000000 R14: 00007ffd8427d950 R15: 00007ffd8427da38 [ 286.923763][T12919] [ 288.061064][T12966] openvswitch: netlink: IP tunnel dst address not specified [ 289.491059][T13012] futex_wake_op: syz.0.3404 tries to shift op by 64; fix this program [ 289.730017][T12994] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 289.764795][T12994] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 289.809159][T12994] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 289.835196][T12994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 289.851662][T12994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 289.869271][T12994] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 289.902566][T12994] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 290.700903][ T31] audit: type=1800 audit(6048571412.771:13): pid=13052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3424" name="lu_gp_id" dev="configfs" ino=29688 res=0 errno=0 [ 290.982946][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 291.865375][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 291.942702][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 293.062673][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 293.942662][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 294.023504][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 294.237613][T13182] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 294.243141][T13180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3480'. [ 296.022500][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 296.405981][T13264] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3517'. [ 296.589485][T13270] tc_dump_action: action bad kind [ 297.070387][T13296] netlink: 'syz.1.3532': attribute type 1 has an invalid length. [ 298.130529][T13339] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 300.204180][T13424] device-mapper: ioctl: only supply one of name or uuid, cmd(11) [ 301.212648][T13466] nbd: must specify at least one socket [ 301.661150][T13485] input input20: cannot allocate more than FF_MAX_EFFECTS effects [ 301.843272][T13489] FAULT_INJECTION: forcing a failure. [ 301.843272][T13489] name failslab, interval 1, probability 0, space 0, times 0 [ 301.860001][T13489] CPU: 0 UID: 0 PID: 13489 Comm: syz.1.3622 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 301.860055][T13489] Tainted: [U]=USER [ 301.860065][T13489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 301.860086][T13489] Call Trace: [ 301.860096][T13489] [ 301.860108][T13489] dump_stack_lvl+0x16c/0x1f0 [ 301.860149][T13489] should_fail_ex+0x512/0x640 [ 301.860182][T13489] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 301.860224][T13489] should_failslab+0xc2/0x120 [ 301.860262][T13489] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 301.860298][T13489] ? mqueue_alloc_inode+0x25/0x50 [ 301.860343][T13489] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 301.860379][T13489] mqueue_alloc_inode+0x25/0x50 [ 301.860416][T13489] alloc_inode+0x61/0x240 [ 301.860456][T13489] new_inode+0x22/0x1c0 [ 301.860500][T13489] mqueue_get_inode+0x2e/0xdd0 [ 301.860544][T13489] mqueue_create_attr+0x261/0x440 [ 301.860590][T13489] vfs_mkobj+0x3d8/0x620 [ 301.860634][T13489] ? __pfx_mqueue_create_attr+0x10/0x10 [ 301.860679][T13489] do_mq_open+0x71e/0x8c0 [ 301.860731][T13489] ? __pfx_do_mq_open+0x10/0x10 [ 301.860780][T13489] __x64_sys_mq_open+0x155/0x1e0 [ 301.860823][T13489] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 301.860862][T13489] ? fput+0x70/0xf0 [ 301.860919][T13489] do_syscall_64+0xcd/0x490 [ 301.860956][T13489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.860989][T13489] RIP: 0033:0x7f3c0d58e9a9 [ 301.861014][T13489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.861045][T13489] RSP: 002b:00007f3c0e4a5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 301.861076][T13489] RAX: ffffffffffffffda RBX: 00007f3c0d7b5fa0 RCX: 00007f3c0d58e9a9 [ 301.861096][T13489] RDX: 000000000000b9fb RSI: 00000000000061df RDI: 0000200000000040 [ 301.861116][T13489] RBP: 00007f3c0d610d69 R08: 0000000000000000 R09: 0000000000000000 [ 301.861135][T13489] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 301.861154][T13489] R13: 0000000000000000 R14: 00007f3c0d7b5fa0 R15: 00007fff9b2e1c78 [ 301.861195][T13489] [ 302.856803][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3638'. [ 303.660465][T13558] misc userio: No port type given on /dev/userio [ 303.907409][T13568] FAULT_INJECTION: forcing a failure. [ 303.907409][T13568] name failslab, interval 1, probability 0, space 0, times 0 [ 303.971837][T13568] CPU: 1 UID: 0 PID: 13568 Comm: syz.3.3657 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 303.971894][T13568] Tainted: [U]=USER [ 303.971905][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 303.971930][T13568] Call Trace: [ 303.971940][T13568] [ 303.971957][T13568] dump_stack_lvl+0x16c/0x1f0 [ 303.971998][T13568] should_fail_ex+0x512/0x640 [ 303.972033][T13568] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 303.972074][T13568] should_failslab+0xc2/0x120 [ 303.972116][T13568] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 303.972154][T13568] ? __d_alloc+0x31/0xaa0 [ 303.972206][T13568] __d_alloc+0x31/0xaa0 [ 303.972246][T13568] d_alloc_pseudo+0x1c/0xc0 [ 303.972300][T13568] alloc_file_pseudo+0xcf/0x230 [ 303.972367][T13568] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 303.972422][T13568] __shmem_file_setup+0x1a3/0x330 [ 303.972478][T13568] shmem_zero_setup+0x93/0x1a0 [ 303.972515][T13568] __mmap_region+0x1ece/0x25e0 [ 303.972577][T13568] ? __pfx___mmap_region+0x10/0x10 [ 303.972610][T13568] ? rcu_is_watching+0x12/0xc0 [ 303.972651][T13568] ? rcu_is_watching+0x12/0xc0 [ 303.972684][T13568] ? trace_sched_exit_tp+0xde/0x130 [ 303.972726][T13568] ? __schedule+0x1181/0x5dd0 [ 303.972783][T13568] ? __lock_acquire+0xb8a/0x1c90 [ 303.972844][T13568] ? __pfx___schedule+0x10/0x10 [ 303.972943][T13568] ? trace_cap_capable+0x18d/0x200 [ 303.972998][T13568] mmap_region+0x1ab/0x3f0 [ 303.973051][T13568] ? __get_unmapped_area+0x267/0x440 [ 303.973102][T13568] do_mmap+0xa3e/0x1210 [ 303.973155][T13568] ? __pfx_do_mmap+0x10/0x10 [ 303.973201][T13568] ? __pfx_down_write_killable+0x10/0x10 [ 303.973251][T13568] vm_mmap_pgoff+0x281/0x450 [ 303.973312][T13568] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 303.973365][T13568] ? __x64_sys_futex+0x1e0/0x4c0 [ 303.973403][T13568] ? __x64_sys_futex+0x1e9/0x4c0 [ 303.973450][T13568] ksys_mmap_pgoff+0x7d/0x5c0 [ 303.973493][T13568] ? xfd_validate_state+0x61/0x180 [ 303.973538][T13568] ? __pfx_ksys_write+0x10/0x10 [ 303.973576][T13568] __x64_sys_mmap+0x125/0x190 [ 303.973631][T13568] do_syscall_64+0xcd/0x490 [ 303.973668][T13568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.973702][T13568] RIP: 0033:0x7f0a78f8e9a9 [ 303.973729][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.973760][T13568] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 303.973791][T13568] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 303.973813][T13568] RDX: 00004000004000df RSI: 0000000000020009 RDI: 0000000000000000 [ 303.973832][T13568] RBP: 00007f0a79010d69 R08: 0000000000000003 R09: 0000000000008000 [ 303.973851][T13568] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 303.973871][T13568] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 303.973914][T13568] [ 305.551029][T13626] sctp: [Deprecated]: syz.2.3683 (pid 13626) Use of int in max_burst socket option deprecated. [ 305.551029][T13626] Use struct sctp_assoc_value instead [ 307.093626][T13674] openvswitch: netlink: Multiple metadata blocks provided [ 308.242283][T13715] netlink: 'syz.0.3725': attribute type 2 has an invalid length. [ 308.250819][T13715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3725'. [ 308.410464][T13723] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 308.910112][T13746] CIFS: VFS: Invalid SecurityFlags: [ 309.471464][T13768] sd 0:0:1:0: PR command failed: 1026 [ 309.502471][T13768] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 309.509290][T13768] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 310.349575][T13804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3765'. [ 310.803551][T13818] hub 1-0:1.0: USB hub found [ 310.809436][T13818] hub 1-0:1.0: 1 port detected [ 311.418298][T13845] netlink: 'syz.2.3784': attribute type 1 has an invalid length. [ 311.698730][T13857] openvswitch: netlink: Message has 4 unknown bytes. [ 314.769408][T13988] random: crng reseeded on system resumption [ 315.739319][T14034] blktrace: Concurrent blktraces are not allowed on loop2 [ 315.953748][T14044] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 316.666716][T14070] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3890'. [ 316.692749][T14070] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3890'. [ 317.409780][T14103] openvswitch: netlink: IP tunnel dst address not specified [ 317.769882][T14115] netlink: 'syz.1.3910': attribute type 4 has an invalid length. [ 317.808937][T14115] netlink: 'syz.1.3910': attribute type 1 has an invalid length. [ 318.530629][T14145] netlink: 'syz.1.3923': attribute type 2 has an invalid length. [ 318.911008][T14161] FAULT_INJECTION: forcing a failure. [ 318.911008][T14161] name failslab, interval 1, probability 0, space 0, times 0 [ 318.942837][T14161] CPU: 1 UID: 0 PID: 14161 Comm: syz.2.3933 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 318.942895][T14161] Tainted: [U]=USER [ 318.942907][T14161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 318.942927][T14161] Call Trace: [ 318.942938][T14161] [ 318.942950][T14161] dump_stack_lvl+0x16c/0x1f0 [ 318.942990][T14161] should_fail_ex+0x512/0x640 [ 318.943024][T14161] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 318.943079][T14161] should_failslab+0xc2/0x120 [ 318.943125][T14161] __kmalloc_cache_noprof+0x6a/0x3e0 [ 318.943179][T14161] ? key_user_lookup+0x169/0x560 [ 318.943239][T14161] ? key_user_lookup+0x195/0x560 [ 318.943311][T14161] key_user_lookup+0x195/0x560 [ 318.943363][T14161] ? __pfx_key_user_lookup+0x10/0x10 [ 318.943415][T14161] ? bpf_lsm_capable+0x9/0x10 [ 318.943461][T14161] ? security_capable+0x7e/0x260 [ 318.943512][T14161] keyctl_chown_key+0x605/0xfb0 [ 318.943557][T14161] ? __x64_sys_futex+0x1e0/0x4c0 [ 318.943613][T14161] ? __x64_sys_futex+0x1e9/0x4c0 [ 318.943658][T14161] ? __pfx_keyctl_chown_key+0x10/0x10 [ 318.943703][T14161] ? xfd_validate_state+0x61/0x180 [ 318.943748][T14161] ? __pfx_ksys_write+0x10/0x10 [ 318.943788][T14161] __do_sys_keyctl+0x283/0x590 [ 318.943835][T14161] do_syscall_64+0xcd/0x490 [ 318.943873][T14161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.943919][T14161] RIP: 0033:0x7f0294f8e9a9 [ 318.943945][T14161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.943976][T14161] RSP: 002b:00007f0295d49038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 318.944006][T14161] RAX: ffffffffffffffda RBX: 00007f02951b5fa0 RCX: 00007f0294f8e9a9 [ 318.944027][T14161] RDX: 0000000000000006 RSI: 00000000fffffffe RDI: 0000000000000004 [ 318.944047][T14161] RBP: 00007f0295010d69 R08: 000000000000000e R09: 0000000000000000 [ 318.944066][T14161] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 318.944086][T14161] R13: 0000000000000000 R14: 00007f02951b5fa0 R15: 00007ffd8427da38 [ 318.944128][T14161] [ 320.273787][T14204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.305462][T14204] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.168243][T14262] svc: failed to register nfsdv3 RPC service (errno 111). [ 322.179092][T14262] svc: failed to register nfsaclv3 RPC service (errno 111). [ 322.479863][T14279] perf: Dynamic interrupt throttling disabled, can hang your system! [ 323.030018][T14303] FAULT_INJECTION: forcing a failure. [ 323.030018][T14303] name failslab, interval 1, probability 0, space 0, times 0 [ 323.043555][T14303] CPU: 0 UID: 0 PID: 14303 Comm: syz.0.3997 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 323.043608][T14303] Tainted: [U]=USER [ 323.043619][T14303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 323.043637][T14303] Call Trace: [ 323.043647][T14303] [ 323.043658][T14303] dump_stack_lvl+0x16c/0x1f0 [ 323.043698][T14303] should_fail_ex+0x512/0x640 [ 323.043730][T14303] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 323.043768][T14303] should_failslab+0xc2/0x120 [ 323.043807][T14303] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 323.043839][T14303] ? trace_cap_capable+0x18d/0x200 [ 323.043890][T14303] ? create_new_namespaces+0x30/0xa90 [ 323.043935][T14303] create_new_namespaces+0x30/0xa90 [ 323.043972][T14303] ? bpf_lsm_capable+0x9/0x10 [ 323.044031][T14303] ? security_capable+0x7e/0x260 [ 323.044076][T14303] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 323.044117][T14303] ksys_unshare+0x45b/0xa40 [ 323.044163][T14303] ? __pfx_ksys_unshare+0x10/0x10 [ 323.044208][T14303] ? xfd_validate_state+0x61/0x180 [ 323.044264][T14303] __x64_sys_unshare+0x31/0x40 [ 323.044309][T14303] do_syscall_64+0xcd/0x490 [ 323.044345][T14303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.044376][T14303] RIP: 0033:0x7efcd618e9a9 [ 323.044402][T14303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.044433][T14303] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 323.044462][T14303] RAX: ffffffffffffffda RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 323.044483][T14303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 323.044502][T14303] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 323.044521][T14303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.044540][T14303] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 323.044579][T14303] [ 323.299134][T14308] FAULT_INJECTION: forcing a failure. [ 323.299134][T14308] name failslab, interval 1, probability 0, space 0, times 0 [ 323.343750][T14308] CPU: 0 UID: 0 PID: 14308 Comm: syz.3.3999 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 323.343805][T14308] Tainted: [U]=USER [ 323.343815][T14308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 323.343834][T14308] Call Trace: [ 323.343845][T14308] [ 323.343866][T14308] dump_stack_lvl+0x16c/0x1f0 [ 323.343907][T14308] should_fail_ex+0x512/0x640 [ 323.343947][T14308] should_failslab+0xc2/0x120 [ 323.343988][T14308] __kmalloc_cache_noprof+0x6a/0x3e0 [ 323.344041][T14308] ? proc_thread_self_get_link+0x1c6/0x240 [ 323.344102][T14308] proc_thread_self_get_link+0x1c6/0x240 [ 323.344155][T14308] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 323.344207][T14308] step_into+0x195e/0x2270 [ 323.344262][T14308] ? __pfx_step_into+0x10/0x10 [ 323.344312][T14308] ? lookup_fast+0x156/0x610 [ 323.344364][T14308] walk_component+0xfc/0x5b0 [ 323.344414][T14308] link_path_walk+0x627/0xe20 [ 323.344476][T14308] path_openat+0x1b0/0x2cb0 [ 323.344504][T14308] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.344551][T14308] ? __pfx_path_openat+0x10/0x10 [ 323.344584][T14308] ? __lock_acquire+0xb8a/0x1c90 [ 323.344633][T14308] do_filp_open+0x20b/0x470 [ 323.344664][T14308] ? __pfx_do_filp_open+0x10/0x10 [ 323.344725][T14308] ? alloc_fd+0x471/0x7d0 [ 323.344784][T14308] do_sys_openat2+0x11b/0x1d0 [ 323.344826][T14308] ? __pfx_do_sys_openat2+0x10/0x10 [ 323.344895][T14308] __x64_sys_openat+0x174/0x210 [ 323.344941][T14308] ? __pfx___x64_sys_openat+0x10/0x10 [ 323.345003][T14308] do_syscall_64+0xcd/0x490 [ 323.345041][T14308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.345073][T14308] RIP: 0033:0x7f0a78f8e9a9 [ 323.345099][T14308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.345129][T14308] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 323.345159][T14308] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 323.345180][T14308] RDX: 0000000000040002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 323.345197][T14308] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 323.345214][T14308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.345230][T14308] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 323.345265][T14308] syzkaller syzkaller login: [ 323.840738][T14320] netlink: 'syz.3.4005': attribute type 11 has an invalid length. [ 323.971069][T14324] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4006'. [ 324.011490][T14326] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 324.222218][T14335] MTRR 1 not used [ 324.243619][T14334] vhci_hcd: vhci_device speed not set [ 325.328095][T14388] FAULT_INJECTION: forcing a failure. [ 325.328095][T14388] name failslab, interval 1, probability 0, space 0, times 0 [ 325.407275][T14388] CPU: 0 UID: 0 PID: 14388 Comm: syz.0.4036 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 325.407333][T14388] Tainted: [U]=USER [ 325.407345][T14388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 325.407364][T14388] Call Trace: [ 325.407375][T14388] [ 325.407388][T14388] dump_stack_lvl+0x16c/0x1f0 [ 325.407434][T14388] should_fail_ex+0x512/0x640 [ 325.407467][T14388] ? __kmalloc_noprof+0xbf/0x510 [ 325.407505][T14388] ? kstrdup_quotable+0xc2/0x190 [ 325.407547][T14388] should_failslab+0xc2/0x120 [ 325.407585][T14388] __kmalloc_noprof+0xd2/0x510 [ 325.407620][T14388] kstrdup_quotable+0xc2/0x190 [ 325.407657][T14388] ? __pfx_kstrdup_quotable+0x10/0x10 [ 325.407694][T14388] ? get_cmdline+0x86/0x380 [ 325.407733][T14388] kstrdup_quotable_cmdline+0x127/0x210 [ 325.407774][T14388] __report_access+0x77/0x3c0 [ 325.407813][T14388] ? _raw_spin_unlock_irq+0x23/0x50 [ 325.407857][T14388] task_work_run+0x14d/0x240 [ 325.407901][T14388] ? __pfx_task_work_run+0x10/0x10 [ 325.407954][T14388] exit_to_user_mode_loop+0xeb/0x110 [ 325.407999][T14388] do_syscall_64+0x3f6/0x490 [ 325.408030][T14388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.408057][T14388] RIP: 0033:0x7efcd618e9a9 [ 325.408078][T14388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.408103][T14388] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 325.408129][T14388] RAX: ffffffffffffffff RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 325.408146][T14388] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 325.408162][T14388] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 325.408177][T14388] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000 [ 325.408193][T14388] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 325.408225][T14388] [ 325.408256][T14388] ptrace attach of "./syz-executor exec"[5845] was attempted by "(null)"[14388] [ 325.453861][T14392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4038'. [ 326.617834][T14437] netlink: 'syz.0.4057': attribute type 11 has an invalid length. [ 327.087909][T14457] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 327.259627][T14464] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4069'. syzkaller syzkaller login: [ 327.444170][T14472] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 327.467656][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.492792][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.313919][T14545] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 333.522536][T14677] dump_stack_lvl+0x16c/0x1f0 [ 333.522575][T14677] should_fail_ex+0x512/0x640 [ 333.522609][T14677] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 333.522648][T14677] should_failslab+0xc2/0x120 [ 333.522687][T14677] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 333.522729][T14677] ? inode_set_ctime_current+0x2a1/0x8f0 [ 333.522768][T14677] ? __d_alloc+0x31/0xaa0 [ 333.522807][T14677] __d_alloc+0x31/0xaa0 [ 333.522847][T14677] d_alloc_pseudo+0x1c/0xc0 [ 333.522890][T14677] alloc_file_pseudo+0xcf/0x230 [ 333.522935][T14677] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 333.522980][T14677] ? hugetlbfs_get_inode+0x31f/0x730 [ 333.523027][T14677] hugetlb_file_setup+0x4cd/0x620 [ 333.523075][T14677] ksys_mmap_pgoff+0x189/0x5c0 [ 333.523125][T14677] __x64_sys_mmap+0x125/0x190 [ 333.523177][T14677] do_syscall_64+0xcd/0x490 [ 333.523215][T14677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.523248][T14677] RIP: 0033:0x7f0a78f8e9a9 [ 333.523273][T14677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.523305][T14677] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 333.523336][T14677] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 333.523358][T14677] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000000000 [ 333.523377][T14677] RBP: 00007f0a79010d69 R08: 0000000000000602 R09: 0000300000000000 [ 333.523398][T14677] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 333.523417][T14677] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 333.523456][T14677] [ 335.904820][T14756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4196'. [ 336.223994][T14763] FAULT_INJECTION: forcing a failure. [ 336.223994][T14763] name failslab, interval 1, probability 0, space 0, times 0 [ 336.255347][T14763] CPU: 1 UID: 0 PID: 14763 Comm: syz.0.4201 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 336.255397][T14763] Tainted: [U]=USER [ 336.255407][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 336.255425][T14763] Call Trace: [ 336.255434][T14763] [ 336.255445][T14763] dump_stack_lvl+0x16c/0x1f0 [ 336.255480][T14763] should_fail_ex+0x512/0x640 [ 336.255519][T14763] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 336.255554][T14763] should_failslab+0xc2/0x120 [ 336.255588][T14763] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 336.255617][T14763] ? __kernfs_iattrs+0xbc/0x3f0 [ 336.255665][T14763] __kernfs_iattrs+0xbc/0x3f0 [ 336.255709][T14763] __kernfs_setattr+0x4d/0x3c0 [ 336.255756][T14763] kernfs_iop_setattr+0xda/0x120 [ 336.255801][T14763] ? __pfx_kernfs_iop_setattr+0x10/0x10 [ 336.255843][T14763] notify_change+0x6a6/0x1230 [ 336.255891][T14763] do_truncate+0x1d7/0x230 [ 336.255920][T14763] ? __pfx_do_truncate+0x10/0x10 [ 336.255959][T14763] ? mnt_get_write_access+0x20c/0x300 [ 336.256001][T14763] vfs_truncate+0x5d6/0x6e0 [ 336.256031][T14763] ? __pfx_vfs_truncate+0x10/0x10 [ 336.256061][T14763] ? putname+0x154/0x1a0 [ 336.256098][T14763] __x64_sys_truncate+0x172/0x1e0 [ 336.256128][T14763] ? __pfx___x64_sys_truncate+0x10/0x10 [ 336.256169][T14763] do_syscall_64+0xcd/0x490 [ 336.256201][T14763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.256230][T14763] RIP: 0033:0x7efcd618e9a9 [ 336.256252][T14763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.256280][T14763] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 336.256307][T14763] RAX: ffffffffffffffda RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 336.256326][T14763] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000040 [ 336.256343][T14763] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 336.256360][T14763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.256376][T14763] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 336.256412][T14763] [ 338.945676][T14839] FAULT_INJECTION: forcing a failure. [ 338.945676][T14839] name failslab, interval 1, probability 0, space 0, times 0 [ 339.012422][T14839] CPU: 0 UID: 0 PID: 14839 Comm: syz.1.4233 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 339.012477][T14839] Tainted: [U]=USER [ 339.012487][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 339.012505][T14839] Call Trace: [ 339.012515][T14839] [ 339.012527][T14839] dump_stack_lvl+0x16c/0x1f0 [ 339.012565][T14839] should_fail_ex+0x512/0x640 [ 339.012598][T14839] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 339.012637][T14839] should_failslab+0xc2/0x120 [ 339.012675][T14839] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 339.012710][T14839] ? __d_alloc+0x31/0xaa0 [ 339.012748][T14839] __d_alloc+0x31/0xaa0 [ 339.012786][T14839] d_alloc_pseudo+0x1c/0xc0 [ 339.012830][T14839] alloc_file_pseudo+0xcf/0x230 [ 339.012876][T14839] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 339.012920][T14839] ? alloc_fd+0x471/0x7d0 [ 339.012978][T14839] sock_alloc_file+0x50/0x210 [ 339.013035][T14839] __sys_socket+0x1c0/0x260 [ 339.013081][T14839] ? fput+0x70/0xf0 [ 339.013118][T14839] ? __pfx___sys_socket+0x10/0x10 [ 339.013165][T14839] ? xfd_validate_state+0x61/0x180 [ 339.013209][T14839] ? __pfx_ksys_write+0x10/0x10 [ 339.013248][T14839] __x64_sys_socket+0x72/0xb0 [ 339.013293][T14839] ? lockdep_hardirqs_on+0x7c/0x110 [ 339.013332][T14839] do_syscall_64+0xcd/0x490 [ 339.013370][T14839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.013403][T14839] RIP: 0033:0x7f3c0d58e9a9 [ 339.013429][T14839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.013459][T14839] RSP: 002b:00007f3c0e4a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 339.013489][T14839] RAX: ffffffffffffffda RBX: 00007f3c0d7b5fa0 RCX: 00007f3c0d58e9a9 [ 339.013508][T14839] RDX: 0000000000000000 RSI: 0000000000080003 RDI: 0000000000000011 [ 339.013527][T14839] RBP: 00007f3c0d610d69 R08: 0000000000000000 R09: 0000000000000000 [ 339.013545][T14839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.013562][T14839] R13: 0000000000000000 R14: 00007f3c0d7b5fa0 R15: 00007fff9b2e1c78 [ 339.013599][T14839] [ 339.520603][T14850] netlink: 'syz.2.4238': attribute type 2 has an invalid length. [ 341.624654][T14911] : entered promiscuous mode [ 341.782244][T14915] perf: Dynamic interrupt throttling disabled, can hang your system! [ 342.028434][T14926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4274'. [ 342.082949][T14929] netlink: 'syz.2.4275': attribute type 1 has an invalid length. [ 342.652963][T14948] zero sized request [ 342.706105][T14950] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4285'. [ 344.045927][T15000] Console: switching to colour VGA+ 80x25 [ 344.239981][T15008] openvswitch: netlink: Missing valid actions attribute. [ 345.932643][T15064] netlink: 'syz.1.4336': attribute type 1 has an invalid length. [ 347.233133][T15118] FAULT_INJECTION: forcing a failure. [ 347.233133][T15118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 347.271046][T15118] CPU: 0 UID: 0 PID: 15118 Comm: syz.2.4361 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 347.271104][T15118] Tainted: [U]=USER [ 347.271115][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 347.271136][T15118] Call Trace: [ 347.271147][T15118] [ 347.271160][T15118] dump_stack_lvl+0x16c/0x1f0 [ 347.271201][T15118] should_fail_ex+0x512/0x640 [ 347.271243][T15118] should_fail_alloc_page+0xe7/0x130 [ 347.271288][T15118] prepare_alloc_pages+0x3c2/0x610 [ 347.271343][T15118] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 347.271391][T15118] ? rcu_is_watching+0x12/0xc0 [ 347.271427][T15118] ? trace_kmem_cache_alloc+0x28/0xc0 [ 347.271470][T15118] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 347.271507][T15118] ? mas_alloc_nodes+0x18b/0x8b0 [ 347.271562][T15118] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 347.271599][T15118] ? mas_alloc_nodes+0x4b0/0x8b0 [ 347.271652][T15118] ? mas_destroy+0x5de/0xa20 [ 347.271702][T15118] ? mas_store_prealloc+0x7f1/0x1680 [ 347.271745][T15118] ? __pfx_perf_event_mmap+0x10/0x10 [ 347.271792][T15118] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 347.271859][T15118] ? policy_nodemask+0xea/0x4e0 [ 347.271902][T15118] alloc_pages_mpol+0x1fb/0x550 [ 347.271943][T15118] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 347.272006][T15118] alloc_pages_noprof+0x131/0x390 [ 347.272045][T15118] __pmd_alloc+0x3b/0x930 [ 347.272092][T15118] __handle_mm_fault+0xaac/0x5490 [ 347.272155][T15118] ? __pfx___handle_mm_fault+0x10/0x10 [ 347.272237][T15118] handle_mm_fault+0x589/0xd10 [ 347.272315][T15118] __get_user_pages+0x589/0x3b80 [ 347.272376][T15118] ? __pfx_mt_find+0x10/0x10 [ 347.272413][T15118] ? __pfx___get_user_pages+0x10/0x10 [ 347.272475][T15118] populate_vma_page_range+0x278/0x3a0 [ 347.272527][T15118] ? __pfx_populate_vma_page_range+0x10/0x10 [ 347.272575][T15118] ? __pfx_find_vma_intersection+0x10/0x10 [ 347.272624][T15118] ? do_mmap+0x69c/0x1210 [ 347.272672][T15118] __mm_populate+0x1d8/0x380 [ 347.272720][T15118] ? __pfx___mm_populate+0x10/0x10 [ 347.272781][T15118] ? up_write+0x1b2/0x520 [ 347.272847][T15118] vm_mmap_pgoff+0x362/0x450 [ 347.272895][T15118] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 347.272948][T15118] ? __x64_sys_futex+0x1e0/0x4c0 [ 347.272989][T15118] ? __x64_sys_futex+0x1e9/0x4c0 [ 347.273036][T15118] ksys_mmap_pgoff+0x7d/0x5c0 [ 347.273079][T15118] ? xfd_validate_state+0x61/0x180 [ 347.273124][T15118] ? __pfx_ksys_write+0x10/0x10 [ 347.273161][T15118] __x64_sys_mmap+0x125/0x190 [ 347.273214][T15118] do_syscall_64+0xcd/0x490 [ 347.273252][T15118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.273286][T15118] RIP: 0033:0x7f0294f8e9a9 [ 347.273314][T15118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.273346][T15118] RSP: 002b:00007f0295d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 347.273377][T15118] RAX: ffffffffffffffda RBX: 00007f02951b5fa0 RCX: 00007f0294f8e9a9 [ 347.273399][T15118] RDX: 0000001000000004 RSI: 0000000000000008 RDI: 0000000000000000 [ 347.273419][T15118] RBP: 00007f0295010d69 R08: 0000000000000002 R09: 0000000000008000 [ 347.273440][T15118] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 347.273461][T15118] R13: 0000000000000000 R14: 00007f02951b5fa0 R15: 00007ffd8427da38 [ 347.273503][T15118] [ 348.072531][T15135] netlink: 'syz.3.4369': attribute type 1 has an invalid length. [ 348.949927][T15175] .^: entered promiscuous mode [ 349.010910][ T5847] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 349.010959][ T5847] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 349.027276][ T5847] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 349.027355][ T5847] Bluetooth: hci1: adv larger than maximum supported [ 349.035853][ T5847] Bluetooth: hci1: adv larger than maximum supported [ 349.042729][ T5847] Bluetooth: hci1: Malformed LE Event: 0x0d [ 349.206148][T15184] openvswitch: netlink: IP tunnel TTL not specified. [ 350.695464][T15239] netlink: 'syz.1.4419': attribute type 2 has an invalid length. [ 350.850055][T15242] ima: policy update failed [ 350.865203][ T31] audit: type=1802 audit(6048571472.931:15): pid=15242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4421" res=0 errno=0 [ 351.055824][T15248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.089043][T15292] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 352.096613][T15292] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 352.210081][T15294] netlink: zone id is out of range [ 352.221525][T15294] netlink: zone id is out of range [ 352.228812][T15294] netlink: zone id is out of range [ 352.240799][T15294] netlink: zone id is out of range [ 352.247986][T15294] netlink: zone id is out of range [ 352.256854][T15294] netlink: zone id is out of range [ 352.262166][T15294] netlink: zone id is out of range [ 352.289185][T15294] netlink: zone id is out of range [ 352.660827][T15312] .SR: entered promiscuous mode [ 353.157560][T15318] syz.0.4458 (15318) used greatest stack depth: 19784 bytes left [ 353.426583][T15337] netlink: 'syz.0.4466': attribute type 1 has an invalid length. [ 353.587289][T15343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4471'. [ 353.958391][T15363] netlink: 'syz.2.4479': attribute type 1 has an invalid length. [ 354.800830][T15391] netlink: 'syz.2.4490': attribute type 1 has an invalid length. [ 355.846389][T15421] .SR: entered promiscuous mode [ 356.504935][T15442] netlink: 'syz.3.4509': attribute type 2 has an invalid length. [ 357.775007][T15487] nbd: illegal input index -5 [ 358.603097][T15518] nfs4: Unknown parameter 'nfsd' [ 359.352450][T15534] batman_adv: Routing algorithm '' is not supported [ 359.362610][T15541] net_ratelimit: 7 callbacks suppressed [ 359.362636][T15541] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 360.531101][T15567] delete_channel: no stack [ 360.847977][T15577] netlink: 'syz.0.4575': attribute type 1 has an invalid length. [ 362.482701][T15646] netlink: zone id is out of range [ 362.509435][T15646] netlink: zone id is out of range [ 362.514816][T15646] netlink: zone id is out of range [ 362.519986][T15646] netlink: zone id is out of range [ 362.531305][T15646] netlink: zone id is out of range [ 362.545440][T15646] netlink: zone id is out of range [ 362.551955][T15646] netlink: zone id is out of range [ 362.559957][T15646] netlink: zone id is out of range [ 362.577692][T15646] netlink: zone id is out of range [ 364.771518][T15734] FAULT_INJECTION: forcing a failure. [ 364.771518][T15734] name failslab, interval 1, probability 0, space 0, times 0 [ 364.789375][T15734] CPU: 1 UID: 0 PID: 15734 Comm: syz.3.4645 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 364.789432][T15734] Tainted: [U]=USER [ 364.789444][T15734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 364.789464][T15734] Call Trace: [ 364.789474][T15734] [ 364.789487][T15734] dump_stack_lvl+0x16c/0x1f0 [ 364.789541][T15734] should_fail_ex+0x512/0x640 [ 364.789574][T15734] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 364.789611][T15734] should_failslab+0xc2/0x120 [ 364.789646][T15734] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 364.789677][T15734] ? kcm_create+0x11e/0x690 [ 364.789727][T15734] kcm_create+0x11e/0x690 [ 364.789775][T15734] __sock_create+0x335/0x8d0 [ 364.789826][T15734] __sys_socket+0x14d/0x260 [ 364.789868][T15734] ? fput+0x70/0xf0 [ 364.789903][T15734] ? __pfx___sys_socket+0x10/0x10 [ 364.789948][T15734] ? xfd_validate_state+0x61/0x180 [ 364.789989][T15734] ? __pfx_ksys_write+0x10/0x10 [ 364.790027][T15734] __x64_sys_socket+0x72/0xb0 [ 364.790082][T15734] ? lockdep_hardirqs_on+0x7c/0x110 [ 364.790114][T15734] do_syscall_64+0xcd/0x490 [ 364.790150][T15734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.790183][T15734] RIP: 0033:0x7f0a78f8e9a9 [ 364.790208][T15734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.790238][T15734] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 364.790268][T15734] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 364.790289][T15734] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 364.790308][T15734] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 364.790327][T15734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.790346][T15734] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 364.790385][T15734] [ 366.219975][T15783] net_ratelimit: 673 callbacks suppressed [ 366.220004][T15783] openvswitch: netlink: Key type 29 is not supported [ 367.012882][T15815] netlink: 'syz.1.4680': attribute type 2 has an invalid length. [ 367.336878][T15825] svc: failed to register nfsdv3 RPC service (errno 111). [ 367.357601][T15825] svc: failed to register nfsaclv3 RPC service (errno 111). [ 368.660548][T15881] netlink: 'syz.0.4710': attribute type 1 has an invalid length. [ 368.800839][T15887] netlink: 29 bytes leftover after parsing attributes in process `syz.1.4713'. [ 369.031019][T15901] ubi0: attaching mtd0 [ 369.039333][T15901] ubi0 error: ubi_attach_mtd_dev: bad VID header (536870975) or data offsets (536871039) [ 370.604316][T15966] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 376.054346][T16176] program syz.3.4840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 377.905208][T16251] sd 0:0:1:0: PR command failed: 1026 [ 377.910818][T16251] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 377.930881][T16251] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 378.066391][T16255] kafs: addr_prefs: Invalid Command [ 378.253074][T16263] openvswitch: netlink: Either Ethernet header or EtherType is required.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      syzkaller syzkaller login: [ 406.119706][T17275] netlink: 'syz.2.5344': attribute type 1 has an invalid length. [ 406.749135][T17294] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 407.109109][T17298] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 407.721498][T17330] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 411.276279][T17469] vhci_hcd: invalid port number 21 [ 411.923575][T17497] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 411.984662][T17501] netlink: 'syz.1.5446': attribute type 2 has an invalid length. [ 412.178045][T17507] FAULT_INJECTION: forcing a failure. [ 412.178045][T17507] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 412.192281][T17507] CPU: 0 UID: 0 PID: 17507 Comm: syz.1.5450 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 412.192336][T17507] Tainted: [U]=USER [ 412.192348][T17507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 412.192367][T17507] Call Trace: [ 412.192378][T17507] [ 412.192390][T17507] dump_stack_lvl+0x16c/0x1f0 [ 412.192429][T17507] should_fail_ex+0x512/0x640 [ 412.192468][T17507] core_sys_select+0x4c5/0xc10 [ 412.192530][T17507] ? __pfx_core_sys_select+0x10/0x10 [ 412.192623][T17507] ? read_tsc+0x9/0x20 [ 412.192656][T17507] ? ktime_get_ts64+0x256/0x400 [ 412.192708][T17507] kern_select+0x15d/0x1e0 [ 412.192758][T17507] ? __pfx_kern_select+0x10/0x10 [ 412.192812][T17507] ? xfd_validate_state+0x61/0x180 [ 412.192854][T17507] ? __pfx_ksys_write+0x10/0x10 [ 412.192891][T17507] __x64_sys_select+0xbd/0x160 [ 412.192939][T17507] ? do_syscall_64+0x91/0x490 [ 412.192979][T17507] ? lockdep_hardirqs_on+0x7c/0x110 [ 412.193010][T17507] do_syscall_64+0xcd/0x490 [ 412.193046][T17507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.193079][T17507] RIP: 0033:0x7f3c0d58e9a9 [ 412.193104][T17507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.193135][T17507] RSP: 002b:00007f3c0e4a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 412.193165][T17507] RAX: ffffffffffffffda RBX: 00007f3c0d7b5fa0 RCX: 00007f3c0d58e9a9 [ 412.193186][T17507] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000000005 [ 412.193204][T17507] RBP: 00007f3c0d610d69 R08: 00002000000001c0 R09: 0000000000000000 [ 412.193223][T17507] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 412.193241][T17507] R13: 0000000000000000 R14: 00007f3c0d7b5fa0 R15: 00007fff9b2e1c78 [ 412.193281][T17507] [ 413.013304][ T31] audit: type=1326 audit(6048571535.091:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17538 comm="syz.3.5465" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0a78f8e9a9 code=0x0 [ 413.421129][T17558] dyndbg: bad flag-op P, at start of PU.:[ [ 413.432064][T17558] dyndbg: flags parse failed [ 413.900933][T17575] mmap: syz.2.5481 (17575): VmData 45883392 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 414.321123][T17592] MTRR 1 not used [ 414.593657][T17604] openvswitch: netlink: Message has 20 unknown bytes. [ 414.638964][T17606] FAULT_INJECTION: forcing a failure. [ 414.638964][T17606] name failslab, interval 1, probability 0, space 0, times 0 [ 414.656718][T17606] CPU: 1 UID: 0 PID: 17606 Comm: syz.3.5496 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 414.656777][T17606] Tainted: [U]=USER [ 414.656789][T17606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 414.656809][T17606] Call Trace: [ 414.656821][T17606] [ 414.656834][T17606] dump_stack_lvl+0x16c/0x1f0 [ 414.656875][T17606] should_fail_ex+0x512/0x640 [ 414.656917][T17606] should_failslab+0xc2/0x120 [ 414.656958][T17606] __kmalloc_cache_noprof+0x6a/0x3e0 [ 414.657019][T17606] ? proc_self_get_link+0x1a9/0x230 [ 414.657080][T17606] proc_self_get_link+0x1a9/0x230 [ 414.657136][T17606] ? __pfx_proc_self_get_link+0x10/0x10 [ 414.657189][T17606] step_into+0x195e/0x2270 [ 414.657250][T17606] ? __pfx_step_into+0x10/0x10 [ 414.657307][T17606] ? lookup_fast+0x156/0x610 [ 414.657364][T17606] walk_component+0xfc/0x5b0 [ 414.657419][T17606] link_path_walk+0x627/0xe20 [ 414.657487][T17606] path_openat+0x1b0/0x2cb0 [ 414.657516][T17606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.657565][T17606] ? __pfx_path_openat+0x10/0x10 [ 414.657600][T17606] ? __lock_acquire+0xb8a/0x1c90 [ 414.657653][T17606] do_filp_open+0x20b/0x470 [ 414.657687][T17606] ? __pfx_do_filp_open+0x10/0x10 [ 414.657752][T17606] ? alloc_fd+0x471/0x7d0 [ 414.657818][T17606] do_sys_openat2+0x11b/0x1d0 [ 414.657864][T17606] ? __pfx_do_sys_openat2+0x10/0x10 [ 414.657927][T17606] __x64_sys_openat+0x174/0x210 [ 414.657983][T17606] ? __pfx___x64_sys_openat+0x10/0x10 [ 414.658049][T17606] do_syscall_64+0xcd/0x490 [ 414.658089][T17606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.658123][T17606] RIP: 0033:0x7f0a78f8e9a9 [ 414.658151][T17606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.658184][T17606] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 414.658215][T17606] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 414.658238][T17606] RDX: 0000000000040302 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 414.658259][T17606] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 414.658279][T17606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.658299][T17606] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 414.658348][T17606] [ 415.954580][T17652] phram: parameter too long [ 416.769781][T17687] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 417.013061][T17692] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 419.041325][T17761] ksmbd: Unknown IPC event: 14, ignore. [ 419.527407][T17775] openvswitch: netlink: IPv4 tunnel dst address is zero [ 419.689159][T17783] dyndbg: expected <4096 bytes into control [ 419.741117][T17786] dyndbg: expected <4096 bytes into control [ 420.515873][T17821] HSR: entered promiscuous mode [ 420.598491][T17825] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 420.826641][T17829] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 421.601572][T17865] : entered promiscuous mode [ 421.958530][T17879] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 422.148132][T17886] CIFS mount error: No usable UNC path provided in device string! [ 422.148132][T17886] [ 422.202437][T17886] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 422.792808][T17913] MTRR 1 not used [ 423.032866][T17917] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5637'. [ 423.062804][T17917] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5637'. [ 426.484899][T18049] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 427.087823][T18064] program syz.1.5704 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 428.631403][T18132] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5736'. [ 429.930965][T18177] netlink: 25520 bytes leftover after parsing attributes in process `syz.2.5756'. [ 431.346350][T18233] openvswitch: netlink: Geneve opt len 2 is not a multiple of 4. [ 433.464580][T18314] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 433.965585][T18337] program syz.1.5827 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 434.162192][T18349] FAULT_INJECTION: forcing a failure. [ 434.162192][T18349] name failslab, interval 1, probability 0, space 0, times 0 [ 434.181990][T18349] CPU: 1 UID: 0 PID: 18349 Comm: syz.3.5833 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 434.182044][T18349] Tainted: [U]=USER [ 434.182054][T18349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 434.182072][T18349] Call Trace: [ 434.182083][T18349] [ 434.182103][T18349] dump_stack_lvl+0x16c/0x1f0 [ 434.182142][T18349] should_fail_ex+0x512/0x640 [ 434.182173][T18349] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 434.182211][T18349] should_failslab+0xc2/0x120 [ 434.182249][T18349] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 434.182283][T18349] ? d_instantiate+0x77/0x90 [ 434.182314][T18349] ? alloc_empty_file+0x55/0x1e0 [ 434.182357][T18349] alloc_empty_file+0x55/0x1e0 [ 434.182396][T18349] alloc_file_pseudo+0x13a/0x230 [ 434.182436][T18349] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 434.182475][T18349] ? security_inode_init_security_anon+0x79/0x240 [ 434.182528][T18349] __anon_inode_getfile+0xe8/0x280 [ 434.182585][T18349] new_userfaultfd+0x25e/0x3d0 [ 434.182625][T18349] __x64_sys_userfaultfd+0x4b/0xb0 [ 434.182667][T18349] do_syscall_64+0xcd/0x490 [ 434.182702][T18349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.182734][T18349] RIP: 0033:0x7f0a78f8e9a9 [ 434.182758][T18349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.182788][T18349] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 434.182817][T18349] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 434.182836][T18349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 434.182852][T18349] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 434.182870][T18349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.182887][T18349] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 434.182925][T18349] [ 434.759935][T18368] delete_channel: no stack [ 435.207888][T18389] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 435.805478][T18414] netlink: 'syz.2.5862': attribute type 1 has an invalid length. [ 436.239206][T18428] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 436.780359][T18452] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 437.078951][T18460] usb usb36: usbfs: process 18460 (syz.3.5885) did not claim interface 0 before use [ 437.116650][T18462] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 439.058355][T18544] netlink: 'syz.3.5923': attribute type 1 has an invalid length. [ 440.676145][T18577] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 441.477075][T18615] openvswitch: netlink: Duplicate key (type 15). [ 441.746670][T18627] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 5 [ 442.412538][T18648] device-mapper: ioctl: Invalid ioctl structure: name , dev 7f00010002 [ 444.522519][T18719] netlink: zone id is out of range [ 444.555912][T18719] netlink: zone id is out of range [ 444.561104][T18719] netlink: zone id is out of range [ 444.572976][T18719] netlink: zone id is out of range [ 444.578296][T18719] netlink: zone id is out of range [ 444.592509][T18719] netlink: zone id is out of range [ 444.608958][T18719] netlink: zone id is out of range [ 444.620656][T18719] netlink: zone id is out of range [ 444.630788][T18719] netlink: zone id is out of range [ 444.646623][T18719] netlink: zone id is out of range [ 445.590046][T18761] nbd: must specify an index to disconnect [ 448.567510][T18879] ptrace attach of "./syz-executor exec"[5842] was attempted by ""[18879] [ 448.896194][ T31] audit: type=1800 audit(4294967325.500:18): pid=18889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6083" name="dbroot" dev="configfs" ino=48902 res=0 errno=0 [ 449.751820][T18922] netlink: 'syz.1.6098': attribute type 11 has an invalid length. [ 449.764476][T18922] netlink: 'syz.1.6098': attribute type 11 has an invalid length. [ 449.778708][T18922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6098'. [ 449.793641][T18922] netlink: 'syz.1.6098': attribute type 11 has an invalid length. [ 449.806342][T18922] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6098'. [ 449.817473][T18922] netlink: 200 bytes leftover after parsing attributes in process `syz.1.6098'. [ 450.348133][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.355936][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.958150][T19008] phram: not enough arguments [ 453.578595][T19071] netlink: 206 bytes leftover after parsing attributes in process `syz.0.6155'. [ 456.348830][T19191] netlink: 'syz.2.6194': attribute type 11 has an invalid length. [ 456.368204][T19191] netlink: 'syz.2.6194': attribute type 11 has an invalid length. [ 456.381054][T19191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6194'. [ 456.394580][T19191] netlink: 'syz.2.6194': attribute type 11 has an invalid length. [ 456.416054][T19191] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6194'. [ 456.436151][T19191] netlink: 200 bytes leftover after parsing attributes in process `syz.2.6194'. [ 462.159170][T19400] netlink: 'syz.2.6279': attribute type 8 has an invalid length. [ 462.424502][T19412] tipc: Started in network mode [ 462.432652][T19412] tipc: Node identity 30303030, cluster identity 4711 [ 462.443621][T19412] tipc: Node number set to 808464432 [ 462.721186][T19424] bond0: option lp_interval: invalid value () [ 462.725634][T19423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6288'. [ 462.731693][T19424] bond0: option lp_interval: allowed values 1 - 2147483647 [ 463.310256][T19442] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 463.352550][T19442] CPU: 1 UID: 0 PID: 19442 Comm: syz.0.6299 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 463.352605][T19442] Tainted: [U]=USER [ 463.352615][T19442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 463.352634][T19442] Call Trace: [ 463.352644][T19442] [ 463.352657][T19442] dump_stack_lvl+0x16c/0x1f0 [ 463.352697][T19442] sysfs_warn_dup+0x7f/0xa0 [ 463.352750][T19442] sysfs_do_create_link_sd+0x124/0x140 [ 463.352808][T19442] sysfs_create_link+0x61/0xc0 [ 463.352868][T19442] device_add+0x62c/0x1a70 [ 463.352929][T19442] ? __pfx_device_add+0x10/0x10 [ 463.352968][T19442] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 463.353019][T19442] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 463.353063][T19442] wiphy_register+0x1c9c/0x2850 [ 463.353103][T19442] ? netdev_run_todo+0x864/0x1320 [ 463.353140][T19442] ? __dev_printk+0x210/0x270 [ 463.353175][T19442] ? __pfx_wiphy_register+0x10/0x10 [ 463.353235][T19442] ieee80211_register_hw+0x24ac/0x4140 [ 463.353290][T19442] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 463.353336][T19442] ? find_held_lock+0x2b/0x80 [ 463.353370][T19442] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 463.353417][T19442] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 463.353460][T19442] ? __hrtimer_setup+0x176/0x280 [ 463.353512][T19442] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 463.353569][T19442] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 463.353615][T19442] hwsim_new_radio_nl+0xb51/0x12c0 [ 463.353652][T19442] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 463.353694][T19442] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 463.353733][T19442] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 463.353777][T19442] genl_family_rcv_msg_doit+0x209/0x2f0 [ 463.353824][T19442] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 463.353860][T19442] ? trace_cap_capable+0x18d/0x200 [ 463.353899][T19442] ? bpf_lsm_capable+0x9/0x10 [ 463.353935][T19442] ? security_capable+0x7e/0x260 [ 463.353966][T19442] ? ns_capable+0xd7/0x110 [ 463.353993][T19442] genl_rcv_msg+0x55c/0x800 [ 463.354032][T19442] ? __pfx_genl_rcv_msg+0x10/0x10 [ 463.354067][T19442] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 463.354106][T19442] netlink_rcv_skb+0x158/0x420 [ 463.354137][T19442] ? __pfx_genl_rcv_msg+0x10/0x10 [ 463.354172][T19442] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 463.354213][T19442] ? netlink_deliver_tap+0x1ae/0xd30 [ 463.354246][T19442] genl_rcv+0x28/0x40 [ 463.354277][T19442] netlink_unicast+0x58a/0x850 [ 463.354312][T19442] ? __pfx_netlink_unicast+0x10/0x10 [ 463.354352][T19442] netlink_sendmsg+0x8d1/0xdd0 [ 463.354388][T19442] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.354436][T19442] ____sys_sendmsg+0xa95/0xc70 [ 463.354476][T19442] ? copy_msghdr_from_user+0x10a/0x160 [ 463.354508][T19442] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.354555][T19442] ? __pfx_futex_wake_mark+0x10/0x10 [ 463.354601][T19442] ___sys_sendmsg+0x134/0x1d0 [ 463.354632][T19442] ? __pfx____sys_sendmsg+0x10/0x10 [ 463.354659][T19442] ? __lock_acquire+0x622/0x1c90 [ 463.354729][T19442] __sys_sendmsg+0x16d/0x220 [ 463.354759][T19442] ? __pfx___sys_sendmsg+0x10/0x10 [ 463.354789][T19442] ? __x64_sys_futex+0x1e0/0x4c0 [ 463.354854][T19442] do_syscall_64+0xcd/0x490 [ 463.354888][T19442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.354920][T19442] RIP: 0033:0x7efcd618e9a9 [ 463.354945][T19442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.354978][T19442] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.355007][T19442] RAX: ffffffffffffffda RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 463.355028][T19442] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 463.355047][T19442] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 463.355065][T19442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.355084][T19442] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 463.355123][T19442] [ 465.259635][ T31] audit: type=1800 audit(4294967302.150:19): pid=19502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6328" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 465.495238][T19510] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input31 [ 465.961222][T19528] netlink: 'syz.2.6340': attribute type 1 has an invalid length. [ 466.640158][T19552] binder_alloc: binder_alloc_mmap_handler: 19551 0-1000 already mapped failed -16 [ 466.831767][T19562] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6354'. [ 466.950986][T19565] vhci_hcd: invalid port number 21 [ 467.238523][T19576] net_ratelimit: 165 callbacks suppressed [ 467.238554][T19576] netlink: Conntrack attr has 16 unknown bytes [ 467.582743][ T31] audit: type=1800 audit(4294967304.470:20): pid=19592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6368" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 468.171028][T19612] FAULT_INJECTION: forcing a failure. [ 468.171028][T19612] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 468.241950][T19612] CPU: 0 UID: 0 PID: 19612 Comm: syz.1.6378 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 468.242002][T19612] Tainted: [U]=USER [ 468.242013][T19612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 468.242031][T19612] Call Trace: [ 468.242040][T19612] [ 468.242052][T19612] dump_stack_lvl+0x16c/0x1f0 [ 468.242089][T19612] should_fail_ex+0x512/0x640 [ 468.242127][T19612] should_fail_alloc_page+0xe7/0x130 [ 468.242174][T19612] prepare_alloc_pages+0x3c2/0x610 [ 468.242225][T19612] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 468.242263][T19612] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 468.242329][T19612] ? stack_depot_save_flags+0x3e0/0xa40 [ 468.242371][T19612] ? kasan_save_stack+0x42/0x60 [ 468.242404][T19612] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 468.242437][T19612] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 468.242470][T19612] ? __get_vm_area_node+0x1ca/0x330 [ 468.242514][T19612] ? __bpf_map_area_alloc+0x12e/0x200 [ 468.242544][T19612] ? htab_map_alloc+0x44b/0x1570 [ 468.242591][T19612] ? map_create+0x592/0x1db0 [ 468.242636][T19612] ? __sys_bpf+0x4d8d/0x4ea0 [ 468.242661][T19612] ? __x64_sys_bpf+0x78/0xc0 [ 468.242689][T19612] ? do_syscall_64+0xcd/0x490 [ 468.242720][T19612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.242778][T19612] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 468.242828][T19612] ? policy_nodemask+0xea/0x4e0 [ 468.242867][T19612] alloc_pages_mpol+0x1fb/0x550 [ 468.242904][T19612] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 468.242950][T19612] alloc_pages_noprof+0x131/0x390 [ 468.242987][T19612] get_free_pages_noprof+0x10/0xb0 [ 468.243026][T19612] kasan_populate_vmalloc+0x89/0x1f0 [ 468.243080][T19612] alloc_vmap_area+0x959/0x29c0 [ 468.243137][T19612] ? __pfx_alloc_vmap_area+0x10/0x10 [ 468.243199][T19612] __get_vm_area_node+0x1ca/0x330 [ 468.243250][T19612] __vmalloc_node_range_noprof+0x271/0x14b0 [ 468.243298][T19612] ? htab_map_alloc+0x44b/0x1570 [ 468.243344][T19612] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 468.243382][T19612] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 468.243419][T19612] ? htab_map_alloc+0x44b/0x1570 [ 468.243468][T19612] ? mark_held_locks+0x49/0x80 [ 468.243515][T19612] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 468.243563][T19612] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 468.243604][T19612] ? htab_map_alloc+0x44b/0x1570 [ 468.243649][T19612] __bpf_map_area_alloc+0x12e/0x200 [ 468.243678][T19612] ? htab_map_alloc+0x44b/0x1570 [ 468.243730][T19612] htab_map_alloc+0x44b/0x1570 [ 468.243786][T19612] ? htab_map_alloc_check+0x2f2/0x430 [ 468.243839][T19612] map_create+0x592/0x1db0 [ 468.243898][T19612] ? __pfx_map_create+0x10/0x10 [ 468.243941][T19612] ? __might_fault+0xe3/0x190 [ 468.243969][T19612] ? __might_fault+0xe3/0x190 [ 468.243997][T19612] ? __might_fault+0x13b/0x190 [ 468.244042][T19612] __sys_bpf+0x4d8d/0x4ea0 [ 468.244074][T19612] ? __pfx___sys_bpf+0x10/0x10 [ 468.244102][T19612] ? ksys_write+0x190/0x250 [ 468.244138][T19612] ? do_futex+0x122/0x350 [ 468.244213][T19612] ? __pfx_do_futex+0x10/0x10 [ 468.244267][T19612] ? fput+0x70/0xf0 [ 468.244304][T19612] ? xfd_validate_state+0x61/0x180 [ 468.244345][T19612] ? __pfx_ksys_write+0x10/0x10 [ 468.244380][T19612] __x64_sys_bpf+0x78/0xc0 [ 468.244408][T19612] ? lockdep_hardirqs_on+0x7c/0x110 [ 468.244438][T19612] do_syscall_64+0xcd/0x490 [ 468.244472][T19612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.244503][T19612] RIP: 0033:0x7f3c0d58e9a9 [ 468.244527][T19612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.244557][T19612] RSP: 002b:00007f3c0e4a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 468.244587][T19612] RAX: ffffffffffffffda RBX: 00007f3c0d7b5fa0 RCX: 00007f3c0d58e9a9 [ 468.244606][T19612] RDX: 0000000000000098 RSI: 0000200000000100 RDI: 0000000000000000 [ 468.244624][T19612] RBP: 00007f3c0d610d69 R08: 0000000000000000 R09: 0000000000000000 [ 468.244643][T19612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.244661][T19612] R13: 0000000000000000 R14: 00007f3c0d7b5fa0 R15: 00007fff9b2e1c78 [ 468.244698][T19612] [ 469.124983][T19629] nfsd: Unknown parameter 'Z' [ 469.252388][T19633] openvswitch: netlink: Flow key attr not present in new flow. [ 469.535995][T19643] svc: failed to register nfsdv3 RPC service (errno 111). [ 469.566286][T19643] svc: failed to register nfsaclv3 RPC service (errno 111). [ 469.825690][T19654] netlink: 'syz.1.6397': attribute type 1 has an invalid length. [ 469.839922][T19654] nbd: error processing sock list [ 470.316693][T19674] openvswitch: netlink: Flow actions attr not present in new flow. [ 470.341817][T19676] netlink: 'syz.0.6409': attribute type 22 has an invalid length. [ 470.510544][T19683] ucma_write: process 3321 (syz.2.6414) changed security contexts after opening file descriptor, this is not allowed. [ 471.307635][T19714] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 471.873109][T19734] netlink: 'syz.1.6435': attribute type 1 has an invalid length. [ 472.850283][T19774] openvswitch: netlink: Flow key attribute not present in set flow. [ 473.621595][T19801] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 474.472891][T19832] openvswitch: netlink: IP tunnel dst address not specified [ 474.656237][T19837] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 474.690825][T19837] CPU: 0 UID: 0 PID: 19837 Comm: syz.2.6485 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 474.690887][T19837] Tainted: [U]=USER [ 474.690898][T19837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 474.690917][T19837] Call Trace: [ 474.690927][T19837] [ 474.690939][T19837] dump_stack_lvl+0x16c/0x1f0 [ 474.690978][T19837] sysfs_warn_dup+0x7f/0xa0 [ 474.691026][T19837] sysfs_do_create_link_sd+0x124/0x140 [ 474.691079][T19837] sysfs_create_link+0x61/0xc0 [ 474.691146][T19837] device_add+0x62c/0x1a70 [ 474.691194][T19837] ? __pfx_device_add+0x10/0x10 [ 474.691236][T19837] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 474.691290][T19837] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 474.691336][T19837] wiphy_register+0x1c9c/0x2850 [ 474.691380][T19837] ? netdev_run_todo+0x864/0x1320 [ 474.691419][T19837] ? __dev_printk+0x210/0x270 [ 474.691459][T19837] ? __pfx_wiphy_register+0x10/0x10 [ 474.691526][T19837] ieee80211_register_hw+0x24ac/0x4140 [ 474.691585][T19837] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 474.691635][T19837] ? find_held_lock+0x2b/0x80 [ 474.691671][T19837] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 474.691722][T19837] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 474.691770][T19837] ? __hrtimer_setup+0x176/0x280 [ 474.691827][T19837] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 474.691895][T19837] ? trace_kmalloc+0x2b/0xd0 [ 474.691935][T19837] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 474.691974][T19837] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 474.692011][T19837] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 474.692048][T19837] ? __asan_memcpy+0x3c/0x60 [ 474.692105][T19837] hwsim_new_radio_nl+0xb51/0x12c0 [ 474.692145][T19837] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 474.692195][T19837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 474.692251][T19837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 474.692310][T19837] genl_family_rcv_msg_doit+0x209/0x2f0 [ 474.692360][T19837] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 474.692408][T19837] ? trace_cap_capable+0x18d/0x200 [ 474.692461][T19837] ? bpf_lsm_capable+0x9/0x10 [ 474.692510][T19837] ? security_capable+0x7e/0x260 [ 474.692550][T19837] ? ns_capable+0xd7/0x110 [ 474.692589][T19837] genl_rcv_msg+0x55c/0x800 [ 474.692641][T19837] ? __pfx_genl_rcv_msg+0x10/0x10 [ 474.692690][T19837] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 474.692743][T19837] netlink_rcv_skb+0x158/0x420 [ 474.692785][T19837] ? __pfx_genl_rcv_msg+0x10/0x10 [ 474.692834][T19837] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 474.692902][T19837] ? netlink_deliver_tap+0x1ae/0xd30 [ 474.692947][T19837] genl_rcv+0x28/0x40 [ 474.692989][T19837] netlink_unicast+0x58a/0x850 [ 474.693036][T19837] ? __pfx_netlink_unicast+0x10/0x10 [ 474.693091][T19837] netlink_sendmsg+0x8d1/0xdd0 [ 474.693139][T19837] ? __pfx_netlink_sendmsg+0x10/0x10 [ 474.693199][T19837] ____sys_sendmsg+0xa95/0xc70 [ 474.693247][T19837] ? copy_msghdr_from_user+0x10a/0x160 [ 474.693283][T19837] ? __pfx_____sys_sendmsg+0x10/0x10 [ 474.693339][T19837] ? __pfx_futex_wake_mark+0x10/0x10 [ 474.693394][T19837] ___sys_sendmsg+0x134/0x1d0 [ 474.693432][T19837] ? __pfx____sys_sendmsg+0x10/0x10 [ 474.693464][T19837] ? __lock_acquire+0x622/0x1c90 [ 474.693563][T19837] __sys_sendmsg+0x16d/0x220 [ 474.693600][T19837] ? __pfx___sys_sendmsg+0x10/0x10 [ 474.693635][T19837] ? __x64_sys_futex+0x1e0/0x4c0 [ 474.693703][T19837] do_syscall_64+0xcd/0x490 [ 474.693741][T19837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.693775][T19837] RIP: 0033:0x7f0294f8e9a9 [ 474.693803][T19837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.693835][T19837] RSP: 002b:00007f0295d49038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 474.693874][T19837] RAX: ffffffffffffffda RBX: 00007f02951b5fa0 RCX: 00007f0294f8e9a9 [ 474.693897][T19837] RDX: 0000000004000800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 474.693918][T19837] RBP: 00007f0295010d69 R08: 0000000000000000 R09: 0000000000000000 [ 474.693938][T19837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.693958][T19837] R13: 0000000000000000 R14: 00007f02951b5fa0 R15: 00007ffd8427da38 [ 474.694002][T19837] [ 475.287912][T19846] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 475.608770][T19850] usb usb37: usbfs: process 19850 (syz.1.6490) did not claim interface 0 before use [ 478.842096][T19988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6552'. [ 478.852483][T19990] usb usb37: usbfs: process 19990 (syz.0.6553) did not claim interface 0 before use [ 480.292150][T20042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6578'. [ 481.303352][T20084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6597'. [ 481.544361][T20090] input: jJǸ-9%vlQ J8fi as /devices/virtual/input/input33 [ 482.426400][T20113] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 482.443825][T20113] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 482.454621][T20113] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 482.479129][T20113] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 482.723374][T20124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6611'. [ 483.494177][T20155] FAULT_INJECTION: forcing a failure. [ 483.494177][T20155] name failslab, interval 1, probability 0, space 0, times 0 [ 483.513459][T20155] CPU: 0 UID: 0 PID: 20155 Comm: syz.3.6626 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 483.513518][T20155] Tainted: [U]=USER [ 483.513530][T20155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 483.513550][T20155] Call Trace: [ 483.513561][T20155] [ 483.513573][T20155] dump_stack_lvl+0x16c/0x1f0 [ 483.513614][T20155] should_fail_ex+0x512/0x640 [ 483.513647][T20155] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 483.513686][T20155] should_failslab+0xc2/0x120 [ 483.513725][T20155] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 483.513757][T20155] ? d_instantiate+0x77/0x90 [ 483.513794][T20155] ? alloc_empty_file_noaccount+0x23/0xd0 [ 483.513844][T20155] alloc_empty_file_noaccount+0x23/0xd0 [ 483.513889][T20155] alloc_file_pseudo_noaccount+0x13a/0x230 [ 483.513935][T20155] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 483.513992][T20155] bdev_file_open_by_dev+0x143/0x210 [ 483.514048][T20155] disk_scan_partitions+0x1ed/0x320 [ 483.514092][T20155] blkdev_common_ioctl+0x2f6/0x2480 [ 483.514137][T20155] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 483.514184][T20155] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 483.514237][T20155] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 483.514288][T20155] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 483.514361][T20155] ? find_held_lock+0x2b/0x80 [ 483.514403][T20155] blkdev_ioctl+0x1cb/0x6d0 [ 483.514449][T20155] ? __pfx_blkdev_ioctl+0x10/0x10 [ 483.514503][T20155] ? __pfx_blkdev_ioctl+0x10/0x10 [ 483.514552][T20155] __x64_sys_ioctl+0x18e/0x210 [ 483.514600][T20155] do_syscall_64+0xcd/0x490 [ 483.514637][T20155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.514670][T20155] RIP: 0033:0x7f0a78f8e9a9 [ 483.514696][T20155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.514730][T20155] RSP: 002b:00007f0a79e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.514760][T20155] RAX: ffffffffffffffda RBX: 00007f0a791b5fa0 RCX: 00007f0a78f8e9a9 [ 483.514782][T20155] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 483.514819][T20155] RBP: 00007f0a79010d69 R08: 0000000000000000 R09: 0000000000000000 [ 483.514840][T20155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 483.514879][T20155] R13: 0000000000000000 R14: 00007f0a791b5fa0 R15: 00007ffed828c798 [ 483.514922][T20155] [ 484.504310][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 484.510405][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 484.511167][ T5860] Bluetooth: hci0: command 0x0406 tx timeout [ 484.516533][ T5861] Bluetooth: hci1: command 0x0406 tx timeout [ 485.432490][T20213] input: jJǸ-9XlQ J86 as /devices/virtual/input/input34 [ 485.646402][T20220] phram: not enough arguments [ 486.772694][T20258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6672'. [ 486.797730][T20259] TCP: TCP_TX_DELAY enabled [ 487.221584][T20279] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.6682'. [ 488.038306][T20305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6691'. [ 488.056568][T20300] zswap: compressor not available [ 488.244428][T20309] relay: one or more items not logged [item size (56) > sub-buffer size (4)] [ 489.817797][T20365] dlm: non-version read from control device 8 [ 490.052692][ T5847] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 490.052741][ T5847] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 490.069082][ T5847] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 490.069146][ T5847] Bluetooth: hci3: adv larger than maximum supported [ 490.076871][ T5847] Bluetooth: hci3: adv larger than maximum supported [ 490.085816][ T5847] Bluetooth: hci3: Malformed LE Event: 0x0d [ 490.933888][T20391] zswap: compressor not available [ 491.176989][T20412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6738'. [ 491.224053][T20416] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input35 [ 491.227646][T20415] relay: one or more items not logged [item size (56) > sub-buffer size (4)] [ 491.679297][T20432] bridge0: port 3(ipvlan1) entered blocking state [ 491.690112][T20432] bridge0: port 3(ipvlan1) entered disabled state [ 491.697006][T20432] ipvlan1: entered allmulticast mode [ 491.710755][T20432] veth0_vlan: entered allmulticast mode [ 491.729184][T20432] ipvlan1: left allmulticast mode [ 491.739414][T20432] veth0_vlan: left allmulticast mode [ 492.215053][T20451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6754'. [ 492.255810][ T5847] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 492.255857][ T5847] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 492.272433][ T5847] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 492.272495][ T5847] Bluetooth: hci2: adv larger than maximum supported [ 492.280160][ T5847] Bluetooth: hci2: adv larger than maximum supported [ 492.292044][ T5847] Bluetooth: hci2: Malformed LE Event: 0x0d [ 493.192521][T20482] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6769'. [ 497.725756][T20603] sctp: [Deprecated]: syz.1.6820 (pid 20603) Use of struct sctp_assoc_value in delayed_ack socket option. [ 497.725756][T20603] Use struct sctp_sack_info instead [ 497.855381][ T5847] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 497.855423][ T5847] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 497.870490][ T5847] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 497.870557][ T5847] Bluetooth: hci0: adv larger than maximum supported [ 497.879084][ T5847] Bluetooth: hci0: adv larger than maximum supported [ 497.887529][ T5847] Bluetooth: hci0: Malformed LE Event: 0x0d [ 498.932495][T20647] bridge0: port 3(hsr0) entered blocking state [ 498.953418][T20647] bridge0: port 3(hsr0) entered disabled state [ 498.992591][T20647] hsr0: entered allmulticast mode [ 499.008126][T20647] hsr_slave_0: entered allmulticast mode [ 499.038649][T20647] hsr_slave_1: entered allmulticast mode [ 499.077418][T20647] hsr0: entered promiscuous mode [ 499.096712][T20647] bridge0: port 3(hsr0) entered blocking state [ 499.105156][T20647] bridge0: port 3(hsr0) entered forwarding state [ 500.702460][ T31] audit: type=1800 audit(4294967337.590:21): pid=20693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=08 name="lu_gp_id" dev="configfs" ino=55947 res=0 errno=0 [ 500.874030][T20702] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input36 [ 500.922535][ T5847] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 500.922602][ T5847] Bluetooth: hci3: unexpected subevent 0x0e length: 725 > 15 [ 500.937454][ T5847] Bluetooth: hci3: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 501.864177][T20726] sd 0:0:1:0: PR command failed: 1026 [ 501.869674][T20726] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 501.884115][T20726] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 502.094392][T20736] FAULT_INJECTION: forcing a failure. [ 502.094392][T20736] name failslab, interval 1, probability 0, space 0, times 0 [ 502.109995][T20736] CPU: 1 UID: 0 PID: 20736 Comm: syz.2.6869 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 502.110051][T20736] Tainted: [U]=USER [ 502.110063][T20736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 502.110083][T20736] Call Trace: [ 502.110093][T20736] [ 502.110106][T20736] dump_stack_lvl+0x16c/0x1f0 [ 502.110146][T20736] should_fail_ex+0x512/0x640 [ 502.110180][T20736] ? __kmalloc_noprof+0xbf/0x510 [ 502.110216][T20736] ? sk_prot_alloc+0x1a8/0x2a0 [ 502.110263][T20736] should_failslab+0xc2/0x120 [ 502.110302][T20736] __kmalloc_noprof+0xd2/0x510 [ 502.110335][T20736] ? trace_cap_capable+0x18d/0x200 [ 502.110383][T20736] sk_prot_alloc+0x1a8/0x2a0 [ 502.110429][T20736] sk_alloc+0x36/0xc20 [ 502.110462][T20736] pfkey_create+0x105/0x600 [ 502.110503][T20736] __sock_create+0x335/0x8d0 [ 502.110557][T20736] __sys_socket+0x14d/0x260 [ 502.110603][T20736] ? __pfx___sys_socket+0x10/0x10 [ 502.110651][T20736] ? xfd_validate_state+0x61/0x180 [ 502.110706][T20736] __x64_sys_socket+0x72/0xb0 [ 502.110750][T20736] ? lockdep_hardirqs_on+0x7c/0x110 [ 502.110782][T20736] do_syscall_64+0xcd/0x490 [ 502.110818][T20736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.110850][T20736] RIP: 0033:0x7f0294f8e9a9 [ 502.110876][T20736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.110909][T20736] RSP: 002b:00007f0295d49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 502.110940][T20736] RAX: ffffffffffffffda RBX: 00007f02951b5fa0 RCX: 00007f0294f8e9a9 [ 502.110967][T20736] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 502.110986][T20736] RBP: 00007f0295010d69 R08: 0000000000000000 R09: 0000000000000000 [ 502.111005][T20736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.111024][T20736] R13: 0000000000000000 R14: 00007f02951b5fa0 R15: 00007ffd8427da38 [ 502.111065][T20736] [ 503.362708][T20772] netlink: 21 bytes leftover after parsing attributes in process `syz.1.6887'. [ 504.116125][T20784] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 505.595589][T20832] sd 0:0:1:0: PR command failed: 1026 [ 505.611383][T20832] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 505.632385][T20832] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 506.700089][ T5847] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 506.700134][ T5847] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 506.715380][ T5847] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 506.715420][ T5847] Bluetooth: hci1: adv larger than maximum supported [ 506.722668][ T5847] Bluetooth: hci1: adv larger than maximum supported [ 506.731078][ T5847] Bluetooth: hci1: Malformed LE Event: 0x0d [ 508.341514][T20911] ovs_: entered promiscuous mode [ 511.612529][T21036] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input37 [ 511.787513][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.794398][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.805476][T21041] FAULT_INJECTION: forcing a failure. [ 511.805476][T21041] name failslab, interval 1, probability 0, space 0, times 0 [ 511.818351][T21041] CPU: 1 UID: 0 PID: 21041 Comm: syz.0.7001 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 511.818403][T21041] Tainted: [U]=USER [ 511.818413][T21041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 511.818450][T21041] Call Trace: [ 511.818461][T21041] [ 511.818473][T21041] dump_stack_lvl+0x16c/0x1f0 [ 511.818513][T21041] should_fail_ex+0x512/0x640 [ 511.818547][T21041] ? __kvmalloc_node_noprof+0x124/0x620 [ 511.818608][T21041] should_failslab+0xc2/0x120 [ 511.818648][T21041] __kvmalloc_node_noprof+0x137/0x620 [ 511.818715][T21041] ? io_alloc_cache_init+0x33/0x170 [ 511.818759][T21041] ? io_alloc_cache_init+0x33/0x170 [ 511.818792][T21041] io_alloc_cache_init+0x33/0x170 [ 511.818831][T21041] io_uring_setup+0x5e1/0x2080 [ 511.818890][T21041] ? __pfx_io_uring_setup+0x10/0x10 [ 511.818942][T21041] ? do_futex+0x122/0x350 [ 511.818985][T21041] ? __pfx_do_futex+0x10/0x10 [ 511.819051][T21041] ? xfd_validate_state+0x61/0x180 [ 511.819097][T21041] ? __pfx_ksys_write+0x10/0x10 [ 511.819140][T21041] __x64_sys_io_uring_setup+0xc2/0x170 [ 511.819199][T21041] do_syscall_64+0xcd/0x490 [ 511.819238][T21041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.819273][T21041] RIP: 0033:0x7efcd618e9a9 [ 511.819301][T21041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.819335][T21041] RSP: 002b:00007efcd6f82038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 511.819367][T21041] RAX: ffffffffffffffda RBX: 00007efcd63b5fa0 RCX: 00007efcd618e9a9 [ 511.819390][T21041] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000059 [ 511.819411][T21041] RBP: 00007efcd6210d69 R08: 0000000000000000 R09: 0000000000000000 [ 511.819432][T21041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.819453][T21041] R13: 0000000000000000 R14: 00007efcd63b5fa0 R15: 00007fffb4cbfca8 [ 511.819496][T21041] [ 512.541781][T21066] netlink: 'syz.2.7013': attribute type 1 has an invalid length. [ 513.212026][T21093] netlink: 346 bytes leftover after parsing attributes in process `syz.1.7025'. [ 514.536396][T21140] Device name cannot be null; rc = [-22] [ 515.485003][T21182] overlayfs: missing 'lowerdir' [ 518.045845][T21269] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 518.183795][ T5847] ================================================================== [ 518.191943][ T5847] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 518.199819][ T5847] Read of size 140 at addr ffffc90017d8b000 by task kworker/u9:2/5847 [ 518.208014][ T5847] [ 518.210363][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/u9:2 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 518.210404][ T5847] Tainted: [U]=USER [ 518.210413][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.210432][ T5847] Workqueue: hci0 hci_devcd_timeout [ 518.210475][ T5847] Call Trace: [ 518.210483][ T5847] [ 518.210493][ T5847] dump_stack_lvl+0x116/0x1f0 [ 518.210520][ T5847] print_report+0xcd/0x630 [ 518.210549][ T5847] ? __virt_addr_valid+0x81/0x610 [ 518.210581][ T5847] ? hci_devcd_dump+0x142/0x240 [ 518.210619][ T5847] kasan_report+0xe0/0x110 [ 518.210648][ T5847] ? hci_devcd_dump+0x142/0x240 [ 518.210696][ T5847] kasan_check_range+0x100/0x1b0 [ 518.210732][ T5847] __asan_memcpy+0x23/0x60 [ 518.210777][ T5847] hci_devcd_dump+0x142/0x240 [ 518.210817][ T5847] hci_devcd_timeout+0xb5/0x2e0 [ 518.210855][ T5847] ? rcu_is_watching+0x12/0xc0 [ 518.210887][ T5847] process_one_work+0x9cc/0x1b70 [ 518.210936][ T5847] ? __pfx_process_one_work+0x10/0x10 [ 518.210982][ T5847] ? assign_work+0x1a0/0x250 [ 518.211022][ T5847] worker_thread+0x6c8/0xf10 [ 518.211070][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 518.211117][ T5847] kthread+0x3c5/0x780 [ 518.211155][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.211194][ T5847] ? rcu_is_watching+0x12/0xc0 [ 518.211221][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.211259][ T5847] ret_from_fork+0x5d4/0x6f0 [ 518.211295][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.211334][ T5847] ret_from_fork_asm+0x1a/0x30 [ 518.211370][ T5847] [ 518.211379][ T5847] [ 518.364210][ T5847] The buggy address belongs to a vmalloc virtual mapping [ 518.371257][ T5847] Memory state around the buggy address: [ 518.376925][ T5847] ffffc90017d8af00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 518.385019][ T5847] ffffc90017d8af80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 518.393141][ T5847] >ffffc90017d8b000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 518.401313][ T5847] ^ [ 518.405415][ T5847] ffffc90017d8b080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 518.413507][ T5847] ffffc90017d8b100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 518.421588][ T5847] ================================================================== [ 518.430662][ T5847] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 518.437962][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/u9:2 Tainted: G U 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 518.452126][ T5847] Tainted: [U]=USER [ 518.455970][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.466052][ T5847] Workqueue: hci0 hci_devcd_timeout [ 518.471307][ T5847] Call Trace: [ 518.474606][ T5847] [ 518.477557][ T5847] dump_stack_lvl+0x3d/0x1f0 [ 518.482178][ T5847] panic+0x71c/0x800 [ 518.486127][ T5847] ? __pfx_panic+0x10/0x10 [ 518.490585][ T5847] ? mark_held_locks+0x49/0x80 [ 518.495400][ T5847] ? preempt_schedule_thunk+0x16/0x30 [ 518.500806][ T5847] ? hci_devcd_dump+0x142/0x240 [ 518.505706][ T5847] ? preempt_schedule_common+0x44/0xc0 [ 518.511211][ T5847] ? check_panic_on_warn+0x1f/0xb0 [ 518.516367][ T5847] ? hci_devcd_dump+0x142/0x240 [ 518.521256][ T5847] check_panic_on_warn+0xab/0xb0 [ 518.526236][ T5847] end_report+0x107/0x170 [ 518.530601][ T5847] kasan_report+0xee/0x110 [ 518.535051][ T5847] ? hci_devcd_dump+0x142/0x240 [ 518.539949][ T5847] kasan_check_range+0x100/0x1b0 [ 518.544930][ T5847] __asan_memcpy+0x23/0x60 [ 518.549387][ T5847] hci_devcd_dump+0x142/0x240 [ 518.554110][ T5847] hci_devcd_timeout+0xb5/0x2e0 [ 518.559009][ T5847] ? rcu_is_watching+0x12/0xc0 [ 518.563848][ T5847] process_one_work+0x9cc/0x1b70 [ 518.568841][ T5847] ? __pfx_process_one_work+0x10/0x10 [ 518.574297][ T5847] ? assign_work+0x1a0/0x250 [ 518.578930][ T5847] worker_thread+0x6c8/0xf10 [ 518.583576][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 518.588820][ T5847] kthread+0x3c5/0x780 [ 518.592934][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.597575][ T5847] ? rcu_is_watching+0x12/0xc0 [ 518.602368][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.607001][ T5847] ret_from_fork+0x5d4/0x6f0 [ 518.611628][ T5847] ? __pfx_kthread+0x10/0x10 [ 518.616266][ T5847] ret_from_fork_asm+0x1a/0x30 [ 518.621071][ T5847] [ 518.624474][ T5847] Kernel Offset: disabled [ 518.628858][ T5847] Rebooting in 86400 seconds..