last executing test programs: 7.008906776s ago: executing program 0 (id=4530): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) 6.404353152s ago: executing program 0 (id=4533): syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) socket(0xa, 0x5, 0x0) setsockopt$auto(0x2, 0x1, 0x6, &(0x7f0000000000)='\x00', 0x40) 6.264736953s ago: executing program 0 (id=4535): socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000022ff6)='./control\x00', 0x2640, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x209b72, 0x4e477f5a, 0x8000) getsockopt$auto(0x6, 0x1, 0x4d, 0xfffffffffffffffe, 0x0) 6.146001802s ago: executing program 0 (id=4537): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x21, 0x2, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) connect$auto(0x5, 0x0, 0x9) 6.017343094s ago: executing program 0 (id=4538): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f0000000240), 0x4) 5.872316794s ago: executing program 0 (id=4541): close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 3.225816243s ago: executing program 3 (id=4559): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r0, 0x89f3, r0) 3.22502295s ago: executing program 2 (id=4569): bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) r0 = openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/o2hb/livenodes\x00', 0x0, 0x0) read$auto_o2hb_debug_fops_heartbeat(r0, &(0x7f0000000040)=""/4096, 0x1000) r1 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) close_range$auto(0x2, 0x8, 0x0) 2.814166202s ago: executing program 2 (id=4562): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x1000000000004}, 0x2bc) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) io_uring_register$auto(0x2, 0x17, &(0x7f00000000c0), 0x1) 2.536684604s ago: executing program 3 (id=4563): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0x20000000000, 0x8000) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040000) shmctl$auto(0x3, 0xffffffff, &(0x7f0000000180)={{0x7, 0xee00, 0x0, 0x4, 0x3, 0x2, 0x3}, 0xe25, 0x3ff, 0x1, 0x10, @inferred, @inferred, 0x9, 0x0, 0x0, 0x0}) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 2.402003774s ago: executing program 2 (id=4564): close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x18, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) fallocate$auto(0x8000000000000003, 0x0, 0xf, 0x200000002) 2.061232883s ago: executing program 2 (id=4565): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, 0x0, 0x4000, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x2, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) write$auto(r0, 0x0, 0x7138) 2.06114655s ago: executing program 3 (id=4566): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008014}, 0x4044015) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 1.765102125s ago: executing program 1 (id=4567): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/032/001\x00', 0x8e900, 0x0) open(0x0, 0x591002, 0x408) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/188, 0xbc) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x414802, 0x0) 1.733917223s ago: executing program 3 (id=4570): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000040)='~', 0x8000, 0x1}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 1.702218999s ago: executing program 2 (id=4571): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES32], 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000200), 0x103001, 0x0) ioctl$auto_I2C_RDWR(r1, 0x707, 0x0) 1.54689285s ago: executing program 1 (id=4572): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) ioctl$auto(0x3, 0x8915, 0x93) 1.359026581s ago: executing program 3 (id=4573): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) mq_getsetattr$auto(r0, 0x0, 0x0) 1.356857694s ago: executing program 1 (id=4574): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x6f44, 0xffffffffffffffff) 1.263456923s ago: executing program 2 (id=4575): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0x14f642, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) read$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfdef) 1.134216167s ago: executing program 1 (id=4576): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x2000000000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xeb66) 593.070417ms ago: executing program 3 (id=4577): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0x4, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x9, 0x7, 0x2e}, 0x6f4) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) 138.251893ms ago: executing program 1 (id=4578): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x83, 0x0, 0x8) 0s ago: executing program 1 (id=4579): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x5, 0x2, 0x7, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x72, 0x0, &(0x7f0000000100)=0x22a) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r1, 0x0, 0xe) kernel console output (not intermixed with test programs): cess `syz.0.1421'. [ 198.900592][ T5146] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 198.908388][ T9352] could not allocate digest TFM handle [ 199.107601][ T9371] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1448'. [ 201.697938][ T9435] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1475'. [ 209.664279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 209.680299][ T5830] smpboot: CPU 0 is now offline [ 210.098049][ T9630] lo: entered allmulticast mode [ 210.115778][ T9628] lo: left allmulticast mode [ 212.309365][ T9685] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 212.361178][ T9685] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 212.883242][ T9698] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1585'. [ 214.598752][ T9748] TCP: TCP_TX_DELAY enabled [ 216.283795][ T9786] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1629'. [ 216.417932][ T9790] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1622'. [ 216.890769][ T30] audit: type=1800 audit(1741609904.485:4): pid=9803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1630" name=22050820 dev="tmpfs" ino=2170 res=0 errno=0 [ 217.103821][ T9810] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1633'. [ 217.140957][ T9810] vxcan1: entered promiscuous mode [ 218.417483][ T9846] nbd: socks must be embedded in a SOCK_ITEM attr [ 218.447728][ T9846] block nbd1: shutting down sockets [ 219.611993][ T9876] MTRR 1 not used [ 219.667969][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1661'. [ 219.701789][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1661'. [ 221.205670][ T9924] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1678'. [ 222.767633][ T9960] nbd: socks must be embedded in a SOCK_ITEM attr [ 222.802033][ T9960] block nbd1: shutting down sockets [ 224.328435][ T9991] svc: failed to register nfsdv3 RPC service (errno 111). [ 224.378552][ T9991] svc: failed to register nfsaclv3 RPC service (errno 111). [ 224.474169][ T5146] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 227.302151][T10062] Invalid ELF header magic: != ELF [ 229.758331][T10137] netlink: 350 bytes leftover after parsing attributes in process `syz.3.1771'. [ 233.750969][T10258] block2mtd: error: cannot open device 0 [ 234.160713][T10272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1827'. [ 234.397628][T10277] netlink: 'syz.2.1829': attribute type 1 has an invalid length. [ 234.432989][T10277] netlink: 'syz.2.1829': attribute type 3 has an invalid length. [ 237.415103][T10370] netlink: 74 bytes leftover after parsing attributes in process `syz.2.1866'. [ 238.353217][T10395] ima: policy update failed [ 238.362971][ T30] audit: type=1802 audit(1741609925.955:5): pid=10395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm=20 res=0 errno=0 [ 239.611520][T10392] kexec: Could not allocate control_code_buffer [ 242.400546][T10488] netlink: 214 bytes leftover after parsing attributes in process `syz.1.1915'. [ 246.944821][T10574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1951'. [ 251.648748][T10684] netlink: 280 bytes leftover after parsing attributes in process `syz.3.1997'. [ 253.524431][T10724] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 253.779730][T10730] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2017'. [ 253.904184][T10717] Invalid ELF header magic: != ELF [ 254.815575][ T30] audit: type=1800 audit(1741609942.385:6): pid=10754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2028" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 256.191291][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.199400][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.807759][T10815] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2054'. [ 257.557381][ T5146] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 257.557410][ T5146] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 257.572730][ T5146] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 257.572781][ T5146] Bluetooth: hci0: adv larger than maximum supported [ 257.580984][ T5146] Bluetooth: hci0: adv larger than maximum supported [ 257.588605][ T5146] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 257.595342][ T5146] Bluetooth: hci0: Malformed LE Event: 0x0d [ 258.292562][T10847] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2064'. [ 261.477376][T10933] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2102'. [ 261.728430][T10936] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2103'. [ 261.788221][T10942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2104'. [ 264.108516][T10993] nbd: socks must be embedded in a SOCK_ITEM attr [ 264.130818][T10993] block nbd1: shutting down sockets [ 265.477046][T11025] MTRR 1 not used [ 266.236862][T11045] nbd: socks must be embedded in a SOCK_ITEM attr [ 266.256158][T11045] block nbd1: shutting down sockets [ 267.474723][ T5146] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 267.940272][T11073] svc: failed to register nfsdv3 RPC service (errno 111). [ 268.012234][T11073] svc: failed to register nfsaclv3 RPC service (errno 111). [ 268.884426][T11082] lo: entered allmulticast mode [ 268.928052][T11080] lo: left allmulticast mode [ 268.989089][T11087] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 269.024202][T11087] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 270.250232][T11121] lo: entered allmulticast mode [ 270.274456][T11119] lo: left allmulticast mode [ 270.607001][T11132] Invalid ELF header magic: != ELF [ 271.489460][T11161] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2196'. [ 271.981600][ T5146] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 272.701789][T11191] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2208'. [ 275.081925][T11246] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 275.198090][T11252] netlink: 'syz.0.2232': attribute type 1 has an invalid length. [ 275.238210][T11252] netlink: 'syz.0.2232': attribute type 3 has an invalid length. [ 277.218171][T11304] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2251'. [ 277.792245][T11316] Invalid ELF header magic: != ELF [ 279.912669][T11354] Invalid ELF header magic: != ELF [ 281.269763][T11373] netlink: 214 bytes leftover after parsing attributes in process `syz.3.2276'. [ 290.276978][T11524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2335'. [ 291.418181][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2339'. [ 294.107516][T11599] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2364'. [ 300.577763][T11745] syz.0.2420 (11745): /proc/11744/oom_adj is deprecated, please use /proc/11744/oom_score_adj instead. [ 302.853372][T11798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2446'. [ 303.127451][T11803] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2447'. [ 304.018207][ T5146] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 304.018234][ T5146] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 304.033432][ T5146] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 304.033482][ T5146] Bluetooth: hci1: adv larger than maximum supported [ 304.040871][ T5146] Bluetooth: hci1: adv larger than maximum supported [ 304.047671][ T5146] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 304.054346][ T5146] Bluetooth: hci1: Malformed LE Event: 0x0d [ 304.321329][T11831] Invalid ELF header magic: != ELF [ 306.771756][T11879] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2476'. [ 306.815439][T11879] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.823757][T11879] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.919397][T11879] bridge0: entered promiscuous mode [ 306.973376][T11879] bridge0: entered allmulticast mode [ 308.503526][ T5146] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 308.503553][ T5146] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 308.519004][ T5146] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 308.519028][ T5146] Bluetooth: hci1: adv larger than maximum supported [ 308.526938][ T5146] Bluetooth: hci1: adv larger than maximum supported [ 308.534030][ T5146] Bluetooth: hci1: adv larger than maximum supported [ 308.541086][ T5146] Bluetooth: hci1: Malformed LE Event: 0x0d [ 308.849513][T11929] netlink: 'syz.3.2499': attribute type 1 has an invalid length. [ 308.926535][T11929] netlink: 206 bytes leftover after parsing attributes in process `syz.3.2499'. [ 308.954593][T11935] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2502'. [ 309.255374][T11943] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2505'. [ 309.882671][T11964] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2513'. [ 310.383496][T11982] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2529'. [ 310.447864][T11982] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.455215][T11982] bridge0: port 1(bridge_slave_0) entered disabled state syzkaller syzkaller login: [ 310.533854][T11982] bridge0: entered promiscuous mode [ 310.563120][T11982] bridge0: entered allmulticast mode [ 311.991392][ T5146] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 311.991418][ T5146] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 312.008358][ T5146] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 312.008397][ T5146] Bluetooth: hci2: adv larger than maximum supported [ 312.027357][ T5146] Bluetooth: hci2: adv larger than maximum supported [ 312.034050][ T5146] Bluetooth: hci2: adv larger than maximum supported [ 312.047274][ T5146] Bluetooth: hci2: Malformed LE Event: 0x0d [ 313.519920][T12053] nbd1: detected capacity change from 0 to 68719476736 [ 313.541571][ T30] audit: type=1804 audit(1741610001.125:7): pid=12056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2549" name="/newroot/637/file0" dev="tmpfs" ino=3255 res=1 errno=0 [ 313.621187][ T5821] block nbd1: Send control failed (result -22) [ 313.666449][ T5821] block nbd1: Request send failed, requeueing [ 313.732862][T11839] block nbd1: Dead connection, failed to find a fallback [ 313.740326][ T5146] block nbd1: Receive control failed (result -32) [ 313.747840][T11839] block nbd1: shutting down sockets [ 313.753053][T11839] blk_print_req_error: 24 callbacks suppressed [ 313.753064][T11839] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.768927][T11839] buffer_io_error: 23 callbacks suppressed [ 313.768937][T11839] Buffer I/O error on dev nbd1, logical block 0, async page read [ 313.784253][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.834219][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 313.902382][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.987872][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.034994][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.101596][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.168448][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.211910][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.275550][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.361046][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.419697][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.473485][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.537499][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 syzkaller syzkaller login: [ 314.597969][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.605782][ T5821] ldm_validate_partition_table(): Disk read failed. [ 314.715014][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.771249][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.827052][ T5821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.884927][ T5821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 314.958155][ T5821] Dev nbd1: unable to read RDB block 0 [ 314.964462][ T5821] nbd1: unable to read partition table [ 315.033021][ T5821] ldm_validate_partition_table(): Disk read failed. [ 315.127653][ T5821] Dev nbd1: unable to read RDB block 0 [ 315.172267][ T5821] nbd1: unable to read partition table [ 316.785374][T12125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2579'. [ 317.098127][T12135] perf: Dynamic interrupt throttling disabled, can hang your system! [ 317.638274][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.644066][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.674208][T12154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2592'. [ 318.659291][T12177] delete_channel: no stack [ 319.176561][T12197] perf: Dynamic interrupt throttling disabled, can hang your system! [ 320.448685][T12238] delete_channel: no stack [ 320.624251][T12245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2629'. [ 321.176154][ T5146] Bluetooth: hci1: unexpected event 0x06 length: 11 > 3 [ 321.530009][T12276] sctp: [Deprecated]: syz.1.2640 (pid 12276) Use of int in max_burst socket option deprecated. [ 321.530009][T12276] Use struct sctp_assoc_value instead [ 322.352844][T12294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2651'. [ 325.189140][T12357] vhci_hcd: invalid port number 242 [ 325.212131][T12357] vhci_hcd: default hub control req: f2ff vffff i00f2 l65535 [ 326.518261][T12380] device-mapper: ioctl: Unable to rename non-existent device, to uuid  [ 331.096092][T12443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2718'. [ 332.085255][T12458] lo: entered promiscuous mode [ 332.121293][T12456] lo: left promiscuous mode [ 335.631495][T12484] kexec: Could not allocate control_code_buffer [ 335.761066][T12499] zswap: compressor not available [ 338.813875][T12529] kexec: Could not allocate control_code_buffer [ 339.191838][T12544] Invalid ELF header magic: != ELF [ 340.248975][T12562] zswap: compressor not available [ 342.211677][T12607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2777'. [ 342.503809][T12614] sock: sock_timestamping_bind_phc: sock not bind to device [ 342.915423][T12622] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2784'. [ 342.991974][T12622] ipvlan1: entered allmulticast mode [ 342.996783][T12622] veth0_vlan: entered allmulticast mode [ 344.302835][ T30] audit: type=1804 audit(1741610031.895:8): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2797" name="/newroot/692/file0" dev="tmpfs" ino=3536 res=1 errno=0 [ 344.429106][ T30] audit: type=1800 audit(1741610031.925:9): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2797" name="file0" dev="tmpfs" ino=3536 res=0 errno=0 [ 344.546617][ T30] audit: type=1804 audit(1741610031.925:10): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2797" name="/newroot/692/file0" dev="tmpfs" ino=3536 res=1 errno=0 [ 344.687361][ T30] audit: type=1800 audit(1741610031.925:11): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2797" name="file0" dev="tmpfs" ino=3536 res=0 errno=0 [ 345.240780][T12671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2812'. [ 345.861256][T12686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2808'. [ 346.045099][T12690] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2809'. [ 346.089591][T12690] ipvlan1: entered allmulticast mode [ 346.119867][T12690] veth0_vlan: entered allmulticast mode [ 347.753562][T12650] Invalid ELF header magic: != ELF [ 348.977391][T12650] syz.0.2793 (12650) used greatest stack depth: 20384 bytes left [ 349.298011][T12749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2833'. [ 349.528249][T12752] block nbd2: Unsupported socket: shutdown callout must be supported. [ 349.888515][T12765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2841'. [ 349.930569][T12765] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 350.359912][T12770] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2845'. [ 351.397733][T12791] Console: switching to colour frame buffer device 128x48 [ 355.258154][T12441] syz.0.2706 (12441) used greatest stack depth: 19680 bytes left [ 355.677992][T12852] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2881'. [ 355.797090][T12854] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2882'. [ 355.837377][T12854] macsec0: entered promiscuous mode [ 355.842247][T12854] macsec0: entered allmulticast mode [ 355.900390][T12854] veth1_macvtap: entered allmulticast mode [ 355.941623][T12282] syz.0.2644 (12282) used greatest stack depth: 19664 bytes left [ 356.013780][T12856] PM: Enabling pm_trace changes system date and time during resume. [ 356.013780][T12856] PM: Correct system time has to be restored manually after resume. [ 357.570838][T12887] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2902'. [ 357.695845][T12887] macsec0: entered promiscuous mode [ 357.791014][T12887] macsec0: entered allmulticast mode [ 357.839093][T12887] veth1_macvtap: entered allmulticast mode [ 358.732602][T12875] kexec: Could not allocate control_code_buffer [ 360.484574][T12946] Device name cannot be null; rc = [-22] [ 361.478388][T12968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2930'. [ 365.236143][T13038] netlink: 294 bytes leftover after parsing attributes in process `syz.1.2956'. [ 366.966792][T13091] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[13091] [ 366.994823][T13096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2973'. [ 367.063737][T13096] veth1_macvtap: left promiscuous mode [ 367.103994][T13096] macsec0: entered allmulticast mode [ 369.672310][T13174] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2998'. [ 369.742018][T13174] veth1_macvtap: left promiscuous mode [ 369.746981][T13174] macsec0: entered allmulticast mode [ 369.809343][T13177] ptrace attach of "./syz-executor exec"[5838] was attempted by ""[13177] [ 370.020876][T13181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3002'. [ 370.081328][T13185] netlink: 194 bytes leftover after parsing attributes in process `syz.2.3003'. [ 371.437711][T13220] netlink: 194 bytes leftover after parsing attributes in process `syz.1.3015'. [ 372.920326][T13254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3034'. [ 372.967768][T13254] tc_dump_action: action bad kind [ 372.976958][T13257] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3035'. [ 373.198374][T13261] netlink: 'syz.3.3037': attribute type 3 has an invalid length. [ 373.864366][T13286] openvswitch: netlink: Unknown nsh attribute 0 [ 377.631527][T13365] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3082'. [ 377.869571][T13372] mtrr: base(0x400000000000000) is not aligned on a size(0x0000) boundary [ 378.510159][T13382] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3096'. [ 378.725362][T13390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3090'. [ 378.911653][T13390] hsr_slave_1 (unregistering): left promiscuous mode [ 379.069811][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.076629][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.427877][T13394] FAULT_INJECTION: forcing a failure. [ 379.427877][T13394] name failslab, interval 1, probability 0, space 0, times 1 [ 379.552928][T13394] CPU: 1 UID: 0 PID: 13394 Comm: syz.3.3091 Not tainted 6.14.0-rc6-syzkaller #0 [ 379.552951][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 379.552963][T13394] Call Trace: [ 379.552968][T13394] [ 379.552974][T13394] dump_stack_lvl+0x16c/0x1f0 [ 379.553002][T13394] should_fail_ex+0x50a/0x650 [ 379.553018][T13394] ? fs_reclaim_acquire+0xae/0x150 [ 379.553040][T13394] ? register_netdevice+0x504/0x1eb0 [ 379.553056][T13394] should_failslab+0xc2/0x120 [ 379.553070][T13394] __kmalloc_cache_noprof+0x68/0x410 [ 379.553093][T13394] register_netdevice+0x504/0x1eb0 [ 379.553107][T13394] ? sized_strscpy+0xae/0x2e0 [ 379.553121][T13394] ? __pfx_register_netdevice+0x10/0x10 [ 379.553135][T13394] ? alloc_netdev_mqs+0xed5/0x15d0 [ 379.553159][T13394] __ip_tunnel_create+0x4aa/0x690 [ 379.553179][T13394] ? __pfx___ip_tunnel_create+0x10/0x10 [ 379.553198][T13394] ? read_word_at_a_time+0xe/0x20 [ 379.553214][T13394] ip_tunnel_init_net+0x22a/0x790 [ 379.553235][T13394] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 379.553257][T13394] ? __kmalloc_noprof+0x23b/0x510 [ 379.553279][T13394] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 379.553295][T13394] ops_init+0x1df/0x5f0 [ 379.553310][T13394] setup_net+0x21f/0x860 [ 379.553328][T13394] ? __pfx_setup_net+0x10/0x10 [ 379.553345][T13394] ? down_read_killable+0xcc/0x380 [ 379.553369][T13394] ? __pfx_down_read_killable+0x10/0x10 [ 379.553392][T13394] ? __raw_spin_lock_init+0x3a/0x110 [ 379.553409][T13394] ? debug_mutex_init+0x37/0x70 [ 379.553429][T13394] copy_net_ns+0x2a6/0x5f0 [ 379.553446][T13394] create_new_namespaces+0x3ea/0xad0 [ 379.553472][T13394] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 379.553494][T13394] ksys_unshare+0x45d/0xa40 [ 379.553509][T13394] ? __pfx_ksys_unshare+0x10/0x10 [ 379.553522][T13394] ? xfd_validate_state+0x5d/0x180 [ 379.553547][T13394] __x64_sys_unshare+0x31/0x40 [ 379.553561][T13394] do_syscall_64+0xcd/0x250 [ 379.553580][T13394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.553599][T13394] RIP: 0033:0x7f521918d169 [ 379.553611][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.553631][T13394] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 379.553646][T13394] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 379.553658][T13394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 379.553667][T13394] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 379.553677][T13394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 379.553686][T13394] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 379.553707][T13394] [ 379.798854][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.270434][T13400] mtrr: base(0x400000000000000) is not aligned on a size(0x0000) boundary [ 381.698055][T13420] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3104'. [ 382.962306][T13443] FAULT_INJECTION: forcing a failure. [ 382.962306][T13443] name failslab, interval 1, probability 0, space 0, times 0 [ 383.003516][T13443] CPU: 1 UID: 0 PID: 13443 Comm: syz.0.3122 Not tainted 6.14.0-rc6-syzkaller #0 [ 383.003539][T13443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 383.003549][T13443] Call Trace: [ 383.003553][T13443] [ 383.003559][T13443] dump_stack_lvl+0x16c/0x1f0 [ 383.003584][T13443] should_fail_ex+0x50a/0x650 [ 383.003599][T13443] ? fs_reclaim_acquire+0xae/0x150 [ 383.003619][T13443] ? sk_prot_alloc+0x1a8/0x2a0 [ 383.003634][T13443] should_failslab+0xc2/0x120 [ 383.003648][T13443] __kmalloc_noprof+0xcb/0x510 [ 383.003667][T13443] ? trace_cap_capable+0x1a2/0x210 [ 383.003685][T13443] sk_prot_alloc+0x1a8/0x2a0 [ 383.003702][T13443] sk_alloc+0x36/0xc20 [ 383.003721][T13443] pfkey_create+0x105/0x600 [ 383.003740][T13443] __sock_create+0x335/0x8d0 [ 383.003759][T13443] __sys_socket+0x14f/0x260 [ 383.003774][T13443] ? __pfx___sys_socket+0x10/0x10 [ 383.003790][T13443] ? rcu_is_watching+0x12/0xc0 [ 383.003808][T13443] __x64_sys_socket+0x72/0xb0 [ 383.003822][T13443] ? lockdep_hardirqs_on+0x7c/0x110 [ 383.003840][T13443] do_syscall_64+0xcd/0x250 [ 383.003859][T13443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.003877][T13443] RIP: 0033:0x7f937f58d169 [ 383.003888][T13443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.003901][T13443] RSP: 002b:00007f9380391038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 383.003914][T13443] RAX: ffffffffffffffda RBX: 00007f937f7a5fa0 RCX: 00007f937f58d169 [ 383.003922][T13443] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 383.003930][T13443] RBP: 00007f937f60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 383.003937][T13443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.003945][T13443] R13: 0000000000000000 R14: 00007f937f7a5fa0 R15: 00007ffcf4997818 [ 383.003961][T13443] [ 383.601457][T13450] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3116'. [ 385.174115][ T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.405460][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.630498][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.843260][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 385.852123][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 385.861054][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 385.874229][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 385.881221][ T5835] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 385.890989][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 385.939481][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.477584][ T53] bridge_slave_1: left allmulticast mode [ 386.483017][ T53] bridge_slave_1: left promiscuous mode [ 386.536577][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.610205][ T53] bridge_slave_0: left allmulticast mode [ 386.663512][ T53] bridge_slave_0: left promiscuous mode [ 386.699077][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.359180][T13506] [U]  [ 387.361884][T13506] [U] [ 387.364303][T13506] [U] [ 387.366718][T13506] [U] [ 387.432153][T13506] [U] [ 387.434617][T13506] [U] [ 387.437038][T13506] [U] [ 387.439456][T13506] [U] [ 387.518138][T13506] [U] [ 387.520602][T13506] [U] [ 387.523022][T13506] [U] [ 387.525440][T13506] [U] [ 387.568486][T13514] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 387.580107][T13506] [U] [ 387.582556][T13506] [U] [ 387.585064][T13506] [U] [ 387.587507][T13506] [U] [ 387.637128][T13506] [U] [ 387.639676][T13506] [U] [ 387.642128][T13506] [U] [ 387.644665][T13506] [U] [ 387.690420][T13506] [U] [ 387.692892][T13506] [U] [ 387.695325][T13506] [U] [ 387.697753][T13506] [U] [ 387.741595][T13506] [U] [ 387.744050][T13506] [U] [ 387.746466][T13506] [U] [ 387.748893][T13506] [U] [ 387.796026][T13506] [U] [ 387.798490][T13506] [U] [ 387.800961][T13506] [U] [ 387.803390][T13506] [U] [ 387.841172][T13506] [U] [ 387.843644][T13506] [U] [ 387.846062][T13506] [U] [ 387.848584][T13506] [U] [ 387.900596][T13506] [U] [ 387.903098][T13506] [U] [ 387.905534][T13506] [U] [ 387.907964][T13506] [U] [ 387.928852][T13506] [U] [ 387.931311][T13506] [U] [ 387.933746][T13506] [U] [ 387.936178][T13506] [U] [ 387.949782][ T5835] Bluetooth: hci4: command tx timeout [ 388.001265][T13506] [U] [ 388.003726][T13506] [U] [ 388.006181][T13506] [U] [ 388.008614][T13506] [U] [ 388.033059][T13506] [U] [ 388.035521][T13506] [U] [ 388.037942][T13506] [U] [ 388.040389][T13506] [U] [ 388.076783][T13506] [U] [ 388.079345][T13506] [U] [ 388.081838][T13506] [U] [ 388.084255][T13506] [U] [ 388.104348][T13518] FAULT_INJECTION: forcing a failure. [ 388.104348][T13518] name failslab, interval 1, probability 0, space 0, times 0 [ 388.116283][T13506] [U] [ 388.118718][T13506] [U] [ 388.121134][T13506] [U] [ 388.123559][T13506] [U] [ 388.145688][T13518] CPU: 1 UID: 0 PID: 13518 Comm: syz.2.3140 Not tainted 6.14.0-rc6-syzkaller #0 [ 388.145709][T13518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 388.145718][T13518] Call Trace: [ 388.145724][T13518] [ 388.145730][T13518] dump_stack_lvl+0x16c/0x1f0 [ 388.145754][T13518] should_fail_ex+0x50a/0x650 [ 388.145768][T13518] ? fs_reclaim_acquire+0xae/0x150 [ 388.145787][T13518] ? lsm_blob_alloc+0x68/0x90 [ 388.145809][T13518] should_failslab+0xc2/0x120 [ 388.145823][T13518] __kmalloc_noprof+0xcb/0x510 [ 388.145846][T13518] lsm_blob_alloc+0x68/0x90 [ 388.145866][T13518] security_sk_alloc+0x30/0x270 [ 388.145881][T13518] sk_prot_alloc+0x1c7/0x2a0 [ 388.145898][T13518] sk_alloc+0x36/0xc20 [ 388.145917][T13518] pfkey_create+0x105/0x600 [ 388.145941][T13518] __sock_create+0x335/0x8d0 [ 388.145961][T13518] __sys_socket+0x14f/0x260 [ 388.145978][T13518] ? __pfx___sys_socket+0x10/0x10 [ 388.145994][T13518] ? rcu_is_watching+0x12/0xc0 [ 388.146013][T13518] __x64_sys_socket+0x72/0xb0 [ 388.146028][T13518] ? lockdep_hardirqs_on+0x7c/0x110 [ 388.146045][T13518] do_syscall_64+0xcd/0x250 [ 388.146064][T13518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.146083][T13518] RIP: 0033:0x7f1c8e78d169 [ 388.146095][T13518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.146108][T13518] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 388.146121][T13518] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 388.146129][T13518] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 388.146137][T13518] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 388.146144][T13518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.146151][T13518] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 388.146168][T13518] [ 388.342255][T13506] [U] [ 388.645025][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.668944][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.698806][ T53] bond0 (unregistering): Released all slaves [ 388.943142][T13473] chnl_net:caif_netlink_parms(): no params data found [ 389.483121][ T53] hsr_slave_0: left promiscuous mode [ 389.513662][ T53] hsr_slave_1: left promiscuous mode [ 389.543135][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 389.596586][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 389.674521][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 389.710966][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 389.784255][ T53] veth1_macvtap: left allmulticast mode [ 389.842624][ T53] veth1_macvtap: left promiscuous mode [ 389.875389][ T53] veth0_macvtap: left promiscuous mode [ 389.920519][ T53] veth1_vlan: left allmulticast mode [ 389.987348][ T53] veth1_vlan: left promiscuous mode [ 390.015731][ T53] veth0_vlan: left promiscuous mode [ 390.027389][ T5835] Bluetooth: hci4: command tx timeout [ 390.213616][T13562] netlink: 'syz.2.3150': attribute type 2 has an invalid length. [ 390.247804][T13563] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 391.608041][ T53] team0 (unregistering): Port device team_slave_1 removed [ 391.762009][ T53] team0 (unregistering): Port device team_slave_0 removed [ 392.076135][T13576] FAULT_INJECTION: forcing a failure. [ 392.076135][T13576] name failslab, interval 1, probability 0, space 0, times 0 [ 392.107392][ T5835] Bluetooth: hci4: command tx timeout [ 392.130520][T13576] CPU: 1 UID: 0 PID: 13576 Comm: syz.3.3154 Not tainted 6.14.0-rc6-syzkaller #0 [ 392.130541][T13576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 392.130550][T13576] Call Trace: [ 392.130554][T13576] [ 392.130559][T13576] dump_stack_lvl+0x16c/0x1f0 [ 392.130584][T13576] should_fail_ex+0x50a/0x650 [ 392.130598][T13576] ? fs_reclaim_acquire+0xae/0x150 [ 392.130617][T13576] ? sk_prot_alloc+0x1a8/0x2a0 [ 392.130632][T13576] should_failslab+0xc2/0x120 [ 392.130646][T13576] __kmalloc_noprof+0xcb/0x510 [ 392.130665][T13576] ? trace_cap_capable+0x1a2/0x210 [ 392.130683][T13576] sk_prot_alloc+0x1a8/0x2a0 [ 392.130698][T13576] sk_alloc+0x36/0xc20 [ 392.130718][T13576] pfkey_create+0x105/0x600 [ 392.130734][T13576] __sock_create+0x335/0x8d0 [ 392.130753][T13576] __sys_socket+0x14f/0x260 [ 392.130769][T13576] ? __pfx___sys_socket+0x10/0x10 [ 392.130792][T13576] ? rcu_is_watching+0x12/0xc0 [ 392.130811][T13576] __x64_sys_socket+0x72/0xb0 [ 392.130827][T13576] ? lockdep_hardirqs_on+0x7c/0x110 [ 392.130846][T13576] do_syscall_64+0xcd/0x250 [ 392.130865][T13576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.130884][T13576] RIP: 0033:0x7f521918d169 [ 392.130895][T13576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.130908][T13576] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 392.130921][T13576] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 392.130929][T13576] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 392.130936][T13576] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 392.130944][T13576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.130951][T13576] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 392.130967][T13576] [ 393.573701][T13592] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3160'. [ 393.594030][T13593] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3160'. [ 393.774544][T13473] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.816211][T13473] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.857635][T13473] bridge_slave_0: entered allmulticast mode [ 393.863669][T13473] bridge_slave_0: entered promiscuous mode [ 393.954299][T13473] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.002324][T13473] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.027836][T13473] bridge_slave_1: entered allmulticast mode [ 394.057059][T13473] bridge_slave_1: entered promiscuous mode [ 394.197533][ T5835] Bluetooth: hci4: command tx timeout [ 394.284873][T13473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.354421][T13473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.622390][T13473] team0: Port device team_slave_0 added [ 394.661328][T13473] team0: Port device team_slave_1 added [ 394.881048][T13473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 394.917290][T13473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.016266][T13473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.095785][T13473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.124401][T13473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.237262][T13473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.482299][T13473] hsr_slave_0: entered promiscuous mode [ 395.510216][T13473] hsr_slave_1: entered promiscuous mode [ 395.547950][T13473] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 395.587325][T13473] Cannot create hsr debugfs directory [ 397.059895][T13473] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 397.114423][T13473] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 397.175878][T13473] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 397.265737][T13473] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 397.545105][T13674] zram: Removed device: zram0 [ 397.556237][T13473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.645078][T13473] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.707213][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.714566][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.895121][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.901581][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.553649][T13473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.742479][T13473] veth0_vlan: entered promiscuous mode [ 398.793738][T13473] veth1_vlan: entered promiscuous mode [ 398.928621][T13473] veth0_macvtap: entered promiscuous mode [ 398.974830][T13473] veth1_macvtap: entered promiscuous mode [ 399.072610][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.124586][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.167528][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.212241][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.252515][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 399.301190][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.355090][T13473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.444903][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.505839][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.553180][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.600662][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.649443][T13473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 399.712973][T13473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 399.761370][T13473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.868599][T13473] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.876465][T13473] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.963304][T13473] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.997270][T13473] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.511935][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.550225][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.647545][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.686623][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.684064][T13838] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3218'. [ 402.730057][T13837] netlink: 'syz.2.3217': attribute type 27 has an invalid length. [ 402.809858][T13837] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3217'. [ 403.422574][ T30] audit: type=1800 audit(1741610091.015:12): pid=13862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3225" name="set_event" dev="tracefs" ino=32 res=0 errno=0 [ 403.576297][T13865] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3226'. [ 403.955948][T13865] bond0: (slave bond_slave_1): Releasing backup interface [ 404.590909][T13890] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3244'. [ 404.615229][ T30] audit: type=1800 audit(1741610092.205:13): pid=13891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3237" name="set_event" dev="tracefs" ino=32 res=0 errno=0 [ 405.070968][T13906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3242'. [ 405.118843][T13906] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3242'. [ 406.644621][T13936] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3254'. [ 406.809891][T13936] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3254'. [ 407.235818][T13941] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 408.880034][T13977] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3274'. [ 408.951429][T13979] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3273'. [ 409.078009][T13977] veth1_macvtap (unregistering): left allmulticast mode [ 409.394588][T13983] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3277'. [ 409.596971][T13987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3278'. [ 409.747482][T13991] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 410.768462][T14019] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3290'. [ 410.858032][T14022] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3294'. [ 412.241767][T14057] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3309'. [ 413.145581][T14079] netlink: 350 bytes leftover after parsing attributes in process `syz.3.3319'. [ 413.180152][T14083] ubi0: attaching mtd0 [ 413.207928][T14083] ubi0 error: ubi_attach_mtd_dev: bad VID header (63488) or data offsets (63552) [ 413.906254][T14082] Loading of unsigned module is rejected [ 414.555146][T14107] netlink: zone id is out of range [ 415.808344][T14135] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3341'. [ 418.664603][T14207] FAULT_INJECTION: forcing a failure. [ 418.664603][T14207] name failslab, interval 1, probability 0, space 0, times 0 [ 418.725715][ T30] audit: type=1800 audit(1741610106.315:14): pid=14212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3374" name="dbroot" dev="configfs" ino=36548 res=0 errno=0 [ 418.766164][T14207] CPU: 1 UID: 0 PID: 14207 Comm: syz.0.3375 Not tainted 6.14.0-rc6-syzkaller #0 [ 418.766188][T14207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 418.766196][T14207] Call Trace: [ 418.766204][T14207] [ 418.766210][T14207] dump_stack_lvl+0x16c/0x1f0 [ 418.766236][T14207] should_fail_ex+0x50a/0x650 [ 418.766250][T14207] ? fs_reclaim_acquire+0xae/0x150 [ 418.766270][T14207] should_failslab+0xc2/0x120 [ 418.766284][T14207] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 418.766305][T14207] ? alloc_vfsmnt+0x23/0x6f0 [ 418.766320][T14207] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 418.766340][T14207] alloc_vfsmnt+0x23/0x6f0 [ 418.766355][T14207] clone_mnt+0x6d/0xf90 [ 418.766370][T14207] ? lock_acquire+0x2f/0xb0 [ 418.766387][T14207] ? copy_mnt_ns+0x14d/0xa70 [ 418.766402][T14207] copy_tree+0xeb/0x9c0 [ 418.766420][T14207] ? __pfx_down_write+0x10/0x10 [ 418.766441][T14207] ? alloc_mnt_ns+0x325/0x520 [ 418.766458][T14207] copy_mnt_ns+0x1b5/0xa70 [ 418.766470][T14207] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 418.766490][T14207] ? create_new_namespaces+0x30/0xad0 [ 418.766513][T14207] create_new_namespaces+0xd3/0xad0 [ 418.766533][T14207] ? bpf_lsm_capable+0x9/0x10 [ 418.766547][T14207] ? security_capable+0x7e/0x260 [ 418.766563][T14207] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 418.766585][T14207] ksys_unshare+0x45d/0xa40 [ 418.766599][T14207] ? __pfx_ksys_unshare+0x10/0x10 [ 418.766612][T14207] ? xfd_validate_state+0x5d/0x180 [ 418.766640][T14207] __x64_sys_unshare+0x31/0x40 [ 418.766653][T14207] do_syscall_64+0xcd/0x250 [ 418.766673][T14207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.766693][T14207] RIP: 0033:0x7f937f58d169 [ 418.766705][T14207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.766718][T14207] RSP: 002b:00007f9380391038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 418.766730][T14207] RAX: ffffffffffffffda RBX: 00007f937f7a5fa0 RCX: 00007f937f58d169 [ 418.766739][T14207] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 418.766746][T14207] RBP: 00007f937f60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 418.766754][T14207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.766761][T14207] R13: 0000000000000000 R14: 00007f937f7a5fa0 R15: 00007ffcf4997818 [ 418.766778][T14207] [ 419.329611][T14214] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3380'. [ 420.716602][T14255] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3396'. [ 421.655915][T14272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3401'. [ 422.751143][T14284] FAULT_INJECTION: forcing a failure. [ 422.751143][T14284] name failslab, interval 1, probability 0, space 0, times 0 [ 422.809885][T14284] CPU: 1 UID: 0 PID: 14284 Comm: syz.3.3406 Not tainted 6.14.0-rc6-syzkaller #0 [ 422.809908][T14284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 422.809916][T14284] Call Trace: [ 422.809921][T14284] [ 422.809927][T14284] dump_stack_lvl+0x16c/0x1f0 [ 422.809952][T14284] should_fail_ex+0x50a/0x650 [ 422.809967][T14284] ? fs_reclaim_acquire+0xae/0x150 [ 422.809986][T14284] should_failslab+0xc2/0x120 [ 422.810000][T14284] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 422.810022][T14284] ? alloc_vfsmnt+0x23/0x6f0 [ 422.810036][T14284] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 422.810057][T14284] alloc_vfsmnt+0x23/0x6f0 [ 422.810072][T14284] clone_mnt+0x6d/0xf90 [ 422.810088][T14284] ? lock_acquire+0x2f/0xb0 [ 422.810104][T14284] ? copy_mnt_ns+0x14d/0xa70 [ 422.810119][T14284] copy_tree+0xeb/0x9c0 [ 422.810137][T14284] ? __pfx_down_write+0x10/0x10 [ 422.810158][T14284] ? alloc_mnt_ns+0x325/0x520 [ 422.810176][T14284] copy_mnt_ns+0x1b5/0xa70 [ 422.810188][T14284] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 422.810208][T14284] ? create_new_namespaces+0x30/0xad0 [ 422.810232][T14284] create_new_namespaces+0xd3/0xad0 [ 422.810252][T14284] ? bpf_lsm_capable+0x9/0x10 [ 422.810265][T14284] ? security_capable+0x7e/0x260 [ 422.810282][T14284] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 422.810304][T14284] ksys_unshare+0x45d/0xa40 [ 422.810319][T14284] ? __pfx_ksys_unshare+0x10/0x10 [ 422.810331][T14284] ? xfd_validate_state+0x5d/0x180 [ 422.810356][T14284] __x64_sys_unshare+0x31/0x40 [ 422.810370][T14284] do_syscall_64+0xcd/0x250 [ 422.810389][T14284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.810407][T14284] RIP: 0033:0x7f521918d169 [ 422.810419][T14284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.810432][T14284] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 422.810445][T14284] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 422.810453][T14284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 422.810461][T14284] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 422.810468][T14284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 422.810475][T14284] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 422.810493][T14284] [ 422.813502][T14287] netlink: 'syz.1.3408': attribute type 15 has an invalid length. [ 423.596310][T14287] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3408'. [ 424.858151][T14342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3425'. [ 424.901146][T14342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3425'. [ 425.182521][T14351] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3428'. [ 426.053926][T14379] netlink: 206 bytes leftover after parsing attributes in process `syz.0.3436'. [ 427.440689][T14409] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3446'. [ 428.478449][T14425] netlink: 'syz.0.3460': attribute type 1 has an invalid length. [ 428.520110][T14425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3460'. [ 430.189983][ T5835] Bluetooth: hci3: unexpected event 0x03 length: 725 > 11 [ 431.098048][T14462] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3474'. [ 431.577039][ T30] audit: type=1800 audit(1741610119.165:15): pid=14475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3471" name="lu_gp_id" dev="configfs" ino=37328 res=0 errno=0 [ 431.600904][T14475] ALUA LU Group already has a valid ID, ignoring request [ 432.052081][T14482] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3476'. [ 432.110560][T14483] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3475'. [ 433.245591][T14513] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3487'. [ 433.272825][T14515] FAULT_INJECTION: forcing a failure. [ 433.272825][T14515] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 433.333080][T14515] CPU: 1 UID: 0 PID: 14515 Comm: syz.3.3488 Not tainted 6.14.0-rc6-syzkaller #0 [ 433.333103][T14515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 433.333112][T14515] Call Trace: [ 433.333117][T14515] [ 433.333123][T14515] dump_stack_lvl+0x16c/0x1f0 [ 433.333148][T14515] should_fail_ex+0x50a/0x650 [ 433.333162][T14515] ? __pfx___might_resched+0x10/0x10 [ 433.333186][T14515] should_fail_alloc_page+0xe7/0x130 [ 433.333202][T14515] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 433.333223][T14515] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 433.333245][T14515] ? mark_lock+0xb5/0xc60 [ 433.333266][T14515] ? hlock_class+0x4e/0x130 [ 433.333279][T14515] ? __lock_acquire+0xcc5/0x3c40 [ 433.333297][T14515] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 433.333323][T14515] ? __pfx___lock_acquire+0x10/0x10 [ 433.333345][T14515] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 433.333366][T14515] ? policy_nodemask+0xea/0x4e0 [ 433.333380][T14515] alloc_pages_mpol+0x1fc/0x540 [ 433.333394][T14515] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 433.333408][T14515] ? xas_load+0x49/0x5b0 [ 433.333425][T14515] ? filemap_get_entry+0xd0/0x3c0 [ 433.333445][T14515] folio_alloc_noprof+0x20/0x2d0 [ 433.333461][T14515] filemap_alloc_folio_noprof+0x39b/0x470 [ 433.333477][T14515] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 433.333491][T14515] ? rcu_is_watching+0x12/0xc0 [ 433.333508][T14515] __filemap_get_folio+0x5e9/0xbd0 [ 433.333530][T14515] ioctx_alloc+0x763/0x2010 [ 433.333560][T14515] ? __might_fault+0x13b/0x190 [ 433.333579][T14515] ? __pfx_ioctx_alloc+0x10/0x10 [ 433.333596][T14515] ? lock_acquire+0x2f/0xb0 [ 433.333615][T14515] ? __might_fault+0xe3/0x190 [ 433.333631][T14515] __x64_sys_io_setup+0xc9/0x210 [ 433.333650][T14515] do_syscall_64+0xcd/0x250 [ 433.333670][T14515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.333689][T14515] RIP: 0033:0x7f521918d169 [ 433.333700][T14515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.333713][T14515] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 433.333726][T14515] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 433.333734][T14515] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 000000000000ffff [ 433.333742][T14515] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 433.333750][T14515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.333757][T14515] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 433.333773][T14515] [ 434.230575][ T5835] Bluetooth: hci1: ISO packet too small [ 434.933401][T14537] hugetlbfs: syz.0.3497 (14537): Using mlock ulimits for SHM_HUGETLB is obsolete [ 435.330945][T14546] FAULT_INJECTION: forcing a failure. [ 435.330945][T14546] name failslab, interval 1, probability 0, space 0, times 0 [ 435.373590][T14546] CPU: 1 UID: 0 PID: 14546 Comm: syz.3.3501 Not tainted 6.14.0-rc6-syzkaller #0 [ 435.373612][T14546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 435.373620][T14546] Call Trace: [ 435.373625][T14546] [ 435.373630][T14546] dump_stack_lvl+0x16c/0x1f0 [ 435.373656][T14546] should_fail_ex+0x50a/0x650 [ 435.373670][T14546] ? fs_reclaim_acquire+0xae/0x150 [ 435.373689][T14546] ? snd_rawmidi_open+0x3b7/0xbd0 [ 435.373709][T14546] should_failslab+0xc2/0x120 [ 435.373723][T14546] __kmalloc_cache_noprof+0x68/0x410 [ 435.373742][T14546] ? _raw_spin_unlock+0x28/0x50 [ 435.373757][T14546] ? snd_card_file_add+0x25f/0x320 [ 435.373774][T14546] snd_rawmidi_open+0x3b7/0xbd0 [ 435.373791][T14546] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 435.373811][T14546] ? lock_acquire.part.0+0x11b/0x380 [ 435.373830][T14546] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 435.373852][T14546] ? kobject_get_unless_zero+0x157/0x1e0 [ 435.373874][T14546] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 435.373891][T14546] snd_open+0x1fe/0x450 [ 435.373905][T14546] ? __pfx_snd_open+0x10/0x10 [ 435.373918][T14546] chrdev_open+0x237/0x6a0 [ 435.373937][T14546] ? __pfx_apparmor_file_open+0x10/0x10 [ 435.373955][T14546] ? __pfx_chrdev_open+0x10/0x10 [ 435.373976][T14546] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 435.373998][T14546] do_dentry_open+0x735/0x1c40 [ 435.374017][T14546] ? __pfx_chrdev_open+0x10/0x10 [ 435.374039][T14546] ? inode_permission+0xdd/0x5f0 [ 435.374055][T14546] vfs_open+0x82/0x3f0 [ 435.374068][T14546] ? may_open+0x1f2/0x400 [ 435.374084][T14546] path_openat+0x1e88/0x2d80 [ 435.374110][T14546] ? __pfx_path_openat+0x10/0x10 [ 435.374128][T14546] ? __pfx___lock_acquire+0x10/0x10 [ 435.374145][T14546] ? lock_acquire.part.0+0x11b/0x380 [ 435.374163][T14546] ? find_held_lock+0x2d/0x110 [ 435.374179][T14546] do_filp_open+0x20c/0x470 [ 435.374198][T14546] ? __pfx_do_filp_open+0x10/0x10 [ 435.374216][T14546] ? find_held_lock+0x2d/0x110 [ 435.374242][T14546] ? alloc_fd+0x41f/0x760 [ 435.374265][T14546] do_sys_openat2+0x17a/0x1e0 [ 435.374279][T14546] ? __pfx_do_sys_openat2+0x10/0x10 [ 435.374300][T14546] __x64_sys_openat+0x175/0x210 [ 435.374325][T14546] ? __pfx___x64_sys_openat+0x10/0x10 [ 435.374348][T14546] do_syscall_64+0xcd/0x250 [ 435.374369][T14546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.374389][T14546] RIP: 0033:0x7f521918d169 [ 435.374401][T14546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.374414][T14546] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 435.374427][T14546] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 435.374436][T14546] RDX: 0000000000002841 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 435.374444][T14546] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 435.374452][T14546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.374460][T14546] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 435.374478][T14546] [ 436.302228][T14574] netlink: 'syz.2.3504': attribute type 19 has an invalid length. [ 436.364677][T14574] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3504'. [ 436.411604][T14579] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3505'. [ 436.450057][T14580] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3505'. [ 436.852954][T14590] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 3000000000 [ 438.497126][T14608] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3514'. [ 438.558697][T14608] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3514'. [ 439.678048][T14639] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3523'. [ 440.527578][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.533257][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.907453][T14685] sd 0:0:1:0: PR command failed: 1026 [ 440.912372][T14685] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 440.967486][T14685] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 442.060939][T14715] IPVS: length: 52 != 4294967128 [ 442.300630][T14723] netlink: 'syz.1.3551': attribute type 4 has an invalid length. [ 442.793726][T14739] netlink: 'syz.3.3558': attribute type 2 has an invalid length. syzkaller syzkaller login: [ 447.307586][T14837] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3596'. [ 447.562956][T14841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3598'. [ 447.615365][T14841] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3598'. [ 451.058029][T14906] FAULT_INJECTION: forcing a failure. [ 451.058029][T14906] name failslab, interval 1, probability 0, space 0, times 0 [ 451.161585][T14906] CPU: 1 UID: 0 PID: 14906 Comm: syz.3.3623 Not tainted 6.14.0-rc6-syzkaller #0 [ 451.161608][T14906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.161617][T14906] Call Trace: [ 451.161621][T14906] [ 451.161627][T14906] dump_stack_lvl+0x16c/0x1f0 [ 451.161653][T14906] should_fail_ex+0x50a/0x650 [ 451.161668][T14906] ? fs_reclaim_acquire+0xae/0x150 [ 451.161687][T14906] should_failslab+0xc2/0x120 [ 451.161701][T14906] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 451.161723][T14906] ? proc_alloc_inode+0x25/0x200 [ 451.161746][T14906] ? __pfx_proc_alloc_inode+0x10/0x10 [ 451.161763][T14906] proc_alloc_inode+0x25/0x200 [ 451.161782][T14906] alloc_inode+0x5d/0x230 [ 451.161795][T14906] new_inode+0x22/0x210 [ 451.161815][T14906] proc_get_inode+0x1d/0x7d0 [ 451.161837][T14906] proc_lookup_de+0x253/0x320 [ 451.161852][T14906] ? __pfx_proc_lookup+0x10/0x10 [ 451.161865][T14906] proc_lookup+0xcf/0x110 [ 451.161879][T14906] lookup_open.isra.0+0x4d9/0x1580 [ 451.161901][T14906] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 451.161921][T14906] ? path_openat+0x88a/0x2d80 [ 451.161946][T14906] ? lookup_fast+0x153/0x5f0 [ 451.161965][T14906] path_openat+0x904/0x2d80 [ 451.161991][T14906] ? __pfx_path_openat+0x10/0x10 [ 451.162010][T14906] ? __pfx___lock_acquire+0x10/0x10 [ 451.162027][T14906] ? lock_acquire.part.0+0x11b/0x380 [ 451.162044][T14906] ? find_held_lock+0x2d/0x110 [ 451.162061][T14906] do_filp_open+0x20c/0x470 [ 451.162079][T14906] ? __pfx_do_filp_open+0x10/0x10 [ 451.162097][T14906] ? find_held_lock+0x2d/0x110 [ 451.162117][T14906] ? __pfx_kfree_link+0x10/0x10 [ 451.162137][T14906] ? alloc_fd+0x41f/0x760 [ 451.162160][T14906] do_sys_openat2+0x17a/0x1e0 [ 451.162175][T14906] ? __pfx_do_sys_openat2+0x10/0x10 [ 451.162196][T14906] __x64_sys_openat+0x175/0x210 [ 451.162210][T14906] ? __pfx___x64_sys_openat+0x10/0x10 [ 451.162232][T14906] do_syscall_64+0xcd/0x250 [ 451.162252][T14906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.162271][T14906] RIP: 0033:0x7f521918d169 [ 451.162282][T14906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.162295][T14906] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 451.162308][T14906] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 451.162316][T14906] RDX: 0000000000000000 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 451.162324][T14906] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 451.162332][T14906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.162340][T14906] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 451.162358][T14906] [ 452.138130][T14915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3627'. [ 452.517345][T14918] netlink: 'syz.3.3629': attribute type 16 has an invalid length. [ 452.530649][T14918] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3629'. [ 452.720781][T14921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3630'. [ 453.642559][T14899] kexec: Could not allocate control_code_buffer [ 454.442832][ T30] audit: type=1326 audit(4294967312.450:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14951 comm="syz.2.3641" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1c8e78d169 code=0x0 [ 457.946607][T15021] FAULT_INJECTION: forcing a failure. [ 457.946607][T15021] name failslab, interval 1, probability 0, space 0, times 0 [ 458.077299][T15021] CPU: 1 UID: 0 PID: 15021 Comm: syz.3.3668 Not tainted 6.14.0-rc6-syzkaller #0 [ 458.077321][T15021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 458.077329][T15021] Call Trace: [ 458.077334][T15021] [ 458.077340][T15021] dump_stack_lvl+0x16c/0x1f0 [ 458.077365][T15021] should_fail_ex+0x50a/0x650 [ 458.077379][T15021] ? fs_reclaim_acquire+0xae/0x150 [ 458.077398][T15021] ? dummy_hrtimer_create+0x45/0x170 [ 458.077414][T15021] should_failslab+0xc2/0x120 [ 458.077427][T15021] __kmalloc_cache_noprof+0x68/0x410 [ 458.077451][T15021] dummy_hrtimer_create+0x45/0x170 [ 458.077469][T15021] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 458.077485][T15021] dummy_pcm_open+0xd1/0x5b0 [ 458.077502][T15021] snd_pcm_open_substream+0xa50/0x17c0 [ 458.077522][T15021] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 458.077546][T15021] snd_pcm_open+0x29b/0x700 [ 458.077566][T15021] ? __pfx_snd_pcm_open+0x10/0x10 [ 458.077586][T15021] ? __pfx_default_wake_function+0x10/0x10 [ 458.077611][T15021] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 458.077629][T15021] snd_pcm_capture_open+0x89/0xe0 [ 458.077647][T15021] snd_open+0x1fe/0x450 [ 458.077662][T15021] ? __pfx_snd_open+0x10/0x10 [ 458.077675][T15021] chrdev_open+0x237/0x6a0 [ 458.077696][T15021] ? __pfx_chrdev_open+0x10/0x10 [ 458.077717][T15021] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 458.077738][T15021] do_dentry_open+0x735/0x1c40 [ 458.077758][T15021] ? __pfx_chrdev_open+0x10/0x10 [ 458.077778][T15021] ? inode_permission+0xdd/0x5f0 [ 458.077794][T15021] vfs_open+0x82/0x3f0 [ 458.077807][T15021] ? may_open+0x1f2/0x400 [ 458.077823][T15021] path_openat+0x1e88/0x2d80 [ 458.077849][T15021] ? __pfx_path_openat+0x10/0x10 [ 458.077868][T15021] ? __pfx___lock_acquire+0x10/0x10 [ 458.077886][T15021] ? lock_acquire.part.0+0x11b/0x380 [ 458.077903][T15021] ? find_held_lock+0x2d/0x110 [ 458.077919][T15021] do_filp_open+0x20c/0x470 [ 458.077939][T15021] ? __pfx_do_filp_open+0x10/0x10 [ 458.077957][T15021] ? find_held_lock+0x2d/0x110 [ 458.077983][T15021] ? alloc_fd+0x41f/0x760 [ 458.078006][T15021] do_sys_openat2+0x17a/0x1e0 [ 458.078020][T15021] ? __pfx_do_sys_openat2+0x10/0x10 [ 458.078041][T15021] __x64_sys_openat+0x175/0x210 [ 458.078055][T15021] ? __pfx___x64_sys_openat+0x10/0x10 [ 458.078077][T15021] do_syscall_64+0xcd/0x250 [ 458.078097][T15021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.078115][T15021] RIP: 0033:0x7f521918d169 [ 458.078127][T15021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.078139][T15021] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 458.078161][T15021] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 458.078171][T15021] RDX: 0000000000000000 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 458.078179][T15021] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 458.078187][T15021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.078195][T15021] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 458.078213][T15021] [ 459.205196][T15034] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 459.562023][T15046] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3679'. [ 459.605679][T15046] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3679'. [ 459.625106][T15050] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3680'. [ 459.635211][T15047] FAULT_INJECTION: forcing a failure. [ 459.635211][T15047] name failslab, interval 1, probability 0, space 0, times 0 [ 459.781823][T15047] CPU: 1 UID: 0 PID: 15047 Comm: syz.3.3678 Not tainted 6.14.0-rc6-syzkaller #0 [ 459.781845][T15047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 459.781853][T15047] Call Trace: [ 459.781858][T15047] [ 459.781863][T15047] dump_stack_lvl+0x16c/0x1f0 [ 459.781888][T15047] should_fail_ex+0x50a/0x650 [ 459.781901][T15047] ? fs_reclaim_acquire+0xae/0x150 [ 459.781922][T15047] ? security_inode_init_security+0x140/0x390 [ 459.782042][T15047] should_failslab+0xc2/0x120 [ 459.782071][T15047] __kmalloc_noprof+0xcb/0x510 [ 459.782101][T15047] security_inode_init_security+0x140/0x390 [ 459.782151][T15047] ? __pfx_shmem_initxattrs+0x10/0x10 [ 459.782175][T15047] ? __pfx_security_inode_init_security+0x10/0x10 [ 459.782222][T15047] ? shmem_get_inode+0x73a/0xf00 [ 459.782252][T15047] shmem_mknod+0x22e/0x450 [ 459.782277][T15047] vfs_create+0x4c2/0x770 [ 459.782297][T15047] do_mknodat+0x3d5/0x5d0 [ 459.782319][T15047] ? __pfx_do_mknodat+0x10/0x10 [ 459.782337][T15047] ? getname_flags.part.0+0x1c5/0x550 [ 459.782356][T15047] __x64_sys_mknod+0x87/0xb0 [ 459.782379][T15047] do_syscall_64+0xcd/0x250 [ 459.782400][T15047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.782421][T15047] RIP: 0033:0x7f521918d169 [ 459.782435][T15047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.782455][T15047] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 459.782470][T15047] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 459.782480][T15047] RDX: 00000000fffffffa RSI: 00000000000000cb RDI: 0000000000000000 [ 459.782489][T15047] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 459.782499][T15047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.782507][T15047] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 459.782527][T15047] [ 460.014390][T15057] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3682'. [ 462.047595][T15101] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3701'. [ 462.168336][T15105] sctp: [Deprecated]: syz.0.3703 (pid 15105) Use of struct sctp_assoc_value in delayed_ack socket option. [ 462.168336][T15105] Use struct sctp_sack_info instead [ 462.193835][T15106] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3701'. [ 462.253907][T15109] lo: entered allmulticast mode [ 462.462247][T15115] netlink: 'syz.0.3706': attribute type 1 has an invalid length. [ 462.484207][T15112] lo: left allmulticast mode [ 462.522438][T15115] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3706'. [ 462.621920][T15118] FAULT_INJECTION: forcing a failure. [ 462.621920][T15118] name failslab, interval 1, probability 0, space 0, times 0 [ 462.741956][T15118] CPU: 1 UID: 0 PID: 15118 Comm: syz.2.3707 Not tainted 6.14.0-rc6-syzkaller #0 [ 462.741980][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 462.741989][T15118] Call Trace: [ 462.741993][T15118] [ 462.741999][T15118] dump_stack_lvl+0x16c/0x1f0 [ 462.742025][T15118] should_fail_ex+0x50a/0x650 [ 462.742039][T15118] ? fs_reclaim_acquire+0xae/0x150 [ 462.742059][T15118] ? tomoyo_open_control+0x51f/0xa30 [ 462.742080][T15118] should_failslab+0xc2/0x120 [ 462.742096][T15118] __kmalloc_noprof+0xcb/0x510 [ 462.742115][T15118] ? lockdep_init_map_type+0x16d/0x7d0 [ 462.742134][T15118] ? __raw_spin_lock_init+0x3a/0x110 [ 462.742149][T15118] tomoyo_open_control+0x51f/0xa30 [ 462.742172][T15118] do_dentry_open+0x735/0x1c40 [ 462.742191][T15118] ? __pfx_tomoyo_open+0x10/0x10 [ 462.742210][T15118] ? inode_permission+0xdd/0x5f0 [ 462.742227][T15118] vfs_open+0x82/0x3f0 [ 462.742240][T15118] ? may_open+0x1f2/0x400 [ 462.742256][T15118] path_openat+0x1e88/0x2d80 [ 462.742281][T15118] ? __pfx_path_openat+0x10/0x10 [ 462.742300][T15118] ? __pfx___lock_acquire+0x10/0x10 [ 462.742316][T15118] ? lock_acquire.part.0+0x11b/0x380 [ 462.742334][T15118] ? find_held_lock+0x2d/0x110 [ 462.742350][T15118] do_filp_open+0x20c/0x470 [ 462.742369][T15118] ? __pfx_do_filp_open+0x10/0x10 [ 462.742387][T15118] ? find_held_lock+0x2d/0x110 [ 462.742411][T15118] ? alloc_fd+0x41f/0x760 [ 462.742434][T15118] do_sys_openat2+0x17a/0x1e0 [ 462.742448][T15118] ? __pfx_do_sys_openat2+0x10/0x10 [ 462.742468][T15118] __x64_sys_openat+0x175/0x210 [ 462.742482][T15118] ? __pfx___x64_sys_openat+0x10/0x10 [ 462.742503][T15118] do_syscall_64+0xcd/0x250 [ 462.742524][T15118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.742543][T15118] RIP: 0033:0x7f1c8e78d169 [ 462.742555][T15118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.742573][T15118] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 462.742591][T15118] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 462.742599][T15118] RDX: 0000000000000002 RSI: 0000400000000080 RDI: ffffffffffffff9c [ 462.742608][T15118] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 462.742616][T15118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.742624][T15118] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 462.742641][T15118] [ 463.717748][T15132] FAULT_INJECTION: forcing a failure. [ 463.717748][T15132] name failslab, interval 1, probability 0, space 0, times 0 [ 463.767658][T15132] CPU: 1 UID: 0 PID: 15132 Comm: syz.0.3710 Not tainted 6.14.0-rc6-syzkaller #0 [ 463.767680][T15132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 463.767688][T15132] Call Trace: [ 463.767693][T15132] [ 463.767699][T15132] dump_stack_lvl+0x16c/0x1f0 [ 463.767723][T15132] should_fail_ex+0x50a/0x650 [ 463.767737][T15132] ? fs_reclaim_acquire+0xae/0x150 [ 463.767756][T15132] ? dummy_hrtimer_create+0x45/0x170 [ 463.767774][T15132] should_failslab+0xc2/0x120 [ 463.767788][T15132] __kmalloc_cache_noprof+0x68/0x410 [ 463.767812][T15132] dummy_hrtimer_create+0x45/0x170 [ 463.767828][T15132] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 463.767844][T15132] dummy_pcm_open+0xd1/0x5b0 [ 463.767861][T15132] snd_pcm_open_substream+0xa50/0x17c0 [ 463.767881][T15132] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 463.767905][T15132] snd_pcm_open+0x29b/0x700 [ 463.767925][T15132] ? __pfx_snd_pcm_open+0x10/0x10 [ 463.767945][T15132] ? __pfx_default_wake_function+0x10/0x10 [ 463.767970][T15132] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 463.767989][T15132] snd_pcm_capture_open+0x89/0xe0 [ 463.768007][T15132] snd_open+0x1fe/0x450 [ 463.768021][T15132] ? __pfx_snd_open+0x10/0x10 [ 463.768034][T15132] chrdev_open+0x237/0x6a0 [ 463.768054][T15132] ? __pfx_apparmor_file_open+0x10/0x10 [ 463.768071][T15132] ? __pfx_chrdev_open+0x10/0x10 [ 463.768092][T15132] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 463.768113][T15132] do_dentry_open+0x735/0x1c40 [ 463.768132][T15132] ? __pfx_chrdev_open+0x10/0x10 [ 463.768153][T15132] ? inode_permission+0xdd/0x5f0 [ 463.768169][T15132] vfs_open+0x82/0x3f0 [ 463.768181][T15132] ? may_open+0x1f2/0x400 [ 463.768197][T15132] path_openat+0x1e88/0x2d80 [ 463.768223][T15132] ? __pfx_path_openat+0x10/0x10 [ 463.768242][T15132] ? __pfx___lock_acquire+0x10/0x10 [ 463.768259][T15132] ? lock_acquire.part.0+0x11b/0x380 [ 463.768277][T15132] ? find_held_lock+0x2d/0x110 [ 463.768293][T15132] do_filp_open+0x20c/0x470 [ 463.768312][T15132] ? __pfx_do_filp_open+0x10/0x10 [ 463.768329][T15132] ? find_held_lock+0x2d/0x110 [ 463.768355][T15132] ? alloc_fd+0x41f/0x760 [ 463.768379][T15132] do_sys_openat2+0x17a/0x1e0 [ 463.768401][T15132] ? __pfx_do_sys_openat2+0x10/0x10 [ 463.768423][T15132] __x64_sys_openat+0x175/0x210 [ 463.768438][T15132] ? __pfx___x64_sys_openat+0x10/0x10 [ 463.768461][T15132] do_syscall_64+0xcd/0x250 [ 463.768482][T15132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.768501][T15132] RIP: 0033:0x7f937f58d169 [ 463.768513][T15132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.768526][T15132] RSP: 002b:00007f9380391038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 463.768539][T15132] RAX: ffffffffffffffda RBX: 00007f937f7a5fa0 RCX: 00007f937f58d169 [ 463.768547][T15132] RDX: 0000000000000000 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 463.768555][T15132] RBP: 00007f937f60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 463.768563][T15132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.768580][T15132] R13: 0000000000000000 R14: 00007f937f7a5fa0 R15: 00007ffcf4997818 [ 463.768598][T15132] [ 465.195915][T15149] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 466.068181][T15174] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3730'. [ 466.510814][T15186] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3735'. [ 466.568083][T15188] openvswitch: netlink: IP tunnel dst address not specified [ 466.624388][T15188] openvswitch: netlink: IP tunnel dst address not specified [ 467.335701][T15207] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3743'. [ 469.682561][T15257] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3765'. [ 469.713672][T15261] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3768'. [ 469.998034][T15266] netlink: 346 bytes leftover after parsing attributes in process `syz.0.3769'. [ 471.545441][T15302] netlink: 346 bytes leftover after parsing attributes in process `syz.3.3784'. [ 472.317481][T15333] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3799'. [ 473.076831][T15353] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3807'. [ 474.743286][T15394] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3824'. [ 474.793265][T15394] netlink: 23 bytes leftover after parsing attributes in process `syz.2.3824'. [ 475.142210][T15402] netlink: 130 bytes leftover after parsing attributes in process `syz.2.3828'. [ 476.392473][T15420] Loading of unsigned module is rejected [ 476.598666][T15438] FAULT_INJECTION: forcing a failure. [ 476.598666][T15438] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 476.667413][T15438] CPU: 1 UID: 0 PID: 15438 Comm: syz.2.3844 Not tainted 6.14.0-rc6-syzkaller #0 [ 476.667435][T15438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 476.667444][T15438] Call Trace: [ 476.667448][T15438] [ 476.667454][T15438] dump_stack_lvl+0x16c/0x1f0 [ 476.667479][T15438] should_fail_ex+0x50a/0x650 [ 476.667493][T15438] ? __pfx___might_resched+0x10/0x10 [ 476.667517][T15438] should_fail_alloc_page+0xe7/0x130 [ 476.667532][T15438] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 476.667555][T15438] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 476.667577][T15438] ? stack_depot_save_flags+0x38f/0x9c0 [ 476.667598][T15438] ? __pfx_lock_release+0x10/0x10 [ 476.667619][T15438] ? hlock_class+0x4e/0x130 [ 476.667633][T15438] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 476.667660][T15438] ? __pfx___lock_acquire+0x10/0x10 [ 476.667676][T15438] ? kasan_save_stack+0x42/0x60 [ 476.667694][T15438] ? kasan_save_stack+0x33/0x60 [ 476.667711][T15438] ? kasan_save_track+0x14/0x30 [ 476.667729][T15438] ? __kasan_slab_alloc+0x89/0x90 [ 476.667747][T15438] ? kmem_cache_alloc_node_noprof+0x223/0x3c0 [ 476.667767][T15438] ? alloc_vmap_area+0x636/0x2a60 [ 476.667781][T15438] ? __get_vm_area_node+0x19e/0x2f0 [ 476.667796][T15438] ? __vmalloc_node_range_noprof+0x26a/0x1530 [ 476.667813][T15438] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 476.667835][T15438] ? policy_nodemask+0xea/0x4e0 [ 476.667849][T15438] alloc_pages_mpol+0x1fc/0x540 [ 476.667863][T15438] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 476.667874][T15438] ? __page_table_check_ptes_set+0x16b/0x3e0 [ 476.667895][T15438] ? do_raw_spin_lock+0x12d/0x2c0 [ 476.667907][T15438] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 476.667922][T15438] alloc_pages_noprof+0x131/0x390 [ 476.667934][T15438] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 476.667953][T15438] get_free_pages_noprof+0xc/0x40 [ 476.667967][T15438] kasan_populate_vmalloc_pte+0x2d/0x160 [ 476.667985][T15438] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 476.668003][T15438] __apply_to_page_range+0x5fd/0xd30 [ 476.668023][T15438] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 476.668044][T15438] ? __pfx___apply_to_page_range+0x10/0x10 [ 476.668063][T15438] ? insert_vmap_area+0x2ef/0x4d0 [ 476.668080][T15438] alloc_vmap_area+0x93e/0x2a60 [ 476.668102][T15438] ? __pfx_alloc_vmap_area+0x10/0x10 [ 476.668122][T15438] __get_vm_area_node+0x19e/0x2f0 [ 476.668142][T15438] __vmalloc_node_range_noprof+0x26a/0x1530 [ 476.668160][T15438] ? bloom_map_alloc+0x306/0x4d0 [ 476.668185][T15438] ? bloom_map_alloc+0x306/0x4d0 [ 476.668207][T15438] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 476.668225][T15438] ? rcu_is_watching+0x12/0xc0 [ 476.668239][T15438] ? trace_cap_capable+0x1a2/0x210 [ 476.668257][T15438] ? bloom_map_alloc+0x306/0x4d0 [ 476.668274][T15438] __bpf_map_area_alloc+0xea/0x190 [ 476.668288][T15438] ? bloom_map_alloc+0x306/0x4d0 [ 476.668308][T15438] bloom_map_alloc+0x306/0x4d0 [ 476.668328][T15438] map_create+0x5c5/0x1d20 [ 476.668348][T15438] ? __pfx_lock_release+0x10/0x10 [ 476.668374][T15438] ? trace_lock_acquire+0x14e/0x1f0 [ 476.668392][T15438] ? __pfx_map_create+0x10/0x10 [ 476.668410][T15438] ? lock_acquire+0x2f/0xb0 [ 476.668428][T15438] ? __might_fault+0xe3/0x190 [ 476.668441][T15438] ? __might_fault+0xe3/0x190 [ 476.668462][T15438] __sys_bpf+0x4391/0x49c0 [ 476.668483][T15438] ? __pfx___sys_bpf+0x10/0x10 [ 476.668507][T15438] ? do_futex+0x123/0x350 [ 476.668524][T15438] ? __pfx_do_futex+0x10/0x10 [ 476.668548][T15438] ? xfd_validate_state+0x5d/0x180 [ 476.668567][T15438] ? rcu_is_watching+0x12/0xc0 [ 476.668583][T15438] __x64_sys_bpf+0x78/0xc0 [ 476.668594][T15438] ? lockdep_hardirqs_on+0x7c/0x110 [ 476.668611][T15438] do_syscall_64+0xcd/0x250 [ 476.668631][T15438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.668649][T15438] RIP: 0033:0x7f1c8e78d169 [ 476.668661][T15438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.668675][T15438] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 476.668688][T15438] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 476.668696][T15438] RDX: 00000000000006f4 RSI: 0000400000000280 RDI: 0000000000000000 [ 476.668704][T15438] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 476.668712][T15438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 476.668719][T15438] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 476.668736][T15438] [ 477.503982][T15454] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3852'. [ 477.783895][T15456] bond0: option all_slaves_active: invalid value (8) [ 479.489576][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.176029][T15550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3890'. [ 483.239665][T15550] netlink: 11 bytes leftover after parsing attributes in process `syz.3.3890'. [ 483.451229][T15555] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3892'. [ 484.561924][T15570] sctp: [Deprecated]: syz.3.3898 (pid 15570) Use of struct sctp_assoc_value in delayed_ack socket option. [ 484.561924][T15570] Use struct sctp_sack_info instead [ 484.636961][T15577] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3901'. [ 485.646876][T15596] FAULT_INJECTION: forcing a failure. [ 485.646876][T15596] name failslab, interval 1, probability 0, space 0, times 0 [ 485.711439][T15596] CPU: 1 UID: 0 PID: 15596 Comm: syz.3.3909 Not tainted 6.14.0-rc6-syzkaller #0 [ 485.711459][T15596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 485.711476][T15596] Call Trace: [ 485.711480][T15596] [ 485.711486][T15596] dump_stack_lvl+0x16c/0x1f0 [ 485.711512][T15596] should_fail_ex+0x50a/0x650 [ 485.711525][T15596] ? fs_reclaim_acquire+0xae/0x150 [ 485.711545][T15596] ? tomoyo_open_control+0x415/0xa30 [ 485.711565][T15596] should_failslab+0xc2/0x120 [ 485.711578][T15596] __kmalloc_cache_noprof+0x68/0x410 [ 485.711595][T15596] ? lockdep_init_map_type+0x16d/0x7d0 [ 485.711614][T15596] ? __raw_spin_lock_init+0x3a/0x110 [ 485.711630][T15596] tomoyo_open_control+0x415/0xa30 [ 485.711652][T15596] do_dentry_open+0x735/0x1c40 [ 485.711671][T15596] ? __pfx_tomoyo_open+0x10/0x10 [ 485.711690][T15596] ? inode_permission+0xdd/0x5f0 [ 485.711706][T15596] vfs_open+0x82/0x3f0 [ 485.711719][T15596] ? may_open+0x1f2/0x400 [ 485.711735][T15596] path_openat+0x1e88/0x2d80 [ 485.711760][T15596] ? __pfx_path_openat+0x10/0x10 [ 485.711779][T15596] ? __pfx___lock_acquire+0x10/0x10 [ 485.711796][T15596] ? lock_acquire.part.0+0x11b/0x380 [ 485.711813][T15596] ? find_held_lock+0x2d/0x110 [ 485.711829][T15596] do_filp_open+0x20c/0x470 [ 485.711849][T15596] ? __pfx_do_filp_open+0x10/0x10 [ 485.711866][T15596] ? find_held_lock+0x2d/0x110 [ 485.711891][T15596] ? alloc_fd+0x41f/0x760 [ 485.711914][T15596] do_sys_openat2+0x17a/0x1e0 [ 485.711928][T15596] ? __pfx_do_sys_openat2+0x10/0x10 [ 485.711948][T15596] __x64_sys_openat+0x175/0x210 [ 485.711962][T15596] ? __pfx___x64_sys_openat+0x10/0x10 [ 485.711986][T15596] do_syscall_64+0xcd/0x250 [ 485.712006][T15596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.712025][T15596] RIP: 0033:0x7f521918d169 [ 485.712036][T15596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.712049][T15596] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 485.712062][T15596] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 485.712071][T15596] RDX: 0000000000080402 RSI: 0000400000001280 RDI: ffffffffffffff9c [ 485.712079][T15596] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 485.712086][T15596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.712094][T15596] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 485.712111][T15596] [ 486.317852][T15604] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3912'. [ 486.881795][T15615] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 488.885376][T15652] FAULT_INJECTION: forcing a failure. [ 488.885376][T15652] name failslab, interval 1, probability 0, space 0, times 0 [ 488.994247][T15652] CPU: 1 UID: 0 PID: 15652 Comm: syz.2.3931 Not tainted 6.14.0-rc6-syzkaller #0 [ 488.994270][T15652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 488.994278][T15652] Call Trace: [ 488.994282][T15652] [ 488.994288][T15652] dump_stack_lvl+0x16c/0x1f0 [ 488.994311][T15652] should_fail_ex+0x50a/0x650 [ 488.994325][T15652] ? fs_reclaim_acquire+0xae/0x150 [ 488.994345][T15652] should_failslab+0xc2/0x120 [ 488.994360][T15652] __kmalloc_node_noprof+0xd1/0x510 [ 488.994382][T15652] ? alloc_slab_obj_exts+0x41/0xa0 [ 488.994403][T15652] alloc_slab_obj_exts+0x41/0xa0 [ 488.994422][T15652] __memcg_slab_post_alloc_hook+0x2a7/0x9b0 [ 488.994438][T15652] ? kasan_save_track+0x14/0x30 [ 488.994459][T15652] kmem_cache_alloc_lru_noprof+0x363/0x3d0 [ 488.994480][T15652] ? alloc_inode+0xbf/0x230 [ 488.994495][T15652] alloc_inode+0xbf/0x230 [ 488.994508][T15652] path_from_stashed+0x560/0xec0 [ 488.994528][T15652] ? __pfx_lock_release+0x10/0x10 [ 488.994548][T15652] ? __pfx_path_from_stashed+0x10/0x10 [ 488.994567][T15652] ? lock_acquire+0x2f/0xb0 [ 488.994584][T15652] ? pidns_get+0x32/0x320 [ 488.994601][T15652] ns_get_path+0x5f/0x80 [ 488.994618][T15652] proc_ns_get_link+0x122/0x260 [ 488.994637][T15652] ? __pfx_proc_ns_get_link+0x10/0x10 [ 488.994656][T15652] ? __pfx___might_resched+0x10/0x10 [ 488.994678][T15652] ? __pfx_proc_ns_get_link+0x10/0x10 [ 488.994696][T15652] step_into+0x1aba/0x2220 [ 488.994717][T15652] ? __pfx_step_into+0x10/0x10 [ 488.994734][T15652] ? __pfx___up_read+0x10/0x10 [ 488.994758][T15652] path_openat+0x74c/0x2d80 [ 488.994783][T15652] ? __pfx_path_openat+0x10/0x10 [ 488.994802][T15652] ? __pfx___lock_acquire+0x10/0x10 [ 488.994819][T15652] ? lock_acquire.part.0+0x11b/0x380 [ 488.994837][T15652] ? find_held_lock+0x2d/0x110 [ 488.994852][T15652] do_filp_open+0x20c/0x470 [ 488.994872][T15652] ? __pfx_do_filp_open+0x10/0x10 [ 488.994889][T15652] ? find_held_lock+0x2d/0x110 [ 488.994914][T15652] ? alloc_fd+0x41f/0x760 [ 488.994936][T15652] do_sys_openat2+0x17a/0x1e0 [ 488.994951][T15652] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.994971][T15652] __x64_sys_openat+0x175/0x210 [ 488.994986][T15652] ? __pfx___x64_sys_openat+0x10/0x10 [ 488.995007][T15652] do_syscall_64+0xcd/0x250 [ 488.995027][T15652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.995046][T15652] RIP: 0033:0x7f1c8e78bad0 [ 488.995058][T15652] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 488.995071][T15652] RSP: 002b:00007f1c8f5b0f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 488.995085][T15652] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1c8e78bad0 [ 488.995093][T15652] RDX: 0000000000000002 RSI: 00007f1c8f5b0fa0 RDI: 00000000ffffff9c [ 488.995101][T15652] RBP: 00007f1c8f5b0fa0 R08: 0000000000000000 R09: 0000000000000000 [ 488.995109][T15652] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 488.995117][T15652] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 488.995134][T15652] [ 490.051506][T15682] FAULT_INJECTION: forcing a failure. [ 490.051506][T15682] name failslab, interval 1, probability 0, space 0, times 0 [ 490.097690][T15682] CPU: 1 UID: 0 PID: 15682 Comm: syz.1.3947 Not tainted 6.14.0-rc6-syzkaller #0 [ 490.097712][T15682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 490.097722][T15682] Call Trace: [ 490.097726][T15682] [ 490.097731][T15682] dump_stack_lvl+0x16c/0x1f0 [ 490.097757][T15682] should_fail_ex+0x50a/0x650 [ 490.097772][T15682] ? fs_reclaim_acquire+0xae/0x150 [ 490.097791][T15682] ? tomoyo_open_control+0x415/0xa30 [ 490.097812][T15682] should_failslab+0xc2/0x120 [ 490.097826][T15682] __kmalloc_cache_noprof+0x68/0x410 [ 490.097843][T15682] ? lockdep_init_map_type+0x16d/0x7d0 [ 490.097862][T15682] ? __raw_spin_lock_init+0x3a/0x110 [ 490.097878][T15682] tomoyo_open_control+0x415/0xa30 [ 490.097901][T15682] do_dentry_open+0x735/0x1c40 [ 490.097920][T15682] ? __pfx_tomoyo_open+0x10/0x10 [ 490.097939][T15682] ? inode_permission+0xdd/0x5f0 [ 490.097956][T15682] vfs_open+0x82/0x3f0 [ 490.097968][T15682] ? may_open+0x1f2/0x400 [ 490.097984][T15682] path_openat+0x1e88/0x2d80 [ 490.098010][T15682] ? __pfx_path_openat+0x10/0x10 [ 490.098029][T15682] ? __pfx___lock_acquire+0x10/0x10 [ 490.098045][T15682] ? lock_acquire.part.0+0x11b/0x380 [ 490.098063][T15682] ? find_held_lock+0x2d/0x110 [ 490.098079][T15682] do_filp_open+0x20c/0x470 [ 490.098108][T15682] ? __pfx_do_filp_open+0x10/0x10 [ 490.098127][T15682] ? find_held_lock+0x2d/0x110 [ 490.098154][T15682] ? alloc_fd+0x41f/0x760 [ 490.098178][T15682] do_sys_openat2+0x17a/0x1e0 [ 490.098193][T15682] ? __pfx_do_sys_openat2+0x10/0x10 [ 490.098214][T15682] __x64_sys_openat+0x175/0x210 [ 490.098228][T15682] ? __pfx___x64_sys_openat+0x10/0x10 [ 490.098250][T15682] do_syscall_64+0xcd/0x250 [ 490.098269][T15682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.098288][T15682] RIP: 0033:0x7f3cd7f8d169 [ 490.098300][T15682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.098313][T15682] RSP: 002b:00007f3cd8d3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 490.098327][T15682] RAX: ffffffffffffffda RBX: 00007f3cd81a5fa0 RCX: 00007f3cd7f8d169 [ 490.098335][T15682] RDX: 0000000000080402 RSI: 0000400000001280 RDI: ffffffffffffff9c [ 490.098344][T15682] RBP: 00007f3cd800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 490.098351][T15682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.098359][T15682] R13: 0000000000000000 R14: 00007f3cd81a5fa0 R15: 00007ffc12a3e978 [ 490.098375][T15682] [ 490.717532][T15689] netlink: 'syz.2.3949': attribute type 33 has an invalid length. [ 490.744243][T15689] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3949'. [ 491.323186][T15707] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3958'. [ 491.490355][T15711] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3960'. [ 493.241527][T15754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3978'. [ 494.279256][T15784] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3988'. [ 495.537411][T15824] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3998'. [ 495.813936][T15823] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3999'. [ 496.027953][T15835] snd_aloop snd_aloop.0: control 772:1:8:1Յ:-4095 is already present [ 496.186669][T15839] netlink: 'syz.1.4002': attribute type 2 has an invalid length. [ 496.832093][T15861] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4011'. [ 499.004599][T15922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4029'. [ 499.930524][T15957] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4040'. [ 501.949495][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.955787][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.806730][T16006] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4059'. [ 503.500601][T16024] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4066'. [ 503.764327][T16032] netlink: 'syz.2.4069': attribute type 3 has an invalid length. [ 505.273315][T16065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4082'. [ 505.446753][T16071] vivid-003: ================= START STATUS ================= [ 505.498693][T16071] vivid-003: Radio HW Seek Mode: Bounded [ 505.504661][T16071] vivid-003: Radio Programmable HW Seek: false [ 505.580076][T16071] vivid-003: RDS Rx I/O Mode: Block I/O [ 505.585685][T16071] vivid-003: Generate RBDS Instead of RDS: false [ 505.642008][T16071] vivid-003: RDS Reception: true [ 505.662845][T16071] vivid-003: RDS Program Type: 0 inactive [ 505.697533][T16071] vivid-003: RDS PS Name: inactive [ 505.737538][T16071] vivid-003: RDS Radio Text: inactive [ 505.757316][T16071] vivid-003: RDS Traffic Announcement: false inactive [ 505.795654][T16071] vivid-003: RDS Traffic Program: false inactive [ 505.831148][T16071] vivid-003: RDS Music: false inactive [ 505.867319][T16071] vivid-003: ================== END STATUS ================== [ 505.974218][T16079] netlink: 'syz.2.4086': attribute type 1 has an invalid length. [ 506.024186][T16079] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4086'. [ 506.074335][T16079] netlink: 'syz.2.4086': attribute type 1 has an invalid length. [ 506.130990][T16083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4088'. [ 506.722352][T16098] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4094'. [ 509.154625][ T5835] Bluetooth: hci4: command 0x0406 tx timeout [ 510.391202][T16168] netlink: 'syz.0.4122': attribute type 16 has an invalid length. [ 510.420104][T16168] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4122'. [ 510.470506][T16170] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4123'. [ 513.489770][T16229] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4146'. [ 513.558504][T16231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4147'. [ 514.542188][T16231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.600393][T16231] bond0 (unregistering): Released all slaves [ 516.387349][T16281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4166'. [ 516.717851][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4171'. [ 517.480143][T16306] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 517.518622][T16306] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 518.947717][T16337] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4198'. [ 519.125283][T16342] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4192'. [ 519.424756][T16347] sctp: [Deprecated]: syz.0.4193 (pid 16347) Use of struct sctp_assoc_value in delayed_ack socket option. [ 519.424756][T16347] Use struct sctp_sack_info instead [ 520.808180][T16364] FAULT_INJECTION: forcing a failure. [ 520.808180][T16364] name failslab, interval 1, probability 0, space 0, times 0 [ 520.911361][T16364] CPU: 1 UID: 0 PID: 16364 Comm: syz.2.4201 Not tainted 6.14.0-rc6-syzkaller #0 [ 520.911384][T16364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 520.911393][T16364] Call Trace: [ 520.911397][T16364] [ 520.911403][T16364] dump_stack_lvl+0x16c/0x1f0 [ 520.911428][T16364] should_fail_ex+0x50a/0x650 [ 520.911443][T16364] ? fs_reclaim_acquire+0xae/0x150 [ 520.911461][T16364] ? loopback_open+0x145/0x13a0 [ 520.911481][T16364] should_failslab+0xc2/0x120 [ 520.911495][T16364] __kmalloc_cache_noprof+0x68/0x410 [ 520.911519][T16364] loopback_open+0x145/0x13a0 [ 520.911543][T16364] snd_pcm_open_substream+0xa50/0x17c0 [ 520.911564][T16364] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 520.911588][T16364] snd_pcm_open+0x29b/0x700 [ 520.911609][T16364] ? __pfx_snd_pcm_open+0x10/0x10 [ 520.911629][T16364] ? __pfx_default_wake_function+0x10/0x10 [ 520.911654][T16364] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 520.911672][T16364] snd_pcm_capture_open+0x89/0xe0 [ 520.911692][T16364] snd_open+0x1fe/0x450 [ 520.911706][T16364] ? __pfx_snd_open+0x10/0x10 [ 520.911719][T16364] chrdev_open+0x237/0x6a0 [ 520.911741][T16364] ? __pfx_chrdev_open+0x10/0x10 [ 520.911762][T16364] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 520.911783][T16364] do_dentry_open+0x735/0x1c40 [ 520.911802][T16364] ? __pfx_chrdev_open+0x10/0x10 [ 520.911823][T16364] ? inode_permission+0xdd/0x5f0 [ 520.911840][T16364] vfs_open+0x82/0x3f0 [ 520.911852][T16364] ? may_open+0x1f2/0x400 [ 520.911869][T16364] path_openat+0x1e88/0x2d80 [ 520.911895][T16364] ? __pfx_path_openat+0x10/0x10 [ 520.911914][T16364] ? __pfx___lock_acquire+0x10/0x10 [ 520.911931][T16364] ? lock_acquire.part.0+0x11b/0x380 [ 520.911949][T16364] ? find_held_lock+0x2d/0x110 [ 520.911965][T16364] do_filp_open+0x20c/0x470 [ 520.911985][T16364] ? __pfx_do_filp_open+0x10/0x10 [ 520.912002][T16364] ? find_held_lock+0x2d/0x110 [ 520.912029][T16364] ? alloc_fd+0x41f/0x760 [ 520.912053][T16364] do_sys_openat2+0x17a/0x1e0 [ 520.912067][T16364] ? __pfx_do_sys_openat2+0x10/0x10 [ 520.912088][T16364] __x64_sys_openat+0x175/0x210 [ 520.912113][T16364] ? __pfx___x64_sys_openat+0x10/0x10 [ 520.912136][T16364] do_syscall_64+0xcd/0x250 [ 520.912158][T16364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.912178][T16364] RIP: 0033:0x7f1c8e78d169 [ 520.912190][T16364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.912204][T16364] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 520.912217][T16364] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 520.912226][T16364] RDX: 0000000000000000 RSI: 0000400000000100 RDI: ffffffffffffff9c [ 520.912235][T16364] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 520.912243][T16364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.912252][T16364] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 520.912271][T16364] [ 522.212369][T16372] sd 0:0:1:0: device reset [ 522.907764][T16383] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4209'. [ 524.010085][T16403] FAULT_INJECTION: forcing a failure. [ 524.010085][T16403] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 524.062783][T16403] CPU: 1 UID: 0 PID: 16403 Comm: syz.3.4219 Not tainted 6.14.0-rc6-syzkaller #0 [ 524.062806][T16403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 524.062815][T16403] Call Trace: [ 524.062824][T16403] [ 524.062830][T16403] dump_stack_lvl+0x16c/0x1f0 [ 524.062857][T16403] should_fail_ex+0x50a/0x650 [ 524.062871][T16403] ? __pfx___might_resched+0x10/0x10 [ 524.062896][T16403] should_fail_alloc_page+0xe7/0x130 [ 524.062912][T16403] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 524.062934][T16403] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 524.062956][T16403] ? mark_lock+0xb5/0xc60 [ 524.062978][T16403] ? hlock_class+0x4e/0x130 [ 524.062991][T16403] ? __lock_acquire+0xcc5/0x3c40 [ 524.063010][T16403] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 524.063045][T16403] ? __pfx___lock_acquire+0x10/0x10 [ 524.063067][T16403] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 524.063091][T16403] ? policy_nodemask+0xea/0x4e0 [ 524.063107][T16403] alloc_pages_mpol+0x1fc/0x540 [ 524.063121][T16403] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 524.063135][T16403] ? xas_load+0x49/0x5b0 [ 524.063152][T16403] ? filemap_get_entry+0xd0/0x3c0 [ 524.063172][T16403] folio_alloc_noprof+0x20/0x2d0 [ 524.063188][T16403] filemap_alloc_folio_noprof+0x39b/0x470 [ 524.063203][T16403] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 524.063222][T16403] __filemap_get_folio+0x5e9/0xbd0 [ 524.063244][T16403] ioctx_alloc+0x763/0x2010 [ 524.063264][T16403] ? __might_fault+0x13b/0x190 [ 524.063282][T16403] ? __pfx_ioctx_alloc+0x10/0x10 [ 524.063298][T16403] ? lock_acquire+0x2f/0xb0 [ 524.063316][T16403] ? __might_fault+0xe3/0x190 [ 524.063332][T16403] __x64_sys_io_setup+0xc9/0x210 [ 524.063351][T16403] do_syscall_64+0xcd/0x250 [ 524.063371][T16403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.063390][T16403] RIP: 0033:0x7f521918d169 [ 524.063401][T16403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.063414][T16403] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 524.063427][T16403] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 524.063436][T16403] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 000000000000ff3e [ 524.063444][T16403] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 524.063452][T16403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.063460][T16403] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 524.063478][T16403] [ 525.429321][T16419] FAULT_INJECTION: forcing a failure. [ 525.429321][T16419] name failslab, interval 1, probability 0, space 0, times 0 [ 525.527342][T16419] CPU: 1 UID: 0 PID: 16419 Comm: syz.3.4226 Not tainted 6.14.0-rc6-syzkaller #0 [ 525.527365][T16419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 525.527374][T16419] Call Trace: [ 525.527379][T16419] [ 525.527385][T16419] dump_stack_lvl+0x16c/0x1f0 [ 525.527412][T16419] should_fail_ex+0x50a/0x650 [ 525.527427][T16419] ? fs_reclaim_acquire+0xae/0x150 [ 525.527446][T16419] ? xfrm_hash_alloc+0xd1/0x100 [ 525.527467][T16419] should_failslab+0xc2/0x120 [ 525.527480][T16419] __kmalloc_noprof+0xcb/0x510 [ 525.527501][T16419] ? xfrm_nat_keepalive_net_fini+0x21/0x30 [ 525.527520][T16419] xfrm_hash_alloc+0xd1/0x100 [ 525.527540][T16419] xfrm_state_init+0x160/0x630 [ 525.527563][T16419] ? __pfx_xfrm_net_init+0x10/0x10 [ 525.527576][T16419] xfrm_net_init+0x211/0xcb0 [ 525.527592][T16419] ? __pfx_xfrm_net_init+0x10/0x10 [ 525.527605][T16419] ops_init+0x1df/0x5f0 [ 525.527620][T16419] setup_net+0x21f/0x860 [ 525.527634][T16419] ? __pfx_setup_net+0x10/0x10 [ 525.527645][T16419] ? down_read_killable+0xcc/0x380 [ 525.527665][T16419] ? __pfx_down_read_killable+0x10/0x10 [ 525.527684][T16419] ? __raw_spin_lock_init+0x3a/0x110 [ 525.527700][T16419] ? debug_mutex_init+0x37/0x70 [ 525.527717][T16419] copy_net_ns+0x2a6/0x5f0 [ 525.527733][T16419] create_new_namespaces+0x3ea/0xad0 [ 525.527759][T16419] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 525.527781][T16419] ksys_unshare+0x45d/0xa40 [ 525.527795][T16419] ? __pfx_ksys_unshare+0x10/0x10 [ 525.527808][T16419] ? xfd_validate_state+0x5d/0x180 [ 525.527832][T16419] __x64_sys_unshare+0x31/0x40 [ 525.527846][T16419] do_syscall_64+0xcd/0x250 [ 525.527866][T16419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.527895][T16419] RIP: 0033:0x7f521918d169 [ 525.527907][T16419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.527921][T16419] RSP: 002b:00007f521a09c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 525.527935][T16419] RAX: ffffffffffffffda RBX: 00007f52193a5fa0 RCX: 00007f521918d169 [ 525.527945][T16419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 525.527953][T16419] RBP: 00007f521920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 525.527961][T16419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.527969][T16419] R13: 0000000000000000 R14: 00007f52193a5fa0 R15: 00007ffd679f06f8 [ 525.527986][T16419] [ 526.192841][T16439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4235'. [ 528.002694][T16479] zswap: compressor not available [ 528.339940][T16501] delete_channel: no stack [ 529.783519][T16554] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4269'. [ 530.580412][T16577] tc_dump_action: action bad kind [ 531.373325][T16602] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4282'. [ 531.459686][T16584] zswap: compressor not available [ 531.711339][T16611] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4284'. [ 533.499920][T16669] FAULT_INJECTION: forcing a failure. [ 533.499920][T16669] name failslab, interval 1, probability 0, space 0, times 0 [ 533.587464][T16669] CPU: 1 UID: 0 PID: 16669 Comm: syz.0.4304 Not tainted 6.14.0-rc6-syzkaller #0 [ 533.587486][T16669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 533.587496][T16669] Call Trace: [ 533.587500][T16669] [ 533.587506][T16669] dump_stack_lvl+0x16c/0x1f0 [ 533.587531][T16669] should_fail_ex+0x50a/0x650 [ 533.587545][T16669] ? fs_reclaim_acquire+0xae/0x150 [ 533.587563][T16669] ? tomoyo_open_control+0x51f/0xa30 [ 533.587583][T16669] should_failslab+0xc2/0x120 [ 533.587597][T16669] __kmalloc_noprof+0xcb/0x510 [ 533.587615][T16669] ? lockdep_init_map_type+0x16d/0x7d0 [ 533.587635][T16669] ? __raw_spin_lock_init+0x3a/0x110 [ 533.587650][T16669] tomoyo_open_control+0x51f/0xa30 [ 533.587673][T16669] do_dentry_open+0x735/0x1c40 [ 533.587692][T16669] ? __pfx_tomoyo_open+0x10/0x10 [ 533.587718][T16669] ? inode_permission+0xdd/0x5f0 [ 533.587735][T16669] vfs_open+0x82/0x3f0 [ 533.587748][T16669] ? may_open+0x1f2/0x400 [ 533.587766][T16669] path_openat+0x1e88/0x2d80 [ 533.587792][T16669] ? __pfx_path_openat+0x10/0x10 [ 533.587814][T16669] ? __pfx___lock_acquire+0x10/0x10 [ 533.587831][T16669] ? lock_acquire.part.0+0x11b/0x380 [ 533.587856][T16669] ? find_held_lock+0x2d/0x110 [ 533.587873][T16669] do_filp_open+0x20c/0x470 [ 533.587894][T16669] ? __pfx_do_filp_open+0x10/0x10 [ 533.587913][T16669] ? find_held_lock+0x2d/0x110 [ 533.587938][T16669] ? alloc_fd+0x41f/0x760 [ 533.587963][T16669] do_sys_openat2+0x17a/0x1e0 [ 533.587977][T16669] ? __pfx_do_sys_openat2+0x10/0x10 [ 533.587997][T16669] __x64_sys_openat+0x175/0x210 [ 533.588012][T16669] ? __pfx___x64_sys_openat+0x10/0x10 [ 533.588033][T16669] do_syscall_64+0xcd/0x250 [ 533.588052][T16669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.588071][T16669] RIP: 0033:0x7f937f58d169 [ 533.588082][T16669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.588096][T16669] RSP: 002b:00007f9380391038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 533.588110][T16669] RAX: ffffffffffffffda RBX: 00007f937f7a5fa0 RCX: 00007f937f58d169 [ 533.588119][T16669] RDX: 0000000000000002 RSI: 0000400000000080 RDI: ffffffffffffff9c [ 533.588127][T16669] RBP: 00007f937f60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 533.588134][T16669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.588142][T16669] R13: 0000000000000000 R14: 00007f937f7a5fa0 R15: 00007ffcf4997818 [ 533.588158][T16669] [ 534.283141][T16678] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4307'. [ 534.765420][ T30] audit: type=1800 audit(4294967392.779:17): pid=16673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4306" name="discovery_nqn" dev="configfs" ino=45660 res=0 errno=0 [ 535.217427][T16702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4315'. [ 535.664974][T16712] netlink: 29 bytes leftover after parsing attributes in process `syz.3.4321'. [ 537.072502][T16753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4338'. [ 537.141738][T16753] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 537.889854][T16782] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4346'. [ 538.453747][T16800] ubi4: attaching mtd0 [ 539.195517][T16826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4359'. [ 539.240400][T16827] FAULT_INJECTION: forcing a failure. [ 539.240400][T16827] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 539.264475][T16826] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 539.284601][T16827] CPU: 1 UID: 0 PID: 16827 Comm: syz.2.4360 Not tainted 6.14.0-rc6-syzkaller #0 [ 539.284623][T16827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 539.284633][T16827] Call Trace: [ 539.284637][T16827] [ 539.284643][T16827] dump_stack_lvl+0x16c/0x1f0 [ 539.284668][T16827] should_fail_ex+0x50a/0x650 [ 539.284682][T16827] ? __pfx___might_resched+0x10/0x10 [ 539.284706][T16827] should_fail_alloc_page+0xe7/0x130 [ 539.284721][T16827] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 539.284743][T16827] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 539.284765][T16827] ? is_bpf_text_address+0x94/0x1a0 [ 539.284782][T16827] ? kernel_text_address+0x8d/0x100 [ 539.284801][T16827] ? __kernel_text_address+0xd/0x40 [ 539.284818][T16827] ? unwind_get_return_address+0x59/0xa0 [ 539.284843][T16827] ? arch_stack_walk+0xa7/0x100 [ 539.284858][T16827] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 539.284884][T16827] ? stack_depot_save_flags+0x28/0x9c0 [ 539.284908][T16827] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 539.284930][T16827] ? policy_nodemask+0xea/0x4e0 [ 539.284944][T16827] alloc_pages_mpol+0x1fc/0x540 [ 539.284958][T16827] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 539.284975][T16827] alloc_pages_noprof+0x131/0x390 [ 539.284989][T16827] kimage_alloc_pages+0x75/0x300 [ 539.285011][T16827] kimage_alloc_control_pages+0x148/0x8e0 [ 539.285035][T16827] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 539.285060][T16827] do_kexec_load+0x47e/0x8c0 [ 539.285075][T16827] ? __pfx_do_kexec_load+0x10/0x10 [ 539.285089][T16827] ? _copy_from_user+0x59/0xd0 [ 539.285105][T16827] __x64_sys_kexec_load+0x1bf/0x230 [ 539.285120][T16827] do_syscall_64+0xcd/0x250 [ 539.285140][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.285159][T16827] RIP: 0033:0x7f1c8e78d169 [ 539.285170][T16827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.285184][T16827] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 539.285196][T16827] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 539.285205][T16827] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 539.285213][T16827] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 539.285221][T16827] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 539.285229][T16827] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 539.285245][T16827] [ 539.572508][T16827] kexec: Could not allocate control_code_buffer [ 539.630441][T16832] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4363'. [ 539.639622][T16832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4363'. [ 539.705252][T16834] netlink: 130 bytes leftover after parsing attributes in process `syz.3.4364'. [ 542.204100][T16922] netlink: 350 bytes leftover after parsing attributes in process `syz.0.4390'. [ 542.881734][T16945] batman_adv: Routing algorithm '' is not supported [ 547.015390][T17027] FAULT_INJECTION: forcing a failure. [ 547.015390][T17027] name failslab, interval 1, probability 0, space 0, times 0 [ 547.085743][T17027] CPU: 1 UID: 0 PID: 17027 Comm: syz.2.4429 Not tainted 6.14.0-rc6-syzkaller #0 [ 547.085767][T17027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 547.085776][T17027] Call Trace: [ 547.085781][T17027] [ 547.085788][T17027] dump_stack_lvl+0x16c/0x1f0 [ 547.085813][T17027] should_fail_ex+0x50a/0x650 [ 547.085828][T17027] ? fs_reclaim_acquire+0xae/0x150 [ 547.085847][T17027] ? lsm_blob_alloc+0x68/0x90 [ 547.085868][T17027] should_failslab+0xc2/0x120 [ 547.085881][T17027] __kmalloc_noprof+0xcb/0x510 [ 547.085904][T17027] lsm_blob_alloc+0x68/0x90 [ 547.085924][T17027] security_prepare_creds+0x30/0x270 [ 547.085944][T17027] prepare_creds+0x540/0x750 [ 547.085960][T17027] ? __pfx_get_random_u64+0x10/0x10 [ 547.085975][T17027] copy_creds+0xa7/0xa50 [ 547.085998][T17027] copy_process+0x10b2/0x8c50 [ 547.086012][T17027] ? find_held_lock+0x2d/0x110 [ 547.086029][T17027] ? try_to_wake_up+0x949/0x1490 [ 547.086053][T17027] ? __pfx_copy_process+0x10/0x10 [ 547.086067][T17027] ? try_to_wake_up+0x953/0x1490 [ 547.086086][T17027] ? __pfx_try_to_wake_up+0x10/0x10 [ 547.086103][T17027] ? __pfx_lock_release+0x10/0x10 [ 547.086120][T17027] ? plist_check_head+0xa3/0x150 [ 547.086138][T17027] ? wake_up_q+0xb0/0x160 [ 547.086154][T17027] ? do_raw_spin_unlock+0x172/0x230 [ 547.086170][T17027] kernel_clone+0xfd/0x960 [ 547.086182][T17027] ? __pfx_futex_wake+0x10/0x10 [ 547.086201][T17027] ? __pfx_kernel_clone+0x10/0x10 [ 547.086212][T17027] ? __pfx_vfs_writev+0x10/0x10 [ 547.086238][T17027] __do_sys_clone+0xcf/0x120 [ 547.086251][T17027] ? __pfx___do_sys_clone+0x10/0x10 [ 547.086271][T17027] ? rcu_is_watching+0x12/0xc0 [ 547.086290][T17027] do_syscall_64+0xcd/0x250 [ 547.086310][T17027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.086328][T17027] RIP: 0033:0x7f1c8e78d169 [ 547.086340][T17027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.086353][T17027] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 547.086367][T17027] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 547.086375][T17027] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000001 [ 547.086383][T17027] RBP: 00007f1c8e80e2a0 R08: 0000000000000002 R09: 0000000000000000 [ 547.086390][T17027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.086398][T17027] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 547.086414][T17027] [ 547.743756][T17036] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4433'. [ 547.889013][T17041] FAULT_INJECTION: forcing a failure. [ 547.889013][T17041] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 547.957328][T17041] CPU: 1 UID: 0 PID: 17041 Comm: syz.1.4435 Not tainted 6.14.0-rc6-syzkaller #0 [ 547.957351][T17041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 547.957361][T17041] Call Trace: [ 547.957365][T17041] [ 547.957371][T17041] dump_stack_lvl+0x16c/0x1f0 [ 547.957396][T17041] should_fail_ex+0x50a/0x650 [ 547.957414][T17041] _copy_to_iter+0x2a1/0x1560 [ 547.957431][T17041] ? chacha_block_generic+0x18a/0x270 [ 547.957454][T17041] ? __pfx__copy_to_iter+0x10/0x10 [ 547.957472][T17041] ? __pfx___might_resched+0x10/0x10 [ 547.957499][T17041] ? crng_make_state+0x48e/0x6d0 [ 547.957523][T17041] get_random_bytes_user+0x180/0x3c0 [ 547.957547][T17041] ? __pfx_get_random_bytes_user+0x10/0x10 [ 547.957571][T17041] ? do_futex+0x123/0x350 [ 547.957592][T17041] ? import_ubuf+0x1b6/0x220 [ 547.957606][T17041] __x64_sys_getrandom+0x184/0x290 [ 547.957620][T17041] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 547.957634][T17041] ? xfd_validate_state+0x5d/0x180 [ 547.957658][T17041] do_syscall_64+0xcd/0x250 [ 547.957678][T17041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.957696][T17041] RIP: 0033:0x7f3cd7f8d169 [ 547.957707][T17041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.957721][T17041] RSP: 002b:00007f3cd8d3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 547.957734][T17041] RAX: ffffffffffffffda RBX: 00007f3cd81a5fa0 RCX: 00007f3cd7f8d169 [ 547.957743][T17041] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 547.957751][T17041] RBP: 00007f3cd800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 547.957759][T17041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.957766][T17041] R13: 0000000000000000 R14: 00007f3cd81a5fa0 R15: 00007ffc12a3e978 [ 547.957782][T17041] [ 548.497029][T17058] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4442'. [ 548.581506][T17060] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4443'. [ 550.056425][T17088] FAULT_INJECTION: forcing a failure. [ 550.056425][T17088] name failslab, interval 1, probability 0, space 0, times 0 [ 550.120174][T17088] CPU: 1 UID: 0 PID: 17088 Comm: syz.2.4454 Not tainted 6.14.0-rc6-syzkaller #0 [ 550.120197][T17088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 550.120207][T17088] Call Trace: [ 550.120211][T17088] [ 550.120217][T17088] dump_stack_lvl+0x16c/0x1f0 [ 550.120243][T17088] should_fail_ex+0x50a/0x650 [ 550.120257][T17088] ? fs_reclaim_acquire+0xae/0x150 [ 550.120276][T17088] ? mon_text_open+0xd6/0x4f0 [ 550.120295][T17088] should_failslab+0xc2/0x120 [ 550.120314][T17088] __kmalloc_cache_noprof+0x68/0x410 [ 550.120336][T17088] ? __pfx_mon_text_open+0x10/0x10 [ 550.120354][T17088] mon_text_open+0xd6/0x4f0 [ 550.120373][T17088] ? __pfx_mon_text_open+0x10/0x10 [ 550.120391][T17088] ? __debugfs_file_get+0x1ff/0x850 [ 550.120409][T17088] ? __pfx___debugfs_file_get+0x10/0x10 [ 550.120426][T17088] ? __pfx_apparmor_file_open+0x10/0x10 [ 550.120443][T17088] ? lockdown_is_locked_down+0x3f/0x130 [ 550.120462][T17088] ? bpf_lsm_locked_down+0x9/0x10 [ 550.120478][T17088] ? __pfx_mon_text_open+0x10/0x10 [ 550.120496][T17088] full_proxy_open_regular+0x1b6/0x360 [ 550.120516][T17088] do_dentry_open+0x735/0x1c40 [ 550.120535][T17088] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 550.120558][T17088] vfs_open+0x82/0x3f0 [ 550.120570][T17088] ? may_open+0x1f2/0x400 [ 550.120587][T17088] path_openat+0x1e88/0x2d80 [ 550.120612][T17088] ? __pfx_path_openat+0x10/0x10 [ 550.120631][T17088] ? __pfx___lock_acquire+0x10/0x10 [ 550.120649][T17088] ? lock_acquire.part.0+0x11b/0x380 [ 550.120667][T17088] ? find_held_lock+0x2d/0x110 [ 550.120684][T17088] do_filp_open+0x20c/0x470 [ 550.120703][T17088] ? __pfx_do_filp_open+0x10/0x10 [ 550.120721][T17088] ? find_held_lock+0x2d/0x110 [ 550.120747][T17088] ? alloc_fd+0x41f/0x760 [ 550.120770][T17088] do_sys_openat2+0x17a/0x1e0 [ 550.120785][T17088] ? __pfx_do_sys_openat2+0x10/0x10 [ 550.120806][T17088] __x64_sys_openat+0x175/0x210 [ 550.120820][T17088] ? __pfx___x64_sys_openat+0x10/0x10 [ 550.120842][T17088] do_syscall_64+0xcd/0x250 [ 550.120862][T17088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.120881][T17088] RIP: 0033:0x7f1c8e78d169 [ 550.120894][T17088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.120907][T17088] RSP: 002b:00007f1c8f5b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 550.120920][T17088] RAX: ffffffffffffffda RBX: 00007f1c8e9a5fa0 RCX: 00007f1c8e78d169 [ 550.120929][T17088] RDX: 0000000000040002 RSI: 0000400000000240 RDI: ffffffffffffff9c [ 550.120938][T17088] RBP: 00007f1c8e80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 550.120946][T17088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.120954][T17088] R13: 0000000000000000 R14: 00007f1c8e9a5fa0 R15: 00007ffcd80e1a88 [ 550.120972][T17088] [ 550.472808][T17090] netlink: 74 bytes leftover after parsing attributes in process `syz.3.4455'. [ 550.608126][T17096] netlink: 'syz.2.4458': attribute type 10 has an invalid length. [ 551.453008][T17120] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 552.886273][T17152] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4482'. [ 553.447840][T17163] netlink: 'syz.3.4487': attribute type 10 has an invalid length. [ 553.880372][T17175] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4493'. [ 553.933347][T17179] netlink: 346 bytes leftover after parsing attributes in process `syz.3.4494'. [ 555.644929][T17225] FAULT_INJECTION: forcing a failure. [ 555.644929][T17225] name failslab, interval 1, probability 0, space 0, times 0 [ 555.701416][T17225] CPU: 1 UID: 0 PID: 17225 Comm: syz.1.4515 Not tainted 6.14.0-rc6-syzkaller #0 [ 555.701439][T17225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 555.701448][T17225] Call Trace: [ 555.701452][T17225] [ 555.701458][T17225] dump_stack_lvl+0x16c/0x1f0 [ 555.701483][T17225] should_fail_ex+0x50a/0x650 [ 555.701498][T17225] ? fs_reclaim_acquire+0xae/0x150 [ 555.701518][T17225] should_failslab+0xc2/0x120 [ 555.701533][T17225] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 555.701554][T17225] ? get_random_u64+0x57e/0x7d0 [ 555.701567][T17225] ? prepare_creds+0x2e/0x750 [ 555.701586][T17225] prepare_creds+0x2e/0x750 [ 555.701602][T17225] ? __pfx_get_random_u64+0x10/0x10 [ 555.701615][T17225] copy_creds+0xa7/0xa50 [ 555.701634][T17225] copy_process+0x10b2/0x8c50 [ 555.701648][T17225] ? plist_add+0x458/0x600 [ 555.701662][T17225] ? lock_acquire+0x2f/0xb0 [ 555.701679][T17225] ? schedule+0x1fd/0x350 [ 555.701696][T17225] ? futex_wait_queue+0x41/0x1f0 [ 555.701715][T17225] ? schedule+0xf1/0x350 [ 555.701736][T17225] ? futex_unqueue+0xba/0x140 [ 555.701755][T17225] ? __pfx_copy_process+0x10/0x10 [ 555.701767][T17225] ? __pfx___futex_wait+0x10/0x10 [ 555.701790][T17225] ? __pfx_futex_wake_mark+0x10/0x10 [ 555.701819][T17225] kernel_clone+0xfd/0x960 [ 555.701833][T17225] ? __pfx_kernel_clone+0x10/0x10 [ 555.701856][T17225] __do_sys_clone+0xcf/0x120 [ 555.701869][T17225] ? __pfx___do_sys_clone+0x10/0x10 [ 555.701889][T17225] ? rcu_is_watching+0x12/0xc0 [ 555.701908][T17225] do_syscall_64+0xcd/0x250 [ 555.701927][T17225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.701946][T17225] RIP: 0033:0x7f3cd7f8d169 [ 555.701957][T17225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.701972][T17225] RSP: 002b:00007f3cd8d3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 555.701985][T17225] RAX: ffffffffffffffda RBX: 00007f3cd81a5fa0 RCX: 00007f3cd7f8d169 [ 555.701994][T17225] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000001 [ 555.702002][T17225] RBP: 00007f3cd800e2a0 R08: 0000000000000002 R09: 0000000000000000 [ 555.702010][T17225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.702017][T17225] R13: 0000000000000000 R14: 00007f3cd81a5fa0 R15: 00007ffc12a3e978 [ 555.702033][T17225] [ 557.219085][T17254] FAULT_INJECTION: forcing a failure. [ 557.219085][T17254] name failslab, interval 1, probability 0, space 0, times 0 [ 557.247942][T17257] netlink: 346 bytes leftover after parsing attributes in process `syz.1.4529'. [ 557.278605][T17254] CPU: 1 UID: 0 PID: 17254 Comm: syz.0.4530 Not tainted 6.14.0-rc6-syzkaller #0 [ 557.278628][T17254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 557.278637][T17254] Call Trace: [ 557.278642][T17254] [ 557.278648][T17254] dump_stack_lvl+0x16c/0x1f0 [ 557.278673][T17254] should_fail_ex+0x50a/0x650 [ 557.278686][T17254] ? fs_reclaim_acquire+0xae/0x150 [ 557.278706][T17254] should_failslab+0xc2/0x120 [ 557.278721][T17254] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 557.278743][T17254] ? __pfx__proc_mkdir+0x10/0x10 [ 557.278755][T17254] ? nf_lwtunnel_net_init+0x38/0xf0 [ 557.278775][T17254] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 557.278793][T17254] kmemdup_noprof+0x29/0x60 [ 557.278811][T17254] nf_lwtunnel_net_init+0x38/0xf0 [ 557.278829][T17254] ops_init+0x1df/0x5f0 [ 557.278845][T17254] setup_net+0x21f/0x860 [ 557.278858][T17254] ? __pfx_setup_net+0x10/0x10 [ 557.278870][T17254] ? down_read_killable+0xcc/0x380 [ 557.278890][T17254] ? __pfx_down_read_killable+0x10/0x10 [ 557.278909][T17254] ? __raw_spin_lock_init+0x3a/0x110 [ 557.278924][T17254] ? debug_mutex_init+0x37/0x70 [ 557.278940][T17254] copy_net_ns+0x2a6/0x5f0 [ 557.278956][T17254] create_new_namespaces+0x3ea/0xad0 [ 557.278982][T17254] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 557.279004][T17254] ksys_unshare+0x45d/0xa40 [ 557.279019][T17254] ? __pfx_ksys_unshare+0x10/0x10 [ 557.279031][T17254] ? xfd_validate_state+0x5d/0x180 [ 557.279056][T17254] __x64_sys_unshare+0x31/0x40 [ 557.279069][T17254] do_syscall_64+0xcd/0x250 [ 557.279089][T17254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.279107][T17254] RIP: 0033:0x7f937f58d169 [ 557.279118][T17254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.279132][T17254] RSP: 002b:00007f9380391038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 557.279145][T17254] RAX: ffffffffffffffda RBX: 00007f937f7a5fa0 RCX: 00007f937f58d169 [ 557.279154][T17254] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 557.279161][T17254] RBP: 00007f937f60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 557.279169][T17254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.279177][T17254] R13: 0000000000000000 R14: 00007f937f7a5fa0 R15: 00007ffcf4997818 [ 557.279194][T17254] [ 557.728423][T17264] netlink: 'syz.3.4532': attribute type 11 has an invalid length. [ 558.419320][T17287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4542'. [ 558.529274][T17291] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 558.677514][T17293] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4543'. [ 563.389450][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.395841][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.296836][T17440] ================================================================== [ 564.304927][T17440] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 [ 564.312860][T17440] Read of size 8 at addr ffff8880288eb800 by task syz.1.4579/17440 [ 564.320736][T17440] [ 564.323046][T17440] CPU: 1 UID: 0 PID: 17440 Comm: syz.1.4579 Not tainted 6.14.0-rc6-syzkaller #0 [ 564.323063][T17440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 564.323072][T17440] Call Trace: [ 564.323078][T17440] [ 564.323085][T17440] dump_stack_lvl+0x116/0x1f0 [ 564.323107][T17440] print_report+0xc3/0x670 [ 564.323120][T17440] ? __virt_addr_valid+0x5e/0x590 [ 564.323134][T17440] ? __phys_addr+0xc6/0x150 [ 564.323147][T17440] kasan_report+0xd9/0x110 [ 564.323160][T17440] ? force_devcd_write+0x317/0x330 [ 564.323179][T17440] ? force_devcd_write+0x317/0x330 [ 564.323197][T17440] force_devcd_write+0x317/0x330 [ 564.323215][T17440] ? __pfx_force_devcd_write+0x10/0x10 [ 564.323233][T17440] ? __debugfs_file_get+0x1ff/0x850 [ 564.323250][T17440] ? __pfx___debugfs_file_get+0x10/0x10 [ 564.323267][T17440] ? rcu_is_watching+0x12/0xc0 [ 564.323281][T17440] ? trace_lock_acquire+0x14e/0x1f0 [ 564.323297][T17440] full_proxy_write+0x13c/0x200 [ 564.323314][T17440] ? __pfx_full_proxy_write+0x10/0x10 [ 564.323331][T17440] vfs_write+0x24c/0x1150 [ 564.323349][T17440] ? __fget_files+0x1fc/0x3a0 [ 564.323367][T17440] ? __pfx___mutex_lock+0x10/0x10 [ 564.323385][T17440] ? __pfx_vfs_write+0x10/0x10 [ 564.323405][T17440] ? __fget_files+0x206/0x3a0 [ 564.323424][T17440] ksys_write+0x12b/0x250 [ 564.323442][T17440] ? __pfx_ksys_write+0x10/0x10 [ 564.323461][T17440] do_syscall_64+0xcd/0x250 [ 564.323479][T17440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.323498][T17440] RIP: 0033:0x7f3cd7f8d169 [ 564.323510][T17440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.323524][T17440] RSP: 002b:00007f3cd8d1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 564.323537][T17440] RAX: ffffffffffffffda RBX: 00007f3cd81a6080 RCX: 00007f3cd7f8d169 [ 564.323546][T17440] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 564.323554][T17440] RBP: 00007f3cd800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 564.323562][T17440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 564.323570][T17440] R13: 0000000000000000 R14: 00007f3cd81a6080 R15: 00007ffc12a3e978 [ 564.323583][T17440] [ 564.323588][T17440] [ 564.544262][T17440] Allocated by task 17150: [ 564.548658][T17440] kasan_save_stack+0x33/0x60 [ 564.553329][T17440] kasan_save_track+0x14/0x30 [ 564.557997][T17440] __kasan_kmalloc+0xaa/0xb0 [ 564.562576][T17440] sctp_transport_new+0x94/0x790 [ 564.567508][T17440] sctp_assoc_add_peer+0x2e5/0x1530 [ 564.572704][T17440] sctp_process_init+0x2744/0x2d60 [ 564.577804][T17440] sctp_do_sm+0x15df/0x5c90 [ 564.582293][T17440] sctp_assoc_bh_rcv+0x392/0x6f0 [ 564.587219][T17440] sctp_inq_push+0x1d8/0x270 [ 564.591797][T17440] sctp_backlog_rcv+0x169/0x590 [ 564.596633][T17440] __release_sock+0x35f/0x400 [ 564.601297][T17440] release_sock+0x5a/0x220 [ 564.605701][T17440] sctp_wait_for_connect+0x1c6/0x5c0 [ 564.610971][T17440] __sctp_connect+0x9c9/0xc60 [ 564.615637][T17440] sctp_inet_connect+0x15f/0x200 [ 564.620564][T17440] __sys_connect_file+0x13e/0x1a0 [ 564.625573][T17440] __sys_connect+0x14f/0x170 [ 564.630148][T17440] __x64_sys_connect+0x72/0xb0 [ 564.634902][T17440] do_syscall_64+0xcd/0x250 [ 564.639393][T17440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.645273][T17440] [ 564.647582][T17440] Freed by task 25: [ 564.651367][T17440] kasan_save_stack+0x33/0x60 [ 564.656051][T17440] kasan_save_track+0x14/0x30 [ 564.660729][T17440] kasan_save_free_info+0x3b/0x60 [ 564.665747][T17440] __kasan_slab_free+0x51/0x70 [ 564.670505][T17440] kfree+0x2c4/0x4d0 [ 564.674388][T17440] rcu_core+0x79d/0x14d0 [ 564.678613][T17440] handle_softirqs+0x213/0x8f0 [ 564.683366][T17440] run_ksoftirqd+0x3a/0x60 [ 564.687773][T17440] smpboot_thread_fn+0x661/0xa30 [ 564.692691][T17440] kthread+0x3af/0x750 [ 564.696746][T17440] ret_from_fork+0x45/0x80 [ 564.701157][T17440] ret_from_fork_asm+0x1a/0x30 [ 564.705908][T17440] [ 564.708214][T17440] Last potentially related work creation: [ 564.713909][T17440] kasan_save_stack+0x33/0x60 [ 564.718576][T17440] kasan_record_aux_stack+0xb8/0xd0 [ 564.723758][T17440] __call_rcu_common.constprop.0+0x9a/0x870 [ 564.729638][T17440] sctp_transport_put+0x10f/0x170 [ 564.734645][T17440] sctp_association_free+0x4d3/0x7e0 [ 564.739915][T17440] sctp_do_sm+0x22e4/0x5c90 [ 564.744398][T17440] sctp_assoc_bh_rcv+0x392/0x6f0 [ 564.749321][T17440] sctp_inq_push+0x1d8/0x270 [ 564.753899][T17440] sctp_backlog_rcv+0x169/0x590 [ 564.758732][T17440] __release_sock+0x35f/0x400 [ 564.763396][T17440] release_sock+0x5a/0x220 [ 564.767802][T17440] sctp_close+0x44c/0x930 [ 564.772116][T17440] inet_release+0x13c/0x280 [ 564.776606][T17440] inet6_release+0x4f/0x70 [ 564.781007][T17440] __sock_release+0xb0/0x270 [ 564.785582][T17440] sock_close+0x1c/0x30 [ 564.789721][T17440] __fput+0x3ff/0xb70 [ 564.793687][T17440] task_work_run+0x14e/0x250 [ 564.798263][T17440] syscall_exit_to_user_mode+0x27b/0x2a0 [ 564.803888][T17440] do_syscall_64+0xda/0x250 [ 564.808378][T17440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.814265][T17440] [ 564.816621][T17440] The buggy address belongs to the object at ffff8880288eb800 [ 564.816621][T17440] which belongs to the cache kmalloc-1k of size 1024 [ 564.830654][T17440] The buggy address is located 0 bytes inside of [ 564.830654][T17440] freed 1024-byte region [ffff8880288eb800, ffff8880288ebc00) [ 564.844443][T17440] [ 564.846750][T17440] The buggy address belongs to the physical page: [ 564.853153][T17440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880288ea000 pfn:0x288e8 [ 564.863205][T17440] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 564.871685][T17440] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 564.880174][T17440] page_type: f5(slab) [ 564.885326][T17440] raw: 00fff00000000240 ffff88801b041dc0 ffffea0001ee0a10 ffffea0001e2fc10 [ 564.894002][T17440] raw: ffff8880288ea000 000000000010000e 00000000f5000000 0000000000000000 [ 564.902591][T17440] head: 00fff00000000240 ffff88801b041dc0 ffffea0001ee0a10 ffffea0001e2fc10 [ 564.911355][T17440] head: ffff8880288ea000 000000000010000e 00000000f5000000 0000000000000000 [ 564.920011][T17440] head: 00fff00000000003 ffffea0000a23a01 ffffffffffffffff 0000000000000000 [ 564.928663][T17440] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 564.937399][T17440] page dumped because: kasan: bad access detected [ 564.943801][T17440] page_owner tracks the page as allocated [ 564.949494][T17440] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 13, tgid 13 (kworker/u8:1), ts 10383242978, free_ts 0 [ 564.967799][T17440] post_alloc_hook+0x181/0x1b0 [ 564.972582][T17440] get_page_from_freelist+0xfce/0x2f80 [ 564.978030][T17440] __alloc_frozen_pages_noprof+0x221/0x2470 [ 564.983920][T17440] new_slab+0x94/0x330 [ 564.987979][T17440] ___slab_alloc+0xc5d/0x1720 [ 564.992643][T17440] __slab_alloc.constprop.0+0x56/0xb0 [ 564.998007][T17440] __kmalloc_cache_node_noprof+0x101/0x420 [ 565.003825][T17440] blk_mq_alloc_and_init_hctx+0x639/0x11b0 [ 565.009649][T17440] blk_mq_realloc_hw_ctxs+0x8e0/0xbe0 [ 565.015033][T17440] blk_mq_init_allocated_queue+0x39e/0x11f0 [ 565.020924][T17440] blk_mq_alloc_queue+0x1c3/0x290 [ 565.025968][T17440] scsi_alloc_sdev+0x890/0xd80 [ 565.030715][T17440] scsi_probe_and_add_lun+0x789/0xda0 [ 565.036071][T17440] __scsi_scan_target+0x1ea/0x580 [ 565.041176][T17440] scsi_scan_channel+0x149/0x1e0 [ 565.046096][T17440] scsi_scan_host_selected+0x302/0x400 [ 565.051541][T17440] page_owner free stack trace missing [ 565.056889][T17440] [ 565.059628][T17440] Memory state around the buggy address: [ 565.065239][T17440] ffff8880288eb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 565.073309][T17440] ffff8880288eb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 565.081362][T17440] >ffff8880288eb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 565.089409][T17440] ^ [ 565.093456][T17440] ffff8880288eb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 565.101521][T17440] ffff8880288eb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 565.109565][T17440] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 566.530325][ T5834] bridge0: port 3(syz_tun) entered disabled state [ 566.738895][ T5834] syz_tun (unregistering): left allmulticast mode [ 566.745343][ T5834] syz_tun (unregistering): left promiscuous mode [ 566.782326][ T5834] bridge0: port 3(syz_tun) entered disabled state [ 566.913910][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.934210][T17440] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 566.941423][T17440] CPU: 1 UID: 0 PID: 17440 Comm: syz.1.4579 Not tainted 6.14.0-rc6-syzkaller #0 [ 566.950432][T17440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 566.960613][T17440] Call Trace: [ 566.963881][T17440] [ 566.966810][T17440] dump_stack_lvl+0x3d/0x1f0 [ 566.971396][T17440] panic+0x71d/0x800 [ 566.975285][T17440] ? __pfx_panic+0x10/0x10 [ 566.979694][T17440] ? preempt_schedule_thunk+0x1a/0x30 [ 566.985057][T17440] ? preempt_schedule_common+0x44/0xc0 [ 566.990698][T17440] check_panic_on_warn+0xab/0xb0 [ 566.995627][T17440] end_report+0x117/0x180 [ 566.999942][T17440] kasan_report+0xe9/0x110 [ 567.004341][T17440] ? force_devcd_write+0x317/0x330 [ 567.009443][T17440] ? force_devcd_write+0x317/0x330 [ 567.014553][T17440] force_devcd_write+0x317/0x330 [ 567.019484][T17440] ? __pfx_force_devcd_write+0x10/0x10 [ 567.024934][T17440] ? __debugfs_file_get+0x1ff/0x850 [ 567.030124][T17440] ? __pfx___debugfs_file_get+0x10/0x10 [ 567.035661][T17440] ? rcu_is_watching+0x12/0xc0 [ 567.040444][T17440] ? trace_lock_acquire+0x14e/0x1f0 [ 567.045630][T17440] full_proxy_write+0x13c/0x200 [ 567.050564][T17440] ? __pfx_full_proxy_write+0x10/0x10 [ 567.055926][T17440] vfs_write+0x24c/0x1150 [ 567.060246][T17440] ? __fget_files+0x1fc/0x3a0 [ 567.064918][T17440] ? __pfx___mutex_lock+0x10/0x10 [ 567.069938][T17440] ? __pfx_vfs_write+0x10/0x10 [ 567.074695][T17440] ? __fget_files+0x206/0x3a0 [ 567.079363][T17440] ksys_write+0x12b/0x250 [ 567.083691][T17440] ? __pfx_ksys_write+0x10/0x10 [ 567.088534][T17440] do_syscall_64+0xcd/0x250 [ 567.093036][T17440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.098926][T17440] RIP: 0033:0x7f3cd7f8d169 [ 567.103323][T17440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.123202][T17440] RSP: 002b:00007f3cd8d1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 567.131601][T17440] RAX: ffffffffffffffda RBX: 00007f3cd81a6080 RCX: 00007f3cd7f8d169 [ 567.139555][T17440] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 567.147509][T17440] RBP: 00007f3cd800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 567.155470][T17440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 567.163427][T17440] R13: 0000000000000000 R14: 00007f3cd81a6080 R15: 00007ffc12a3e978 [ 567.171399][T17440] [ 567.174497][T17440] Kernel Offset: disabled [ 567.178821][T17440] Rebooting in 86400 seconds..