last executing test programs: 2.301062495s ago: executing program 3 (id=2779): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x6, 0x40000000029, 0x46, 0xfffffffffffffffe, 0x0) 2.124819122s ago: executing program 3 (id=2781): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmmsg$auto(r0, 0x0, 0x0, 0x5) 1.338654583s ago: executing program 3 (id=2793): r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x200, 0x8c, 0x525425b579531c2b}, 0x18) mount_setattr$auto(r1, &(0x7f00000010c0)='./file0\x00', 0x0, &(0x7f0000001100)={0x6, 0x4, 0x1, @inferred=r0}, 0x80000000) fcntl$auto_F_SETFD(r0, 0x2, 0xffffffffffffffff) mknod$auto(&(0x7f0000000000)='./file0\x00', 0x73, 0x2) 1.164132334s ago: executing program 0 (id=2796): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4008010) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48442, 0x0) read$auto(r0, 0x0, 0x1f40) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 983.910359ms ago: executing program 2 (id=2798): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5) sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba441b", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100) 983.683783ms ago: executing program 3 (id=2799): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x0, 0x7352, 0x41, 0x200000000065f, 0x401ffde, 0x7, 0x3, 0x2, 0x9, 0x3eb, 0x5, 0x2, 0x3000, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x1ffb, 0x203, 0x400, 0x84}, 0x9, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 975.479541ms ago: executing program 0 (id=2800): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x15, 0x0, 0x7ff) 856.544652ms ago: executing program 0 (id=2802): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 761.886005ms ago: executing program 2 (id=2803): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) 676.58853ms ago: executing program 3 (id=2805): mmap$auto(0x0, 0x2020006, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0x2, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @loopback}, 0x6a) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) 675.671278ms ago: executing program 0 (id=2813): r0 = socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0xe, &(0x7f0000000100)={0xffffffff, 0x1, 0x0, 0xa4c, 0x7, 0x10, r0, [0x0, 0x1, 0xa], {0xfffffff1, 0x6f4, 0x0, 0xff, 0xcfa1, 0x5, 0x130, 0x1ff, 0x3}, {0xd5, 0x0, 0xff, 0x3, 0x4f54, 0x6, 0x4, 0x6, 0x99a}}) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 630.804459ms ago: executing program 1 (id=2806): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) ioctl$auto_SNDCTL_SEQ_PANIC(r0, 0x5111, 0x0) 549.015048ms ago: executing program 2 (id=2807): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) fanotify_init$auto(0x602, 0x1) socketpair$auto(0x22, 0x5, 0xffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r0, 0x104000000000010e, 0x3, 0x0, 0x20003fe) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), r0) 528.740288ms ago: executing program 0 (id=2808): mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) connect$auto(0x3, 0x0, 0x55) 458.635814ms ago: executing program 1 (id=2809): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x12, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x2, 0x2, 0x7, 0x8, 0xffffffffffffffff, 0x3, "e10d1a7d3c4650ec6df285a2e4c731af", 0x0, 0xffffffffffffffff, 0x8, 0x2f71, 0x0, 0xfff}, 0xcf) sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="1304"], 0x14}, 0x1, 0x0, 0x0, 0x4804}, 0x80) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x4044000}, 0x800) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 436.363234ms ago: executing program 3 (id=2810): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x2000000000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xeb66) 359.955443ms ago: executing program 2 (id=2811): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x2, 0x0) io_uring_setup$auto(0xd364, &(0x7f0000000000)={0x2000, 0x10002, 0x7f, 0x5, 0x6, 0x5bb6, r0, [], {0x2, 0x4, 0x9, 0x2, 0x400, 0x401, 0x7, 0x5, 0x80000000}, {0x7, 0x2, 0x6e68, 0x8, 0x6b, 0x9, 0x0, 0x4, 0xb1}}) 347.708291ms ago: executing program 0 (id=2812): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20a04, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000031c0)='/dev/ttyua\x00', 0x109000, 0x0) read$auto(r0, 0x0, 0x1) close_range$auto(0x2, 0x8, 0x1f00) 342.517152ms ago: executing program 1 (id=2814): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r0) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000c00}, 0x4000000) 242.582667ms ago: executing program 1 (id=2815): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm0c/oss\x00', 0x101002, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/rxrpc/calls\x00', 0x40380, 0x0) pread64$auto(r1, 0x0, 0x10001, 0x830) write$auto(r0, 0x0, 0x100) close_range$auto(0x2, 0x8, 0x0) 142.925105ms ago: executing program 2 (id=2816): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x12, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x3, r0, 0x0) 142.18153ms ago: executing program 1 (id=2817): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/usb/usbmon/32u\x00', 0x82000, 0x0) 107.683909ms ago: executing program 2 (id=2818): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, r0, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) 0s ago: executing program 1 (id=2819): open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) socket(0x2, 0x5, 0x0) socket(0x11, 0x80003, 0x300) socket(0x11, 0xa, 0x300) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 70.902732][ T5497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.914573][ T5497] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.90' (ED25519) to the list of known hosts. syzkaller login: [ 98.391514][ T5819] cgroup: Unknown subsys name 'net' [ 98.505783][ T5819] cgroup: Unknown subsys name 'cpuset' [ 98.515210][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.486698][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.543176][ T47] cfg80211: failed to load regulatory.db [ 102.910709][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.922687][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.931519][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.951462][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.971671][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.980057][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.988094][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.996065][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.004603][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.013202][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.021299][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.031163][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.040138][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.047585][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.085569][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.102070][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.105039][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.109741][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.117944][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.134879][ T5142] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.693064][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 103.863973][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 103.937016][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 103.987525][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 104.052061][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.059359][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.066976][ T5839] bridge_slave_0: entered allmulticast mode [ 104.074804][ T5839] bridge_slave_0: entered promiscuous mode [ 104.118478][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.125998][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.133335][ T5839] bridge_slave_1: entered allmulticast mode [ 104.140665][ T5839] bridge_slave_1: entered promiscuous mode [ 104.234279][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.241828][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.249054][ T5833] bridge_slave_0: entered allmulticast mode [ 104.256823][ T5833] bridge_slave_0: entered promiscuous mode [ 104.284356][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.309449][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.316812][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.324883][ T5833] bridge_slave_1: entered allmulticast mode [ 104.333016][ T5833] bridge_slave_1: entered promiscuous mode [ 104.342407][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.429708][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.437439][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.445064][ T5835] bridge_slave_0: entered allmulticast mode [ 104.454182][ T5835] bridge_slave_0: entered promiscuous mode [ 104.493625][ T5839] team0: Port device team_slave_0 added [ 104.499967][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.507408][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.517403][ T5835] bridge_slave_1: entered allmulticast mode [ 104.525450][ T5835] bridge_slave_1: entered promiscuous mode [ 104.565816][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.577745][ T5839] team0: Port device team_slave_1 added [ 104.599506][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.609303][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.616882][ T5830] bridge_slave_0: entered allmulticast mode [ 104.625268][ T5830] bridge_slave_0: entered promiscuous mode [ 104.635962][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.675112][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.691274][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.698438][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.706843][ T5830] bridge_slave_1: entered allmulticast mode [ 104.714636][ T5830] bridge_slave_1: entered promiscuous mode [ 104.764259][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.806356][ T5833] team0: Port device team_slave_0 added [ 104.814390][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.821658][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.848276][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.880047][ T5835] team0: Port device team_slave_0 added [ 104.889505][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.902513][ T5833] team0: Port device team_slave_1 added [ 104.912708][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.923128][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.930099][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.956242][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.969780][ T5835] team0: Port device team_slave_1 added [ 105.039957][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.047731][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.073816][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.095295][ T5838] Bluetooth: hci1: command tx timeout [ 105.114933][ T5830] team0: Port device team_slave_0 added [ 105.139640][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.147434][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.171883][ T5838] Bluetooth: hci0: command tx timeout [ 105.177442][ T55] Bluetooth: hci2: command tx timeout [ 105.178915][ T5142] Bluetooth: hci3: command tx timeout [ 105.185451][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.211272][ T5830] team0: Port device team_slave_1 added [ 105.256630][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.264181][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.290381][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.305589][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.312735][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.339330][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.368938][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.377997][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.404454][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.439927][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.447437][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.473537][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.525197][ T5839] hsr_slave_0: entered promiscuous mode [ 105.532362][ T5839] hsr_slave_1: entered promiscuous mode [ 105.553774][ T5833] hsr_slave_0: entered promiscuous mode [ 105.560501][ T5833] hsr_slave_1: entered promiscuous mode [ 105.567061][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.575014][ T5833] Cannot create hsr debugfs directory [ 105.656558][ T5835] hsr_slave_0: entered promiscuous mode [ 105.663867][ T5835] hsr_slave_1: entered promiscuous mode [ 105.670048][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.677757][ T5835] Cannot create hsr debugfs directory [ 105.789929][ T5830] hsr_slave_0: entered promiscuous mode [ 105.797030][ T5830] hsr_slave_1: entered promiscuous mode [ 105.804835][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.812647][ T5830] Cannot create hsr debugfs directory [ 106.250517][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.275407][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.288642][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.322825][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.363136][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.388397][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.420525][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.443283][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.504868][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.516047][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.549021][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.570933][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.672189][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.690841][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.702540][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.741310][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.790577][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.875128][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.917609][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.925197][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.962462][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.969638][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.986674][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.020260][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.088435][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.126796][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.133971][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.164034][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.173460][ T5142] Bluetooth: hci1: command tx timeout [ 107.178955][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.189885][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.197063][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.228842][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.236196][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.252266][ T5142] Bluetooth: hci3: command tx timeout [ 107.257762][ T5142] Bluetooth: hci0: command tx timeout [ 107.264814][ T5838] Bluetooth: hci2: command tx timeout [ 107.271052][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.278255][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.339060][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.394080][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.401335][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.440095][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.447336][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.844960][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.986022][ T5833] veth0_vlan: entered promiscuous mode [ 108.020533][ T5833] veth1_vlan: entered promiscuous mode [ 108.138344][ T5833] veth0_macvtap: entered promiscuous mode [ 108.154523][ T5833] veth1_macvtap: entered promiscuous mode [ 108.166873][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.202098][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.242245][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.257297][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.279197][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.288474][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.300073][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.309299][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.329510][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.410692][ T5839] veth0_vlan: entered promiscuous mode [ 108.430303][ T5839] veth1_vlan: entered promiscuous mode [ 108.525720][ T5835] veth0_vlan: entered promiscuous mode [ 108.554842][ T5830] veth0_vlan: entered promiscuous mode [ 108.590635][ T2976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.598835][ T5839] veth0_macvtap: entered promiscuous mode [ 108.608675][ T5835] veth1_vlan: entered promiscuous mode [ 108.615004][ T2976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.647140][ T5830] veth1_vlan: entered promiscuous mode [ 108.670321][ T5839] veth1_macvtap: entered promiscuous mode [ 108.702232][ T2976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.710225][ T2976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.776133][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.795610][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.809865][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.829814][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.848597][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.860495][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.874435][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.886886][ T5839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.896277][ T5839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.905560][ T5839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.914898][ T5839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.967464][ T5835] veth0_macvtap: entered promiscuous mode [ 109.039601][ T5830] veth0_macvtap: entered promiscuous mode [ 109.048583][ T5835] veth1_macvtap: entered promiscuous mode [ 109.077514][ T5899] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2'. [ 109.093347][ T5830] veth1_macvtap: entered promiscuous mode [ 109.118003][ T5899] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2'. [ 109.128263][ T5899] Zero length message leads to an empty skb [ 109.158010][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.176952][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.190439][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.201357][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.217118][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.252054][ T5142] Bluetooth: hci1: command tx timeout [ 109.299671][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.314552][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.327002][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.338466][ T5142] Bluetooth: hci3: command tx timeout [ 109.343366][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.344237][ T5838] Bluetooth: hci0: command tx timeout [ 109.355435][ T55] Bluetooth: hci2: command tx timeout [ 109.365146][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.377056][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.390625][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.417781][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.429019][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.440656][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.455206][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.465503][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.480027][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.497807][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.510880][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.522216][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.533409][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.544340][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.555725][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.575515][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.587321][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.610633][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.620856][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.630259][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.645111][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.679037][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.692376][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.703123][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.723852][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.746762][ T5906] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.859226][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.877584][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.057851][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.081971][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.194446][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.224378][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.256386][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.272516][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.424272][ T2976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.444275][ T2976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.640778][ T5917] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 110.984305][ T5923] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 111.333304][ T55] Bluetooth: hci1: command tx timeout [ 111.424950][ T55] Bluetooth: hci0: command tx timeout [ 111.425529][ T5838] Bluetooth: hci3: command tx timeout [ 111.430437][ T55] Bluetooth: hci2: command tx timeout [ 112.584084][ T30] audit: type=1804 audit(1746927359.142:2): pid=5967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.29" name=2F6E6577726F6F742F31322F08 dev="tmpfs" ino=78 res=1 errno=0 [ 113.057724][ T30] audit: type=1804 audit(1746927359.622:3): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.36" name="/newroot/14/file0" dev="tmpfs" ino=89 res=1 errno=0 [ 113.160873][ T30] audit: type=1800 audit(1746927359.622:4): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.36" name="file0" dev="tmpfs" ino=89 res=0 errno=0 [ 113.190454][ T30] audit: type=1800 audit(1746927359.652:5): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.36" name="file0" dev="tmpfs" ino=89 res=0 errno=0 [ 113.358576][ T5987] process 'syz.2.40' launched '/dev/fd/4' with NULL argv: empty string added [ 113.850340][ T6003] mmap: syz.2.45 (6003) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 115.788691][ T6047] netlink: 206 bytes leftover after parsing attributes in process `syz.1.64'. [ 118.198310][ T6112] netlink: 28 bytes leftover after parsing attributes in process `syz.2.91'. [ 118.209551][ T6112] ipvlan0: entered allmulticast mode [ 118.217998][ T6112] veth0_vlan: entered allmulticast mode [ 119.179640][ T6146] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 121.263133][ T6184] netlink: 28 bytes leftover after parsing attributes in process `syz.2.119'. [ 121.379364][ T6140] kexec: Could not allocate control_code_buffer [ 122.902668][ T6222] zero sized request [ 126.025459][ T6283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.159'. [ 126.070804][ T6283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.159'. [ 127.082404][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 127.131308][ T6305] sock: sock_set_timeout: `syz.3.167' (pid 6305) tries to set negative timeout [ 127.153069][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 137.049948][ T6522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 138.381853][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.388668][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.713790][ T6570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.274'. [ 140.502227][ T6587] netlink: 'syz.1.281': attribute type 11 has an invalid length. [ 143.346360][ T55] Bluetooth: hci3: Malformed Event: 0x2f [ 146.976944][ T6727] netlink: 338 bytes leftover after parsing attributes in process `syz.0.335'. [ 147.240691][ T6731] capability: warning: `syz.3.337' uses 32-bit capabilities (legacy support in use) [ 148.068733][ T6749] zswap: compressor not available [ 149.019146][ T6775] netlink: 342 bytes leftover after parsing attributes in process `syz.2.354'. [ 150.181276][ T30] audit: type=1800 audit(1746927396.742:6): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.368" name="dbroot" dev="configfs" ino=10582 res=0 errno=0 [ 150.261732][ T6813] db_root: cannot open: [ 150.261732][ T6813] use_profile 0 [ 150.261732][ T6813] [ 150.261732][ T6813] file mkdir/chmod /dev/ 0755 [ 150.261732][ T6813] file chown/chgrp /dev/ 0 [ 150.261732][ T6813] file mkchar /dev/console 0600 5 1 [ 150.261732][ T6813] file chown/chgrp /dev/console 0 [ 150.261732][ T6813] file chmod /dev/console 0600 [ 150.261732][ T6813] file mkdir/chmod /root/ 0700 [ 150.261732][ T6813] file chown/chgrp /root/ 0 [ 150.261732][ T6813] file read/write /dev/console [ 150.261732][ T6813] file mkblock /dev/ram 0600 1 0 [ 150.261732][ T6813] file read/write/unlink /dev/ram [ 150.261732][ T6813] file mkblock /dev/root 0600 8 1 [ 150.261732][ T6813] file mount /dev/root /root/ ext3 0x8001 [ 150.261732][ T6813] file mount /dev/root /root/ ext2 0x8001 [ 150.261732][ T6813] file mount /dev/root /root/ ext4 0x8001 [ 150.261732][ T6813] file mount devtmpfs /root/dev/ devtmpfs 0x8000 [ 150.261732][ T6813] file mount /root/ / --move 0x0 [ 150.261732][ T6813] file chroot / [ 150.261732][ T6813] file write proc:/sys/kernel/hung_task_all_cpu_backtrace [ 150.261732][ T6813] file write proc:/sys/vm/nr_hugepages [ 150.261732][ T6813] file write proc:/sys/vm/nr_overcommit_hugepages [ 150.261732][ T6813] file write proc:/sys/net/core/netdev_unregister_timeout_secs [ 150.261732][ T6813] file execute /sbin/init exec.realpath="/sbin/init" exec.argv[0]="/sbin/init" [ 150.261732][ T6813] file execute /sbin/modprobe exec.realpath="/sbin/modprobe" exec.argv[0]="/sbin/modprobe" [ 150.261732][ T6813] [ 150.261732][ T6813] /sbin/init [ 150.261732][ T6813] use_profile 0 [ 150.261732][ T6813] [ 150.261732][ T6813] misc env HOME [ 150.261732][ T6813] misc env TERM [ 150.261732][ T6813] misc [ 150.935596][ T6836] netlink: 334 bytes leftover after parsing attributes in process `syz.1.377'. [ 151.993049][ T6859] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[6859] [ 152.207870][ T6865] netlink: 194 bytes leftover after parsing attributes in process `syz.0.390'. [ 154.419212][ T6913] netlink: 350 bytes leftover after parsing attributes in process `syz.1.410'. [ 155.554750][ T30] audit: type=1800 audit(1746927402.122:7): pid=6948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.425" name="dbroot" dev="configfs" ino=10830 res=0 errno=0 [ 155.701538][ T6948] db_root: cannot open: [ 155.701538][ T6948] use_profile 0 [ 155.701538][ T6948] [ 155.701538][ T6948] file mkdir/chmod /dev/ 0755 [ 155.701538][ T6948] file chown/chgrp /dev/ 0 [ 155.701538][ T6948] file mkchar /dev/console 0600 5 1 [ 155.701538][ T6948] file chown/chgrp /dev/console 0 [ 155.701538][ T6948] file chmod /dev/console 0600 [ 155.701538][ T6948] file mkdir/chmod /root/ 0700 [ 155.701538][ T6948] file chown/chgrp /root/ 0 [ 155.701538][ T6948] file read/write /dev/console [ 155.701538][ T6948] file mkblock /dev/ram 0600 1 0 [ 155.701538][ T6948] file read/write/unlink /dev/ram [ 155.701538][ T6948] file mkblock /dev/root 0600 8 1 [ 155.701538][ T6948] file mount /dev/root /root/ ext3 0x8001 [ 155.701538][ T6948] file mount /dev/root /root/ ext2 0x8001 [ 155.701538][ T6948] file mount /dev/root /root/ ext4 0x8001 [ 155.701538][ T6948] file mount devtmpfs /root/dev/ devtmpfs 0x8000 [ 155.701538][ T6948] file mount /root/ / --move 0x0 [ 155.701538][ T6948] file chroot / [ 155.701538][ T6948] file write proc:/sys/kernel/hung_task_all_cpu_backtrace [ 155.701538][ T6948] file write proc:/sys/vm/nr_hugepages [ 155.701538][ T6948] file write proc:/sys/vm/nr_overcommit_hugepages [ 155.701538][ T6948] file write proc:/sys/net/core/netdev_unregister_timeout_secs [ 155.701538][ T6948] file execute /sbin/init exec.realpath="/sbin/init" exec.argv[0]="/sbin/init" [ 155.701538][ T6948] file execute /sbin/modprobe exec.realpath="/sbin/modprobe" exec.argv[0]="/sbin/modprobe" [ 155.701538][ T6948] [ 155.701538][ T6948] /sbin/init [ 155.701538][ T6948] use_profile 0 [ 155.701538][ T6948] [ 155.701538][ T6948] misc env HOME [ 155.701538][ T6948] misc env TERM [ 155.701538][ T6948] misc [ 156.426580][ T6966] Invalid ELF header magic: != ELF [ 156.459868][ T6968] GUP no longer grows the stack in syz.1.433 (6968): 14000-401000 (4000) [ 156.641191][ T6968] CPU: 1 UID: 0 PID: 6968 Comm: syz.1.433 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 156.641237][ T6968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.641256][ T6968] Call Trace: [ 156.641266][ T6968] [ 156.641283][ T6968] dump_stack_lvl+0x16c/0x1f0 [ 156.641350][ T6968] gup_vma_lookup+0x1d2/0x220 [ 156.641396][ T6968] __get_user_pages+0x234/0x36f0 [ 156.641458][ T6968] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 156.641498][ T6968] ? look_up_lock_class+0x59/0x150 [ 156.641542][ T6968] ? __pfx___get_user_pages+0x10/0x10 [ 156.641590][ T6968] ? process_vm_rw+0x216/0x2c0 [ 156.641625][ T6968] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 156.641663][ T6968] ? do_syscall_64+0xcd/0x230 [ 156.641721][ T6968] __gup_longterm_locked+0x20d/0x1850 [ 156.641784][ T6968] ? __pfx___gup_longterm_locked+0x10/0x10 [ 156.641856][ T6968] pin_user_pages_remote+0xed/0x140 [ 156.641910][ T6968] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 156.641958][ T6968] ? mm_access+0x22d/0x2e0 [ 156.642011][ T6968] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 156.642066][ T6968] ? futex_wait_queue+0x14c/0x220 [ 156.642104][ T6968] ? futex_unqueue+0xba/0x140 [ 156.642143][ T6968] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 156.642193][ T6968] ? iovec_from_user+0xbb/0x140 [ 156.642266][ T6968] ? iovec_from_user+0xbb/0x140 [ 156.642320][ T6968] process_vm_rw+0x216/0x2c0 [ 156.642361][ T6968] ? __pfx_process_vm_rw+0x10/0x10 [ 156.642411][ T6968] ? task_mm_cid_work+0x6b9/0x910 [ 156.642477][ T6968] ? xfd_validate_state+0x5d/0x180 [ 156.642538][ T6968] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 156.642579][ T6968] ? do_syscall_64+0x91/0x230 [ 156.642621][ T6968] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.642663][ T6968] do_syscall_64+0xcd/0x230 [ 156.642710][ T6968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.642741][ T6968] RIP: 0033:0x7fb8e478e969 [ 156.642770][ T6968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.642805][ T6968] RSP: 002b:00007fb8e56c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 156.642834][ T6968] RAX: ffffffffffffffda RBX: 00007fb8e49b5fa0 RCX: 00007fb8e478e969 [ 156.642854][ T6968] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 00000000000000e5 [ 156.642873][ T6968] RBP: 00007fb8e4810ab1 R08: 0000000000000003 R09: 0000000000000000 [ 156.642892][ T6968] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 156.642911][ T6968] R13: 0000000000000000 R14: 00007fb8e49b5fa0 R15: 00007ffc4d6c4bf8 [ 156.642951][ T6968] [ 157.614036][ T6992] netlink: 294 bytes leftover after parsing attributes in process `syz.3.442'. [ 158.258902][ T55] Bluetooth: hci1: ISO packet too small [ 158.563030][ T7015] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 159.210882][ T7043] sock: sock_timestamping_bind_phc: sock not bind to device [ 159.436934][ T7040] ALUA lu_gp_id: 393216 exceeds maximum: 0x0000ffff [ 159.725983][ T7055] netlink: 334 bytes leftover after parsing attributes in process `syz.3.464'. [ 161.093556][ T7083] ptp ptp0: max value is 20 [ 161.383540][ T7097] netlink: 'syz.3.482': attribute type 9 has an invalid length. [ 161.408969][ T7097] netlink: 330 bytes leftover after parsing attributes in process `syz.3.482'. [ 162.968177][ T7156] netlink: 28 bytes leftover after parsing attributes in process `syz.1.516'. [ 162.979049][ T7156] ipvlan1: entered allmulticast mode [ 162.985349][ T7156] veth0_vlan: entered allmulticast mode [ 163.401231][ T7171] netlink: 186 bytes leftover after parsing attributes in process `syz.3.513'. [ 163.731533][ T7179] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 165.987212][ T7230] zswap: compressor not available [ 166.198390][ T7246] FAULT_INJECTION: forcing a failure. [ 166.198390][ T7246] name failslab, interval 1, probability 0, space 0, times 1 [ 166.241047][ T7246] CPU: 1 UID: 0 PID: 7246 Comm: syz.2.544 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 166.241099][ T7246] Tainted: [I]=FIRMWARE_WORKAROUND [ 166.241111][ T7246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.241138][ T7246] Call Trace: [ 166.241152][ T7246] [ 166.241164][ T7246] dump_stack_lvl+0x16c/0x1f0 [ 166.241216][ T7246] should_fail_ex+0x512/0x640 [ 166.241261][ T7246] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 166.241298][ T7246] should_failslab+0xc2/0x120 [ 166.241337][ T7246] __kmalloc_cache_noprof+0x6a/0x3e0 [ 166.241370][ T7246] ? alloc_fs_context+0x57/0x9c0 [ 166.241406][ T7246] alloc_fs_context+0x57/0x9c0 [ 166.241443][ T7246] mq_init_ns+0x172/0x620 [ 166.241488][ T7246] copy_ipcs+0x383/0x610 [ 166.241520][ T7246] ? copy_utsname+0xab/0x470 [ 166.241564][ T7246] create_new_namespaces+0x20a/0xad0 [ 166.241600][ T7246] ? security_capable+0x7e/0x260 [ 166.241636][ T7246] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 166.241676][ T7246] ksys_unshare+0x45b/0xa40 [ 166.241720][ T7246] ? __pfx_ksys_unshare+0x10/0x10 [ 166.241762][ T7246] ? xfd_validate_state+0x5d/0x180 [ 166.241816][ T7246] ? rcu_is_watching+0x12/0xc0 [ 166.241855][ T7246] __x64_sys_unshare+0x31/0x40 [ 166.241897][ T7246] do_syscall_64+0xcd/0x230 [ 166.241946][ T7246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.241978][ T7246] RIP: 0033:0x7f793f78e969 [ 166.242004][ T7246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.242034][ T7246] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 166.242064][ T7246] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 166.242085][ T7246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 166.242103][ T7246] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 166.242121][ T7246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.242147][ T7246] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 166.242188][ T7246] [ 166.461529][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.028808][ T7336] netlink: 'syz.0.583': attribute type 1 has an invalid length. [ 171.737246][ T7383] netlink: 342 bytes leftover after parsing attributes in process `syz.0.603'. [ 171.818129][ T7386] netlink: 'syz.3.604': attribute type 3 has an invalid length. [ 171.880277][ T7378] Invalid ELF header magic: != ELF [ 172.874793][ T7412] netlink: 346 bytes leftover after parsing attributes in process `syz.0.613'. [ 173.784988][ T7429] Invalid ELF header magic: != ELF [ 176.889809][ T7447] kexec: Could not allocate control_code_buffer [ 177.281709][ T7477] syz.1.637 uses obsolete (PF_INET,SOCK_PACKET) [ 177.512155][ T7482] nbd: socks must be embedded in a SOCK_ITEM attr [ 177.555731][ T7482] block nbd0: shutting down sockets [ 179.089853][ T7524] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.269540][ T7565] netlink: 130 bytes leftover after parsing attributes in process `syz.2.671'. [ 182.263167][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.2.686'. [ 183.038301][ T7615] netlink: 'syz.0.695': attribute type 9 has an invalid length. [ 183.052829][ T7615] netlink: 330 bytes leftover after parsing attributes in process `syz.0.695'. [ 184.700369][ T7662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.714'. [ 184.767511][ T7662] team0: Port device team_slave_0 removed [ 188.365847][ T7760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.753'. [ 190.486229][ T7814] netlink: 338 bytes leftover after parsing attributes in process `syz.2.775'. [ 192.088044][ T7854] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 193.089081][ T7881] ima: policy update failed [ 193.102269][ T30] audit: type=1802 audit(1746927439.672:8): pid=7881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.805" res=0 errno=0 [ 198.502625][ T7951] kexec: Could not allocate control_code_buffer [ 198.783464][ T7976] syz.2.836 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 199.818579][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.831019][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.309931][ T8032] netlink: 'syz.0.859': attribute type 1 has an invalid length. [ 200.536293][ T8039] tipc: Started in network mode [ 200.552398][ T8039] tipc: Node identity ee00, cluster identity 4711 [ 200.558913][ T8039] tipc: Node number set to 60928 [ 201.303401][ T8059] WARNING! power/level is deprecated; use power/control instead [ 202.080517][ T8075] tipc: Started in network mode [ 202.124741][ T8075] tipc: Node identity ee00, cluster identity 4711 [ 202.151147][ T8075] tipc: Node number set to 60928 [ 208.231480][ T8205] batman_adv: batadv0: adding TT local entry 00:00:01:00:00:00 to non-existent VLAN 16 [ 209.284759][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.940'. [ 211.558864][ T8282] netlink: 342 bytes leftover after parsing attributes in process `syz.0.959'. [ 216.321849][ T8378] vhci_hcd: not connected 4 [ 219.213673][ T8446] IPVS: length: 24 != 25769803800 [ 222.927084][ T8513] sctp: [Deprecated]: syz.3.1053 (pid 8513) Use of int in maxseg socket option. [ 222.927084][ T8513] Use struct sctp_assoc_value instead [ 223.386384][ T8526] CIFS: VFS: Invalid SecurityFlags: 0 [ 223.386384][ T8526] [ 224.416676][ T8552] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1068'. [ 224.665331][ T8555] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1070'. [ 227.021508][ T8601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1088'. [ 227.076359][ T8601] caif0: entered promiscuous mode [ 227.492839][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 227.496444][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 227.499358][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 227.505475][ T5842] Bluetooth: hci2: command 0x0406 tx timeout [ 233.131388][ T5841] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 235.360668][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1145'. [ 236.423403][ T8785] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 237.354744][ T8811] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1169'. [ 237.591304][ T8815] nbd1: detected capacity change from 0 to 68719476736 [ 237.610069][ T6123] block nbd1: Send control failed (result -22) [ 237.641382][ T6123] block nbd1: Request send failed, requeueing [ 237.649932][ T5841] block nbd1: Receive control failed (result -32) [ 237.660641][ T11] block nbd1: Dead connection, failed to find a fallback [ 237.668953][ T11] block nbd1: shutting down sockets [ 237.674989][ T11] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.685066][ T11] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.695736][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.705565][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.714411][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.723887][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.732225][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.744733][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.753058][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.762752][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.770843][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.784663][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.793230][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.802809][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.811564][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.821099][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.829144][ T6123] ldm_validate_partition_table(): Disk read failed. [ 237.839440][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.849998][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.909872][ T6123] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 237.937128][ T6123] Buffer I/O error on dev nbd1, logical block 0, async page read [ 237.968639][ T6123] Dev nbd1: unable to read RDB block 0 [ 237.994831][ T6123] nbd1: unable to read partition table [ 238.037842][ T6123] ldm_validate_partition_table(): Disk read failed. [ 238.065677][ T6123] Dev nbd1: unable to read RDB block 0 [ 238.077449][ T6123] nbd1: unable to read partition table [ 240.206486][ T5841] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 240.206534][ T5841] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 240.221779][ T5841] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 240.221833][ T5841] Bluetooth: hci2: Unknown advertising packet type: 0x74 [ 240.229301][ T5841] Bluetooth: hci2: adv larger than maximum supported [ 240.237288][ T5841] Bluetooth: hci2: Unknown advertising packet type: 0x20 [ 240.244143][ T5841] Bluetooth: hci2: adv larger than maximum supported [ 240.251298][ T5841] Bluetooth: hci2: adv larger than maximum supported [ 240.258122][ T5841] Bluetooth: hci2: Malformed LE Event: 0x0d [ 243.403524][ T8971] Device name cannot be null; rc = [-22] [ 243.534437][ T8931] kexec: Could not allocate control_code_buffer [ 245.572198][ T9028] qrtr: Invalid version 0 [ 246.178637][ T9051] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1276'. [ 247.114788][ T5841] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 247.114832][ T5841] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 247.131099][ T5841] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 247.131159][ T5841] Bluetooth: hci1: adv larger than maximum supported [ 247.138534][ T5841] Bluetooth: hci1: Malformed LE Event: 0x0d [ 248.026759][ T30] audit: type=1800 audit(1746927494.592:9): pid=9093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1285" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 250.383715][ T9138] nbd: socks must be embedded in a SOCK_ITEM attr [ 250.396471][ T9138] block nbd2: shutting down sockets [ 251.259111][ T5841] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 251.259160][ T5841] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 251.276027][ T5841] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 251.276080][ T5841] Bluetooth: hci3: Unknown advertising packet type: 0x74 [ 251.284179][ T5841] Bluetooth: hci3: adv larger than maximum supported [ 251.291453][ T5841] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 251.298309][ T5841] Bluetooth: hci3: adv larger than maximum supported [ 251.306122][ T5841] Bluetooth: hci3: adv larger than maximum supported [ 251.313010][ T5841] Bluetooth: hci3: Malformed LE Event: 0x0d [ 253.291308][ T9210] netlink: 'syz.1.1334': attribute type 1 has an invalid length. [ 253.299117][ T9210] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1334'. [ 253.358666][ T9212] netlink: 19 bytes leftover after parsing attributes in process `syz.3.1335'. [ 253.680775][ T5841] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 253.680817][ T5841] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 253.700207][ T5841] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 253.700260][ T5841] Bluetooth: hci0: Unknown advertising packet type: 0x74 [ 253.708133][ T5841] Bluetooth: hci0: adv larger than maximum supported [ 253.716252][ T5841] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 253.723913][ T5841] Bluetooth: hci0: adv larger than maximum supported [ 253.731585][ T5841] Bluetooth: hci0: adv larger than maximum supported [ 253.739467][ T5841] Bluetooth: hci0: Malformed LE Event: 0x0d [ 255.242598][ T9267] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 255.280837][ T9267] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 255.930841][ T9293] nbd: socks must be embedded in a SOCK_ITEM attr [ 255.980248][ T9293] block nbd3: shutting down sockets [ 257.147196][ T9327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1383'. [ 257.939170][ T5832] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 257.939214][ T5832] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 257.955811][ T5832] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 257.955853][ T5832] Bluetooth: hci1: adv larger than maximum supported [ 257.964205][ T5832] Bluetooth: hci1: Malformed LE Event: 0x0d [ 259.491699][ T9372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1402'. [ 261.261709][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.268110][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.120272][ T9604] sctp: [Deprecated]: syz.3.1497 (pid 9604) Use of int in max_burst socket option deprecated. [ 268.120272][ T9604] Use struct sctp_assoc_value instead [ 269.316716][ T9629] netlink: 'syz.2.1505': attribute type 5 has an invalid length. [ 269.959771][ T9646] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1512'. [ 275.281836][ T9787] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1566'. [ 276.282166][ T9803] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1575'. [ 277.041529][ T9819] sctp: [Deprecated]: syz.2.1579 (pid 9819) Use of int in max_burst socket option deprecated. [ 277.041529][ T9819] Use struct sctp_assoc_value instead [ 278.168848][ T9844] netlink: 'syz.2.1591': attribute type 2 has an invalid length. [ 278.996284][ T9859] block nbd6: not configured, cannot reconfigure [ 280.329923][ T9888] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 281.898388][ T9922] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1623'. [ 282.143575][ T9929] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1625'. [ 282.612460][ T9940] nbd: socks must be embedded in a SOCK_ITEM attr [ 282.631415][ T9940] block nbd4: shutting down sockets [ 282.901982][ T9951] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1634'. [ 283.495648][ T9972] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1643'. [ 284.913309][ T5142] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 284.913360][ T5142] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 284.930430][ T5142] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 284.930473][ T5142] Bluetooth: hci1: adv larger than maximum supported [ 284.938628][ T5142] Bluetooth: hci1: Malformed LE Event: 0x0d [ 287.154461][T10068] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1683'. [ 288.038640][T10084] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1690'. [ 288.922145][T10099] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1696'. [ 289.131055][T10104] netlink: 'syz.3.1698': attribute type 4 has an invalid length. [ 289.878584][T10124] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1706'. [ 291.280146][T10150] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1719'. [ 292.806826][T10177] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1730'. [ 294.904642][T10220] zswap: compressor not available [ 295.244579][T10241] kAFS: No cell specified [ 300.888380][T10369] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1793'. [ 302.535762][ T30] audit: type=1800 audit(4294967297.150:10): pid=10407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1804" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 303.317421][T10430] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1808'. [ 303.961090][T10446] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1815'. [ 304.041073][T10453] kAFS: Invalid Command on /proc/fs/afs/cells file [ 304.129446][T10449] nvme_fabrics: missing parameter 'transport=%s' [ 304.153339][T10449] nvme_fabrics: missing parameter 'nqn=%s' [ 304.363984][T10454] nvme_fabrics: missing parameter 'transport=%s' [ 304.381065][T10454] nvme_fabrics: missing parameter 'nqn=%s' [ 304.971927][T10477] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1826'. [ 305.089150][T10480] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1827'. [ 305.192345][T10483] netlink: 'syz.2.1828': attribute type 3 has an invalid length. [ 305.294587][T10487] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1830'. [ 305.314083][T10487] hsr0: entered allmulticast mode [ 305.319834][T10487] hsr_slave_0: entered allmulticast mode [ 305.342269][T10487] hsr_slave_1: entered allmulticast mode [ 305.431716][T10494] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1833'. [ 305.710978][T10503] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1836'. [ 306.316135][T10521] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1844'. [ 306.517365][T10529] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1847'. [ 308.772996][T10594] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1876'. [ 308.802739][T10594] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1876'. [ 309.727874][T10608] netlink: 'syz.1.1880': attribute type 2 has an invalid length. [ 309.752789][T10608] netlink: 'syz.1.1880': attribute type 2 has an invalid length. [ 310.542128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 311.083346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 311.313544][T10632] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1892'. [ 311.341299][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 311.498819][T10638] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1894'. [ 311.775487][T10647] FAULT_INJECTION: forcing a failure. [ 311.775487][T10647] name failslab, interval 1, probability 0, space 0, times 0 [ 311.851037][T10647] CPU: 1 UID: 0 PID: 10647 Comm: syz.3.1897 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 311.851092][T10647] Tainted: [I]=FIRMWARE_WORKAROUND [ 311.851105][T10647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.851129][T10647] Call Trace: [ 311.851140][T10647] [ 311.851156][T10647] dump_stack_lvl+0x16c/0x1f0 [ 311.851211][T10647] should_fail_ex+0x512/0x640 [ 311.851257][T10647] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 311.851298][T10647] should_failslab+0xc2/0x120 [ 311.851350][T10647] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 311.851386][T10647] ? __kernfs_new_node+0xd2/0x8a0 [ 311.851445][T10647] __kernfs_new_node+0xd2/0x8a0 [ 311.851509][T10647] ? __pfx___kernfs_new_node+0x10/0x10 [ 311.851572][T10647] ? find_held_lock+0x2b/0x80 [ 311.851605][T10647] ? kernfs_root+0xee/0x2a0 [ 311.851642][T10647] kernfs_new_node+0x13c/0x1e0 [ 311.851685][T10647] __kernfs_create_file+0x53/0x350 [ 311.851731][T10647] sysfs_add_file_mode_ns+0x207/0x3c0 [ 311.851794][T10647] internal_create_group+0x578/0xf30 [ 311.851835][T10647] ? __pfx_internal_create_group+0x10/0x10 [ 311.851874][T10647] ? kernfs_create_link+0x1bd/0x240 [ 311.851924][T10647] internal_create_groups+0x9d/0x150 [ 311.851958][T10647] device_add+0x6d1/0x1a70 [ 311.852006][T10647] ? __pfx_device_add+0x10/0x10 [ 311.852049][T10647] ? lockdep_init_map_type+0x5c/0x280 [ 311.852091][T10647] ? __init_waitqueue_head+0xca/0x150 [ 311.852150][T10647] netdev_register_kobject+0x182/0x3a0 [ 311.852200][T10647] register_netdevice+0x13dc/0x2270 [ 311.852248][T10647] ? __pfx_register_netdevice+0x10/0x10 [ 311.852303][T10647] __ip_tunnel_create+0x4a8/0x680 [ 311.852346][T10647] ? __pfx___ip_tunnel_create+0x10/0x10 [ 311.852399][T10647] ip_tunnel_init_net+0x22f/0x7d0 [ 311.852446][T10647] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 311.852496][T10647] ? trace_kmalloc+0x2b/0xd0 [ 311.852545][T10647] ? lockdep_init_map_type+0x5c/0x280 [ 311.852590][T10647] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 311.852623][T10647] ops_init+0x1df/0x5f0 [ 311.852668][T10647] setup_net+0x21e/0x850 [ 311.852712][T10647] ? __pfx_setup_net+0x10/0x10 [ 311.852748][T10647] ? lockdep_init_map_type+0x5c/0x280 [ 311.852790][T10647] ? __pfx_down_read_killable+0x10/0x10 [ 311.852826][T10647] ? debug_mutex_init+0x37/0x70 [ 311.852859][T10647] copy_net_ns+0x2a6/0x5f0 [ 311.852907][T10647] create_new_namespaces+0x3ea/0xad0 [ 311.852953][T10647] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 311.852994][T10647] ksys_unshare+0x45b/0xa40 [ 311.853038][T10647] ? __pfx_ksys_unshare+0x10/0x10 [ 311.853079][T10647] ? xfd_validate_state+0x5d/0x180 [ 311.853130][T10647] ? rcu_is_watching+0x12/0xc0 [ 311.853170][T10647] __x64_sys_unshare+0x31/0x40 [ 311.853213][T10647] do_syscall_64+0xcd/0x230 [ 311.853261][T10647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.853294][T10647] RIP: 0033:0x7fd4f638e969 [ 311.853321][T10647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.853351][T10647] RSP: 002b:00007fd4f712e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 311.853392][T10647] RAX: ffffffffffffffda RBX: 00007fd4f65b5fa0 RCX: 00007fd4f638e969 [ 311.853413][T10647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 311.853432][T10647] RBP: 00007fd4f6410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 311.853451][T10647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.853471][T10647] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 311.853518][T10647] [ 313.763615][T10692] FAULT_INJECTION: forcing a failure. [ 313.763615][T10692] name failslab, interval 1, probability 0, space 0, times 0 [ 313.842271][T10692] CPU: 1 UID: 0 PID: 10692 Comm: syz.3.1915 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 313.842355][T10692] Tainted: [I]=FIRMWARE_WORKAROUND [ 313.842368][T10692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.842387][T10692] Call Trace: [ 313.842397][T10692] [ 313.842410][T10692] dump_stack_lvl+0x16c/0x1f0 [ 313.842464][T10692] should_fail_ex+0x512/0x640 [ 313.842511][T10692] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 313.842552][T10692] should_failslab+0xc2/0x120 [ 313.842592][T10692] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 313.842628][T10692] ? security_file_alloc+0x34/0x2b0 [ 313.842677][T10692] security_file_alloc+0x34/0x2b0 [ 313.842721][T10692] init_file+0x93/0x4c0 [ 313.842759][T10692] alloc_empty_file+0x73/0x1e0 [ 313.842801][T10692] alloc_file_pseudo+0x13a/0x230 [ 313.842845][T10692] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 313.842884][T10692] ? tipc_sk_finish_conn+0x580/0x790 [ 313.842942][T10692] sock_alloc_file+0x50/0x210 [ 313.842985][T10692] __sys_socketpair+0x34e/0x5a0 [ 313.843038][T10692] ? __pfx___sys_socketpair+0x10/0x10 [ 313.843089][T10692] ? xfd_validate_state+0x5d/0x180 [ 313.843144][T10692] ? rcu_is_watching+0x12/0xc0 [ 313.843180][T10692] __x64_sys_socketpair+0x96/0x100 [ 313.843229][T10692] ? lockdep_hardirqs_on+0x7c/0x110 [ 313.843273][T10692] do_syscall_64+0xcd/0x230 [ 313.843337][T10692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.843371][T10692] RIP: 0033:0x7fd4f638e969 [ 313.843397][T10692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.843429][T10692] RSP: 002b:00007fd4f712e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 313.843460][T10692] RAX: ffffffffffffffda RBX: 00007fd4f65b5fa0 RCX: 00007fd4f638e969 [ 313.843481][T10692] RDX: 8000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 313.843502][T10692] RBP: 00007fd4f6410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 313.843521][T10692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.843540][T10692] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 313.843582][T10692] [ 314.238698][T10700] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1919'. [ 315.033228][T10727] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1930'. [ 315.746115][T10739] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1935'. [ 316.488500][T10759] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1943'. [ 316.765965][T10770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1948'. [ 316.786923][T10771] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1947'. [ 318.932416][T10809] netlink: 'syz.0.1965': attribute type 35 has an invalid length. [ 319.079403][T10815] FAULT_INJECTION: forcing a failure. [ 319.079403][T10815] name failslab, interval 1, probability 0, space 0, times 0 [ 319.093063][T10815] CPU: 0 UID: 0 PID: 10815 Comm: syz.3.1967 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 319.093125][T10815] Tainted: [I]=FIRMWARE_WORKAROUND [ 319.093139][T10815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.093160][T10815] Call Trace: [ 319.093172][T10815] [ 319.093185][T10815] dump_stack_lvl+0x16c/0x1f0 [ 319.093247][T10815] should_fail_ex+0x512/0x640 [ 319.093297][T10815] ? __kmalloc_noprof+0xbf/0x510 [ 319.093341][T10815] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 319.093398][T10815] should_failslab+0xc2/0x120 [ 319.093450][T10815] __kmalloc_noprof+0xd2/0x510 [ 319.093488][T10815] ? __pfx___mutex_trylock_common+0x10/0x10 [ 319.093551][T10815] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 319.093618][T10815] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 319.093674][T10815] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 319.093727][T10815] ? __pfx___mutex_lock+0x10/0x10 [ 319.093775][T10815] ? genl_get_cmd+0x194/0x580 [ 319.093834][T10815] ? __local_bh_enable_ip+0xa4/0x120 [ 319.093873][T10815] ? __dev_queue_xmit+0x896/0x43e0 [ 319.093902][T10815] ? __radix_tree_lookup+0x21f/0x2c0 [ 319.093956][T10815] genl_rcv_msg+0x55c/0x800 [ 319.094013][T10815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 319.094062][T10815] ? __pfx___dev_queue_xmit+0x10/0x10 [ 319.094117][T10815] ? __pfx_ctrl_getfamily+0x10/0x10 [ 319.094173][T10815] ? __lock_acquire+0xaa4/0x1ba0 [ 319.094227][T10815] netlink_rcv_skb+0x16a/0x440 [ 319.094269][T10815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 319.094318][T10815] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 319.094410][T10815] ? __pfx_down_read+0x10/0x10 [ 319.094474][T10815] ? netlink_deliver_tap+0x1ae/0xd30 [ 319.094523][T10815] genl_rcv+0x28/0x40 [ 319.094568][T10815] netlink_unicast+0x53a/0x7f0 [ 319.094615][T10815] ? __pfx_netlink_unicast+0x10/0x10 [ 319.094673][T10815] netlink_sendmsg+0x8d1/0xdd0 [ 319.094727][T10815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.094804][T10815] __sys_sendto+0x495/0x510 [ 319.094842][T10815] ? __pfx___sys_sendto+0x10/0x10 [ 319.094896][T10815] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 319.094982][T10815] __x64_sys_sendto+0xe0/0x1c0 [ 319.095016][T10815] ? do_syscall_64+0x91/0x230 [ 319.095068][T10815] ? lockdep_hardirqs_on+0x7c/0x110 [ 319.095117][T10815] do_syscall_64+0xcd/0x230 [ 319.095173][T10815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.095210][T10815] RIP: 0033:0x7fd4f63907fc [ 319.095241][T10815] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 319.095277][T10815] RSP: 002b:00007fd4f712cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 319.095314][T10815] RAX: ffffffffffffffda RBX: 00007fd4f712cfc0 RCX: 00007fd4f63907fc [ 319.095338][T10815] RDX: 000000000000001c RSI: 00007fd4f712d010 RDI: 0000000000000005 [ 319.095360][T10815] RBP: 0000000000000000 R08: 00007fd4f712cf14 R09: 000000000000000c [ 319.095383][T10815] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 319.095405][T10815] R13: 00007fd4f712cf68 R14: 00007fd4f712d010 R15: 0000000000000000 [ 319.095461][T10815] [ 319.559526][T10823] FAULT_INJECTION: forcing a failure. [ 319.559526][T10823] name failslab, interval 1, probability 0, space 0, times 0 [ 319.580316][T10823] CPU: 0 UID: 0 PID: 10823 Comm: syz.3.1972 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 319.580377][T10823] Tainted: [I]=FIRMWARE_WORKAROUND [ 319.580389][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.580408][T10823] Call Trace: [ 319.580418][T10823] [ 319.580429][T10823] dump_stack_lvl+0x16c/0x1f0 [ 319.580489][T10823] should_fail_ex+0x512/0x640 [ 319.580540][T10823] ? __kvmalloc_node_noprof+0x122/0x600 [ 319.580581][T10823] should_failslab+0xc2/0x120 [ 319.580637][T10823] __kvmalloc_node_noprof+0x135/0x600 [ 319.580677][T10823] ? v4l2_ctrl_new+0x97d/0x2180 [ 319.580724][T10823] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 319.580778][T10823] ? v4l2_ctrl_new+0x97d/0x2180 [ 319.580821][T10823] v4l2_ctrl_new+0x97d/0x2180 [ 319.580882][T10823] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 319.580927][T10823] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 319.580982][T10823] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 319.581031][T10823] v4l2_ctrl_new_std+0x1be/0x290 [ 319.581088][T10823] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 319.581131][T10823] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 319.581181][T10823] ? rcu_is_watching+0x12/0xc0 [ 319.581221][T10823] ? trace_kmalloc+0x2b/0xd0 [ 319.581264][T10823] ? __kvmalloc_node_noprof+0x296/0x600 [ 319.581308][T10823] ? media_request_object_init+0x100/0x180 [ 319.581355][T10823] vicodec_open+0x1f7/0xf90 [ 319.581404][T10823] v4l2_open+0x222/0x490 [ 319.581444][T10823] ? __pfx_v4l2_open+0x10/0x10 [ 319.581481][T10823] chrdev_open+0x231/0x6a0 [ 319.581514][T10823] ? __pfx_apparmor_file_open+0x10/0x10 [ 319.581557][T10823] ? __pfx_chrdev_open+0x10/0x10 [ 319.581595][T10823] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 319.581666][T10823] do_dentry_open+0x741/0x1c10 [ 319.581703][T10823] ? __pfx_chrdev_open+0x10/0x10 [ 319.581747][T10823] vfs_open+0x82/0x3f0 [ 319.581792][T10823] path_openat+0x1e5e/0x2d40 [ 319.581834][T10823] ? __pfx_path_openat+0x10/0x10 [ 319.581875][T10823] do_filp_open+0x20b/0x470 [ 319.581905][T10823] ? __pfx_do_filp_open+0x10/0x10 [ 319.581965][T10823] ? alloc_fd+0x471/0x7d0 [ 319.582022][T10823] do_sys_openat2+0x11b/0x1d0 [ 319.582061][T10823] ? __pfx_do_sys_openat2+0x10/0x10 [ 319.582120][T10823] __x64_sys_openat+0x174/0x210 [ 319.582162][T10823] ? __pfx___x64_sys_openat+0x10/0x10 [ 319.582205][T10823] ? rcu_is_watching+0x12/0xc0 [ 319.582249][T10823] do_syscall_64+0xcd/0x230 [ 319.582301][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.582336][T10823] RIP: 0033:0x7fd4f638e969 [ 319.582363][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.582397][T10823] RSP: 002b:00007fd4f712e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 319.582431][T10823] RAX: ffffffffffffffda RBX: 00007fd4f65b5fa0 RCX: 00007fd4f638e969 [ 319.582453][T10823] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 319.582475][T10823] RBP: 00007fd4f6410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 319.582495][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 319.582515][T10823] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 319.582557][T10823] [ 320.463195][T10846] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1982'. [ 320.659629][T10854] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1986'. [ 320.691646][T10854] openvswitch: netlink: IP tunnel dst address not specified [ 320.979385][T10864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1989'. [ 321.949313][T10891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1999'. [ 322.696692][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.703612][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.365938][T10934] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2017'. [ 324.877703][ T30] audit: type=1326 audit(4294967319.480:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10938 comm="syz.0.2019" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb8f818e969 code=0x0 [ 326.985780][T10982] netlink: 26 bytes leftover after parsing attributes in process `syz.0.2035'. [ 327.008460][T10984] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2036'. [ 327.014470][T10982] openvswitch: netlink: IP tunnel dst address not specified [ 327.412087][T10999] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2042'. [ 328.244169][ T5142] Bluetooth: hci2: unexpected event 0x01 length: 440 > 1 [ 328.689840][T11032] netlink: 'syz.0.2055': attribute type 15 has an invalid length. [ 328.711317][T11032] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2055'. [ 329.552983][T11053] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2065'. [ 329.672517][T11057] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2067'. [ 329.798165][T11060] lo: entered allmulticast mode [ 329.871824][T11062] lo: left allmulticast mode [ 330.470644][T11073] program syz.2.2071 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 330.832798][T11078] FAULT_INJECTION: forcing a failure. [ 330.832798][T11078] name failslab, interval 1, probability 0, space 0, times 0 [ 330.846648][T11078] CPU: 0 UID: 0 PID: 11078 Comm: syz.2.2073 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 330.846703][T11078] Tainted: [I]=FIRMWARE_WORKAROUND [ 330.846715][T11078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 330.846734][T11078] Call Trace: [ 330.846744][T11078] [ 330.846756][T11078] dump_stack_lvl+0x16c/0x1f0 [ 330.846809][T11078] should_fail_ex+0x512/0x640 [ 330.846855][T11078] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 330.846900][T11078] should_failslab+0xc2/0x120 [ 330.846940][T11078] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 330.846978][T11078] ? kfree+0x252/0x4d0 [ 330.847003][T11078] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 330.847051][T11078] krealloc_noprof+0x157/0x380 [ 330.847084][T11078] ? krealloc_noprof+0x1b1/0x380 [ 330.847123][T11078] snd_pcm_hw_rule_add+0x414/0x5a0 [ 330.847162][T11078] ? __pfx_snd_pcm_hw_rule_muldivk+0x10/0x10 [ 330.847205][T11078] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 330.847243][T11078] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 330.847285][T11078] ? lockdep_init_map_type+0x5c/0x280 [ 330.847330][T11078] ? debug_mutex_init+0x37/0x70 [ 330.847370][T11078] ? snd_pcm_attach_substream+0x89d/0xd60 [ 330.847411][T11078] snd_pcm_open_substream+0x92c/0x17f0 [ 330.847447][T11078] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 330.847492][T11078] snd_pcm_oss_open+0x735/0x1400 [ 330.847555][T11078] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 330.847601][T11078] ? __lock_acquire+0xaa4/0x1ba0 [ 330.847642][T11078] ? __pfx_default_wake_function+0x10/0x10 [ 330.847676][T11078] ? __lock_acquire+0xaa4/0x1ba0 [ 330.847726][T11078] ? do_raw_spin_lock+0x12c/0x2b0 [ 330.847776][T11078] ? soundcore_open+0x35a/0x580 [ 330.847816][T11078] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 330.847863][T11078] soundcore_open+0x409/0x580 [ 330.847905][T11078] ? __pfx_soundcore_open+0x10/0x10 [ 330.847943][T11078] chrdev_open+0x231/0x6a0 [ 330.847979][T11078] ? __pfx_chrdev_open+0x10/0x10 [ 330.848016][T11078] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 330.848072][T11078] do_dentry_open+0x741/0x1c10 [ 330.848105][T11078] ? __pfx_chrdev_open+0x10/0x10 [ 330.848147][T11078] vfs_open+0x82/0x3f0 [ 330.848193][T11078] path_openat+0x1e5e/0x2d40 [ 330.848239][T11078] ? __pfx_path_openat+0x10/0x10 [ 330.848281][T11078] do_filp_open+0x20b/0x470 [ 330.848311][T11078] ? __pfx_do_filp_open+0x10/0x10 [ 330.848382][T11078] ? alloc_fd+0x471/0x7d0 [ 330.848443][T11078] do_sys_openat2+0x11b/0x1d0 [ 330.848484][T11078] ? __pfx_do_sys_openat2+0x10/0x10 [ 330.848543][T11078] __x64_sys_openat+0x174/0x210 [ 330.848585][T11078] ? __pfx___x64_sys_openat+0x10/0x10 [ 330.848631][T11078] ? rcu_is_watching+0x12/0xc0 [ 330.848672][T11078] do_syscall_64+0xcd/0x230 [ 330.848722][T11078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.848754][T11078] RIP: 0033:0x7f793f78e969 [ 330.848779][T11078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.848811][T11078] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 330.848842][T11078] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 330.848863][T11078] RDX: 0000000000000400 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 330.848882][T11078] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 330.848899][T11078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.848916][T11078] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 330.848949][T11078] [ 333.492125][T11113] lo: entered allmulticast mode [ 333.561530][T11114] lo: left allmulticast mode [ 335.756931][T11154] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2100'. [ 335.776370][T11154] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.052053][T11162] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2104'. [ 336.081291][T11154] bridge_slave_1 (unregistering): left allmulticast mode [ 336.088650][T11154] bridge_slave_1 (unregistering): left promiscuous mode [ 336.096630][T11154] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.251988][ T5142] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 337.252036][ T5142] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 337.267015][ T5142] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 337.269332][ T5142] Bluetooth: hci3: Malformed LE Event: 0x0d [ 338.329785][T11213] netlink: 74 bytes leftover after parsing attributes in process `syz.3.2126'. [ 338.753347][T11230] lo: entered allmulticast mode [ 338.898973][T11233] lo: left allmulticast mode [ 340.575373][T11265] sctp: [Deprecated]: syz.2.2145 (pid 11265) Use of struct sctp_assoc_value in delayed_ack socket option. [ 340.575373][T11265] Use struct sctp_sack_info instead [ 340.808288][T11275] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2149'. [ 340.867423][T11277] lo: entered allmulticast mode [ 340.969100][T11279] lo: left allmulticast mode [ 340.990587][T11273] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'. [ 341.005581][T11273] dummy0: entered promiscuous mode [ 343.218299][T11327] Process accounting resumed [ 343.477280][T11342] netlink: 'syz.3.2171': attribute type 3 has an invalid length. [ 343.662102][T11349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2173'. [ 344.432350][T11369] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2180'. [ 346.024804][T11415] lo: entered allmulticast mode [ 346.108811][T11421] lo: left allmulticast mode [ 347.344126][T11452] tipc: Started in network mode [ 347.349397][T11452] tipc: Node identity ffffffff, cluster identity 4711 [ 347.371911][T11452] tipc: Node number set to 4294967295 [ 349.788551][T11516] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2230'. [ 352.028708][T11569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2253'. [ 352.752550][T11569] bond0: (slave bond_slave_1): Releasing backup interface [ 352.872170][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2261'. [ 352.893203][T11587] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2261'. [ 353.526613][T11603] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2267'. [ 353.953633][T11607] FAULT_INJECTION: forcing a failure. [ 353.953633][T11607] name failslab, interval 1, probability 0, space 0, times 0 [ 354.002327][T11607] CPU: 0 UID: 0 PID: 11607 Comm: syz.0.2271 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 354.002386][T11607] Tainted: [I]=FIRMWARE_WORKAROUND [ 354.002399][T11607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.002424][T11607] Call Trace: [ 354.002434][T11607] [ 354.002448][T11607] dump_stack_lvl+0x16c/0x1f0 [ 354.002506][T11607] should_fail_ex+0x512/0x640 [ 354.002552][T11607] ? __kmalloc_noprof+0xbf/0x510 [ 354.002593][T11607] ? xfrm_hash_alloc+0xd1/0x100 [ 354.002640][T11607] should_failslab+0xc2/0x120 [ 354.002681][T11607] __kmalloc_noprof+0xd2/0x510 [ 354.002713][T11607] ? proc_create_reg+0xe3/0x180 [ 354.002757][T11607] ? __pfx_xfrm_net_init+0x10/0x10 [ 354.002809][T11607] xfrm_hash_alloc+0xd1/0x100 [ 354.002857][T11607] xfrm_state_init+0xdd/0x630 [ 354.002909][T11607] ? __pfx_xfrm_net_init+0x10/0x10 [ 354.002956][T11607] xfrm_net_init+0x210/0xcc0 [ 354.003013][T11607] ? __pfx_xfrm_net_init+0x10/0x10 [ 354.003070][T11607] ops_init+0x1df/0x5f0 [ 354.003120][T11607] setup_net+0x21e/0x850 [ 354.003167][T11607] ? __pfx_setup_net+0x10/0x10 [ 354.003207][T11607] ? lockdep_init_map_type+0x5c/0x280 [ 354.003252][T11607] ? __pfx_down_read_killable+0x10/0x10 [ 354.003289][T11607] ? debug_mutex_init+0x37/0x70 [ 354.003323][T11607] copy_net_ns+0x2a6/0x5f0 [ 354.003373][T11607] create_new_namespaces+0x3ea/0xad0 [ 354.003420][T11607] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 354.003461][T11607] ksys_unshare+0x45b/0xa40 [ 354.003506][T11607] ? __pfx_ksys_unshare+0x10/0x10 [ 354.003548][T11607] ? xfd_validate_state+0x5d/0x180 [ 354.003602][T11607] ? rcu_is_watching+0x12/0xc0 [ 354.003643][T11607] __x64_sys_unshare+0x31/0x40 [ 354.003686][T11607] do_syscall_64+0xcd/0x230 [ 354.003737][T11607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.003771][T11607] RIP: 0033:0x7fb8f818e969 [ 354.003796][T11607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.003828][T11607] RSP: 002b:00007fb8f5ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 354.003858][T11607] RAX: ffffffffffffffda RBX: 00007fb8f83b5fa0 RCX: 00007fb8f818e969 [ 354.003881][T11607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 354.003901][T11607] RBP: 00007fb8f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 354.003922][T11607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.003942][T11607] R13: 0000000000000000 R14: 00007fb8f83b5fa0 R15: 00007ffeeccf4fa8 [ 354.003986][T11607] [ 355.621724][T11637] FAULT_INJECTION: forcing a failure. [ 355.621724][T11637] name failslab, interval 1, probability 0, space 0, times 0 [ 355.665784][T11637] CPU: 0 UID: 0 PID: 11637 Comm: syz.3.2281 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 355.665943][T11637] Tainted: [I]=FIRMWARE_WORKAROUND [ 355.665956][T11637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.665976][T11637] Call Trace: [ 355.665987][T11637] [ 355.666000][T11637] dump_stack_lvl+0x16c/0x1f0 [ 355.666055][T11637] should_fail_ex+0x512/0x640 [ 355.666103][T11637] ? fs_reclaim_acquire+0xae/0x150 [ 355.666155][T11637] should_failslab+0xc2/0x120 [ 355.666195][T11637] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 355.666238][T11637] ? security_inode_alloc+0x3b/0x2b0 [ 355.666280][T11637] security_inode_alloc+0x3b/0x2b0 [ 355.666317][T11637] inode_init_always_gfp+0xce4/0x1030 [ 355.666374][T11637] alloc_inode+0x86/0x240 [ 355.666413][T11637] path_from_stashed+0x2be/0xb00 [ 355.666443][T11637] ? do_raw_spin_lock+0x12c/0x2b0 [ 355.666498][T11637] ? __pfx_path_from_stashed+0x10/0x10 [ 355.666546][T11637] ? do_raw_spin_unlock+0x172/0x230 [ 355.666606][T11637] ns_get_path+0x5f/0x80 [ 355.666660][T11637] proc_ns_get_link+0x121/0x260 [ 355.666713][T11637] ? __pfx_proc_ns_get_link+0x10/0x10 [ 355.666766][T11637] ? __pfx___might_resched+0x10/0x10 [ 355.666808][T11637] ? __pfx_proc_ns_get_link+0x10/0x10 [ 355.666870][T11637] step_into+0x1b22/0x2270 [ 355.666931][T11637] ? __pfx_step_into+0x10/0x10 [ 355.666976][T11637] ? find_held_lock+0x2b/0x80 [ 355.667015][T11637] path_openat+0x749/0x2d40 [ 355.667061][T11637] ? __pfx_path_openat+0x10/0x10 [ 355.667102][T11637] do_filp_open+0x20b/0x470 [ 355.667134][T11637] ? __pfx_do_filp_open+0x10/0x10 [ 355.667196][T11637] ? alloc_fd+0x471/0x7d0 [ 355.667254][T11637] do_sys_openat2+0x11b/0x1d0 [ 355.667293][T11637] ? __pfx_do_sys_openat2+0x10/0x10 [ 355.667345][T11637] __x64_sys_openat+0x174/0x210 [ 355.667387][T11637] ? __pfx___x64_sys_openat+0x10/0x10 [ 355.667432][T11637] ? rcu_is_watching+0x12/0xc0 [ 355.667474][T11637] do_syscall_64+0xcd/0x230 [ 355.667524][T11637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.667557][T11637] RIP: 0033:0x7fd4f638d2d0 [ 355.667585][T11637] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 355.667616][T11637] RSP: 002b:00007fd4f712df10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 355.667648][T11637] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4f638d2d0 [ 355.667670][T11637] RDX: 0000000000000002 RSI: 00007fd4f712dfa0 RDI: 00000000ffffff9c [ 355.667690][T11637] RBP: 00007fd4f712dfa0 R08: 0000000000000000 R09: 0000000000000000 [ 355.667709][T11637] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 355.667727][T11637] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 355.667766][T11637] [ 356.516356][T11651] program syz.2.2288 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 356.775951][T11663] FAULT_INJECTION: forcing a failure. [ 356.775951][T11663] name failslab, interval 1, probability 0, space 0, times 0 [ 356.810985][T11663] CPU: 1 UID: 0 PID: 11663 Comm: syz.0.2293 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 356.811040][T11663] Tainted: [I]=FIRMWARE_WORKAROUND [ 356.811051][T11663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 356.811068][T11663] Call Trace: [ 356.811079][T11663] [ 356.811090][T11663] dump_stack_lvl+0x16c/0x1f0 [ 356.811155][T11663] should_fail_ex+0x512/0x640 [ 356.811200][T11663] ? __kmalloc_noprof+0xbf/0x510 [ 356.811244][T11663] ? xfrm_hash_alloc+0xd1/0x100 [ 356.811289][T11663] should_failslab+0xc2/0x120 [ 356.811330][T11663] __kmalloc_noprof+0xd2/0x510 [ 356.811365][T11663] ? proc_create_reg+0xe3/0x180 [ 356.811417][T11663] ? __pfx_xfrm_net_init+0x10/0x10 [ 356.811467][T11663] xfrm_hash_alloc+0xd1/0x100 [ 356.811513][T11663] xfrm_state_init+0xdd/0x630 [ 356.811569][T11663] ? __pfx_xfrm_net_init+0x10/0x10 [ 356.811619][T11663] xfrm_net_init+0x210/0xcc0 [ 356.811677][T11663] ? __pfx_xfrm_net_init+0x10/0x10 [ 356.811726][T11663] ops_init+0x1df/0x5f0 [ 356.811773][T11663] setup_net+0x21e/0x850 [ 356.811817][T11663] ? __pfx_setup_net+0x10/0x10 [ 356.811855][T11663] ? lockdep_init_map_type+0x5c/0x280 [ 356.811900][T11663] ? __pfx_down_read_killable+0x10/0x10 [ 356.811936][T11663] ? debug_mutex_init+0x37/0x70 [ 356.811971][T11663] copy_net_ns+0x2a6/0x5f0 [ 356.812019][T11663] create_new_namespaces+0x3ea/0xad0 [ 356.812065][T11663] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 356.812114][T11663] ksys_unshare+0x45b/0xa40 [ 356.812160][T11663] ? __pfx_ksys_unshare+0x10/0x10 [ 356.812200][T11663] ? xfd_validate_state+0x5d/0x180 [ 356.812259][T11663] ? rcu_is_watching+0x12/0xc0 [ 356.812300][T11663] __x64_sys_unshare+0x31/0x40 [ 356.812343][T11663] do_syscall_64+0xcd/0x230 [ 356.812394][T11663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.812427][T11663] RIP: 0033:0x7fb8f818e969 [ 356.812453][T11663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.812484][T11663] RSP: 002b:00007fb8f5ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 356.812514][T11663] RAX: ffffffffffffffda RBX: 00007fb8f83b5fa0 RCX: 00007fb8f818e969 [ 356.812536][T11663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 356.812555][T11663] RBP: 00007fb8f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 356.812573][T11663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.812591][T11663] R13: 0000000000000000 R14: 00007fb8f83b5fa0 R15: 00007ffeeccf4fa8 [ 356.812632][T11663] [ 357.785882][T11682] FAULT_INJECTION: forcing a failure. [ 357.785882][T11682] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 357.831625][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.0.2303 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 357.831680][T11682] Tainted: [I]=FIRMWARE_WORKAROUND [ 357.831692][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.831711][T11682] Call Trace: [ 357.831721][T11682] [ 357.831733][T11682] dump_stack_lvl+0x16c/0x1f0 [ 357.831816][T11682] should_fail_ex+0x512/0x640 [ 357.831869][T11682] _copy_to_iter+0x2a4/0x15a0 [ 357.831924][T11682] ? chacha_block_generic+0x189/0x260 [ 357.831969][T11682] ? __pfx__copy_to_iter+0x10/0x10 [ 357.832026][T11682] ? __pfx___might_resched+0x10/0x10 [ 357.832059][T11682] ? crng_make_state+0x48e/0x6d0 [ 357.832107][T11682] get_random_bytes_user+0x17f/0x3c0 [ 357.832156][T11682] ? __pfx_get_random_bytes_user+0x10/0x10 [ 357.832200][T11682] ? do_writev+0x218/0x330 [ 357.832259][T11682] ? do_futex+0x122/0x350 [ 357.832303][T11682] ? import_ubuf+0x1b6/0x220 [ 357.832352][T11682] __x64_sys_getrandom+0x183/0x290 [ 357.832403][T11682] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 357.832452][T11682] ? xfd_validate_state+0x5d/0x180 [ 357.832502][T11682] ? rcu_is_watching+0x12/0xc0 [ 357.832545][T11682] do_syscall_64+0xcd/0x230 [ 357.832596][T11682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.832629][T11682] RIP: 0033:0x7fb8f818e969 [ 357.832656][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.832687][T11682] RSP: 002b:00007fb8f5ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 357.832718][T11682] RAX: ffffffffffffffda RBX: 00007fb8f83b5fa0 RCX: 00007fb8f818e969 [ 357.832738][T11682] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 357.832868][T11682] RBP: 00007fb8f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 357.832895][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.832928][T11682] R13: 0000000000000000 R14: 00007fb8f83b5fa0 R15: 00007ffeeccf4fa8 [ 357.832977][T11682] [ 359.053731][T11710] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2314'. [ 359.238258][T11710] bond0: (slave bond_slave_1): Releasing backup interface [ 360.010056][T11737] FAULT_INJECTION: forcing a failure. [ 360.010056][T11737] name failslab, interval 1, probability 0, space 0, times 0 [ 360.034800][T11737] CPU: 0 UID: 0 PID: 11737 Comm: syz.0.2327 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 360.034863][T11737] Tainted: [I]=FIRMWARE_WORKAROUND [ 360.034875][T11737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 360.034892][T11737] Call Trace: [ 360.034902][T11737] [ 360.034914][T11737] dump_stack_lvl+0x16c/0x1f0 [ 360.034966][T11737] should_fail_ex+0x512/0x640 [ 360.035011][T11737] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 360.035052][T11737] should_failslab+0xc2/0x120 [ 360.035090][T11737] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 360.035126][T11737] ? __proc_create+0xc3/0x8c0 [ 360.035158][T11737] ? __proc_create+0x2ce/0x8c0 [ 360.035199][T11737] __proc_create+0x2ce/0x8c0 [ 360.035236][T11737] ? __pfx___proc_create+0x10/0x10 [ 360.035275][T11737] ? insert_header+0xf8d/0x1480 [ 360.035314][T11737] ? __register_sysctl_table+0x736/0x1900 [ 360.035356][T11737] proc_create_reg+0x7d/0x180 [ 360.035398][T11737] proc_create_net_data+0x8e/0x1b0 [ 360.035440][T11737] ? __pfx_proc_create_net_data+0x10/0x10 [ 360.035480][T11737] ? __pfx___register_sysctl_table+0x10/0x10 [ 360.035515][T11737] ? is_module_address+0x69/0xf0 [ 360.035558][T11737] ? register_net_sysctl_sz+0x228/0x3e0 [ 360.035614][T11737] ? __pfx_nf_log_net_init+0x10/0x10 [ 360.035650][T11737] nf_log_net_init+0x69/0x450 [ 360.035688][T11737] ? __pfx_nf_log_net_init+0x10/0x10 [ 360.035722][T11737] ops_init+0x1df/0x5f0 [ 360.035767][T11737] setup_net+0x21e/0x850 [ 360.035810][T11737] ? __pfx_setup_net+0x10/0x10 [ 360.035857][T11737] ? lockdep_init_map_type+0x5c/0x280 [ 360.035902][T11737] ? __pfx_down_read_killable+0x10/0x10 [ 360.035938][T11737] ? debug_mutex_init+0x37/0x70 [ 360.035972][T11737] copy_net_ns+0x2a6/0x5f0 [ 360.036020][T11737] create_new_namespaces+0x3ea/0xad0 [ 360.036067][T11737] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 360.036108][T11737] ksys_unshare+0x45b/0xa40 [ 360.036152][T11737] ? __pfx_ksys_unshare+0x10/0x10 [ 360.036194][T11737] ? xfd_validate_state+0x5d/0x180 [ 360.036246][T11737] ? rcu_is_watching+0x12/0xc0 [ 360.036286][T11737] __x64_sys_unshare+0x31/0x40 [ 360.036329][T11737] do_syscall_64+0xcd/0x230 [ 360.036380][T11737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.036412][T11737] RIP: 0033:0x7fb8f818e969 [ 360.036438][T11737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.036469][T11737] RSP: 002b:00007fb8f5ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 360.036499][T11737] RAX: ffffffffffffffda RBX: 00007fb8f83b5fa0 RCX: 00007fb8f818e969 [ 360.036521][T11737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 360.036539][T11737] RBP: 00007fb8f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 360.036558][T11737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.036575][T11737] R13: 0000000000000000 R14: 00007fb8f83b5fa0 R15: 00007ffeeccf4fa8 [ 360.036616][T11737] [ 360.732708][T11745] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2330'. [ 360.951718][T11748] FAULT_INJECTION: forcing a failure. [ 360.951718][T11748] name failslab, interval 1, probability 0, space 0, times 0 [ 361.027298][T11748] CPU: 0 UID: 0 PID: 11748 Comm: syz.2.2331 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 361.027353][T11748] Tainted: [I]=FIRMWARE_WORKAROUND [ 361.027365][T11748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.027383][T11748] Call Trace: [ 361.027393][T11748] [ 361.027405][T11748] dump_stack_lvl+0x16c/0x1f0 [ 361.027457][T11748] should_fail_ex+0x512/0x640 [ 361.027501][T11748] ? __kmalloc_noprof+0xbf/0x510 [ 361.027538][T11748] ? xfrm_hash_alloc+0xd1/0x100 [ 361.027596][T11748] should_failslab+0xc2/0x120 [ 361.027634][T11748] __kmalloc_noprof+0xd2/0x510 [ 361.027666][T11748] ? proc_create_reg+0xe3/0x180 [ 361.027709][T11748] ? __pfx_xfrm_net_init+0x10/0x10 [ 361.027759][T11748] xfrm_hash_alloc+0xd1/0x100 [ 361.027807][T11748] xfrm_state_init+0xdd/0x630 [ 361.027861][T11748] ? __pfx_xfrm_net_init+0x10/0x10 [ 361.027908][T11748] xfrm_net_init+0x210/0xcc0 [ 361.027963][T11748] ? __pfx_xfrm_net_init+0x10/0x10 [ 361.028013][T11748] ops_init+0x1df/0x5f0 [ 361.028058][T11748] setup_net+0x21e/0x850 [ 361.028101][T11748] ? __pfx_setup_net+0x10/0x10 [ 361.028138][T11748] ? lockdep_init_map_type+0x5c/0x280 [ 361.028182][T11748] ? __pfx_down_read_killable+0x10/0x10 [ 361.028215][T11748] ? debug_mutex_init+0x37/0x70 [ 361.028248][T11748] copy_net_ns+0x2a6/0x5f0 [ 361.028295][T11748] create_new_namespaces+0x3ea/0xad0 [ 361.028338][T11748] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 361.028375][T11748] ksys_unshare+0x45b/0xa40 [ 361.028416][T11748] ? __pfx_ksys_unshare+0x10/0x10 [ 361.028455][T11748] ? xfd_validate_state+0x5d/0x180 [ 361.028506][T11748] ? rcu_is_watching+0x12/0xc0 [ 361.028543][T11748] __x64_sys_unshare+0x31/0x40 [ 361.028596][T11748] do_syscall_64+0xcd/0x230 [ 361.028644][T11748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.028675][T11748] RIP: 0033:0x7f793f78e969 [ 361.028701][T11748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.028732][T11748] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 361.028762][T11748] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 361.028782][T11748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 361.028800][T11748] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 361.028818][T11748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.028835][T11748] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 361.028875][T11748] [ 361.695145][T11757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2333'. [ 361.704929][T11757] vcan0: entered promiscuous mode [ 362.525724][T11779] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 362.527041][T11779] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 364.036507][T11804] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2352'. [ 364.053487][T11804] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2352'. [ 364.336975][T11808] Process accounting resumed [ 365.656533][T11856] sd 0:0:1:0: device reset [ 365.748205][T11851] netlink: 74 bytes leftover after parsing attributes in process `syz.2.2371'. [ 366.142224][T11869] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 366.473328][T11878] FAULT_INJECTION: forcing a failure. [ 366.473328][T11878] name failslab, interval 1, probability 0, space 0, times 0 [ 366.523305][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.3.2379 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 366.523362][T11878] Tainted: [I]=FIRMWARE_WORKAROUND [ 366.523374][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.523393][T11878] Call Trace: [ 366.523403][T11878] [ 366.523416][T11878] dump_stack_lvl+0x16c/0x1f0 [ 366.523469][T11878] should_fail_ex+0x512/0x640 [ 366.523515][T11878] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 366.523556][T11878] should_failslab+0xc2/0x120 [ 366.523596][T11878] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 366.523630][T11878] ? __proc_create+0xc3/0x8c0 [ 366.523664][T11878] ? __proc_create+0x2ce/0x8c0 [ 366.523706][T11878] __proc_create+0x2ce/0x8c0 [ 366.523742][T11878] ? __pfx___proc_create+0x10/0x10 [ 366.523776][T11878] ? pcpu_chunk_relocate+0x126/0x190 [ 366.523813][T11878] ? find_held_lock+0x2b/0x80 [ 366.523852][T11878] proc_create_reg+0x7d/0x180 [ 366.523890][T11878] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 366.523928][T11878] proc_create_net_single+0x86/0x170 [ 366.523967][T11878] ? __pfx_proc_create_net_single+0x10/0x10 [ 366.524015][T11878] ? __pfx_xfrm_net_init+0x10/0x10 [ 366.524065][T11878] xfrm_proc_init+0x4d/0x70 [ 366.524098][T11878] xfrm_net_init+0x1f0/0xcc0 [ 366.524154][T11878] ? __pfx_xfrm_net_init+0x10/0x10 [ 366.524200][T11878] ops_init+0x1df/0x5f0 [ 366.524241][T11878] setup_net+0x21e/0x850 [ 366.524288][T11878] ? __pfx_setup_net+0x10/0x10 [ 366.524321][T11878] ? lockdep_init_map_type+0x5c/0x280 [ 366.524361][T11878] ? __pfx_down_read_killable+0x10/0x10 [ 366.524394][T11878] ? debug_mutex_init+0x37/0x70 [ 366.524425][T11878] copy_net_ns+0x2a6/0x5f0 [ 366.524469][T11878] create_new_namespaces+0x3ea/0xad0 [ 366.524511][T11878] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 366.524547][T11878] ksys_unshare+0x45b/0xa40 [ 366.524588][T11878] ? __pfx_ksys_unshare+0x10/0x10 [ 366.524625][T11878] ? xfd_validate_state+0x5d/0x180 [ 366.524674][T11878] ? rcu_is_watching+0x12/0xc0 [ 366.524708][T11878] __x64_sys_unshare+0x31/0x40 [ 366.524747][T11878] do_syscall_64+0xcd/0x230 [ 366.524791][T11878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.524820][T11878] RIP: 0033:0x7fd4f638e969 [ 366.524843][T11878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.524872][T11878] RSP: 002b:00007fd4f712e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 366.524900][T11878] RAX: ffffffffffffffda RBX: 00007fd4f65b5fa0 RCX: 00007fd4f638e969 [ 366.524918][T11878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 366.524935][T11878] RBP: 00007fd4f6410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 366.524953][T11878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.524969][T11878] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 366.525006][T11878] [ 366.821292][ C1] vkms_vblank_simulate: vblank timer overrun [ 367.315661][T11887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2383'. [ 367.941417][T11898] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2389'. [ 367.944705][T11900] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2390'. [ 367.953049][T11898] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2389'. [ 368.102313][T11903] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2391'. [ 368.661959][T11912] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2395'. [ 371.092346][T11968] openvswitch: netlink: Unknown nsh attribute 0 [ 372.591378][T12012] FAULT_INJECTION: forcing a failure. [ 372.591378][T12012] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 372.646902][T12012] CPU: 1 UID: 0 PID: 12012 Comm: syz.2.2438 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 372.646957][T12012] Tainted: [I]=FIRMWARE_WORKAROUND [ 372.646969][T12012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.646987][T12012] Call Trace: [ 372.646998][T12012] [ 372.647010][T12012] dump_stack_lvl+0x16c/0x1f0 [ 372.647063][T12012] should_fail_ex+0x512/0x640 [ 372.647114][T12012] should_fail_alloc_page+0xe7/0x130 [ 372.647159][T12012] prepare_alloc_pages+0x3c2/0x610 [ 372.647210][T12012] ? rcu_is_watching+0x12/0xc0 [ 372.647244][T12012] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 372.647286][T12012] ? is_bpf_text_address+0x94/0x1a0 [ 372.647325][T12012] ? kernel_text_address+0x8d/0x100 [ 372.647377][T12012] ? __kernel_text_address+0xd/0x40 [ 372.647427][T12012] ? unwind_get_return_address+0x59/0xa0 [ 372.647462][T12012] ? arch_stack_walk+0xa6/0x100 [ 372.647504][T12012] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 372.647557][T12012] ? stack_depot_save_flags+0x28/0xa50 [ 372.647604][T12012] ? stack_trace_save+0x8e/0xc0 [ 372.647644][T12012] ? __pfx_stack_trace_save+0x10/0x10 [ 372.647679][T12012] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 372.647726][T12012] ? policy_nodemask+0xea/0x4e0 [ 372.647767][T12012] alloc_pages_mpol+0x1fb/0x550 [ 372.647808][T12012] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 372.647859][T12012] alloc_pages_noprof+0x131/0x390 [ 372.647900][T12012] kimage_alloc_pages+0x75/0x300 [ 372.647948][T12012] kimage_alloc_control_pages+0x15d/0x910 [ 372.648006][T12012] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 372.648068][T12012] do_kexec_load+0x480/0x8d0 [ 372.648117][T12012] ? __pfx_do_kexec_load+0x10/0x10 [ 372.648171][T12012] ? _copy_from_user+0x59/0xd0 [ 372.648224][T12012] __x64_sys_kexec_load+0x1bf/0x230 [ 372.648278][T12012] do_syscall_64+0xcd/0x230 [ 372.648328][T12012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.648360][T12012] RIP: 0033:0x7f793f78e969 [ 372.648386][T12012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.648418][T12012] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 372.648448][T12012] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 372.648469][T12012] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 372.648486][T12012] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 372.648504][T12012] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 372.648521][T12012] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 372.648559][T12012] [ 372.648710][T12012] kexec: Could not allocate control_code_buffer [ 373.241782][T12023] Process accounting paused [ 373.333559][T12043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2447'. [ 373.626303][T12055] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2450'. [ 373.846760][T12061] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2454'. [ 374.878007][T12104] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2468'. [ 375.298077][T12118] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2471'. [ 375.700687][ T5142] Bluetooth: hci0: ISO packet for unknown connection handle 5 [ 376.382322][T12149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2482'. [ 376.910097][ T5142] Bluetooth: hci3: unexpected event 0x03 length: 725 > 11 [ 377.664038][T12199] netlink: 'syz.1.2505': attribute type 16 has an invalid length. [ 377.683109][T12199] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2505'. [ 377.897373][T12213] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2511'. [ 378.032097][T12218] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2513'. [ 378.457983][T12230] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2517'. [ 378.659775][T12236] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2521'. [ 379.001324][T12247] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2526'. [ 379.037219][T12247] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2526'. [ 380.726418][T12249] kexec: Could not allocate control_code_buffer [ 380.911201][T12290] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2543'. [ 380.960164][T12292] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2541'. [ 382.109735][T12320] FAULT_INJECTION: forcing a failure. [ 382.109735][T12320] name failslab, interval 1, probability 0, space 0, times 0 [ 382.131919][T12320] CPU: 0 UID: 0 PID: 12320 Comm: syz.2.2553 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 382.131971][T12320] Tainted: [I]=FIRMWARE_WORKAROUND [ 382.131982][T12320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.131999][T12320] Call Trace: [ 382.132009][T12320] [ 382.132019][T12320] dump_stack_lvl+0x16c/0x1f0 [ 382.132067][T12320] should_fail_ex+0x512/0x640 [ 382.132107][T12320] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 382.132139][T12320] should_failslab+0xc2/0x120 [ 382.132175][T12320] __kmalloc_cache_noprof+0x6a/0x3e0 [ 382.132203][T12320] ? __debugfs_file_get+0x2ad/0x840 [ 382.132246][T12320] __debugfs_file_get+0x2ad/0x840 [ 382.132284][T12320] ? __pfx___debugfs_file_get+0x10/0x10 [ 382.132319][T12320] ? __pfx_apparmor_file_open+0x10/0x10 [ 382.132370][T12320] full_proxy_open_regular+0x4f/0x360 [ 382.132413][T12320] do_dentry_open+0x741/0x1c10 [ 382.132448][T12320] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 382.132504][T12320] vfs_open+0x82/0x3f0 [ 382.132547][T12320] path_openat+0x1e5e/0x2d40 [ 382.132589][T12320] ? __pfx_path_openat+0x10/0x10 [ 382.132628][T12320] do_filp_open+0x20b/0x470 [ 382.132657][T12320] ? __pfx_do_filp_open+0x10/0x10 [ 382.132714][T12320] ? alloc_fd+0x471/0x7d0 [ 382.132771][T12320] do_sys_openat2+0x11b/0x1d0 [ 382.132811][T12320] ? __pfx_do_sys_openat2+0x10/0x10 [ 382.132867][T12320] __x64_sys_openat+0x174/0x210 [ 382.132907][T12320] ? __pfx___x64_sys_openat+0x10/0x10 [ 382.132947][T12320] ? rcu_is_watching+0x12/0xc0 [ 382.132983][T12320] do_syscall_64+0xcd/0x230 [ 382.133030][T12320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.133059][T12320] RIP: 0033:0x7f793f78e969 [ 382.133083][T12320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.133111][T12320] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 382.133138][T12320] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 382.133158][T12320] RDX: 0000000000000a80 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 382.133176][T12320] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 382.133193][T12320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.133210][T12320] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 382.133246][T12320] [ 383.165346][T12335] netlink: 206 bytes leftover after parsing attributes in process `syz.2.2561'. [ 384.136387][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.145508][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.419633][T12361] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2571'. [ 384.442818][ T5142] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 384.442865][ T5142] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 384.459506][ T5142] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 384.459544][ T5142] Bluetooth: hci0: adv larger than maximum supported [ 384.466868][ T5142] Bluetooth: hci0: Malformed LE Event: 0x0d [ 385.477433][T12382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2580'. [ 386.932172][T12411] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2594'. [ 388.275968][T12453] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2610'. [ 388.442135][T12454] lo: entered promiscuous mode [ 388.448212][T12454] lo: left promiscuous mode [ 388.499028][T12459] Invalid ELF header magic: != ELF [ 389.266918][T12492] ERROR: Out of memory at tomoyo_memory_ok. [ 389.270523][T12494] FAULT_INJECTION: forcing a failure. [ 389.270523][T12494] name failslab, interval 1, probability 0, space 0, times 0 [ 389.282501][T12492] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor tmpfs:/newroot/680/file0' not defined. [ 389.316891][T12494] CPU: 1 UID: 0 PID: 12494 Comm: syz.0.2628 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 389.316948][T12494] Tainted: [I]=FIRMWARE_WORKAROUND [ 389.316960][T12494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 389.316979][T12494] Call Trace: [ 389.316989][T12494] [ 389.317002][T12494] dump_stack_lvl+0x16c/0x1f0 [ 389.317060][T12494] should_fail_ex+0x512/0x640 [ 389.317105][T12494] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 389.317146][T12494] should_failslab+0xc2/0x120 [ 389.317185][T12494] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 389.317219][T12494] ? d_instantiate+0x77/0x90 [ 389.317253][T12494] ? alloc_empty_file+0x55/0x1e0 [ 389.317300][T12494] alloc_empty_file+0x55/0x1e0 [ 389.317342][T12494] alloc_file_pseudo+0x13a/0x230 [ 389.317386][T12494] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 389.317429][T12494] ? alloc_fd+0x471/0x7d0 [ 389.317484][T12494] __anon_inode_getfile+0xf7/0x370 [ 389.317547][T12494] anon_inode_getfile_fmode+0x37/0xa0 [ 389.317600][T12494] __do_sys_fanotify_init+0x8e3/0xb80 [ 389.317646][T12494] do_syscall_64+0xcd/0x230 [ 389.317697][T12494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.317729][T12494] RIP: 0033:0x7fb8f818e969 [ 389.317755][T12494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.317794][T12494] RSP: 002b:00007fb8f5ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 389.317825][T12494] RAX: ffffffffffffffda RBX: 00007fb8f83b5fa0 RCX: 00007fb8f818e969 [ 389.317846][T12494] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000005 [ 389.317865][T12494] RBP: 00007fb8f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 389.317884][T12494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 389.317902][T12494] R13: 0000000000000000 R14: 00007fb8f83b5fa0 R15: 00007ffeeccf4fa8 [ 389.317943][T12494] [ 389.705165][T12501] netlink: 'syz.3.2630': attribute type 1 has an invalid length. [ 389.762396][T12506] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2633'. [ 392.279609][T12590] netlink: 'syz.2.2670': attribute type 1 has an invalid length. [ 392.399768][T12597] netlink: 130 bytes leftover after parsing attributes in process `syz.2.2672'. [ 392.803114][T12604] FAULT_INJECTION: forcing a failure. [ 392.803114][T12604] name failslab, interval 1, probability 0, space 0, times 0 [ 392.828905][T12604] CPU: 0 UID: 0 PID: 12604 Comm: syz.3.2675 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 392.828961][T12604] Tainted: [I]=FIRMWARE_WORKAROUND [ 392.828973][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.828990][T12604] Call Trace: [ 392.828999][T12604] [ 392.829010][T12604] dump_stack_lvl+0x16c/0x1f0 [ 392.829060][T12604] should_fail_ex+0x512/0x640 [ 392.829106][T12604] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 392.829141][T12604] should_failslab+0xc2/0x120 [ 392.829181][T12604] __kmalloc_cache_noprof+0x6a/0x3e0 [ 392.829212][T12604] ? vsnprintf+0x318/0x1160 [ 392.829251][T12604] ? __alloc_workqueue+0xda2/0x1810 [ 392.829298][T12604] __alloc_workqueue+0xda2/0x1810 [ 392.829339][T12604] ? __pfx_vsnprintf+0x10/0x10 [ 392.829381][T12604] ? lockdep_hardirqs_on+0x7c/0x110 [ 392.829426][T12604] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 392.829473][T12604] alloc_workqueue+0xd2/0x200 [ 392.829514][T12604] ? __pfx_alloc_workqueue+0x10/0x10 [ 392.829565][T12604] ? __pfx___debug_object_init+0x10/0x10 [ 392.829608][T12604] nci_register_device+0x21e/0xb80 [ 392.829652][T12604] ? __pfx_nci_register_device+0x10/0x10 [ 392.829709][T12604] ? lockdep_init_map_type+0x5c/0x280 [ 392.829762][T12604] virtual_ncidev_open+0x141/0x220 [ 392.829810][T12604] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 392.829855][T12604] misc_open+0x35a/0x420 [ 392.829905][T12604] ? __pfx_misc_open+0x10/0x10 [ 392.829957][T12604] chrdev_open+0x231/0x6a0 [ 392.829989][T12604] ? __pfx_apparmor_file_open+0x10/0x10 [ 392.830031][T12604] ? __pfx_chrdev_open+0x10/0x10 [ 392.830068][T12604] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 392.830122][T12604] do_dentry_open+0x741/0x1c10 [ 392.830156][T12604] ? __pfx_chrdev_open+0x10/0x10 [ 392.830199][T12604] vfs_open+0x82/0x3f0 [ 392.830246][T12604] path_openat+0x1e5e/0x2d40 [ 392.830292][T12604] ? __pfx_path_openat+0x10/0x10 [ 392.830334][T12604] do_filp_open+0x20b/0x470 [ 392.830365][T12604] ? __pfx_do_filp_open+0x10/0x10 [ 392.830427][T12604] ? alloc_fd+0x471/0x7d0 [ 392.830488][T12604] do_sys_openat2+0x11b/0x1d0 [ 392.830531][T12604] ? __pfx_do_sys_openat2+0x10/0x10 [ 392.830592][T12604] __x64_sys_openat+0x174/0x210 [ 392.830637][T12604] ? __pfx___x64_sys_openat+0x10/0x10 [ 392.830690][T12604] ? rcu_is_watching+0x12/0xc0 [ 392.830732][T12604] do_syscall_64+0xcd/0x230 [ 392.830789][T12604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.830822][T12604] RIP: 0033:0x7fd4f638e969 [ 392.830845][T12604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.830876][T12604] RSP: 002b:00007fd4f712e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 392.830905][T12604] RAX: ffffffffffffffda RBX: 00007fd4f65b5fa0 RCX: 00007fd4f638e969 [ 392.830926][T12604] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 392.830945][T12604] RBP: 00007fd4f6410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 392.830964][T12604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.830982][T12604] R13: 0000000000000000 R14: 00007fd4f65b5fa0 R15: 00007fff3aedf458 [ 392.831023][T12604] [ 394.585702][T12656] netlink: 'syz.3.2697': attribute type 19 has an invalid length. [ 394.606211][T12656] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2697'. [ 395.295852][T12675] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2702'. [ 395.402140][T12657] Process accounting paused [ 395.651625][T12685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2707'. [ 395.660969][T12685] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.668447][T12685] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.714818][T12685] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.745425][T12685] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.073519][T12721] openvswitch: netlink: IP tunnel dst address not specified [ 398.103218][T12724] openvswitch: netlink: IP tunnel dst address not specified [ 398.239371][T12729] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2723'. [ 398.625998][T12734] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2726'. [ 400.201522][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 400.210181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 400.219880][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 400.753045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 400.761796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 401.642898][T12789] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2748'. [ 402.531773][T12805] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2755'. [ 402.566652][T12805] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 403.514999][T12815] Process accounting resumed [ 404.120428][T12845] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2768'. [ 404.304445][T12851] netlink: 'syz.0.2770': attribute type 13 has an invalid length. [ 405.868749][T12910] syz.0.2796 (12910): /proc/12909/oom_adj is deprecated, please use /proc/12909/oom_score_adj instead. [ 406.039327][T12915] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2799'. [ 406.329933][T12927] netlink: 130 bytes leftover after parsing attributes in process `syz.0.2813'. [ 406.877732][T12956] Console: switching to colour VGA+ 80x25 [ 406.931347][T12956] ================================================================== [ 406.931369][T12956] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 406.931442][T12956] Read of size 10 at addr ffff888035a9985a by task syz.2.2818/12956 [ 406.931471][T12956] [ 406.931491][T12956] CPU: 0 UID: 0 PID: 12956 Comm: syz.2.2818 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 406.931541][T12956] Tainted: [I]=FIRMWARE_WORKAROUND [ 406.931554][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 406.931578][T12956] Call Trace: [ 406.931588][T12956] [ 406.931600][T12956] dump_stack_lvl+0x116/0x1f0 [ 406.931647][T12956] print_report+0xc3/0x670 [ 406.931684][T12956] ? __virt_addr_valid+0x5e/0x590 [ 406.931714][T12956] ? __phys_addr+0xc6/0x150 [ 406.931743][T12956] ? fbcon_prepare_logo+0xa03/0xc70 [ 406.931770][T12956] kasan_report+0xe0/0x110 [ 406.931797][T12956] ? fbcon_prepare_logo+0xa03/0xc70 [ 406.931828][T12956] kasan_check_range+0xef/0x1a0 [ 406.931864][T12956] __asan_memcpy+0x23/0x60 [ 406.931884][T12956] fbcon_prepare_logo+0xa03/0xc70 [ 406.931917][T12956] fbcon_init+0xd77/0x1900 [ 406.931944][T12956] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 406.931971][T12956] visual_init+0x31d/0x620 [ 406.932007][T12956] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 406.932036][T12956] store_bind+0x61d/0x760 [ 406.932062][T12956] ? sysfs_file_kobj+0xe4/0x290 [ 406.932094][T12956] ? __pfx_store_bind+0x10/0x10 [ 406.932117][T12956] dev_attr_store+0x55/0x80 [ 406.932145][T12956] ? __pfx_dev_attr_store+0x10/0x10 [ 406.932174][T12956] sysfs_kf_write+0xef/0x150 [ 406.932211][T12956] kernfs_fop_write_iter+0x351/0x510 [ 406.932243][T12956] ? __pfx_sysfs_kf_write+0x10/0x10 [ 406.932276][T12956] vfs_write+0x5ba/0x1180 [ 406.932298][T12956] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 406.932328][T12956] ? __pfx___mutex_lock+0x10/0x10 [ 406.932369][T12956] ? __pfx_vfs_write+0x10/0x10 [ 406.932399][T12956] ksys_write+0x12a/0x240 [ 406.932426][T12956] ? __pfx_ksys_write+0x10/0x10 [ 406.932447][T12956] ? rcu_is_watching+0x12/0xc0 [ 406.932472][T12956] do_syscall_64+0xcd/0x230 [ 406.932506][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.932530][T12956] RIP: 0033:0x7f793f78e969 [ 406.932548][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.932570][T12956] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 406.932591][T12956] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 406.932606][T12956] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 406.932620][T12956] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 406.932634][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.932647][T12956] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 406.932670][T12956] [ 406.932682][T12956] [ 406.932689][T12956] Allocated by task 12956: [ 406.932704][T12956] kasan_save_stack+0x33/0x60 [ 406.932734][T12956] kasan_save_track+0x14/0x30 [ 406.932765][T12956] __kasan_kmalloc+0xaa/0xb0 [ 406.932795][T12956] __kmalloc_noprof+0x223/0x510 [ 406.932826][T12956] vc_do_resize+0x1de/0x10e0 [ 406.932848][T12956] fbcon_init+0xd53/0x1900 [ 406.932872][T12956] visual_init+0x31d/0x620 [ 406.932905][T12956] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 406.932929][T12956] store_bind+0x61d/0x760 [ 406.932950][T12956] dev_attr_store+0x55/0x80 [ 406.932975][T12956] sysfs_kf_write+0xef/0x150 [ 406.933005][T12956] kernfs_fop_write_iter+0x351/0x510 [ 406.933032][T12956] vfs_write+0x5ba/0x1180 [ 406.933050][T12956] ksys_write+0x12a/0x240 [ 406.933068][T12956] do_syscall_64+0xcd/0x230 [ 406.933099][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.933120][T12956] [ 406.933126][T12956] The buggy address belongs to the object at ffff888035a99800 [ 406.933126][T12956] which belongs to the cache kmalloc-64 of size 64 [ 406.933143][T12956] The buggy address is located 50 bytes to the right of [ 406.933143][T12956] allocated 40-byte region [ffff888035a99800, ffff888035a99828) [ 406.933166][T12956] [ 406.933173][T12956] The buggy address belongs to the physical page: [ 406.933191][T12956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35a99 [ 406.933211][T12956] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 406.933228][T12956] page_type: f5(slab) [ 406.933248][T12956] raw: 00fff00000000000 ffff88801b4418c0 ffffea0000931100 dead000000000004 [ 406.933268][T12956] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 406.933281][T12956] page dumped because: kasan: bad access detected [ 406.933295][T12956] page_owner tracks the page as allocated [ 406.933302][T12956] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5835, tgid 5835 (syz-executor), ts 104148920535, free_ts 104093512906 [ 406.933340][T12956] post_alloc_hook+0x181/0x1b0 [ 406.933360][T12956] get_page_from_freelist+0x135c/0x3920 [ 406.933384][T12956] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 406.933408][T12956] alloc_pages_mpol+0x1fb/0x550 [ 406.933441][T12956] new_slab+0x244/0x340 [ 406.933475][T12956] ___slab_alloc+0xd9c/0x1940 [ 406.933509][T12956] __slab_alloc.constprop.0+0x56/0xb0 [ 406.933528][T12956] __kmalloc_cache_noprof+0xfb/0x3e0 [ 406.933547][T12956] __alloc_workqueue+0xda2/0x1810 [ 406.933575][T12956] alloc_workqueue+0xd2/0x200 [ 406.933602][T12956] wg_newlink+0x24d/0x780 [ 406.933630][T12956] rtnl_newlink+0xc42/0x2000 [ 406.933657][T12956] rtnetlink_rcv_msg+0x95b/0xe90 [ 406.933683][T12956] netlink_rcv_skb+0x16a/0x440 [ 406.933711][T12956] netlink_unicast+0x53a/0x7f0 [ 406.933737][T12956] netlink_sendmsg+0x8d1/0xdd0 [ 406.933763][T12956] page last free pid 5835 tgid 5835 stack trace: [ 406.933775][T12956] __free_frozen_pages+0x69d/0xff0 [ 406.933811][T12956] __put_partials+0x16d/0x1c0 [ 406.933838][T12956] qlist_free_all+0x4e/0x120 [ 406.933866][T12956] kasan_quarantine_reduce+0x195/0x1e0 [ 406.933897][T12956] __kasan_slab_alloc+0x69/0x90 [ 406.933931][T12956] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 406.933950][T12956] ref_tracker_alloc+0x18e/0x5b0 [ 406.933982][T12956] netdev_queue_update_kobjects+0x2db/0x720 [ 406.934012][T12956] netdev_register_kobject+0x28c/0x3a0 [ 406.934041][T12956] register_netdevice+0x13dc/0x2270 [ 406.934068][T12956] veth_newlink+0x446/0xa00 [ 406.934095][T12956] rtnl_newlink+0xc42/0x2000 [ 406.934119][T12956] rtnetlink_rcv_msg+0x95b/0xe90 [ 406.934145][T12956] netlink_rcv_skb+0x16a/0x440 [ 406.934173][T12956] netlink_unicast+0x53a/0x7f0 [ 406.934199][T12956] netlink_sendmsg+0x8d1/0xdd0 [ 406.934226][T12956] [ 406.934230][T12956] Memory state around the buggy address: [ 406.934241][T12956] ffff888035a99700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 406.934257][T12956] ffff888035a99780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 406.934273][T12956] >ffff888035a99800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 406.934285][T12956] ^ [ 406.934298][T12956] ffff888035a99880: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 406.934313][T12956] ffff888035a99900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 406.934326][T12956] ================================================================== [ 406.934749][T12956] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 406.934775][T12956] CPU: 0 UID: 0 PID: 12956 Comm: syz.2.2818 Tainted: G I 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 406.934826][T12956] Tainted: [I]=FIRMWARE_WORKAROUND [ 406.934839][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 406.934857][T12956] Call Trace: [ 406.934868][T12956] [ 406.934879][T12956] dump_stack_lvl+0x3d/0x1f0 [ 406.934926][T12956] panic+0x71c/0x800 [ 406.934972][T12956] ? __pfx_panic+0x10/0x10 [ 406.935014][T12956] ? irqentry_exit+0x3b/0x90 [ 406.935056][T12956] ? lockdep_hardirqs_on+0x7c/0x110 [ 406.935097][T12956] ? preempt_schedule_thunk+0x16/0x30 [ 406.935149][T12956] ? fbcon_prepare_logo+0xa03/0xc70 [ 406.935189][T12956] ? preempt_schedule_common+0x44/0xc0 [ 406.935236][T12956] ? fbcon_prepare_logo+0xa03/0xc70 [ 406.935273][T12956] check_panic_on_warn+0xab/0xb0 [ 406.935322][T12956] end_report+0x107/0x170 [ 406.935357][T12956] kasan_report+0xee/0x110 [ 406.935393][T12956] ? fbcon_prepare_logo+0xa03/0xc70 [ 406.935445][T12956] kasan_check_range+0xef/0x1a0 [ 406.935491][T12956] __asan_memcpy+0x23/0x60 [ 406.935522][T12956] fbcon_prepare_logo+0xa03/0xc70 [ 406.935570][T12956] fbcon_init+0xd77/0x1900 [ 406.935608][T12956] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 406.935645][T12956] visual_init+0x31d/0x620 [ 406.935695][T12956] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 406.935738][T12956] store_bind+0x61d/0x760 [ 406.935775][T12956] ? sysfs_file_kobj+0xe4/0x290 [ 406.935821][T12956] ? __pfx_store_bind+0x10/0x10 [ 406.935854][T12956] dev_attr_store+0x55/0x80 [ 406.935893][T12956] ? __pfx_dev_attr_store+0x10/0x10 [ 406.935932][T12956] sysfs_kf_write+0xef/0x150 [ 406.935976][T12956] kernfs_fop_write_iter+0x351/0x510 [ 406.936016][T12956] ? __pfx_sysfs_kf_write+0x10/0x10 [ 406.936063][T12956] vfs_write+0x5ba/0x1180 [ 406.936093][T12956] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 406.936134][T12956] ? __pfx___mutex_lock+0x10/0x10 [ 406.936179][T12956] ? __pfx_vfs_write+0x10/0x10 [ 406.936222][T12956] ksys_write+0x12a/0x240 [ 406.936251][T12956] ? __pfx_ksys_write+0x10/0x10 [ 406.936290][T12956] ? rcu_is_watching+0x12/0xc0 [ 406.936326][T12956] do_syscall_64+0xcd/0x230 [ 406.936381][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.936415][T12956] RIP: 0033:0x7f793f78e969 [ 406.936447][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.936481][T12956] RSP: 002b:00007f794052b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 406.936514][T12956] RAX: ffffffffffffffda RBX: 00007f793f9b5fa0 RCX: 00007f793f78e969 [ 406.936540][T12956] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 406.936561][T12956] RBP: 00007f793f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 406.936580][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.936599][T12956] R13: 0000000000000000 R14: 00007f793f9b5fa0 R15: 00007ffebc4b9898 [ 406.936630][T12956] [ 406.936924][T12956] Kernel Offset: disabled