last executing test programs: 8.891135427s ago: executing program 1 (id=1197): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x80044df9, 0x5) (fail_nth: 6) 7.989769225s ago: executing program 1 (id=1201): socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}, 0x3}, 0x55) get_robust_list$auto(0x0, 0x0, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) 7.28992267s ago: executing program 1 (id=1202): socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) keyctl$auto(0x5, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x15, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe0742, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x101401, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="86ad180916cd35e093b9901f03de02ef", 0x5d) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)="20edd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x88) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/arch_status\x00', 0x8203, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x2a401, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TCFLSH2(r3, 0x8910, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) 6.979035075s ago: executing program 2 (id=1203): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x6c54, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x228000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x4611, 0x0) 6.224270256s ago: executing program 2 (id=1206): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x58, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x294}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x5}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x62}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0xff}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x80}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c805}, 0x2004c014) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) open(&(0x7f00000004c0)='./cgroup\x00', 0x181080, 0x118) splice$auto(0x4, 0x0, 0x2, 0x0, 0x14000000000, 0xf) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0xa, 0x801, 0x106) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) io_uring_setup$auto(0x6, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) 5.009224715s ago: executing program 1 (id=1210): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x642, 0x0) read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) r1 = ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f00000001c0)=0x401) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/ksm/stable_node_chains_prune_millisecs\x00', 0x400, 0x0) read$auto(r2, 0x0, 0x9) sendmmsg$auto(r1, 0x0, 0xfffffffd, 0xe1d3) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/034/001\x00', 0x181042, 0x0) ioctl$auto_USBDEVFS_CLEAR_HALT(r3, 0x80045515, &(0x7f0000000140)=0x81) io_uring_setup$auto(0x59, 0x0) open(0x0, 0x64842, 0x94) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x2) r4 = socket(0x23, 0x80805, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'macsec0\x00'}) r5 = openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) pread64$auto(r5, 0x0, 0x4, 0x200000000005) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r6) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r8, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0}, 0x40010) sendmsg$auto_CTRL_CMD_GETPOLICY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r7, 0x301, 0x70b52c, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x17}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) r9 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r6) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002ec0)={0x24, r9, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_RXSC_CONFIG={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0xa3}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x400c8d4) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) 4.929211464s ago: executing program 2 (id=1211): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xffffffffffffffff, 0x28003) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000002c80)='/proc/irq/8/smp_affinity\x00', 0x400000, 0x0) epoll_create$auto(0x7) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = prctl$auto_PR_SET_MM_ARG_START(0x6, 0x8, 0x0, 0x8001, 0x2) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x48}}, 0x20000800) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x56603, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x3) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000002, 0x0) ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0x40400, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0xf4ff, 0x20009, 0xde, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2b, 0x6, 0x7) mmap$auto(0x12000000, 0x400008, 0x6, 0x8000000018, 0x2, 0x8000) 3.953697149s ago: executing program 2 (id=1214): bpf$auto(0x0, 0x0, 0xf) r0 = socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001480), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r0, 0x0, 0x4040810) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x400, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r1, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/pcmC1D0c\x00', 0x28442, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r2, 0xc1004111, &(0x7f0000000300)={0xd83, [0x7fffffff, 0x358000, 0xff], [{0x5, 0x70c, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x7, 0x1, 0x0, 0x0, 0x1}, {0x1, 0x40, 0x1, 0x1}, {0x3, 0x3, 0x0, 0x0, 0x1}, {0x0, 0x7fffffff, 0x1}, {0x7, 0x4, 0x1, 0x1, 0x0, 0x1}, {0x6, 0x8, 0x0, 0x1}, {0x1, 0x3, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x7}, {0x2bb, 0x1, 0x0, 0x1}, {0xfffffff9, 0x3, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xb}], 0x10001, 0x9, 0x8a, 0x96, 0x43, 0x7fffffff, 0x6, "d65d829c0cf6c8f1b9c057bb939e9062a5d54a5ff9fb928da7641f4f67f846a0d95998eb24b31834ef9d8e0085a481b6ed3aa5766a3e116b0355d75919c4bb0e"}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x101000, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r3, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x2, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10800}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 3.538103095s ago: executing program 1 (id=1215): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10007) r1 = open_tree$auto(r0, 0x0, 0x1001) r2 = socketcall$auto_SYS_ACCEPT4(0x12, &(0x7f0000000040)=0x9d) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_STOP_ACCEL_DEV(r1, 0x40096101, 0x0) 3.32501167s ago: executing program 3 (id=1216): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffff004, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x261c2, 0x84) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x8, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0x10) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) ioctl$auto(0x3, 0x80044df9, 0x5) 3.120939715s ago: executing program 0 (id=1217): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x14, r1, 0x1f5, 0x70bd28, 0x25dfdbfb, {0xa, 0x0, 0xaf5}}, 0x14}, 0x1, 0x0, 0x0, 0x20040010}, 0x2000000) close_range$auto(0x2, 0x8, 0x0) clock_adjtime$auto(0xffffffff, &(0x7f0000000300)={0x9, 0x0, 0x61, 0x16432c6, 0x3, 0xe08, 0x4, 0x0, 0x8, 0xff, 0x8, {0x7ff, 0x31}, 0x2, 0x1, 0x100000000, 0x1, 0x0, 0xffffffff7fffffff, 0x2, 0x1800, 0x2, 0xfffffffffffffffc, 0x59c}) open(0x0, 0x22240, 0x155) r2 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r2, 0x11, 0x67, 0x0, 0x8) setsockopt$auto(0x3, 0x1, 0x3f, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) quotactl_fd$auto(0xffffffffffffffff, 0x7, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xa}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop4/queue/max_integrity_segments\x00', 0x4000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x6, 0x0, 0xa7, 0x0, 0x8000, 0x1}, 0x8}, 0x4, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) write$auto(r3, 0x0, 0x81) 2.954838692s ago: executing program 0 (id=1218): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/suspend_stats/failed_resume_early\x00', 0x181000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/45, 0x2d) r1 = openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/stats\x00', 0x90180, 0x0) ioctl$auto(r1, 0x7, 0xffffffffffffffff) 2.879008769s ago: executing program 2 (id=1219): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x7fffffff}, 0x9, 0x20000000) r1 = io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) ioctl$auto_RNDADDENTROPY2(r1, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r3, 0xc0285629, r3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x6041, 0x0) socket(0x6, 0x2, 0x6) semctl$auto_SETVAL(0x4, 0xfffffff7, 0x10, 0x0) pidfd_open$auto(0x0, 0x5) r4 = socket(0x10, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'}) 2.821579501s ago: executing program 3 (id=1220): r0 = socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) connect$auto(r0, &(0x7f0000000000), 0x55) sendmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f0000000100)="c9a19b9bd45daf8d1e42325618d266e9b4d29346a538f4501870f63224261ea46d2048306cb48caaa96d8e74944fe4311b40ed00640d041ca43967b3a4f18b86c38c26c9df10a988d1f2c1c69262f1908a4880ba65a9fca956c49dc5990384089f8c005c64f32d9bbba6f289964068a8ced940397118c0aa87e26591cfeead8827333219be3c5524a56ceb46dbe9688b2156", 0x10000, 0x0, 0x2, 0x0, 0x3, 0xfffff2cf}, 0x6}, 0x2319, 0x5) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xc001, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x6}, 0x3, 0x0) 2.771788299s ago: executing program 0 (id=1221): openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) clock_nanosleep$auto(0x1, 0x200, 0x0, 0x0) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x401, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') pivot_root$auto(&(0x7f0000000300)='.\x00\xaf\xeb)\xae$\xfc\x00\xf8\x05AC\x9f\xbbR\xec\xc6c\x85\xc8\xa7\xe84sF\xe3U\x94\x99\x8fR\xd0\x98\f\xa5\xb1S\x7f\xc3\xa5\xc0\x97\x10qa\r\x02\xd2\xc8\xd2\x8e\xc7\x80\x11\x06#\xf5\x18|\xdc\x81Ai\xb6\x96iaR\xdbA\x04\x10\x99\xe6\xdb\xae`G\x1d9`T\xd8\xc6\xea\xf7\x96\xb5\xe9\x164e\xb1 S\x8f\x12_\x15y\x91F\xc89\xb1\xd24?\x89.,Z\xba,\"v\xde\xc4\xe0\x84\xca|\"\x96V\xd5P\xe4\xb9\xea\x88\x15\xacs\xc6\x83\xd6\x81\xd7\x11\x88\x9c\xdd\x8a\x0e\xea\x19|\x7f\xe3A8x\xce\xc1!q\xbbi\\\xd8\xa9\xe0\xed\x9e\x19\xc0IC9^\xfcJG\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000280)='.\x00') close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) rseq$auto(&(0x7f0000000080)={0x9, 0x8, 0x45b, 0x4, 0xffffffff, 0x2}, 0x3e37, 0xfffffff4, 0x8) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x121141, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000080)) 2.492698097s ago: executing program 3 (id=1222): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r0, &(0x7f0000000080)={0x0, 0x1000}, 0x3) mmap$auto(0x0, 0xfffffffffffffffd, 0xdf, 0xeb1, r0, 0x8000) 2.445949827s ago: executing program 0 (id=1223): mmap$auto(0x0, 0xe983, 0x2000000df, 0xeb1, 0x401, 0x8000) clock_nanosleep$auto(0x9, 0x0, &(0x7f0000000000)={0x0, 0x200}, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) sendmsg$auto_VDPA_CMD_DEV_NEW(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x48, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@VDPA_ATTR_DEV_NET_CFG_MTU={0x6, 0xd, 0x8}, @VDPA_ATTR_MGMTDEV_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @VDPA_ATTR_DEV_FEATURES={0xc, 0x14, 0x9}, @VDPA_ATTR_DEV_FEATURES={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x4000004) socket(0x2b, 0x1, 0x1) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/17, 0x11) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000100), r1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendto$auto(0xffffffffffffffff, &(0x7f0000000480)="9bb9d4b346d5aaae67fe300fd8c0b0c941bb07fd74c160465854c660d80d1b3678b39749221427f9faedd24c3d3ed6b5850d890493f1ef537be05ec113201a8260e43bdb18ba2637c993ab2b12826b59eff30be9cd6fefa80de4601a420001c1f1c037c4b6109633c4764c019fffb8b29dc54d19fb95bf80e078198173853ea2b6882ac18ec68f9a8fe800c79e17f83831f11848b55e41b37c744fd74b4da03896002060be0a183ce35f73cefc86bf7f7673a30792a933c1aed50d126350777162bc9b1ab151d32d0e1f50f56cf3f516f08170b7c5", 0x7fffffff, 0xa, 0x0, 0x10001) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8000, 0x9, 0x3, 0xb, 0x5, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x20000000003, 0x5, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000476, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000800), r2) sendmsg$auto_HANDSHAKE_CMD_DONE(r2, 0x0, 0x20000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000003680)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r5, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f00000003c0)={0x24, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_KEY={0x8, 0x50, 0x0, 0x1, [@typed={0x4, 0x6, 0x0, 0x0, @binary}]}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x890) sendmsg$auto_NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x474, r4, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0xffb3}, @NL80211_ATTR_SAR_SPEC={0x2c, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x86}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x5}]}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x9}, @NL80211_ATTR_STA_FLAGS2={0x50, 0x43, "bab3dfe1724c26ce3b77431802dd3e046c34e87bfcd7a94c80137560e44a2a48484eb8f784384f0c1c986c8970edd65ed3d062aeb0b309a8eb4ae2029885453a931f790d6b95607fc392f8b2"}, @NL80211_ATTR_BSS_SELECT={0x3b6, 0xe3, 0x0, 0x1, [@generic="906454d8f03346460dcc09f652ae3c44013bbdde0a2128257fa26cdeb82b696d37666ddbf74b67f562828c73ca59c61a5db3ad5286c61da52ec70d4124b44ca5527d876ebd7f3fdfc340656bc7f5a9e3484554b741263ecae0f7d0f6b1ec1f49c400be9efcff1f80cd6c49deb780017d7c6163e8ec947af78a54da", @nested={0x86, 0xab, 0x0, 0x1, [@nested={0x4, 0x141}, @nested={0x4, 0x113}, @typed={0x8, 0x15, 0x0, 0x0, @u32=0x6}, @generic="8d91b63429a596a0cbd75287b65bc9e161c1fa4f1a8352a43cf3afa38976bfcb08e97f728effd850850ef9def0683676b82d94f977b0df1076b7c2f6656d64234dfcd610790a281cf76db2bdf729f75b9a85a0", @generic="c9b85558dffdda924b2400d04ab4b9", @typed={0x8, 0xca, 0x0, 0x0, @u32=0xfe84}, @nested={0x4, 0x8b}, @typed={0x4, 0xb0}]}, @generic="d36166b3066f6dbc2a3f9d26afb7b635b150268f3d81f7e04f4051502b0836c852efa1d9a1279d77d329d6026b60320f4aaefffaf74c4d457e173a246c09489403f23111d16196fbd79d2db7cc711bcfaa5221e1bd87db0c07aab3de819d47bebd25dab9b9733871c28f1aed2e0e79c0b7e3e104baa50faed71fbdb5b93a6c94f92b8b0f78e790ac3a7121a353b4b47bdb4ed45f81441c91b2dd8da183a3edfd209920df45b47e8841fec23ddb1e94f74b0d4b6da6acb7e00dbe9351ee0457c4b29943e3aa3b7cf7ed408b4a41fb6e5bbd3bdefe7f0c7ccc215d05e1", @generic="a7675622937a09df41b4a6bb8b09a529a9a56a095a91e54079719660d37aa490176cb00d1e9e6b80e3d68a69b1112a096f", @typed={0xfa, 0x57, 0x0, 0x0, @binary="fdc401bb47783d79c5f81b0d1f5b72532db56bbfce5a040b94d5dd4004cd4dd3569591d722c954be66abf92b6ac1ea89ae765b103356c61e06e9785e0bea370b51df100fbee8d6676b23525c62f505c06828b68d1c8ca5d9bcfd72812e16ec4d8e462d01c19884bb238b0f3a08aa493431f7e9d38295fb7170099e487306cbfeb191ac8ea316456f129eb22edfbe56c8b89e6aa2806a6e944852e3356b7f3b6fbd4408571f9efb3863ec0ab255341dc657df7b0d6324446c35cc1270922f8634aa12e433faaa07688cee5a203656668ac90f98d08c994ca79ed8b96485cc02c1681f0f13ce2ca78dbb51f27bbe7ccbe8574e0e95a769"}, @typed={0x8, 0xf4, 0x0, 0x0, @ipv4=@multicast2}, @generic="b781e7725e1d13299e4ce79860fbf51da88a7e58faac0cc260f28051eccdc8218dc670c75cccbac1671c55133ccbff9095e8aa9c18c16682d7c2c33ac533da30291585bba2ee41022f369efb6ace47ba64a3ac8dfd3b88ba185767bdb34350902648849a771f5cd9f42cfcb8e5d201a2a34a5e74b391c935e91be553f6916c47a6cb004077e7ce5ce4cd70609e217c1a48660c615c9e8775c4445b3adda7"]}, @NL80211_ATTR_SSID={0x1c, 0x34, "b42f7427e95bd9440ae73a0cc7670e6e895b500a071ddb0c"}]}, 0x474}}, 0x28814) setsockopt$auto_SO_MAX_PACING_RATE(r2, 0x6, 0x2f, &(0x7f0000000000)='\'%^,-%\x00', 0x1) 2.128409185s ago: executing program 3 (id=1224): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.1/usb11/ep_00/wMaxPacketSize\x00', 0x10040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 1.147917123s ago: executing program 0 (id=1225): mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec6\x00', 0x80, 0x0) close_range$auto(0x2, r0, 0x70) r1 = socket(0x2, 0x80802, 0x0) r2 = socket(0x2, 0x1, 0x0) pipe$auto(&(0x7f0000000200)=r1) memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x2cbd5d) fcntl$auto(0x3, 0x4, 0xa553) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f00000001c0), 0x200480, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) connect$auto(0x3, &(0x7f0000000140), 0x55) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_STOP_POLL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x800) socketpair$auto(0x5, 0x80000001, 0x7, &(0x7f0000000180)=0x9) shutdown$auto(0x200000003, 0x2) 1.016865278s ago: executing program 3 (id=1226): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/driver/nvram\x00', 0x40000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto(r1, &(0x7f0000000000)='/proc/threaZ-sml\x01/net/ip6_mr_vif<', 0x205) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000000c0)=""/4087, 0xff7) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000400)=""/232, 0xe8) 844.055894ms ago: executing program 2 (id=1227): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x109482, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) r1 = socket(0x28, 0x1, 0x0) r2 = socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x3, 0x0, 0xa, 0x0) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000140), r1) sendmsg$auto_SMC_NETLINK_GET_SYS_INFO(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x400, 0x70bd2d, 0x25dfdbfc, {}, "48d0394fbe58c67e31514380c8402da1126e3b4af51da14b8d7c17b4e245d09b812a242643d4956320931a922c3f6aaaa6c2face8187a3b7711f7466d9e06029cc3e206fdf084e3b4c677fe2d4bcd1e8d0f6"}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) open(&(0x7f00000000c0)='./bus\x00', 0x12ba7e, 0x45) close_range$auto(0x2, 0x8, 0x0) unlink$auto(&(0x7f0000000040)='./bus\x00') bpf$auto(0x3, 0x0, 0x5) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x149102, 0x0) sendfile$auto(r4, r4, 0x0, 0x10000800000003) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r5, 0x0, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa140, 0x0) 493.720326ms ago: executing program 3 (id=1228): bpf$auto(0x0, 0x0, 0xf) r0 = socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001480), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x4040810) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x400, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r1, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/pcmC1D0c\x00', 0x28442, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r2, 0xc1004111, &(0x7f0000000300)={0xd83, [0x7fffffff, 0x358000, 0xff], [{0x5, 0x70c, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x7, 0x1, 0x0, 0x0, 0x1}, {0x1, 0x40, 0x1, 0x1}, {0x3, 0x3, 0x0, 0x0, 0x1}, {0x0, 0x7fffffff, 0x1}, {0x7, 0x4, 0x1, 0x1, 0x0, 0x1}, {0x6, 0x8, 0x0, 0x1}, {0x1, 0x3, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x7}, {0x2bb, 0x1, 0x0, 0x1}, {0xfffffff9, 0x3, 0x0, 0x1, 0x0, 0x1}, {0x1, 0xb}], 0x10001, 0x9, 0x8a, 0x96, 0x43, 0x7fffffff, 0x6, "d65d829c0cf6c8f1b9c057bb939e9062a5d54a5ff9fb928da7641f4f67f846a0d95998eb24b31834ef9d8e0085a481b6ed3aa5766a3e116b0355d75919c4bb0e"}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x101000, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r3, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x2, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10800}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 52.895778ms ago: executing program 0 (id=1229): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x10000) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = geteuid() r3 = gettid() ptrace$auto_PTRACE_POKETEXT(0x4, r3, 0x800, 0x9) msgctl$auto_MSG_STAT(0xf, 0xb, &(0x7f0000000200)={{0x13b, r2, 0xee01, 0x7, 0xa, 0xe, 0xff}, &(0x7f0000000140)=0x4, &(0x7f0000000180)=0x6, 0x9, 0x7, 0xe61d, 0x9, 0x100000001, 0x5, 0x2, 0x9, @inferred=r3, @inferred=r3}) msgctl$auto_IPC_RMID(0x7, 0x0, &(0x7f00000002c0)={{0x40, r2, r4, 0x4, 0xf, 0x5, 0xd}, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x40, 0x55be814, 0x8, 0x8, 0x5, 0x100000000, 0x5, 0x4, 0x4, @raw=0x5}) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7000fbdbdf2503000000040008000c0007800800e900", @ANYRES32=r2, @ANYBLOB="07b569e90904a84e10de82ee77115b49f43e36a00f78900d062e53fecf4dc98cf625d5c6fa694267ae70df036ac78e70b42cfc0064776760a861b36ba3b443bfa1fd395b3b044c5b1c0e9466"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x800) r5 = getpgid$auto(0x0) timer_create$auto(0xfffffffe, &(0x7f0000000000)={@sival_int=0x4, @raw=0x2, 0x4, @_tid=r5}, &(0x7f0000000040)=0x9) r6 = socket(0x11, 0x80003, 0x0) socket(0xa, 0x801, 0x84) setsockopt$auto(0x400000000000003, 0x29, 0x13, 0x0, 0x56b) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) socket(0x11, 0x80003, 0x300) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r8, 0x0, 0x20) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/036/001\x00', 0x2ab01, 0x0) setsockopt$auto(r6, 0x107, 0x12, 0x0, 0x8) 0s ago: executing program 1 (id=1230): socket(0x1d, 0x2, 0x6) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x40000, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r0, 0x28000) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000007380)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x109041, 0x0) mmap$auto(0x40fff, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kernel console output (not intermixed with test programs): +0x10a/0x240 [ 252.187631][ T7913] ? lockdep_hardirqs_on+0x7c/0x110 [ 252.187675][ T7913] kobject_get_path+0xd2/0x2a0 [ 252.187713][ T7913] ? input_devices_seq_show+0x719/0x1130 [ 252.187768][ T7913] input_devices_seq_show+0x8d/0x1130 [ 252.187812][ T7913] ? __pfx_input_devices_seq_show+0x10/0x10 [ 252.187850][ T7913] ? trace_kmalloc+0x2b/0xd0 [ 252.187897][ T7913] ? seq_list_start+0x9a/0xc0 [ 252.187940][ T7913] seq_read_iter+0xb18/0x12c0 [ 252.188003][ T7913] seq_read+0x39e/0x4e0 [ 252.188048][ T7913] ? __pfx_seq_read+0x10/0x10 [ 252.188099][ T7913] ? get_pid_task+0xfc/0x250 [ 252.188156][ T7913] ? __pfx_seq_read+0x10/0x10 [ 252.188200][ T7913] proc_reg_read+0x23d/0x330 [ 252.188230][ T7913] ? __pfx_proc_reg_read+0x10/0x10 [ 252.188264][ T7913] vfs_read+0x1de/0xc70 [ 252.188299][ T7913] ? __pfx___mutex_lock+0x10/0x10 [ 252.188335][ T7913] ? __pfx_vfs_read+0x10/0x10 [ 252.188376][ T7913] ? __fget_files+0x20e/0x3c0 [ 252.188436][ T7913] ksys_read+0x12a/0x240 [ 252.188463][ T7913] ? __pfx_ksys_read+0x10/0x10 [ 252.188489][ T7913] ? rcu_is_watching+0x12/0xc0 [ 252.188530][ T7913] do_syscall_64+0xcd/0x230 [ 252.188572][ T7913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.188602][ T7913] RIP: 0033:0x7fa2fa18e969 [ 252.188627][ T7913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.188658][ T7913] RSP: 002b:00007fa2fafd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 252.188687][ T7913] RAX: ffffffffffffffda RBX: 00007fa2fa3b5fa0 RCX: 00007fa2fa18e969 [ 252.188708][ T7913] RDX: 000000000000fedf RSI: 0000200000000000 RDI: 0000000000000006 [ 252.188727][ T7913] RBP: 00007fa2fafd2090 R08: 0000000000000000 R09: 0000000000000000 [ 252.188754][ T7913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.188773][ T7913] R13: 0000000000000000 R14: 00007fa2fa3b5fa0 R15: 00007ffc2a52f148 [ 252.188815][ T7913] [ 252.964144][ T7927] netlink: 'syz.2.459': attribute type 1 has an invalid length. [ 254.182854][ T7945] Invalid ELF header magic: != ELF [ 254.226693][ T7951] FAULT_INJECTION: forcing a failure. [ 254.226693][ T7951] name failslab, interval 1, probability 0, space 0, times 0 [ 254.294240][ T7951] CPU: 1 UID: 0 PID: 7951 Comm: syz.1.462 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 254.294287][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 254.294315][ T7951] Call Trace: [ 254.294325][ T7951] [ 254.294336][ T7951] dump_stack_lvl+0x16c/0x1f0 [ 254.294382][ T7951] should_fail_ex+0x512/0x640 [ 254.294425][ T7951] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 254.294463][ T7951] should_failslab+0xc2/0x120 [ 254.294502][ T7951] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 254.294537][ T7951] ? security_file_alloc+0x34/0x2b0 [ 254.294586][ T7951] security_file_alloc+0x34/0x2b0 [ 254.294628][ T7951] init_file+0x93/0x4c0 [ 254.294666][ T7951] alloc_empty_file+0x73/0x1e0 [ 254.294706][ T7951] path_openat+0xe0/0x2d40 [ 254.294739][ T7951] ? __x64_sys_openat+0x174/0x210 [ 254.294782][ T7951] ? do_syscall_64+0xcd/0x230 [ 254.294821][ T7951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.294866][ T7951] ? __pfx_path_openat+0x10/0x10 [ 254.294906][ T7951] do_filp_open+0x20b/0x470 [ 254.294937][ T7951] ? __pfx_do_filp_open+0x10/0x10 [ 254.294998][ T7951] ? alloc_fd+0x471/0x7d0 [ 254.295058][ T7951] do_sys_openat2+0x11b/0x1d0 [ 254.295100][ T7951] ? __pfx_do_sys_openat2+0x10/0x10 [ 254.295156][ T7951] __x64_sys_openat+0x174/0x210 [ 254.295200][ T7951] ? __pfx___x64_sys_openat+0x10/0x10 [ 254.295244][ T7951] ? rcu_is_watching+0x12/0xc0 [ 254.295285][ T7951] do_syscall_64+0xcd/0x230 [ 254.295338][ T7951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.295372][ T7951] RIP: 0033:0x7fe297b8e969 [ 254.295399][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.295430][ T7951] RSP: 002b:00007fe295591038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 254.295461][ T7951] RAX: ffffffffffffffda RBX: 00007fe297db6240 RCX: 00007fe297b8e969 [ 254.295491][ T7951] RDX: 0000000000109041 RSI: 0000200000007380 RDI: ffffffffffffff9c [ 254.295513][ T7951] RBP: 00007fe297c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 254.295533][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.295553][ T7951] R13: 0000000000000000 R14: 00007fe297db6240 R15: 00007ffce5b96da8 [ 254.295595][ T7951] [ 256.273129][ T7985] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f8ef8d43 pfn:0x78000 [ 256.302939][ T7985] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 256.335744][ T7985] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 256.344877][ T7985] raw: 00000007f8ef8d43 0000000000000000 0000000400000002 0000000000000000 [ 256.404482][ T7985] page dumped because: unmovable page [ 256.414362][ T7985] page_owner tracks the page as allocated [ 256.464400][ T7985] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 94761125329, free_ts 94533880024 [ 256.558617][ T7985] post_alloc_hook+0x181/0x1b0 [ 256.563489][ T7985] get_page_from_freelist+0x135c/0x3920 [ 256.570091][ T7985] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 256.576251][ T7985] alloc_pages_mpol+0x1fb/0x550 [ 256.581379][ T7985] alloc_pages_noprof+0x131/0x390 [ 256.586767][ T7985] __vmalloc_node_range_noprof+0x732/0x1540 [ 256.592980][ T7985] vmalloc_user_noprof+0x6b/0x90 [ 256.598222][ T7985] kcov_ioctl+0x4c/0x730 [ 256.602533][ T7985] __x64_sys_ioctl+0x190/0x200 [ 256.607515][ T7985] do_syscall_64+0xcd/0x230 [ 256.612080][ T7985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.618259][ T7985] page last free pid 5818 tgid 5818 stack trace: [ 256.624761][ T7985] free_unref_folios+0x999/0x1630 [ 256.630061][ T7985] folios_put_refs+0x56f/0x740 [ 256.636404][ T7985] free_pages_and_swap_cache+0x245/0x4a0 [ 256.642651][ T7985] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 256.649376][ T7985] tlb_finish_mmu+0x168/0x7b0 [ 256.656182][ T7985] vms_clear_ptes+0x55e/0x770 [ 256.661002][ T7985] vms_complete_munmap_vmas+0x1ca/0x970 [ 256.683493][ T7985] do_vmi_align_munmap+0x43b/0x7d0 [ 256.784696][ T7985] do_vmi_munmap+0x208/0x3e0 [ 256.800838][ T7985] __vm_munmap+0x19a/0x390 [ 256.848589][ T7985] __x64_sys_munmap+0x59/0x80 [ 256.918981][ T7985] do_syscall_64+0xcd/0x230 [ 257.010928][ T7985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.473576][ T8003] FAULT_INJECTION: forcing a failure. [ 257.473576][ T8003] name failslab, interval 1, probability 0, space 0, times 0 [ 257.489307][ T8002] FAULT_INJECTION: forcing a failure. [ 257.489307][ T8002] name failslab, interval 1, probability 0, space 0, times 0 [ 257.530519][ T8002] CPU: 1 UID: 0 PID: 8002 Comm: syz.2.474 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 257.530558][ T8002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 257.530573][ T8002] Call Trace: [ 257.530582][ T8002] [ 257.530592][ T8002] dump_stack_lvl+0x16c/0x1f0 [ 257.530628][ T8002] should_fail_ex+0x512/0x640 [ 257.530663][ T8002] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 257.530693][ T8002] should_failslab+0xc2/0x120 [ 257.530724][ T8002] __kmalloc_cache_node_noprof+0x6d/0x420 [ 257.530752][ T8002] ? __get_vm_area_node+0x101/0x300 [ 257.530795][ T8002] __get_vm_area_node+0x101/0x300 [ 257.530832][ T8002] ? blkdev_common_ioctl+0x2f6/0x2480 [ 257.530865][ T8002] __vmalloc_node_range_noprof+0x277/0x1540 [ 257.530906][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 257.530941][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 257.530973][ T8002] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 257.531024][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 257.531048][ T8002] vzalloc_noprof+0x6b/0x90 [ 257.531100][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 257.531123][ T8002] bdev_disk_changed+0x48d/0x1520 [ 257.531146][ T8002] ? bdev_open+0x41a/0xe40 [ 257.531180][ T8002] ? __pfx___mutex_lock+0x10/0x10 [ 257.531217][ T8002] ? __pfx_bdev_disk_changed+0x10/0x10 [ 257.531269][ T8002] blkdev_get_whole+0x187/0x290 [ 257.531303][ T8002] bdev_open+0x2c7/0xe40 [ 257.531345][ T8002] bdev_file_open_by_dev+0x182/0x210 [ 257.531383][ T8002] disk_scan_partitions+0x1ed/0x320 [ 257.531421][ T8002] blkdev_common_ioctl+0x2f6/0x2480 [ 257.531449][ T8002] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 257.531479][ T8002] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 257.531516][ T8002] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 257.531547][ T8002] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 257.531605][ T8002] ? find_held_lock+0x2b/0x80 [ 257.531635][ T8002] blkdev_ioctl+0x1cb/0x6d0 [ 257.531663][ T8002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 257.531696][ T8002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 257.531727][ T8002] __x64_sys_ioctl+0x190/0x200 [ 257.531764][ T8002] do_syscall_64+0xcd/0x230 [ 257.531799][ T8002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.531826][ T8002] RIP: 0033:0x7ff39d58e969 [ 257.531848][ T8002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.531873][ T8002] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.531898][ T8002] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 257.531915][ T8002] RDX: 00000000ff1f0000 RSI: 000000000000125f RDI: 0000000000000003 [ 257.531930][ T8002] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 257.531946][ T8002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.531961][ T8002] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 257.531995][ T8002] [ 257.532008][ T8002] syz.2.474: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 257.566688][ T8003] CPU: 0 UID: 0 PID: 8003 Comm: syz.0.473 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 257.566737][ T8003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 257.566755][ T8003] Call Trace: [ 257.566765][ T8003] [ 257.566776][ T8003] dump_stack_lvl+0x16c/0x1f0 [ 257.566822][ T8003] should_fail_ex+0x512/0x640 [ 257.566866][ T8003] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 257.566924][ T8003] should_failslab+0xc2/0x120 [ 257.566964][ T8003] __kmalloc_cache_noprof+0x6a/0x3e0 [ 257.567018][ T8003] ? sctp_auth_shkey_create+0x9e/0x210 [ 257.567067][ T8003] sctp_auth_shkey_create+0x9e/0x210 [ 257.567114][ T8003] sctp_endpoint_new+0x562/0xcd0 [ 257.567164][ T8003] sctp_init_sock+0xe2d/0x1330 [ 257.567207][ T8003] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 257.567255][ T8003] sctp_v6_init_sock+0x16/0x70 [ 257.567297][ T8003] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 257.567357][ T8003] inet6_create+0xb2d/0x1300 [ 257.567415][ T8003] ? inet6_create+0x7f/0x1300 [ 257.567475][ T8003] __sock_create+0x335/0x8d0 [ 257.567528][ T8003] inet_ctl_sock_create+0x94/0x230 [ 257.567571][ T8003] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 257.567610][ T8003] ? lockdep_init_map_type+0x5c/0x280 [ 257.567658][ T8003] ? do_init_timer+0xc9/0x110 [ 257.567698][ T8003] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 257.567738][ T8003] sctp_ctrlsock_init+0x40/0xf0 [ 257.567779][ T8003] ops_init+0x1df/0x5f0 [ 257.567819][ T8003] setup_net+0x21e/0x850 [ 257.567859][ T8003] ? __pfx_setup_net+0x10/0x10 [ 257.567892][ T8003] ? lockdep_init_map_type+0x5c/0x280 [ 257.567937][ T8003] ? __pfx_down_read_killable+0x10/0x10 [ 257.567991][ T8003] ? debug_mutex_init+0x37/0x70 [ 257.568050][ T8003] copy_net_ns+0x2a6/0x5f0 [ 257.568094][ T8003] create_new_namespaces+0x3ea/0xad0 [ 257.568143][ T8003] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 257.568186][ T8003] ksys_unshare+0x45b/0xa40 [ 257.568233][ T8003] ? __pfx_ksys_unshare+0x10/0x10 [ 257.568277][ T8003] ? xfd_validate_state+0x5d/0x180 [ 257.568341][ T8003] ? rcu_is_watching+0x12/0xc0 [ 257.568384][ T8003] __x64_sys_unshare+0x31/0x40 [ 257.568431][ T8003] do_syscall_64+0xcd/0x230 [ 257.568476][ T8003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.568512][ T8003] RIP: 0033:0x7fa2fa18e969 [ 257.568540][ T8003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.568574][ T8003] RSP: 002b:00007fa2fafb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 257.568607][ T8003] RAX: ffffffffffffffda RBX: 00007fa2fa3b6080 RCX: 00007fa2fa18e969 [ 257.568631][ T8003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 257.568654][ T8003] RBP: 00007fa2fa210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 257.568677][ T8003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.568698][ T8003] R13: 0000000000000000 R14: 00007fa2fa3b6080 R15: 00007ffc2a52f148 [ 257.568745][ T8003] [ 258.148413][ T8002] ,cpuset=/,mems_allowed=0-1 [ 258.159028][ T8002] CPU: 0 UID: 0 PID: 8002 Comm: syz.2.474 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 258.159070][ T8002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 258.159089][ T8002] Call Trace: [ 258.159108][ T8002] [ 258.159120][ T8002] dump_stack_lvl+0x16c/0x1f0 [ 258.159163][ T8002] warn_alloc+0x248/0x3a0 [ 258.159200][ T8002] ? __pfx_warn_alloc+0x10/0x10 [ 258.159233][ T8002] ? rcu_is_watching+0x12/0xc0 [ 258.159262][ T8002] ? trace_kmalloc+0x2b/0xd0 [ 258.159299][ T8002] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 258.159337][ T8002] ? __kasan_kmalloc+0x8a/0xb0 [ 258.159370][ T8002] ? __get_vm_area_node+0x1e5/0x300 [ 258.159426][ T8002] __vmalloc_node_range_noprof+0xd31/0x1540 [ 258.159488][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 258.159527][ T8002] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 258.159589][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 258.159620][ T8002] vzalloc_noprof+0x6b/0x90 [ 258.159669][ T8002] ? bdev_disk_changed+0x48d/0x1520 [ 258.159701][ T8002] bdev_disk_changed+0x48d/0x1520 [ 258.159731][ T8002] ? bdev_open+0x41a/0xe40 [ 258.159773][ T8002] ? __pfx___mutex_lock+0x10/0x10 [ 258.159819][ T8002] ? __pfx_bdev_disk_changed+0x10/0x10 [ 258.159882][ T8002] blkdev_get_whole+0x187/0x290 [ 258.159924][ T8002] bdev_open+0x2c7/0xe40 [ 258.159972][ T8002] bdev_file_open_by_dev+0x182/0x210 [ 258.160019][ T8002] disk_scan_partitions+0x1ed/0x320 [ 258.160067][ T8002] blkdev_common_ioctl+0x2f6/0x2480 [ 258.160108][ T8002] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 258.160145][ T8002] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 258.160189][ T8002] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 258.160227][ T8002] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 258.160299][ T8002] ? find_held_lock+0x2b/0x80 [ 258.160335][ T8002] blkdev_ioctl+0x1cb/0x6d0 [ 258.160370][ T8002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 258.160413][ T8002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 258.160450][ T8002] __x64_sys_ioctl+0x190/0x200 [ 258.160496][ T8002] do_syscall_64+0xcd/0x230 [ 258.160538][ T8002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.160570][ T8002] RIP: 0033:0x7ff39d58e969 [ 258.160595][ T8002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.160625][ T8002] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 258.160655][ T8002] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 258.160676][ T8002] RDX: 00000000ff1f0000 RSI: 000000000000125f RDI: 0000000000000003 [ 258.160695][ T8002] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 258.160715][ T8002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.160734][ T8002] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 258.160776][ T8002] [ 258.163111][ T8002] Mem-Info: [ 258.503203][ T8002] active_anon:13011 inactive_anon:0 isolated_anon:25 [ 258.503203][ T8002] active_file:15973 inactive_file:38761 isolated_file:0 [ 258.503203][ T8002] unevictable:768 dirty:692 writeback:0 [ 258.503203][ T8002] slab_reclaimable:9880 slab_unreclaimable:93426 [ 258.503203][ T8002] mapped:27315 shmem:1429 pagetables:839 [ 258.503203][ T8002] sec_pagetables:0 bounce:0 [ 258.503203][ T8002] kernel_misc_reclaimable:0 [ 258.503203][ T8002] free:1337946 free_pcp:1085 free_cma:0 [ 258.574841][ T8002] Node 0 active_anon:53244kB inactive_anon:0kB active_file:63892kB inactive_file:155036kB unevictable:1536kB isolated(anon):100kB isolated(file):0kB mapped:109260kB dirty:2764kB writeback:0kB shmem:5180kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:10980kB pagetables:3356kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 258.660763][ T8002] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 258.727689][ T8002] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 258.806879][ T8002] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 258.812890][ T8002] Node 0 DMA32 free:1425556kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:55216kB inactive_anon:0kB active_file:63880kB inactive_file:153232kB unevictable:1536kB writepending:2784kB present:3129332kB managed:2544212kB mlocked:0kB bounce:0kB free_pcp:1952kB local_pcp:616kB free_cma:0kB [ 258.890568][ T8002] lowmem_reserve[]: 0 0 1 1 1 [ 258.912327][ T8002] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:12kB inactive_file:1804kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:4kB free_cma:0kB [ 258.971246][ T8002] lowmem_reserve[]: 0 0 0 0 0 [ 258.976253][ T8002] Node 1 Normal free:3907564kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2196kB local_pcp:2196kB free_cma:0kB [ 259.025666][ T8002] lowmem_reserve[]: 0 0 0 0 0 [ 259.047195][ T8002] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 259.086857][ T8002] Node 0 DMA32: 1488*4kB (UME) 1501*8kB (UME) 1758*16kB (UME) 1196*32kB (UME) 820*64kB (UME) 333*128kB (UME) 143*256kB (UME) 75*512kB (UME) 41*1024kB (UM) 8*2048kB (UM) 273*4096kB (M) = 1431048kB [ 259.125542][ T8002] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 259.144510][ T8002] Node 1 Normal: 217*4kB (UME) 67*8kB (UME) 55*16kB (UME) 250*32kB (UME) 91*64kB (UME) 30*128kB (UME) 16*256kB (UME) 7*512kB (UME) 5*1024kB (UM) 2*2048kB (UE) 945*4096kB (M) = 3907564kB [ 259.163890][ T8002] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 259.183916][ T8002] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 259.254496][ T8002] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 259.294325][ T8002] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 259.330635][ T8002] 57211 total pagecache pages [ 259.347659][ T8002] 0 pages in swap cache [ 259.377055][ T8002] Free swap = 124996kB [ 259.405111][ T8002] Total swap = 124996kB [ 259.439026][ T8002] 2097051 pages RAM [ 259.483656][ T8002] 0 pages HighMem/MovableOnly [ 259.502569][ T8002] 428892 pages reserved [ 259.521107][ T8002] 0 pages cma reserved [ 259.812319][ T8032] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[8032] [ 260.483914][ T8049] FAULT_INJECTION: forcing a failure. [ 260.483914][ T8049] name failslab, interval 1, probability 0, space 0, times 0 [ 260.549411][ T8049] CPU: 0 UID: 0 PID: 8049 Comm: syz.1.483 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 260.549460][ T8049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 260.549479][ T8049] Call Trace: [ 260.549489][ T8049] [ 260.549501][ T8049] dump_stack_lvl+0x16c/0x1f0 [ 260.549547][ T8049] should_fail_ex+0x512/0x640 [ 260.549592][ T8049] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 260.549638][ T8049] should_failslab+0xc2/0x120 [ 260.549679][ T8049] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 260.549719][ T8049] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 260.549754][ T8049] ? fib_notifier_ops_register+0x32/0x270 [ 260.549795][ T8049] kmemdup_noprof+0x29/0x60 [ 260.549836][ T8049] fib_notifier_ops_register+0x32/0x270 [ 260.549874][ T8049] fib4_notifier_init+0x4f/0xd0 [ 260.549905][ T8049] fib_net_init+0xbf/0x3f0 [ 260.549934][ T8049] ? __pfx___register_sysctl_table+0x10/0x10 [ 260.549973][ T8049] ? __pfx_fib_net_init+0x10/0x10 [ 260.550003][ T8049] ? lockdep_init_map_type+0x5c/0x280 [ 260.550049][ T8049] ? do_init_timer+0xc9/0x110 [ 260.550085][ T8049] ? devinet_init_net+0x5c2/0x910 [ 260.550125][ T8049] ? __pfx_fib_net_init+0x10/0x10 [ 260.550155][ T8049] ops_init+0x1df/0x5f0 [ 260.550203][ T8049] setup_net+0x21e/0x850 [ 260.550242][ T8049] ? __pfx_setup_net+0x10/0x10 [ 260.550273][ T8049] ? lockdep_init_map_type+0x5c/0x280 [ 260.550317][ T8049] ? __pfx_down_read_killable+0x10/0x10 [ 260.550375][ T8049] ? debug_mutex_init+0x37/0x70 [ 260.550429][ T8049] copy_net_ns+0x2a6/0x5f0 [ 260.550471][ T8049] create_new_namespaces+0x3ea/0xad0 [ 260.550516][ T8049] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 260.550556][ T8049] ksys_unshare+0x45b/0xa40 [ 260.550601][ T8049] ? __pfx_ksys_unshare+0x10/0x10 [ 260.550643][ T8049] ? xfd_validate_state+0x5d/0x180 [ 260.550697][ T8049] ? rcu_is_watching+0x12/0xc0 [ 260.550737][ T8049] __x64_sys_unshare+0x31/0x40 [ 260.550780][ T8049] do_syscall_64+0xcd/0x230 [ 260.550823][ T8049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.550855][ T8049] RIP: 0033:0x7fe297b8e969 [ 260.550882][ T8049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.550914][ T8049] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 260.550945][ T8049] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 260.550967][ T8049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 260.550987][ T8049] RBP: 00007fe297c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 260.551006][ T8049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.551025][ T8049] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 260.551068][ T8049] [ 260.985525][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.991943][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.191941][ T8062] netlink: 'syz.3.487': attribute type 22 has an invalid length. [ 261.200027][ T8062] netlink: 252 bytes leftover after parsing attributes in process `syz.3.487'. [ 261.251609][ T8062] netlink: 'syz.3.487': attribute type 22 has an invalid length. [ 261.269263][ T8062] netlink: 252 bytes leftover after parsing attributes in process `syz.3.487'. [ 261.392420][ T8068] netlink: 28 bytes leftover after parsing attributes in process `syz.2.486'. [ 261.402733][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.486'. [ 262.179606][ T8070] sp0: Synchronizing with TNC [ 262.233999][ T8070] [U] è [ 262.531380][ T8082] can: request_module (can-proto-0) failed. [ 262.537785][ T8081] can: request_module (can-proto-0) failed. [ 264.354504][ T8113] delete_channel: no stack [ 264.901166][ T8133] sp0: Synchronizing with TNC [ 264.965601][ T8133] [U] è [ 265.146653][ T8142] FAULT_INJECTION: forcing a failure. [ 265.146653][ T8142] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 265.179349][ T8142] CPU: 1 UID: 0 PID: 8142 Comm: syz.0.507 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 265.179384][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 265.179398][ T8142] Call Trace: [ 265.179406][ T8142] [ 265.179415][ T8142] dump_stack_lvl+0x16c/0x1f0 [ 265.179447][ T8142] should_fail_ex+0x512/0x640 [ 265.179484][ T8142] should_fail_alloc_page+0xe7/0x130 [ 265.179515][ T8142] prepare_alloc_pages+0x3c2/0x610 [ 265.179556][ T8142] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 265.179588][ T8142] ? __lock_acquire+0x5ca/0x1ba0 [ 265.179624][ T8142] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 265.179669][ T8142] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 265.179702][ T8142] ? policy_nodemask+0xea/0x4e0 [ 265.179732][ T8142] alloc_pages_mpol+0x1fb/0x550 [ 265.179760][ T8142] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 265.179796][ T8142] alloc_pages_noprof+0x131/0x390 [ 265.179830][ T8142] __pmd_alloc+0x3f/0x870 [ 265.179862][ T8142] ? find_held_lock+0x2b/0x80 [ 265.179885][ T8142] __handle_mm_fault+0x948/0x2a40 [ 265.179916][ T8142] ? __pfx___handle_mm_fault+0x10/0x10 [ 265.179955][ T8142] ? find_vma+0xbf/0x140 [ 265.179984][ T8142] ? __pfx_find_vma+0x10/0x10 [ 265.180019][ T8142] handle_mm_fault+0x3fe/0xad0 [ 265.180046][ T8142] do_user_addr_fault+0x7a6/0x1370 [ 265.180068][ T8142] ? __mutex_lock+0x1ca/0xb90 [ 265.180097][ T8142] ? rcu_is_watching+0x12/0xc0 [ 265.180120][ T8142] exc_page_fault+0x5c/0xc0 [ 265.180146][ T8142] asm_exc_page_fault+0x26/0x30 [ 265.180168][ T8142] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 265.180205][ T8142] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 265.180228][ T8142] RSP: 0018:ffffc90003007c30 EFLAGS: 00050202 [ 265.180247][ T8142] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000c [ 265.180261][ T8142] RDX: fffff52000600fa6 RSI: 0000000000000000 RDI: ffffc90003007d28 [ 265.180275][ T8142] RBP: 000000000000000c R08: 0000000000000001 R09: fffff52000600fa6 [ 265.180289][ T8142] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 265.180303][ T8142] R13: ffffc90003007d28 R14: ffff8880291f8180 R15: ffff888144f50130 [ 265.180337][ T8142] _copy_from_user+0x98/0xd0 [ 265.180373][ T8142] usbdev_ioctl+0x1ea0/0x4070 [ 265.180401][ T8142] ? __pfx_usbdev_ioctl+0x10/0x10 [ 265.180422][ T8142] ? do_vfs_ioctl+0x512/0x1990 [ 265.180454][ T8142] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 265.180505][ T8142] ? find_held_lock+0x2b/0x80 [ 265.180525][ T8142] ? hook_file_ioctl_common+0x145/0x410 [ 265.180557][ T8142] ? __fget_files+0x20e/0x3c0 [ 265.180597][ T8142] ? __pfx_usbdev_ioctl+0x10/0x10 [ 265.180620][ T8142] __x64_sys_ioctl+0x190/0x200 [ 265.180653][ T8142] do_syscall_64+0xcd/0x230 [ 265.180686][ T8142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.180709][ T8142] RIP: 0033:0x7fa2fa18e969 [ 265.180727][ T8142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.180748][ T8142] RSP: 002b:00007fa2fafd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.180768][ T8142] RAX: ffffffffffffffda RBX: 00007fa2fa3b5fa0 RCX: 00007fa2fa18e969 [ 265.180784][ T8142] RDX: 0000000000000000 RSI: 00000000c00c5512 RDI: 0000000000000003 [ 265.180797][ T8142] RBP: 00007fa2fafd2090 R08: 0000000000000000 R09: 0000000000000000 [ 265.180815][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.180828][ T8142] R13: 0000000000000000 R14: 00007fa2fa3b5fa0 R15: 00007ffc2a52f148 [ 265.180858][ T8142] [ 265.539739][ C1] vkms_vblank_simulate: vblank timer overrun [ 265.814580][ T8150] netlink: 'syz.0.509': attribute type 1 has an invalid length. [ 265.951965][ T8153] netlink: 'syz.2.511': attribute type 2 has an invalid length. [ 266.273647][ T8159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.510'. [ 266.285825][ T8159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.510'. [ 267.182004][ T8183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.517'. [ 267.215626][ T8183] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'. [ 267.597260][ T8184] sp0: Synchronizing with TNC [ 267.611590][ T8184] [U] è [ 268.260505][ T8190] FAULT_INJECTION: forcing a failure. [ 268.260505][ T8190] name failslab, interval 1, probability 0, space 0, times 0 [ 268.277092][ T8190] CPU: 1 UID: 0 PID: 8190 Comm: syz.3.519 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 268.277128][ T8190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 268.277142][ T8190] Call Trace: [ 268.277150][ T8190] [ 268.277158][ T8190] dump_stack_lvl+0x16c/0x1f0 [ 268.277193][ T8190] should_fail_ex+0x512/0x640 [ 268.277226][ T8190] ? __kmalloc_noprof+0xbf/0x510 [ 268.277254][ T8190] ? fib_default_rule_add+0x4f/0x420 [ 268.277275][ T8190] should_failslab+0xc2/0x120 [ 268.277304][ T8190] __kmalloc_noprof+0xd2/0x510 [ 268.277343][ T8190] fib_default_rule_add+0x4f/0x420 [ 268.277369][ T8190] fib4_rules_init+0x52/0x1c0 [ 268.277401][ T8190] fib_net_init+0x1dc/0x3f0 [ 268.277422][ T8190] ? __pfx___register_sysctl_table+0x10/0x10 [ 268.277450][ T8190] ? __pfx_fib_net_init+0x10/0x10 [ 268.277471][ T8190] ? lockdep_init_map_type+0x5c/0x280 [ 268.277504][ T8190] ? do_init_timer+0xc9/0x110 [ 268.277529][ T8190] ? devinet_init_net+0x5c2/0x910 [ 268.277557][ T8190] ? __pfx_fib_net_init+0x10/0x10 [ 268.277578][ T8190] ops_init+0x1df/0x5f0 [ 268.277604][ T8190] setup_net+0x21e/0x850 [ 268.277649][ T8190] ? __pfx_setup_net+0x10/0x10 [ 268.277671][ T8190] ? lockdep_init_map_type+0x5c/0x280 [ 268.277701][ T8190] ? __pfx_down_read_killable+0x10/0x10 [ 268.277737][ T8190] ? debug_mutex_init+0x37/0x70 [ 268.277777][ T8190] copy_net_ns+0x2a6/0x5f0 [ 268.277806][ T8190] create_new_namespaces+0x3ea/0xad0 [ 268.277838][ T8190] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 268.277865][ T8190] ksys_unshare+0x45b/0xa40 [ 268.277897][ T8190] ? __pfx_ksys_unshare+0x10/0x10 [ 268.277927][ T8190] ? xfd_validate_state+0x5d/0x180 [ 268.277966][ T8190] ? rcu_is_watching+0x12/0xc0 [ 268.277994][ T8190] __x64_sys_unshare+0x31/0x40 [ 268.278024][ T8190] do_syscall_64+0xcd/0x230 [ 268.278055][ T8190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.278078][ T8190] RIP: 0033:0x7f11a2d8e969 [ 268.278097][ T8190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.278120][ T8190] RSP: 002b:00007f11a3c70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 268.278143][ T8190] RAX: ffffffffffffffda RBX: 00007f11a2fb5fa0 RCX: 00007f11a2d8e969 [ 268.278159][ T8190] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 268.278173][ T8190] RBP: 00007f11a2e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 268.278187][ T8190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.278201][ T8190] R13: 0000000000000000 R14: 00007f11a2fb5fa0 R15: 00007ffd1a105478 [ 268.278230][ T8190] [ 268.546944][ C1] vkms_vblank_simulate: vblank timer overrun [ 270.214041][ T8226] net_ratelimit: 23 callbacks suppressed [ 270.214070][ T8226] netlink: Conntrack attr has 16 unknown bytes [ 272.039411][ T8249] netlink: 28 bytes leftover after parsing attributes in process `syz.0.534'. [ 272.065018][ T8249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.534'. [ 272.139267][ T8240] FAULT_INJECTION: forcing a failure. [ 272.139267][ T8240] name failslab, interval 1, probability 0, space 0, times 0 [ 272.160891][ T8240] CPU: 1 UID: 0 PID: 8240 Comm: syz.1.532 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 272.160941][ T8240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 272.160962][ T8240] Call Trace: [ 272.160973][ T8240] [ 272.160985][ T8240] dump_stack_lvl+0x16c/0x1f0 [ 272.161036][ T8240] should_fail_ex+0x512/0x640 [ 272.161080][ T8240] ? __kvmalloc_node_noprof+0x122/0x600 [ 272.161119][ T8240] should_failslab+0xc2/0x120 [ 272.161159][ T8240] __kvmalloc_node_noprof+0x135/0x600 [ 272.161195][ T8240] ? fib4_semantics_init+0x25/0x100 [ 272.161247][ T8240] ? fib4_semantics_init+0x25/0x100 [ 272.161300][ T8240] ? fib4_rules_init+0x151/0x1c0 [ 272.161340][ T8240] fib4_semantics_init+0x25/0x100 [ 272.161385][ T8240] fib_net_init+0x1fc/0x3f0 [ 272.161414][ T8240] ? __pfx___register_sysctl_table+0x10/0x10 [ 272.161452][ T8240] ? __pfx_fib_net_init+0x10/0x10 [ 272.161481][ T8240] ? lockdep_init_map_type+0x5c/0x280 [ 272.161526][ T8240] ? do_init_timer+0xc9/0x110 [ 272.161562][ T8240] ? devinet_init_net+0x5c2/0x910 [ 272.161602][ T8240] ? __pfx_fib_net_init+0x10/0x10 [ 272.161631][ T8240] ops_init+0x1df/0x5f0 [ 272.161668][ T8240] setup_net+0x21e/0x850 [ 272.161705][ T8240] ? __pfx_setup_net+0x10/0x10 [ 272.161736][ T8240] ? lockdep_init_map_type+0x5c/0x280 [ 272.161778][ T8240] ? __pfx_down_read_killable+0x10/0x10 [ 272.161828][ T8240] ? debug_mutex_init+0x37/0x70 [ 272.161884][ T8240] copy_net_ns+0x2a6/0x5f0 [ 272.161926][ T8240] create_new_namespaces+0x3ea/0xad0 [ 272.161971][ T8240] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 272.162010][ T8240] ksys_unshare+0x45b/0xa40 [ 272.162054][ T8240] ? __pfx_ksys_unshare+0x10/0x10 [ 272.162093][ T8240] ? xfd_validate_state+0x5d/0x180 [ 272.162147][ T8240] ? rcu_is_watching+0x12/0xc0 [ 272.162186][ T8240] __x64_sys_unshare+0x31/0x40 [ 272.162230][ T8240] do_syscall_64+0xcd/0x230 [ 272.162280][ T8240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.162315][ T8240] RIP: 0033:0x7fe297b8e969 [ 272.162340][ T8240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.162373][ T8240] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 272.162404][ T8240] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 272.162426][ T8240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 272.162446][ T8240] RBP: 00007fe297c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 272.162465][ T8240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.162483][ T8240] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 272.162524][ T8240] [ 273.639976][ T8266] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f8ef8d43 pfn:0x78000 [ 273.677205][ T8266] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 273.691300][ T8266] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 273.703076][ T8266] raw: 00000007f8ef8d43 0000000000000000 0000000400000002 0000000000000000 [ 273.712415][ T8266] page dumped because: unmovable page [ 273.719570][ T8266] page_owner tracks the page as allocated [ 273.739818][ T8266] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 94761125329, free_ts 94533880024 [ 273.784304][ T8266] post_alloc_hook+0x181/0x1b0 [ 273.796682][ T8266] get_page_from_freelist+0x135c/0x3920 [ 273.810214][ T8266] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 273.833906][ T8266] alloc_pages_mpol+0x1fb/0x550 [ 273.851987][ T8266] alloc_pages_noprof+0x131/0x390 [ 273.863897][ T8266] __vmalloc_node_range_noprof+0x732/0x1540 [ 273.877860][ T8266] vmalloc_user_noprof+0x6b/0x90 [ 273.931469][ T8266] kcov_ioctl+0x4c/0x730 [ 273.937794][ T8266] __x64_sys_ioctl+0x190/0x200 [ 273.945141][ T8266] do_syscall_64+0xcd/0x230 [ 273.949902][ T8266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.970868][ T8266] page last free pid 5818 tgid 5818 stack trace: [ 274.009491][ T8266] free_unref_folios+0x999/0x1630 [ 274.015258][ T8266] folios_put_refs+0x56f/0x740 [ 274.020429][ T8266] free_pages_and_swap_cache+0x245/0x4a0 [ 274.029600][ T8266] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 274.036463][ T8266] tlb_finish_mmu+0x168/0x7b0 [ 274.043864][ T8266] vms_clear_ptes+0x55e/0x770 [ 274.050774][ T8266] vms_complete_munmap_vmas+0x1ca/0x970 [ 274.057102][ T8266] do_vmi_align_munmap+0x43b/0x7d0 [ 274.062469][ T8266] do_vmi_munmap+0x208/0x3e0 [ 274.069174][ T8266] __vm_munmap+0x19a/0x390 [ 274.073869][ T8266] __x64_sys_munmap+0x59/0x80 [ 274.079170][ T8266] do_syscall_64+0xcd/0x230 [ 274.083974][ T8266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.754344][ T5838] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 275.115315][ T8284] netlink: 'syz.1.545': attribute type 1 has an invalid length. [ 276.144981][ T8304] netlink: 'syz.1.550': attribute type 1 has an invalid length. [ 276.651886][ T8317] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f8ef8d43 pfn:0x78000 [ 276.814342][ T8317] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 276.870204][ T8317] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 276.931798][ T8317] raw: 00000007f8ef8d43 0000000000000000 0000000400000002 0000000000000000 [ 277.011918][ T8317] page dumped because: unmovable page [ 277.060241][ T8317] page_owner tracks the page as allocated [ 277.102839][ T8317] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 94761125329, free_ts 94533880024 [ 277.244334][ T8317] post_alloc_hook+0x181/0x1b0 [ 277.249167][ T8317] get_page_from_freelist+0x135c/0x3920 [ 277.284690][ T8317] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 277.379192][ T8317] alloc_pages_mpol+0x1fb/0x550 [ 277.603028][ T8317] alloc_pages_noprof+0x131/0x390 [ 277.633044][ T8317] __vmalloc_node_range_noprof+0x732/0x1540 [ 277.653592][ T8317] vmalloc_user_noprof+0x6b/0x90 [ 277.676404][ T8317] kcov_ioctl+0x4c/0x730 [ 277.680728][ T8317] __x64_sys_ioctl+0x190/0x200 [ 277.739023][ T8317] do_syscall_64+0xcd/0x230 [ 277.760291][ T8317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.803187][ T8317] page last free pid 5818 tgid 5818 stack trace: [ 277.891358][ T8317] free_unref_folios+0x999/0x1630 [ 277.943413][ T8317] folios_put_refs+0x56f/0x740 [ 277.981012][ T8317] free_pages_and_swap_cache+0x245/0x4a0 [ 277.997409][ T8317] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 278.017721][ T8317] tlb_finish_mmu+0x168/0x7b0 [ 278.022546][ T8317] vms_clear_ptes+0x55e/0x770 [ 278.048157][ T8317] vms_complete_munmap_vmas+0x1ca/0x970 [ 278.053780][ T8317] do_vmi_align_munmap+0x43b/0x7d0 [ 278.079965][ T8317] do_vmi_munmap+0x208/0x3e0 [ 278.085802][ T8317] __vm_munmap+0x19a/0x390 [ 278.090552][ T8317] __x64_sys_munmap+0x59/0x80 [ 278.099241][ T8317] do_syscall_64+0xcd/0x230 [ 278.104800][ T8317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.021778][ T8355] netlink: 334 bytes leftover after parsing attributes in process `syz.3.564'. [ 279.087240][ T8351] netlink: 'syz.1.562': attribute type 1 has an invalid length. [ 280.401943][ T8374] netlink: 'syz.1.569': attribute type 1 has an invalid length. [ 280.717249][ T8393] program syz.0.572 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 280.857617][ T8399] FAULT_INJECTION: forcing a failure. [ 280.857617][ T8399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.889528][ T8399] CPU: 1 UID: 0 PID: 8399 Comm: syz.1.576 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 280.889573][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 280.889591][ T8399] Call Trace: [ 280.889608][ T8399] [ 280.889619][ T8399] dump_stack_lvl+0x16c/0x1f0 [ 280.889669][ T8399] should_fail_ex+0x512/0x640 [ 280.889719][ T8399] _copy_from_user+0x2e/0xd0 [ 280.889767][ T8399] adf_ctl_alloc_resources+0x88/0x120 [ 280.889814][ T8399] adf_ctl_ioctl+0x5e0/0x1090 [ 280.889854][ T8399] ? __pfx_adf_ctl_ioctl+0x10/0x10 [ 280.889890][ T8399] ? find_held_lock+0x2b/0x80 [ 280.889918][ T8399] ? hook_file_ioctl_common+0x145/0x410 [ 280.889957][ T8399] ? __fget_files+0x20e/0x3c0 [ 280.890011][ T8399] ? __pfx_adf_ctl_ioctl+0x10/0x10 [ 280.890052][ T8399] __x64_sys_ioctl+0x190/0x200 [ 280.890099][ T8399] do_syscall_64+0xcd/0x230 [ 280.890139][ T8399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.890170][ T8399] RIP: 0033:0x7fe297b8e969 [ 280.890195][ T8399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.890227][ T8399] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.890255][ T8399] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 280.890275][ T8399] RDX: 0000000000000000 RSI: 0000000040096101 RDI: 0000000000000003 [ 280.890294][ T8399] RBP: 00007fe2959f6090 R08: 0000000000000000 R09: 0000000000000000 [ 280.890313][ T8399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.890332][ T8399] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 280.890374][ T8399] [ 280.890386][ T8399] QAT: failed to copy from user cfg_data. [ 281.291249][ T8406] FAULT_INJECTION: forcing a failure. [ 281.291249][ T8406] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 281.315097][ T8406] CPU: 0 UID: 0 PID: 8406 Comm: syz.1.579 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 281.315143][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 281.315162][ T8406] Call Trace: [ 281.315171][ T8406] [ 281.315183][ T8406] dump_stack_lvl+0x16c/0x1f0 [ 281.315226][ T8406] should_fail_ex+0x512/0x640 [ 281.315274][ T8406] should_fail_alloc_page+0xe7/0x130 [ 281.315315][ T8406] prepare_alloc_pages+0x3c2/0x610 [ 281.315370][ T8406] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 281.315417][ T8406] ? copy_splice_read+0x1a8/0xba0 [ 281.315462][ T8406] ? stack_trace_save+0x8e/0xc0 [ 281.315492][ T8406] ? __pfx_stack_trace_save+0x10/0x10 [ 281.315523][ T8406] ? stack_depot_save_flags+0x28/0xa50 [ 281.315579][ T8406] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 281.315613][ T8406] ? kasan_save_stack+0x33/0x60 [ 281.315644][ T8406] ? __kasan_kmalloc+0xaa/0xb0 [ 281.315674][ T8406] ? copy_splice_read+0x1a8/0xba0 [ 281.315716][ T8406] ? do_splice_read+0x282/0x370 [ 281.315757][ T8406] ? splice_direct_to_actor+0x2a1/0xa30 [ 281.315800][ T8406] ? do_splice_direct+0x174/0x240 [ 281.315843][ T8406] ? do_sendfile+0xafd/0xe50 [ 281.315888][ T8406] ? __x64_sys_sendfile64+0x1d8/0x220 [ 281.315922][ T8406] ? do_syscall_64+0xcd/0x230 [ 281.315989][ T8406] alloc_pages_bulk_noprof+0x703/0x13b0 [ 281.316037][ T8406] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 281.316083][ T8406] ? trace_kmalloc+0x2b/0xd0 [ 281.316123][ T8406] ? __kmalloc_noprof+0x242/0x510 [ 281.316167][ T8406] copy_splice_read+0x1e1/0xba0 [ 281.316221][ T8406] ? __pfx_copy_splice_read+0x10/0x10 [ 281.316278][ T8406] ? find_held_lock+0x2b/0x80 [ 281.316315][ T8406] ? __pfx_copy_splice_read+0x10/0x10 [ 281.316360][ T8406] do_splice_read+0x282/0x370 [ 281.316416][ T8406] splice_direct_to_actor+0x2a1/0xa30 [ 281.316465][ T8406] ? __pfx_direct_splice_actor+0x10/0x10 [ 281.316520][ T8406] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 281.316564][ T8406] ? get_pid_task+0xfc/0x250 [ 281.316617][ T8406] do_splice_direct+0x174/0x240 [ 281.316663][ T8406] ? __pfx_do_splice_direct+0x10/0x10 [ 281.316710][ T8406] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 281.316763][ T8406] ? rw_verify_area+0xcf/0x680 [ 281.316811][ T8406] do_sendfile+0xafd/0xe50 [ 281.316867][ T8406] ? __pfx_do_sendfile+0x10/0x10 [ 281.316915][ T8406] ? __fget_files+0x20e/0x3c0 [ 281.316973][ T8406] __x64_sys_sendfile64+0x1d8/0x220 [ 281.317008][ T8406] ? ksys_write+0x1b9/0x240 [ 281.317035][ T8406] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 281.317069][ T8406] ? rcu_is_watching+0x12/0xc0 [ 281.317109][ T8406] do_syscall_64+0xcd/0x230 [ 281.317150][ T8406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.317182][ T8406] RIP: 0033:0x7fe297b8e969 [ 281.317208][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.317239][ T8406] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 281.317269][ T8406] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 281.317290][ T8406] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 281.317309][ T8406] RBP: 00007fe2959f6090 R08: 0000000000000000 R09: 0000000000000000 [ 281.317328][ T8406] R10: 0000000000000071 R11: 0000000000000246 R12: 0000000000000001 [ 281.317347][ T8406] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 281.317388][ T8406] [ 281.668560][ T8407] netlink: 'syz.3.578': attribute type 1 has an invalid length. [ 283.175518][ T8432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.587'. [ 283.197072][ T8432] netlink: 13 bytes leftover after parsing attributes in process `syz.0.587'. [ 283.581975][ T8441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.586'. [ 284.351714][ T8447] [U]  [ 284.354991][ T8447] [U] [ 284.358149][ T8447] [U] [ 284.362090][ T8447] [U] [ 284.366749][ T8447] [U] [ 284.370664][ T8447] [U] [ 284.374213][ T8447] [U] [ 284.377173][ T8447] [U] [ 284.390890][ T8447] [U] [ 284.394407][ T8447] [U] [ 284.397290][ T8447] [U] [ 284.401767][ T8447] [U] [ 284.421057][ T8447] [U] [ 284.424108][ T8447] [U] [ 284.427351][ T8447] [U] [ 284.430488][ T8447] [U] [ 284.475240][ T8447] [U] [ 284.478316][ T8447] [U] [ 284.481438][ T8447] [U] [ 284.486433][ T8447] [U] [ 284.490021][ T8432] kexec: Could not allocate control_code_buffer [ 284.662376][ T8447] [U] [ 284.665731][ T8447] [U] [ 284.668529][ T8447] [U] [ 284.671295][ T8447] [U] [ 284.715913][ T8447] [U] [ 284.718729][ T8447] [U] [ 284.721690][ T8447] [U] [ 284.724481][ T8447] [U] [ 284.767409][ T8447] [U] [ 284.770235][ T8447] [U] [ 284.773521][ T8447] [U] [ 284.776798][ T8447] [U] [ 284.799720][ T8447] [U] [ 284.804942][ T8447] [U] [ 284.807997][ T8447] [U] [ 284.811131][ T8447] [U] [ 284.818928][ T8447] [U] [ 284.822220][ T8447] [U] [ 284.825638][ T8447] [U] [ 284.829048][ T8447] [U] [ 284.848751][ T8447] [U] [ 284.851560][ T8447] [U] [ 284.854323][ T8447] [U] [ 284.857821][ T8447] [U] [ 284.872550][ T8447] [U] [ 284.875876][ T8447] [U] [ 284.878994][ T8447] [U] [ 284.882058][ T8447] [U] [ 284.890367][ T8447] [U] [ 284.893375][ T8447] [U] [ 284.896346][ T8447] [U] [ 284.899646][ T8447] [U] [ 284.936862][ T8447] [U] [ 284.940681][ T8447] [U] [ 284.944472][ T8447] [U] [ 284.948030][ T8447] [U] [ 284.951994][ T8447] [U] [ 284.955070][ T8447] [U] [ 284.958926][ T8447] [U] [ 284.962872][ T8447] [U] [ 285.022577][ T8447] [U] [ 285.026386][ T8447] [U] [ 285.030035][ T8447] [U] [ 285.033503][ T8447] [U] [ 285.063994][ T8447] [U] [ 285.066953][ T8447] [U] [ 285.069719][ T8447] [U] [ 285.072812][ T8447] [U] [ 285.079835][ T8447] [U] [ 285.082937][ T8447] [U] [ 285.086795][ T8447] [U] [ 285.089758][ T8447] [U] [ 285.177632][ T8447] [U] [ 285.180721][ T8447] [U] [ 285.183490][ T8447] [U] [ 285.186407][ T8447] [U] [ 285.199111][ T8447] [U] [ 285.202214][ T8447] [U] [ 285.205537][ T8447] [U] [ 285.208968][ T8447] [U] [ 285.256228][ T8461] [U] [ 285.503725][ T8472] netlink: 28 bytes leftover after parsing attributes in process `syz.0.594'. [ 285.535082][ T8472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.594'. [ 286.206588][ T8476] FAULT_INJECTION: forcing a failure. [ 286.206588][ T8476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.220133][ T8476] CPU: 0 UID: 0 PID: 8476 Comm: syz.2.597 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 286.220175][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 286.220193][ T8476] Call Trace: [ 286.220203][ T8476] [ 286.220214][ T8476] dump_stack_lvl+0x16c/0x1f0 [ 286.220272][ T8476] should_fail_ex+0x512/0x640 [ 286.220324][ T8476] _copy_to_user+0x32/0xd0 [ 286.220386][ T8476] simple_read_from_buffer+0xcb/0x170 [ 286.220438][ T8476] proc_fail_nth_read+0x197/0x270 [ 286.220485][ T8476] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 286.220532][ T8476] ? rw_verify_area+0xcf/0x680 [ 286.220577][ T8476] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 286.220625][ T8476] vfs_read+0x1de/0xc70 [ 286.220661][ T8476] ? __pfx___mutex_lock+0x10/0x10 [ 286.220699][ T8476] ? __pfx_vfs_read+0x10/0x10 [ 286.220741][ T8476] ? __fget_files+0x20e/0x3c0 [ 286.220800][ T8476] ksys_read+0x12a/0x240 [ 286.220829][ T8476] ? __pfx_ksys_read+0x10/0x10 [ 286.220872][ T8476] do_syscall_64+0xcd/0x230 [ 286.220916][ T8476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.220950][ T8476] RIP: 0033:0x7ff39d58d37c [ 286.220977][ T8476] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 286.221008][ T8476] RSP: 002b:00007ff39e3e8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 286.221039][ T8476] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58d37c [ 286.221061][ T8476] RDX: 000000000000000f RSI: 00007ff39e3e80a0 RDI: 0000000000000004 [ 286.221080][ T8476] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 286.221099][ T8476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.221114][ T8476] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 286.221153][ T8476] [ 286.642447][ T8474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.596'. [ 286.658168][ T8485] netlink: 'syz.0.598': attribute type 1 has an invalid length. [ 286.675676][ T8474] ipvlan1: entered promiscuous mode [ 286.691338][ T8474] ipvlan1: entered allmulticast mode [ 286.697668][ T8474] veth0_vlan: entered allmulticast mode [ 288.186187][ T30] audit: type=1804 audit(4294967359.650:4): pid=8525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.609" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 288.360554][ T8522] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 288.370567][ T8522] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 289.228152][ T8542] netlink: 'syz.1.613': attribute type 1 has an invalid length. [ 291.249635][ T8564] FAULT_INJECTION: forcing a failure. [ 291.249635][ T8564] name failslab, interval 1, probability 0, space 0, times 0 [ 291.264361][ T8564] CPU: 0 UID: 0 PID: 8564 Comm: syz.3.618 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 291.264402][ T8564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 291.264420][ T8564] Call Trace: [ 291.264430][ T8564] [ 291.264441][ T8564] dump_stack_lvl+0x16c/0x1f0 [ 291.264484][ T8564] should_fail_ex+0x512/0x640 [ 291.264527][ T8564] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 291.264581][ T8564] should_failslab+0xc2/0x120 [ 291.264617][ T8564] __kmalloc_cache_noprof+0x6a/0x3e0 [ 291.264677][ T8564] ? __lock_acquire+0xaa4/0x1ba0 [ 291.264714][ T8564] ? _parse_integer_limit+0x17f/0x1d0 [ 291.264748][ T8564] ? snd_pcm_oss_change_params_locked+0x1db/0x3b40 [ 291.264797][ T8564] snd_pcm_oss_change_params_locked+0x1db/0x3b40 [ 291.264840][ T8564] ? __mutex_init+0xa5/0x120 [ 291.264880][ T8564] ? __pfx___might_resched+0x10/0x10 [ 291.264914][ T8564] ? rcu_is_watching+0x12/0xc0 [ 291.264942][ T8564] ? trace_contention_end+0xdd/0x130 [ 291.264985][ T8564] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 291.265027][ T8564] ? snd_pcm_oss_write+0x4a2/0xa10 [ 291.265081][ T8564] ? find_held_lock+0x2b/0x80 [ 291.265115][ T8564] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 291.265156][ T8564] snd_pcm_oss_write+0x4c3/0xa10 [ 291.265196][ T8564] ? bpf_lsm_file_permission+0x9/0x10 [ 291.265243][ T8564] ? security_file_permission+0x71/0x210 [ 291.265296][ T8564] vfs_write+0x25c/0x1180 [ 291.265324][ T8564] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 291.265373][ T8564] ? __pfx_vfs_write+0x10/0x10 [ 291.265397][ T8564] ? find_held_lock+0x2b/0x80 [ 291.265426][ T8564] ? __fget_files+0x204/0x3c0 [ 291.265479][ T8564] ? __fget_files+0x20e/0x3c0 [ 291.265537][ T8564] ksys_write+0x12a/0x240 [ 291.265564][ T8564] ? __pfx_ksys_write+0x10/0x10 [ 291.265605][ T8564] do_syscall_64+0xcd/0x230 [ 291.265654][ T8564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.265686][ T8564] RIP: 0033:0x7f11a2d8e969 [ 291.265710][ T8564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.265739][ T8564] RSP: 002b:00007f11a3c4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 291.265764][ T8564] RAX: ffffffffffffffda RBX: 00007f11a2fb6080 RCX: 00007f11a2d8e969 [ 291.265783][ T8564] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000007 [ 291.265801][ T8564] RBP: 00007f11a3c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 291.265827][ T8564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.265845][ T8564] R13: 0000000000000000 R14: 00007f11a2fb6080 R15: 00007ffd1a105478 [ 291.265884][ T8564] [ 291.885318][ T8585] FAULT_INJECTION: forcing a failure. [ 291.885318][ T8585] name failslab, interval 1, probability 0, space 0, times 0 [ 291.912197][ T8585] CPU: 1 UID: 0 PID: 8585 Comm: syz.2.625 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 291.912245][ T8585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 291.912265][ T8585] Call Trace: [ 291.912275][ T8585] [ 291.912288][ T8585] dump_stack_lvl+0x16c/0x1f0 [ 291.912335][ T8585] should_fail_ex+0x512/0x640 [ 291.912381][ T8585] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 291.912423][ T8585] should_failslab+0xc2/0x120 [ 291.912465][ T8585] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 291.912503][ T8585] ? __alloc_skb+0x2b2/0x380 [ 291.912562][ T8585] __alloc_skb+0x2b2/0x380 [ 291.912613][ T8585] ? __pfx___alloc_skb+0x10/0x10 [ 291.912670][ T8585] ? __lock_acquire+0xaa4/0x1ba0 [ 291.912720][ T8585] netlink_alloc_large_skb+0x69/0x130 [ 291.912760][ T8585] netlink_sendmsg+0x6a1/0xdd0 [ 291.912804][ T8585] ? __pfx_netlink_sendmsg+0x10/0x10 [ 291.912864][ T8585] ____sys_sendmsg+0xa95/0xc70 [ 291.912909][ T8585] ? copy_msghdr_from_user+0x10a/0x160 [ 291.912941][ T8585] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.913004][ T8585] ___sys_sendmsg+0x134/0x1d0 [ 291.913040][ T8585] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.913126][ T8585] __sys_sendmsg+0x16d/0x220 [ 291.913160][ T8585] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.913205][ T8585] ? rcu_is_watching+0x12/0xc0 [ 291.913248][ T8585] do_syscall_64+0xcd/0x230 [ 291.913292][ T8585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.913326][ T8585] RIP: 0033:0x7ff39d58e969 [ 291.913353][ T8585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.913386][ T8585] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 291.913419][ T8585] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 291.913442][ T8585] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000003 [ 291.913463][ T8585] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 291.913483][ T8585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.913504][ T8585] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 291.913545][ T8585] [ 292.704689][ T8593] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f8ef8d43 pfn:0x78000 [ 292.746707][ T8593] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 292.778515][ T8593] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 292.817270][ T8593] raw: 00000007f8ef8d43 0000000000000000 0000000400000002 0000000000000000 [ 292.904844][ T8593] page dumped because: unmovable page [ 292.910890][ T8593] page_owner tracks the page as allocated [ 292.917816][ T8593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 94761125329, free_ts 94533880024 [ 292.939039][ T8593] post_alloc_hook+0x181/0x1b0 [ 292.943984][ T8593] get_page_from_freelist+0x135c/0x3920 [ 292.950276][ T8593] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 292.958855][ T8593] alloc_pages_mpol+0x1fb/0x550 [ 292.967739][ T8593] alloc_pages_noprof+0x131/0x390 [ 292.973059][ T8593] __vmalloc_node_range_noprof+0x732/0x1540 [ 292.980120][ T8593] vmalloc_user_noprof+0x6b/0x90 [ 293.085599][ T8593] kcov_ioctl+0x4c/0x730 [ 293.121565][ T8593] __x64_sys_ioctl+0x190/0x200 [ 293.174448][ T8593] do_syscall_64+0xcd/0x230 [ 293.179187][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.191709][ T8593] page last free pid 5818 tgid 5818 stack trace: [ 293.199017][ T8593] free_unref_folios+0x999/0x1630 [ 293.205220][ T8593] folios_put_refs+0x56f/0x740 [ 293.210775][ T8593] free_pages_and_swap_cache+0x245/0x4a0 [ 293.217267][ T8593] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 293.223929][ T8593] tlb_finish_mmu+0x168/0x7b0 [ 293.229384][ T8593] vms_clear_ptes+0x55e/0x770 [ 293.236001][ T8593] vms_complete_munmap_vmas+0x1ca/0x970 [ 293.242215][ T8593] do_vmi_align_munmap+0x43b/0x7d0 [ 293.248338][ T8593] do_vmi_munmap+0x208/0x3e0 [ 293.253099][ T8593] __vm_munmap+0x19a/0x390 [ 293.263656][ T8593] __x64_sys_munmap+0x59/0x80 [ 293.269457][ T8593] do_syscall_64+0xcd/0x230 [ 293.274138][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.626274][ T8607] FAULT_INJECTION: forcing a failure. [ 293.626274][ T8607] name failslab, interval 1, probability 0, space 0, times 0 [ 293.703912][ T8607] CPU: 0 UID: 0 PID: 8607 Comm: syz.2.631 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 293.703958][ T8607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 293.703977][ T8607] Call Trace: [ 293.703987][ T8607] [ 293.703999][ T8607] dump_stack_lvl+0x16c/0x1f0 [ 293.704042][ T8607] should_fail_ex+0x512/0x640 [ 293.704082][ T8607] ? fs_reclaim_acquire+0xae/0x150 [ 293.704132][ T8607] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 293.704176][ T8607] should_failslab+0xc2/0x120 [ 293.704213][ T8607] __kmalloc_noprof+0xd2/0x510 [ 293.704255][ T8607] tomoyo_realpath_from_path+0xc2/0x6e0 [ 293.704302][ T8607] ? tomoyo_profile+0x47/0x60 [ 293.704354][ T8607] tomoyo_path_number_perm+0x245/0x580 [ 293.704389][ T8607] ? tomoyo_path_number_perm+0x237/0x580 [ 293.704430][ T8607] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 293.704481][ T8607] ? find_held_lock+0x2b/0x80 [ 293.704549][ T8607] ? find_held_lock+0x2b/0x80 [ 293.704576][ T8607] ? hook_file_ioctl_common+0x145/0x410 [ 293.704620][ T8607] ? __fget_files+0x20e/0x3c0 [ 293.704676][ T8607] security_file_ioctl+0x9b/0x240 [ 293.704717][ T8607] __x64_sys_ioctl+0xb7/0x200 [ 293.704764][ T8607] do_syscall_64+0xcd/0x230 [ 293.704806][ T8607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.704838][ T8607] RIP: 0033:0x7ff39d58e969 [ 293.704863][ T8607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.704893][ T8607] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 293.704923][ T8607] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 293.704944][ T8607] RDX: 0000200000000080 RSI: 0000000000002275 RDI: 0000000000000003 [ 293.704964][ T8607] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 293.704984][ T8607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.705003][ T8607] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 293.705045][ T8607] [ 294.011962][ T8607] ERROR: Out of memory at tomoyo_realpath_from_path. [ 294.574360][ T8602] sp0: Synchronizing with TNC [ 294.632415][ T8602] [U] è [ 294.821325][ T8623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.633'. [ 295.789834][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.632'. [ 296.544474][ T8636] zswap: compressor not available [ 297.399969][ T8663] sd 0:0:1:0: PR command failed: 1026 [ 297.405752][ T8663] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 297.412704][ T8663] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 297.496667][ T8665] Ignoring unsupported numa_zonelist_order value: [ 297.496667][ T8665] [ 298.044671][ T8670] sp0: Synchronizing with TNC [ 298.447054][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.644'. [ 301.090485][ T8709] netlink: 'syz.1.652': attribute type 27 has an invalid length. [ 301.111153][ T8709] netlink: 334 bytes leftover after parsing attributes in process `syz.1.652'. [ 301.155044][ T8709] sd 0:0:1:0: PR command failed: 1026 [ 301.164396][ T8709] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 301.188944][ T8709] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 302.672529][ T8723] sp0: Synchronizing with TNC [ 302.703418][ T8743] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 302.777661][ T8745] FAULT_INJECTION: forcing a failure. [ 302.777661][ T8745] name failslab, interval 1, probability 0, space 0, times 0 [ 302.790484][ T8745] CPU: 1 UID: 0 PID: 8745 Comm: syz.2.658 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 302.790513][ T8745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 302.790527][ T8745] Call Trace: [ 302.790534][ T8745] [ 302.790542][ T8745] dump_stack_lvl+0x16c/0x1f0 [ 302.790574][ T8745] should_fail_ex+0x512/0x640 [ 302.790610][ T8745] should_failslab+0xc2/0x120 [ 302.790638][ T8745] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 302.790665][ T8745] ? skb_clone+0x190/0x3f0 [ 302.790690][ T8745] skb_clone+0x190/0x3f0 [ 302.790713][ T8745] netlink_deliver_tap+0xabd/0xd30 [ 302.790741][ T8745] netlink_unicast+0x5df/0x7f0 [ 302.790768][ T8745] ? __pfx_netlink_unicast+0x10/0x10 [ 302.790791][ T8745] ? __lock_acquire+0xaa4/0x1ba0 [ 302.790827][ T8745] netlink_sendmsg+0x8d1/0xdd0 [ 302.790856][ T8745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.790895][ T8745] ____sys_sendmsg+0xa95/0xc70 [ 302.790925][ T8745] ? copy_msghdr_from_user+0x10a/0x160 [ 302.790946][ T8745] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.790979][ T8745] ? __pfx__kstrtoull+0x10/0x10 [ 302.791010][ T8745] ___sys_sendmsg+0x134/0x1d0 [ 302.791033][ T8745] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.791068][ T8745] ? find_held_lock+0x2b/0x80 [ 302.791113][ T8745] __sys_sendmmsg+0x200/0x420 [ 302.791139][ T8745] ? __pfx___sys_sendmmsg+0x10/0x10 [ 302.791170][ T8745] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 302.791212][ T8745] ? fput+0x70/0xf0 [ 302.791238][ T8745] ? ksys_write+0x1b9/0x240 [ 302.791258][ T8745] ? __pfx_ksys_write+0x10/0x10 [ 302.791277][ T8745] ? rcu_is_watching+0x12/0xc0 [ 302.791302][ T8745] __x64_sys_sendmmsg+0x9c/0x100 [ 302.791323][ T8745] ? lockdep_hardirqs_on+0x7c/0x110 [ 302.791349][ T8745] do_syscall_64+0xcd/0x230 [ 302.791379][ T8745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.791402][ T8745] RIP: 0033:0x7ff39d58e969 [ 302.791420][ T8745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.791443][ T8745] RSP: 002b:00007ff39e385038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 302.791464][ T8745] RAX: ffffffffffffffda RBX: 00007ff39d7b6240 RCX: 00007ff39d58e969 [ 302.791479][ T8745] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 302.791493][ T8745] RBP: 00007ff39e385090 R08: 0000000000000000 R09: 0000000000000000 [ 302.791507][ T8745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.791520][ T8745] R13: 0000000000000000 R14: 00007ff39d7b6240 R15: 00007ffd992f6f08 [ 302.791549][ T8745] [ 302.792142][ T8745] netlink: 354 bytes leftover after parsing attributes in process `syz.2.658'. [ 303.226878][ T8723] [U] è [ 304.040628][ T8764] FAULT_INJECTION: forcing a failure. [ 304.040628][ T8764] name failslab, interval 1, probability 0, space 0, times 0 [ 304.084808][ T8764] CPU: 1 UID: 0 PID: 8764 Comm: syz.0.664 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 304.084857][ T8764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 304.084877][ T8764] Call Trace: [ 304.084887][ T8764] [ 304.084900][ T8764] dump_stack_lvl+0x16c/0x1f0 [ 304.084950][ T8764] should_fail_ex+0x512/0x640 [ 304.084993][ T8764] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 304.085037][ T8764] should_failslab+0xc2/0x120 [ 304.085086][ T8764] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 304.085124][ T8764] ? __kernfs_new_node+0xd2/0x8a0 [ 304.085181][ T8764] __kernfs_new_node+0xd2/0x8a0 [ 304.085238][ T8764] ? __pfx___kernfs_new_node+0x10/0x10 [ 304.085301][ T8764] ? find_held_lock+0x2b/0x80 [ 304.085333][ T8764] ? kernfs_root+0xee/0x2a0 [ 304.085393][ T8764] kernfs_new_node+0x13c/0x1e0 [ 304.085444][ T8764] __kernfs_create_file+0x53/0x350 [ 304.085494][ T8764] sysfs_add_file_mode_ns+0x207/0x3c0 [ 304.085555][ T8764] sysfs_merge_group+0x1aa/0x340 [ 304.085589][ T8764] ? __pfx_sysfs_merge_group+0x10/0x10 [ 304.085627][ T8764] ? __pfx_dev_add_physical_location+0x10/0x10 [ 304.085666][ T8764] ? bus_to_subsys+0x131/0x160 [ 304.085719][ T8764] dpm_sysfs_add+0x237/0x280 [ 304.085758][ T8764] device_add+0x9a6/0x1a70 [ 304.085804][ T8764] ? __pfx_device_add+0x10/0x10 [ 304.085846][ T8764] ? lockdep_init_map_type+0x5c/0x280 [ 304.085891][ T8764] ? __init_waitqueue_head+0xca/0x150 [ 304.085951][ T8764] rfkill_register+0x1ad/0xb40 [ 304.086008][ T8764] nfc_register_device+0x11f/0x3c0 [ 304.086062][ T8764] nci_register_device+0x7f1/0xb80 [ 304.086099][ T8764] ? __pfx_nci_register_device+0x10/0x10 [ 304.086141][ T8764] ? lockdep_init_map_type+0x5c/0x280 [ 304.086191][ T8764] virtual_ncidev_open+0x141/0x220 [ 304.086238][ T8764] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 304.086283][ T8764] misc_open+0x35a/0x420 [ 304.086331][ T8764] ? __pfx_misc_open+0x10/0x10 [ 304.086380][ T8764] chrdev_open+0x231/0x6a0 [ 304.086413][ T8764] ? __pfx_apparmor_file_open+0x10/0x10 [ 304.086453][ T8764] ? __pfx_chrdev_open+0x10/0x10 [ 304.086489][ T8764] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 304.086547][ T8764] do_dentry_open+0x741/0x1c10 [ 304.086580][ T8764] ? __pfx_chrdev_open+0x10/0x10 [ 304.086623][ T8764] vfs_open+0x82/0x3f0 [ 304.086670][ T8764] path_openat+0x1e5e/0x2d40 [ 304.086718][ T8764] ? __pfx_path_openat+0x10/0x10 [ 304.086761][ T8764] do_filp_open+0x20b/0x470 [ 304.086792][ T8764] ? __pfx_do_filp_open+0x10/0x10 [ 304.086871][ T8764] ? alloc_fd+0x471/0x7d0 [ 304.086935][ T8764] do_sys_openat2+0x11b/0x1d0 [ 304.086983][ T8764] ? __pfx_do_sys_openat2+0x10/0x10 [ 304.087043][ T8764] __x64_sys_openat+0x174/0x210 [ 304.087091][ T8764] ? __pfx___x64_sys_openat+0x10/0x10 [ 304.087144][ T8764] ? rcu_is_watching+0x12/0xc0 [ 304.087187][ T8764] do_syscall_64+0xcd/0x230 [ 304.087227][ T8764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.087259][ T8764] RIP: 0033:0x7fa2fa18e969 [ 304.087283][ T8764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.087313][ T8764] RSP: 002b:00007fa2fafd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 304.087341][ T8764] RAX: ffffffffffffffda RBX: 00007fa2fa3b5fa0 RCX: 00007fa2fa18e969 [ 304.087362][ T8764] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 304.087383][ T8764] RBP: 00007fa2fa210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 304.087403][ T8764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.087422][ T8764] R13: 0000000000000000 R14: 00007fa2fa3b5fa0 R15: 00007ffc2a52f148 [ 304.087462][ T8764] [ 305.051026][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.666'. [ 305.101715][ T8774] netlink: 'syz.3.665': attribute type 1 has an invalid length. [ 306.063978][ T8790] FAULT_INJECTION: forcing a failure. [ 306.063978][ T8790] name failslab, interval 1, probability 0, space 0, times 0 [ 306.081528][ T8789] Invalid ELF header magic: != ELF [ 306.354883][ T8790] CPU: 1 UID: 0 PID: 8790 Comm: syz.2.669 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 306.354933][ T8790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 306.354953][ T8790] Call Trace: [ 306.354965][ T8790] [ 306.354977][ T8790] dump_stack_lvl+0x16c/0x1f0 [ 306.355023][ T8790] should_fail_ex+0x512/0x640 [ 306.355070][ T8790] ? __kmalloc_noprof+0xbf/0x510 [ 306.355110][ T8790] ? lsm_blob_alloc+0x68/0x90 [ 306.355157][ T8790] should_failslab+0xc2/0x120 [ 306.355197][ T8790] __kmalloc_noprof+0xd2/0x510 [ 306.355241][ T8790] lsm_blob_alloc+0x68/0x90 [ 306.355291][ T8790] security_sk_alloc+0x30/0x270 [ 306.355327][ T8790] sk_prot_alloc+0x1c7/0x2a0 [ 306.355370][ T8790] sk_alloc+0x36/0xc20 [ 306.355422][ T8790] __netlink_create+0x5e/0x2c0 [ 306.355468][ T8790] ? __wake_up+0x3f/0x60 [ 306.355505][ T8790] netlink_create+0x39e/0x620 [ 306.355552][ T8790] ? __pfx_genl_bind+0x10/0x10 [ 306.355587][ T8790] ? __pfx_genl_unbind+0x10/0x10 [ 306.355645][ T8790] ? __pfx_genl_release+0x10/0x10 [ 306.355695][ T8790] __sock_create+0x335/0x8d0 [ 306.355745][ T8790] __sys_socket+0x14d/0x260 [ 306.355789][ T8790] ? __pfx___sys_socket+0x10/0x10 [ 306.355834][ T8790] ? rcu_is_watching+0x12/0xc0 [ 306.355871][ T8790] __x64_sys_socket+0x72/0xb0 [ 306.355912][ T8790] ? lockdep_hardirqs_on+0x7c/0x110 [ 306.355949][ T8790] do_syscall_64+0xcd/0x230 [ 306.355992][ T8790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.356025][ T8790] RIP: 0033:0x7ff39d58e969 [ 306.356052][ T8790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.356085][ T8790] RSP: 002b:00007ff39e3a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 306.356117][ T8790] RAX: ffffffffffffffda RBX: 00007ff39d7b6160 RCX: 00007ff39d58e969 [ 306.356139][ T8790] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 306.356159][ T8790] RBP: 00007ff39d610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 306.356179][ T8790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.356199][ T8790] R13: 0000000000000000 R14: 00007ff39d7b6160 R15: 00007ffd992f6f08 [ 306.356243][ T8790] [ 306.631931][ T30] audit: type=1804 audit(4294967378.100:5): pid=8787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.669" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 306.716824][ T8782] sp0: Synchronizing with TNC [ 306.726363][ T8782] [U] è [ 307.466146][ T8805] FAULT_INJECTION: forcing a failure. [ 307.466146][ T8805] name failslab, interval 1, probability 0, space 0, times 0 [ 307.483421][ T8805] CPU: 1 UID: 0 PID: 8805 Comm: syz.3.673 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 307.483462][ T8805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 307.483481][ T8805] Call Trace: [ 307.483490][ T8805] [ 307.483502][ T8805] dump_stack_lvl+0x16c/0x1f0 [ 307.483544][ T8805] should_fail_ex+0x512/0x640 [ 307.483587][ T8805] ? __kmalloc_noprof+0xbf/0x510 [ 307.483624][ T8805] ? kobject_get_path+0xd2/0x2a0 [ 307.483661][ T8805] should_failslab+0xc2/0x120 [ 307.483698][ T8805] __kmalloc_noprof+0xd2/0x510 [ 307.483728][ T8805] ? kasan_quarantine_put+0x10a/0x240 [ 307.483766][ T8805] ? lockdep_hardirqs_on+0x7c/0x110 [ 307.483812][ T8805] kobject_get_path+0xd2/0x2a0 [ 307.483850][ T8805] ? input_devices_seq_show+0x719/0x1130 [ 307.483899][ T8805] input_devices_seq_show+0x8d/0x1130 [ 307.483944][ T8805] ? __pfx_input_devices_seq_show+0x10/0x10 [ 307.483982][ T8805] ? trace_kmalloc+0x2b/0xd0 [ 307.484030][ T8805] ? seq_list_start+0x9a/0xc0 [ 307.484074][ T8805] seq_read_iter+0xb18/0x12c0 [ 307.484143][ T8805] seq_read+0x39e/0x4e0 [ 307.484185][ T8805] ? __pfx_seq_read+0x10/0x10 [ 307.484237][ T8805] ? get_pid_task+0xfc/0x250 [ 307.484298][ T8805] ? __pfx_seq_read+0x10/0x10 [ 307.484342][ T8805] proc_reg_read+0x23d/0x330 [ 307.484372][ T8805] ? __pfx_proc_reg_read+0x10/0x10 [ 307.484406][ T8805] vfs_read+0x1de/0xc70 [ 307.484440][ T8805] ? __pfx___mutex_lock+0x10/0x10 [ 307.484479][ T8805] ? __pfx_vfs_read+0x10/0x10 [ 307.484517][ T8805] ? __fget_files+0x20e/0x3c0 [ 307.484578][ T8805] ksys_read+0x12a/0x240 [ 307.484606][ T8805] ? __pfx_ksys_read+0x10/0x10 [ 307.484632][ T8805] ? rcu_is_watching+0x12/0xc0 [ 307.484673][ T8805] do_syscall_64+0xcd/0x230 [ 307.484717][ T8805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.484749][ T8805] RIP: 0033:0x7f11a2d8e969 [ 307.484782][ T8805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.484812][ T8805] RSP: 002b:00007f11a3c70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 307.484842][ T8805] RAX: ffffffffffffffda RBX: 00007f11a2fb5fa0 RCX: 00007f11a2d8e969 [ 307.484863][ T8805] RDX: 000000000000fedf RSI: 0000200000000000 RDI: 0000000000000006 [ 307.484882][ T8805] RBP: 00007f11a3c70090 R08: 0000000000000000 R09: 0000000000000000 [ 307.484900][ T8805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.484918][ T8805] R13: 0000000000000000 R14: 00007f11a2fb5fa0 R15: 00007ffd1a105478 [ 307.484960][ T8805] [ 307.842664][ T8808] process 'syz.1.674' launched '/dev/fd/3/./file0' with NULL argv: empty string added [ 307.962722][ T8809] ip6_vti0: entered allmulticast mode [ 308.631976][ T8825] netlink: 'syz.3.679': attribute type 1 has an invalid length. [ 310.302938][ T8855] FAULT_INJECTION: forcing a failure. [ 310.302938][ T8855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.316381][ T8855] CPU: 1 UID: 0 PID: 8855 Comm: syz.0.686 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 310.316422][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 310.316440][ T8855] Call Trace: [ 310.316449][ T8855] [ 310.316460][ T8855] dump_stack_lvl+0x16c/0x1f0 [ 310.316502][ T8855] should_fail_ex+0x512/0x640 [ 310.316549][ T8855] _copy_from_iter+0x2a4/0x15b0 [ 310.316597][ T8855] ? __alloc_skb+0x200/0x380 [ 310.316645][ T8855] ? __pfx__copy_from_iter+0x10/0x10 [ 310.316691][ T8855] ? __lock_acquire+0xaa4/0x1ba0 [ 310.316740][ T8855] netlink_sendmsg+0x829/0xdd0 [ 310.316780][ T8855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.316827][ T8855] ____sys_sendmsg+0xa95/0xc70 [ 310.316865][ T8855] ? copy_msghdr_from_user+0x10a/0x160 [ 310.316894][ T8855] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.316951][ T8855] ___sys_sendmsg+0x134/0x1d0 [ 310.316983][ T8855] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.317062][ T8855] __sys_sendmsg+0x16d/0x220 [ 310.317092][ T8855] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.317132][ T8855] ? rcu_is_watching+0x12/0xc0 [ 310.317171][ T8855] do_syscall_64+0xcd/0x230 [ 310.317212][ T8855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.317242][ T8855] RIP: 0033:0x7fa2fa18e969 [ 310.317266][ T8855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.317296][ T8855] RSP: 002b:00007fa2fafd2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.317326][ T8855] RAX: ffffffffffffffda RBX: 00007fa2fa3b5fa0 RCX: 00007fa2fa18e969 [ 310.317354][ T8855] RDX: 00000000200000c0 RSI: 0000200000000200 RDI: 0000000000000003 [ 310.317374][ T8855] RBP: 00007fa2fafd2090 R08: 0000000000000000 R09: 0000000000000000 [ 310.317394][ T8855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.317413][ T8855] R13: 0000000000000000 R14: 00007fa2fa3b5fa0 R15: 00007ffc2a52f148 [ 310.317454][ T8855] [ 311.256883][ T8873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.688'. [ 312.548677][ T8885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.695'. [ 313.491951][ T8888] sp0: Synchronizing with TNC [ 313.553040][ T8891] [U] è [ 314.567685][ T8914] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[8914] [ 314.902655][ T8931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.702'. [ 317.209863][ T8948] sp0: Synchronizing with TNC [ 317.228642][ T8948] [U] è [ 318.033141][ T8960] sp0: Synchronizing with TNC [ 318.096577][ T8960] [U] è [ 318.886198][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.714'. [ 319.373482][ T8989] busy [ 322.407641][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.414107][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.761138][ T9021] sp0: Synchronizing with TNC [ 322.768243][ T9021] [U] è [ 323.410669][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.1.732'. [ 323.431778][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.1.732'. [ 323.994545][ T9044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'. [ 324.177684][ T5838] Bluetooth: hci1: unexpected subevent 0x01 length: 122 > 18 [ 324.239168][ T9034] sp0: Synchronizing with TNC [ 324.252873][ T9034] [U] è [ 325.884795][ T9064] sp0: Synchronizing with TNC [ 325.989273][ T9066] [U] è [ 326.408815][ T9071] sp0: Synchronizing with TNC [ 326.421206][ T9072] [U] è [ 327.043416][ T9081] sp0: Synchronizing with TNC [ 327.135895][ T9081] [U] è [ 327.870549][ T9108] netlink: 'syz.0.740': attribute type 1 has an invalid length. [ 329.072634][ T5838] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 330.119037][ T9139] sp0: Synchronizing with TNC [ 330.142177][ T9139] [U] è [ 330.324759][ T9148] FAULT_INJECTION: forcing a failure. [ 330.324759][ T9148] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.340168][ T9148] CPU: 1 UID: 0 PID: 9148 Comm: syz.3.748 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 330.340209][ T9148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 330.340225][ T9148] Call Trace: [ 330.340234][ T9148] [ 330.340245][ T9148] dump_stack_lvl+0x16c/0x1f0 [ 330.340285][ T9148] should_fail_ex+0x512/0x640 [ 330.340330][ T9148] _copy_from_iter+0x2a4/0x15b0 [ 330.340374][ T9148] ? __alloc_skb+0x200/0x380 [ 330.340419][ T9148] ? __pfx__copy_from_iter+0x10/0x10 [ 330.340464][ T9148] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 330.340493][ T9148] ? __lock_acquire+0xaa4/0x1ba0 [ 330.340539][ T9148] netlink_sendmsg+0x829/0xdd0 [ 330.340575][ T9148] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.340621][ T9148] ____sys_sendmsg+0xa95/0xc70 [ 330.340658][ T9148] ? copy_msghdr_from_user+0x10a/0x160 [ 330.340685][ T9148] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.340727][ T9148] ? __pfx__kstrtoull+0x10/0x10 [ 330.340765][ T9148] ___sys_sendmsg+0x134/0x1d0 [ 330.340792][ T9148] ? __pfx____sys_sendmsg+0x10/0x10 [ 330.340836][ T9148] ? find_held_lock+0x2b/0x80 [ 330.340886][ T9148] __sys_sendmmsg+0x200/0x420 [ 330.340916][ T9148] ? __pfx___sys_sendmmsg+0x10/0x10 [ 330.340951][ T9148] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 330.341001][ T9148] ? fput+0x70/0xf0 [ 330.341032][ T9148] ? ksys_write+0x1b9/0x240 [ 330.341057][ T9148] ? __pfx_ksys_write+0x10/0x10 [ 330.341081][ T9148] ? rcu_is_watching+0x12/0xc0 [ 330.341113][ T9148] __x64_sys_sendmmsg+0x9c/0x100 [ 330.341139][ T9148] ? lockdep_hardirqs_on+0x7c/0x110 [ 330.341206][ T9148] do_syscall_64+0xcd/0x230 [ 330.341245][ T9148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.341273][ T9148] RIP: 0033:0x7f11a2d8e969 [ 330.341296][ T9148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.341323][ T9148] RSP: 002b:00007f11a3c4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 330.341350][ T9148] RAX: ffffffffffffffda RBX: 00007f11a2fb6080 RCX: 00007f11a2d8e969 [ 330.341370][ T9148] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 330.341387][ T9148] RBP: 00007f11a3c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 330.341404][ T9148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.341420][ T9148] R13: 0000000000000000 R14: 00007f11a2fb6080 R15: 00007ffd1a105478 [ 330.341456][ T9148] [ 331.175212][ T9144] sp0: Synchronizing with TNC [ 331.289394][ T9147] [U] è [ 331.506333][ T9163] vhci_hcd: invalid port number 242 [ 331.529895][ T9163] vhci_hcd: default hub control req: f2ff vffff i00f2 l65535 [ 331.576495][ T9157] sp0: Synchronizing with TNC [ 331.684271][ T9157] [U] è [ 333.683580][ T9200] netlink: 28 bytes leftover after parsing attributes in process `syz.3.760'. [ 333.698962][ T9200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.760'. [ 334.532865][ T9202] netlink: 'syz.2.762': attribute type 1 has an invalid length. [ 335.352409][ T9216] netlink: 'syz.1.766': attribute type 1 has an invalid length. [ 336.453265][ T9237] FAULT_INJECTION: forcing a failure. [ 336.453265][ T9237] name failslab, interval 1, probability 0, space 0, times 0 [ 336.521258][ T9237] CPU: 0 UID: 0 PID: 9237 Comm: syz.1.769 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 336.521305][ T9237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 336.521324][ T9237] Call Trace: [ 336.521334][ T9237] [ 336.521347][ T9237] dump_stack_lvl+0x16c/0x1f0 [ 336.521389][ T9237] should_fail_ex+0x512/0x640 [ 336.521432][ T9237] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 336.521472][ T9237] should_failslab+0xc2/0x120 [ 336.521511][ T9237] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 336.521548][ T9237] ? __pmd_alloc+0xc3/0x870 [ 336.521599][ T9237] __pmd_alloc+0xc3/0x870 [ 336.521643][ T9237] ? find_held_lock+0x2b/0x80 [ 336.521676][ T9237] __handle_mm_fault+0x948/0x2a40 [ 336.521720][ T9237] ? __pfx___handle_mm_fault+0x10/0x10 [ 336.521785][ T9237] ? find_vma+0xbf/0x140 [ 336.521827][ T9237] ? __pfx_find_vma+0x10/0x10 [ 336.521874][ T9237] handle_mm_fault+0x3fe/0xad0 [ 336.521914][ T9237] do_user_addr_fault+0x7a6/0x1370 [ 336.521946][ T9237] ? __mutex_lock+0x1ca/0xb90 [ 336.521986][ T9237] ? rcu_is_watching+0x12/0xc0 [ 336.522018][ T9237] exc_page_fault+0x5c/0xc0 [ 336.522056][ T9237] asm_exc_page_fault+0x26/0x30 [ 336.522086][ T9237] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 336.522134][ T9237] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 336.522165][ T9237] RSP: 0018:ffffc9000bbf7c30 EFLAGS: 00050202 [ 336.522191][ T9237] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000000c [ 336.522210][ T9237] RDX: fffff5200177efa6 RSI: 0000000000000000 RDI: ffffc9000bbf7d28 [ 336.522230][ T9237] RBP: 000000000000000c R08: 0000000000000001 R09: fffff5200177efa6 [ 336.522250][ T9237] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 336.522268][ T9237] R13: ffffc9000bbf7d28 R14: ffff8880291f8180 R15: ffff888144f50130 [ 336.522313][ T9237] _copy_from_user+0x98/0xd0 [ 336.522362][ T9237] usbdev_ioctl+0x1ea0/0x4070 [ 336.522401][ T9237] ? __pfx_usbdev_ioctl+0x10/0x10 [ 336.522431][ T9237] ? do_vfs_ioctl+0x512/0x1990 [ 336.522475][ T9237] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 336.522548][ T9237] ? find_held_lock+0x2b/0x80 [ 336.522577][ T9237] ? hook_file_ioctl_common+0x145/0x410 [ 336.522621][ T9237] ? __fget_files+0x20e/0x3c0 [ 336.522677][ T9237] ? __pfx_usbdev_ioctl+0x10/0x10 [ 336.522709][ T9237] __x64_sys_ioctl+0x190/0x200 [ 336.522761][ T9237] do_syscall_64+0xcd/0x230 [ 336.522803][ T9237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.522835][ T9237] RIP: 0033:0x7fe297b8e969 [ 336.522859][ T9237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.522889][ T9237] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.522917][ T9237] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 336.522938][ T9237] RDX: 0000000000000000 RSI: 00000000c00c5512 RDI: 0000000000000003 [ 336.522957][ T9237] RBP: 00007fe2959f6090 R08: 0000000000000000 R09: 0000000000000000 [ 336.522977][ T9237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.522996][ T9237] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 336.523037][ T9237] [ 338.023606][ T9259] netlink: 28 bytes leftover after parsing attributes in process `syz.3.774'. [ 338.038064][ T9259] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'. [ 338.781453][ T9265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.776'. [ 341.340406][ T9287] sp0: Synchronizing with TNC [ 341.377043][ T9287] [U] è [ 342.606312][ T9299] sp0: Synchronizing with TNC [ 342.725488][ T9298] [U] è [ 343.418859][ T9322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.788'. [ 343.499678][ T9315] netlink: 'syz.0.790': attribute type 1 has an invalid length. [ 343.526729][ T9325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.789'. [ 346.146374][ T9353] Invalid ELF header magic: != ELF [ 346.211215][ T9350] FAULT_INJECTION: forcing a failure. [ 346.211215][ T9350] name failslab, interval 1, probability 0, space 0, times 0 [ 346.248569][ T9350] CPU: 0 UID: 0 PID: 9350 Comm: syz.2.796 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 346.248615][ T9350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 346.248634][ T9350] Call Trace: [ 346.248644][ T9350] [ 346.248655][ T9350] dump_stack_lvl+0x16c/0x1f0 [ 346.248698][ T9350] should_fail_ex+0x512/0x640 [ 346.248740][ T9350] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 346.248779][ T9350] should_failslab+0xc2/0x120 [ 346.248816][ T9350] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 346.248850][ T9350] ? trace_cap_capable+0x18d/0x200 [ 346.248878][ T9350] ? create_new_namespaces+0x30/0xad0 [ 346.248917][ T9350] create_new_namespaces+0x30/0xad0 [ 346.248960][ T9350] ? bpf_lsm_capable+0x9/0x10 [ 346.248990][ T9350] ? security_capable+0x7e/0x260 [ 346.249044][ T9350] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 346.249083][ T9350] ksys_unshare+0x45b/0xa40 [ 346.249127][ T9350] ? __pfx_ksys_unshare+0x10/0x10 [ 346.249169][ T9350] ? ksys_write+0x1b9/0x240 [ 346.249199][ T9350] ? rcu_is_watching+0x12/0xc0 [ 346.249236][ T9350] __x64_sys_unshare+0x31/0x40 [ 346.249278][ T9350] do_syscall_64+0xcd/0x230 [ 346.249319][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.249351][ T9350] RIP: 0033:0x7ff39d58e969 [ 346.249376][ T9350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.249406][ T9350] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 346.249436][ T9350] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 346.249455][ T9350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 346.249474][ T9350] RBP: 00007ff39e3e8090 R08: 0000000000000000 R09: 0000000000000000 [ 346.249493][ T9350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.249511][ T9350] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 346.249560][ T9350] [ 346.883147][ T9360] netlink: 'syz.3.800': attribute type 1 has an invalid length. [ 347.376766][ T9374] sp0: Synchronizing with TNC [ 347.437844][ T9374] [U] è [ 347.499252][ T9381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.802'. [ 348.274399][ T9388] FAULT_INJECTION: forcing a failure. [ 348.274399][ T9388] name failslab, interval 1, probability 0, space 0, times 0 [ 348.288435][ T9388] CPU: 1 UID: 0 PID: 9388 Comm: syz.2.805 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 348.288481][ T9388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 348.288502][ T9388] Call Trace: [ 348.288512][ T9388] [ 348.288525][ T9388] dump_stack_lvl+0x16c/0x1f0 [ 348.288580][ T9388] should_fail_ex+0x512/0x640 [ 348.288626][ T9388] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 348.288669][ T9388] should_failslab+0xc2/0x120 [ 348.288709][ T9388] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 348.288745][ T9388] ? security_file_alloc+0x34/0x2b0 [ 348.288792][ T9388] security_file_alloc+0x34/0x2b0 [ 348.288834][ T9388] init_file+0x93/0x4c0 [ 348.288872][ T9388] alloc_empty_file+0x73/0x1e0 [ 348.288914][ T9388] alloc_file_pseudo+0x13a/0x230 [ 348.288955][ T9388] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 348.288997][ T9388] ? alloc_fd+0x471/0x7d0 [ 348.289052][ T9388] __anon_inode_getfile+0xf7/0x370 [ 348.289111][ T9388] anon_inode_getfile_fmode+0x37/0xa0 [ 348.289162][ T9388] do_eventfd+0x19b/0x2c0 [ 348.289192][ T9388] ? rcu_is_watching+0x12/0xc0 [ 348.289224][ T9388] __x64_sys_eventfd+0x32/0x50 [ 348.289260][ T9388] do_syscall_64+0xcd/0x230 [ 348.289302][ T9388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.289335][ T9388] RIP: 0033:0x7ff39d58e969 [ 348.289361][ T9388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.289394][ T9388] RSP: 002b:00007ff39e3e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 348.289425][ T9388] RAX: ffffffffffffffda RBX: 00007ff39d7b5fa0 RCX: 00007ff39d58e969 [ 348.289448][ T9388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 348.289467][ T9388] RBP: 00007ff39d610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 348.289487][ T9388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.289506][ T9388] R13: 0000000000000000 R14: 00007ff39d7b5fa0 R15: 00007ffd992f6f08 [ 348.289635][ T9388] [ 348.596537][ T9389] netlink: 330 bytes leftover after parsing attributes in process `syz.1.804'. [ 348.836582][ T9402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.807'. [ 349.454327][ T9400] netlink: 'syz.2.808': attribute type 1 has an invalid length. [ 350.042629][ T9412] netlink: 'syz.2.810': attribute type 1 has an invalid length. [ 350.766551][ T9437] netlink: 4 bytes leftover after parsing attributes in process `syz.2.815'. [ 350.887095][ T9426] sp0: Synchronizing with TNC [ 350.938011][ T9426] [U] è [ 351.779799][ T9458] netlink: 4 bytes leftover after parsing attributes in process `syz.3.820'. [ 352.092228][ T5838] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 353.609007][ T9487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.828'. [ 354.273063][ T9482] netlink: 'syz.1.829': attribute type 1 has an invalid length. [ 354.298284][ T9480] sp0: Synchronizing with TNC [ 354.328761][ T9480] [U] è [ 354.459581][ T9485] netlink: 'syz.2.830': attribute type 1 has an invalid length. [ 354.642046][ T9500] netlink: 8 bytes leftover after parsing attributes in process `syz.0.831'. [ 354.740166][ T9500] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 354.755492][ T9497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.831'. [ 354.779501][ T9500] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 354.909821][ T9497] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 354.931104][ T9497] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 355.075576][ T9511] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f8ef8d43 pfn:0x78000 [ 355.092111][ T9511] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 355.105262][ T9511] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 355.119599][ T9511] raw: 00000007f8ef8d43 0000000000000000 0000000400000002 0000000000000000 [ 355.132947][ T9511] page dumped because: unmovable page [ 355.140851][ T9511] page_owner tracks the page as allocated [ 355.152020][ T9511] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 94761125329, free_ts 94533880024 [ 355.195533][ T9511] post_alloc_hook+0x181/0x1b0 [ 355.215268][ T9511] get_page_from_freelist+0x135c/0x3920 [ 355.232520][ T9511] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 355.273614][ T9511] alloc_pages_mpol+0x1fb/0x550 [ 355.283443][ T9511] alloc_pages_noprof+0x131/0x390 [ 355.305193][ T9511] __vmalloc_node_range_noprof+0x732/0x1540 [ 355.312759][ T9511] vmalloc_user_noprof+0x6b/0x90 [ 355.475234][ T9511] kcov_ioctl+0x4c/0x730 [ 355.481210][ T9511] __x64_sys_ioctl+0x190/0x200 [ 355.506973][ T9511] do_syscall_64+0xcd/0x230 [ 355.530754][ T9511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.562555][ T9511] page last free pid 5818 tgid 5818 stack trace: [ 355.589595][ T9511] free_unref_folios+0x999/0x1630 [ 355.599161][ T9511] folios_put_refs+0x56f/0x740 [ 355.604324][ T9511] free_pages_and_swap_cache+0x245/0x4a0 [ 355.610376][ T9511] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 355.618407][ T9511] tlb_finish_mmu+0x168/0x7b0 [ 355.623291][ T9511] vms_clear_ptes+0x55e/0x770 [ 355.630470][ T9511] vms_complete_munmap_vmas+0x1ca/0x970 [ 355.636358][ T9511] do_vmi_align_munmap+0x43b/0x7d0 [ 355.641636][ T9511] do_vmi_munmap+0x208/0x3e0 [ 355.646398][ T9511] __vm_munmap+0x19a/0x390 [ 355.651064][ T9511] __x64_sys_munmap+0x59/0x80 [ 355.657068][ T9511] do_syscall_64+0xcd/0x230 [ 355.661765][ T9511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.936958][ T30] audit: type=1800 audit(4294967323.510:6): pid=9530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.839" name="dbroot" dev="configfs" ino=21992 res=0 errno=0 [ 356.049205][ T9527] netlink: 'syz.0.837': attribute type 1 has an invalid length. [ 356.107843][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.838'. [ 357.537055][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.841'. [ 358.488128][ T30] audit: type=1800 audit(4294967326.060:7): pid=9568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.848" name="dbroot" dev="configfs" ino=22116 res=0 errno=0 [ 361.103378][ T9601] netlink: 'syz.2.852': attribute type 1 has an invalid length. [ 361.516836][ T9616] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'. [ 363.202762][ T9622] netlink: 'syz.2.856': attribute type 1 has an invalid length. [ 363.881230][ T9648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.862'. [ 365.492211][ T9677] QAT: failed to copy from user cfg_data. [ 365.714989][ T9683] QAT: failed to copy from user cfg_data. [ 365.721304][ T9683] FAULT_INJECTION: forcing a failure. [ 365.721304][ T9683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.737056][ T9683] CPU: 1 UID: 0 PID: 9683 Comm: syz.3.873 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 365.737100][ T9683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 365.737119][ T9683] Call Trace: [ 365.737129][ T9683] [ 365.737141][ T9683] dump_stack_lvl+0x16c/0x1f0 [ 365.737186][ T9683] should_fail_ex+0x512/0x640 [ 365.737237][ T9683] _copy_to_user+0x32/0xd0 [ 365.737288][ T9683] simple_read_from_buffer+0xcb/0x170 [ 365.737340][ T9683] proc_fail_nth_read+0x197/0x270 [ 365.737386][ T9683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.737443][ T9683] ? rw_verify_area+0xcf/0x680 [ 365.737488][ T9683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.737533][ T9683] vfs_read+0x1de/0xc70 [ 365.737567][ T9683] ? __pfx___mutex_lock+0x10/0x10 [ 365.737606][ T9683] ? __pfx_vfs_read+0x10/0x10 [ 365.737646][ T9683] ? __fget_files+0x20e/0x3c0 [ 365.737707][ T9683] ksys_read+0x12a/0x240 [ 365.737736][ T9683] ? __pfx_ksys_read+0x10/0x10 [ 365.737762][ T9683] ? rcu_is_watching+0x12/0xc0 [ 365.737803][ T9683] do_syscall_64+0xcd/0x230 [ 365.737846][ T9683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.737879][ T9683] RIP: 0033:0x7f11a2d8d37c [ 365.737904][ T9683] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 365.737936][ T9683] RSP: 002b:00007f11a3c70030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.737963][ T9683] RAX: ffffffffffffffda RBX: 00007f11a2fb5fa0 RCX: 00007f11a2d8d37c [ 365.737978][ T9683] RDX: 000000000000000f RSI: 00007f11a3c700a0 RDI: 0000000000000004 [ 365.737992][ T9683] RBP: 00007f11a3c70090 R08: 0000000000000000 R09: 0000000000000000 [ 365.738006][ T9683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.738019][ T9683] R13: 0000000000000000 R14: 00007f11a2fb5fa0 R15: 00007ffd1a105478 [ 365.738048][ T9683] [ 367.288440][ T9688] delete_channel: no stack [ 368.013380][ T9702] netlink: 'syz.0.878': attribute type 1 has an invalid length. [ 369.127327][ T9722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.882'. [ 370.343283][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.887'. [ 371.080436][ T9738] sp0: Synchronizing with TNC [ 371.210589][ T9738] [U] è [ 372.850730][ T9772] sp0: Synchronizing with TNC [ 372.861783][ T9772] [U] è [ 373.960280][ T9791] netlink: 'syz.3.897': attribute type 1 has an invalid length. [ 374.388506][ T9799] netlink: 28 bytes leftover after parsing attributes in process `syz.2.899'. [ 374.438086][ T9799] netlink: 4 bytes leftover after parsing attributes in process `syz.2.899'. [ 374.808348][ T9804] netlink: 'syz.1.900': attribute type 1 has an invalid length. [ 374.997014][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.902'. [ 375.798002][ T9821] [U]  [ 375.800912][ T9821] [U] [ 375.803686][ T9821] [U] [ 375.806571][ T9821] [U] [ 375.810183][ T9821] [U] [ 375.813011][ T9821] [U] [ 375.815877][ T9821] [U] [ 375.818735][ T9821] [U] [ 375.912073][ T9821] [U] [ 375.914852][ T9821] [U] [ 375.917729][ T9821] [U] [ 375.920513][ T9821] [U] [ 375.957892][ T9821] [U] [ 375.960733][ T9821] [U] [ 375.963597][ T9821] [U] [ 375.966383][ T9821] [U] [ 375.983129][ T9821] [U] [ 375.985956][ T9821] [U] [ 375.988897][ T9821] [U] [ 375.991930][ T9821] [U] [ 375.997102][ T9821] [U] [ 376.000046][ T9821] [U] [ 376.002998][ T9821] [U] [ 376.005850][ T9821] [U] [ 376.009779][ T9821] [U] [ 376.013542][ T9821] [U] [ 376.016620][ T9821] [U] [ 376.019490][ T9821] [U] [ 376.027527][ T9821] [U] [ 376.031532][ T9821] [U] [ 376.034599][ T9821] [U] [ 376.037907][ T9821] [U] [ 376.066050][ T9821] [U] [ 376.068871][ T9821] [U] [ 376.071645][ T9821] [U] [ 376.074792][ T9821] [U] [ 376.078557][ T9821] [U] [ 376.081354][ T9821] [U] [ 376.085658][ T9821] [U] [ 376.088685][ T9821] [U] [ 376.093198][ T9821] [U] [ 376.096241][ T9821] [U] [ 376.099367][ T9821] [U] [ 376.102216][ T9821] [U] [ 376.106289][ T9821] [U] [ 376.109088][ T9821] [U] [ 376.112462][ T9821] [U] [ 376.115369][ T9821] [U] [ 376.166908][ T9824] netlink: 'syz.2.905': attribute type 1 has an invalid length. [ 376.367065][ T9821] [U] [ 376.370763][ T9821] [U] [ 376.373773][ T9821] [U] [ 376.376645][ T9821] [U] [ 376.381302][ T9821] [U] [ 376.384532][ T9821] [U] [ 376.387911][ T9821] [U] [ 376.390822][ T9821] [U] [ 376.888636][ T9821] [U] [ 376.892495][ T9821] [U] [ 376.895416][ T9821] [U] [ 376.898664][ T9821] [U] [ 376.905769][ T9846] [U] [ 377.332267][ T9849] netlink: Conntrack attr has 16 unknown bytes [ 381.000577][ T9893] sp0: Synchronizing with TNC [ 381.006030][ T9895] [U] è [ 381.468712][ T9903] netlink: 'syz.1.923': attribute type 1 has an invalid length. [ 381.959926][ T9916] FAULT_INJECTION: forcing a failure. [ 381.959926][ T9916] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 381.997578][ T9916] CPU: 0 UID: 0 PID: 9916 Comm: syz.3.926 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 381.997622][ T9916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 381.997637][ T9916] Call Trace: [ 381.997645][ T9916] [ 381.997655][ T9916] dump_stack_lvl+0x16c/0x1f0 [ 381.997692][ T9916] should_fail_ex+0x512/0x640 [ 381.997733][ T9916] _copy_to_user+0x32/0xd0 [ 381.997774][ T9916] simple_read_from_buffer+0xcb/0x170 [ 381.997815][ T9916] proc_fail_nth_read+0x197/0x270 [ 381.997852][ T9916] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 381.997890][ T9916] ? rw_verify_area+0xcf/0x680 [ 381.997926][ T9916] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 381.997962][ T9916] vfs_read+0x1de/0xc70 [ 381.997989][ T9916] ? __pfx___mutex_lock+0x10/0x10 [ 381.998020][ T9916] ? __pfx_vfs_read+0x10/0x10 [ 381.998055][ T9916] ? __fget_files+0x20e/0x3c0 [ 381.998121][ T9916] ksys_read+0x12a/0x240 [ 381.998148][ T9916] ? __pfx_ksys_read+0x10/0x10 [ 381.998169][ T9916] ? syscall_user_dispatch+0x78/0x140 [ 381.998216][ T9916] do_syscall_64+0xcd/0x230 [ 381.998251][ T9916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.998278][ T9916] RIP: 0033:0x7f11a2d8d37c [ 381.998298][ T9916] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 381.998323][ T9916] RSP: 002b:00007f11a3c4f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 381.998347][ T9916] RAX: ffffffffffffffda RBX: 00007f11a2fb6080 RCX: 00007f11a2d8d37c [ 381.998364][ T9916] RDX: 000000000000000f RSI: 00007f11a3c4f0a0 RDI: 0000000000000004 [ 381.998426][ T9916] RBP: 00007f11a3c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 381.998441][ T9916] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 381.998457][ T9916] R13: 0000000000000000 R14: 00007f11a2fb6080 R15: 00007ffd1a105478 [ 381.998490][ T9916] [ 383.477440][ T9931] netlink: 146 bytes leftover after parsing attributes in process `syz.1.932'. [ 383.849740][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.859458][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.287438][ T9956] netlink: 'syz.3.936': attribute type 1 has an invalid length. [ 387.094542][ T9987] sp0: Synchronizing with TNC [ 387.195754][ T9987] [U] è [ 387.623541][ T9997] netlink: 'syz.2.947': attribute type 27 has an invalid length. [ 387.636752][ T9997] netlink: 334 bytes leftover after parsing attributes in process `syz.2.947'. [ 388.522817][T10018] netlink: 146 bytes leftover after parsing attributes in process `syz.2.954'. [ 388.552318][T10020] FAULT_INJECTION: forcing a failure. [ 388.552318][T10020] name failslab, interval 1, probability 0, space 0, times 0 [ 388.629065][T10020] CPU: 1 UID: 0 PID: 10020 Comm: syz.1.955 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 388.629108][T10020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 388.629125][T10020] Call Trace: [ 388.629134][T10020] [ 388.629146][T10020] dump_stack_lvl+0x16c/0x1f0 [ 388.629183][T10020] should_fail_ex+0x512/0x640 [ 388.629220][T10020] ? fs_reclaim_acquire+0xae/0x150 [ 388.629263][T10020] ? tomoyo_encode2+0x100/0x3e0 [ 388.629297][T10020] should_failslab+0xc2/0x120 [ 388.629330][T10020] __kmalloc_noprof+0xd2/0x510 [ 388.629359][T10020] ? d_absolute_path+0x136/0x1a0 [ 388.629397][T10020] tomoyo_encode2+0x100/0x3e0 [ 388.629438][T10020] tomoyo_encode+0x29/0x50 [ 388.629477][T10020] tomoyo_realpath_from_path+0x18f/0x6e0 [ 388.629526][T10020] tomoyo_path_number_perm+0x245/0x580 [ 388.629556][T10020] ? tomoyo_path_number_perm+0x237/0x580 [ 388.629590][T10020] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 388.629623][T10020] ? find_held_lock+0x2b/0x80 [ 388.629704][T10020] ? find_held_lock+0x2b/0x80 [ 388.629727][T10020] ? hook_file_ioctl_common+0x145/0x410 [ 388.629762][T10020] ? __fget_files+0x20e/0x3c0 [ 388.629808][T10020] security_file_ioctl+0x9b/0x240 [ 388.629842][T10020] __x64_sys_ioctl+0xb7/0x200 [ 388.629881][T10020] do_syscall_64+0xcd/0x230 [ 388.629919][T10020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.629945][T10020] RIP: 0033:0x7fe297b8e969 [ 388.629967][T10020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.629992][T10020] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 388.630017][T10020] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 388.630034][T10020] RDX: 0000200000000080 RSI: 0000000000002275 RDI: 0000000000000003 [ 388.630050][T10020] RBP: 00007fe2959f6090 R08: 0000000000000000 R09: 0000000000000000 [ 388.630066][T10020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.630081][T10020] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 388.630113][T10020] [ 388.630315][T10020] ERROR: Out of memory at tomoyo_realpath_from_path. [ 389.586096][T10038] sp0: Synchronizing with TNC [ 389.610255][T10038] [U] è [ 390.198055][T10035] sp0: Synchronizing with TNC [ 390.216667][T10035] [U] è [ 390.542800][T10050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.961'. [ 392.460639][T10060] sp0: Synchronizing with TNC [ 392.511233][T10060] [U] è [ 395.184776][T10093] sp0: Synchronizing with TNC [ 395.737425][T10108] netlink: 4 bytes leftover after parsing attributes in process `syz.2.973'. [ 395.796797][T10100] [U] è [ 396.893268][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.0.976'. [ 396.902703][T10120] ipvlan1: entered promiscuous mode [ 396.910966][T10120] ipvlan1: entered allmulticast mode [ 396.920090][T10120] veth0_vlan: entered allmulticast mode [ 397.072077][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.977'. [ 397.184411][T10128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.975'. [ 399.317057][T10135] sp0: Synchronizing with TNC [ 399.332556][T10143] [U] è [ 400.064154][T10149] FAULT_INJECTION: forcing a failure. [ 400.064154][T10149] name failslab, interval 1, probability 0, space 0, times 0 [ 400.121327][T10149] CPU: 0 UID: 0 PID: 10149 Comm: syz.0.984 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 400.121372][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 400.121390][T10149] Call Trace: [ 400.121399][T10149] [ 400.121411][T10149] dump_stack_lvl+0x16c/0x1f0 [ 400.121453][T10149] should_fail_ex+0x512/0x640 [ 400.121496][T10149] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 400.121536][T10149] should_failslab+0xc2/0x120 [ 400.121573][T10149] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 400.121609][T10149] ? __alloc_skb+0x2b2/0x380 [ 400.121661][T10149] __alloc_skb+0x2b2/0x380 [ 400.121707][T10149] ? __pfx___alloc_skb+0x10/0x10 [ 400.121755][T10149] ? __lock_acquire+0xaa4/0x1ba0 [ 400.121796][T10149] netlink_alloc_large_skb+0x69/0x130 [ 400.121833][T10149] netlink_sendmsg+0x6a1/0xdd0 [ 400.121871][T10149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.121919][T10149] ____sys_sendmsg+0xa95/0xc70 [ 400.121959][T10149] ? copy_msghdr_from_user+0x10a/0x160 [ 400.121988][T10149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.122033][T10149] ? kfree+0x252/0x4d0 [ 400.122083][T10149] ? __pfx__kstrtoull+0x10/0x10 [ 400.122122][T10149] ___sys_sendmsg+0x134/0x1d0 [ 400.122243][T10149] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.122320][T10149] ? __pfx___might_resched+0x10/0x10 [ 400.122368][T10149] __sys_sendmmsg+0x200/0x420 [ 400.122408][T10149] ? __pfx___sys_sendmmsg+0x10/0x10 [ 400.122457][T10149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 400.122524][T10149] ? fput+0x70/0xf0 [ 400.122564][T10149] ? ksys_write+0x1b9/0x240 [ 400.122593][T10149] ? __pfx_ksys_write+0x10/0x10 [ 400.122623][T10149] ? rcu_is_watching+0x12/0xc0 [ 400.122661][T10149] __x64_sys_sendmmsg+0x9c/0x100 [ 400.122696][T10149] ? lockdep_hardirqs_on+0x7c/0x110 [ 400.122735][T10149] do_syscall_64+0xcd/0x230 [ 400.122783][T10149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.122818][T10149] RIP: 0033:0x7fa2fa18e969 [ 400.122848][T10149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.122883][T10149] RSP: 002b:00007fa2fafb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 400.122917][T10149] RAX: ffffffffffffffda RBX: 00007fa2fa3b6080 RCX: 00007fa2fa18e969 [ 400.122942][T10149] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 400.122965][T10149] RBP: 00007fa2fafb1090 R08: 0000000000000000 R09: 0000000000000000 [ 400.122987][T10149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.123009][T10149] R13: 0000000000000000 R14: 00007fa2fa3b6080 R15: 00007ffc2a52f148 [ 400.123055][T10149] [ 400.810008][T10160] HfR: entered promiscuous mode [ 400.862714][T10160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.988'. [ 400.906290][T10160] HfR: left promiscuous mode [ 400.981126][T10165] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 402.116375][T10181] netlink: 4 bytes leftover after parsing attributes in process `syz.1.990'. [ 404.020146][T10196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.995'. [ 404.676003][T10186] sp0: Synchronizing with TNC [ 404.737236][T10186] [U] è [ 405.357623][T10207] netlink: 'syz.3.997': attribute type 1 has an invalid length. [ 406.771038][T10210] zswap: compressor not available [ 406.790300][T10229] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1002'. [ 406.826229][T10226] HfR: entered promiscuous mode [ 406.841709][T10229] HfR: left promiscuous mode [ 406.916534][T10226] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 408.149857][T10243] netlink: 'syz.0.1005': attribute type 1 has an invalid length. [ 408.256460][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1007'. [ 409.490960][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1008'. [ 410.854127][T10282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'. [ 411.331643][T10276] sp0: Synchronizing with TNC [ 411.404813][T10276] [U] è [ 412.189163][T10286] sp0: Synchronizing with TNC [ 412.269939][T10286] [U] è [ 413.472483][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1021'. [ 414.608367][T10317] netlink: 'syz.0.1023': attribute type 1 has an invalid length. [ 414.746832][T10331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1024'. [ 415.245185][T10330] sp0: Synchronizing with TNC [ 415.268563][T10330] [U] è [ 415.412434][T10340] netlink: 'syz.0.1027': attribute type 1 has an invalid length. [ 416.155284][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'. [ 416.319247][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'. [ 418.048629][T10373] sp0: Synchronizing with TNC [ 418.094575][T10373] [U] è [ 418.477189][T10388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1045'. [ 419.882337][T10385] sp0: Synchronizing with TNC [ 419.990309][T10385] [U] è [ 420.545343][T10397] sp0: Synchronizing with TNC [ 420.591092][T10397] [U] è [ 423.198963][T10442] sp0: Synchronizing with TNC [ 423.223478][T10442] [U] è [ 424.166566][T10463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1057'. [ 425.422049][T10478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1062'. [ 426.285861][T10479] sp0: Synchronizing with TNC [ 426.305133][T10479] [U] è [ 427.055462][T10490] netlink: 'syz.0.1067': attribute type 1 has an invalid length. [ 427.194760][T10503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1068'. [ 429.509544][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1077'. [ 430.783968][T10531] sp0: Synchronizing with TNC [ 431.111731][T10531] [U] è [ 432.044032][T10572] netlink: 'syz.2.1084': attribute type 1 has an invalid length. [ 432.092026][T10577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1085'. [ 432.107687][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1086'. [ 433.438464][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1087'. [ 434.794802][T10606] sp0: Synchronizing with TNC [ 434.827196][T10606] [U] è [ 435.455861][T10605] sp0: Synchronizing with TNC [ 435.513294][T10605] [U] è [ 436.090591][T10630] netlink: 'syz.3.1098': attribute type 1 has an invalid length. [ 436.554686][T10645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1099'. [ 438.591554][T10670] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[10670] [ 438.665377][T10670] FAULT_INJECTION: forcing a failure. [ 438.665377][T10670] name fail_futex, interval 1, probability 0, space 0, times 1 [ 438.825767][T10670] CPU: 1 UID: 0 PID: 10670 Comm: syz.3.1107 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 438.825803][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 438.825817][T10670] Call Trace: [ 438.825825][T10670] [ 438.825835][T10670] dump_stack_lvl+0x16c/0x1f0 [ 438.825868][T10670] should_fail_ex+0x512/0x640 [ 438.825905][T10670] get_futex_key+0x49e/0x1000 [ 438.825927][T10670] ? __kasan_slab_free+0x51/0x70 [ 438.825954][T10670] ? task_work_run+0x14d/0x240 [ 438.825990][T10670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.826029][T10670] ? __pfx_get_futex_key+0x10/0x10 [ 438.826061][T10670] futex_wake+0xe7/0x4e0 [ 438.826107][T10670] ? __pfx_futex_wake+0x10/0x10 [ 438.826149][T10670] do_futex+0x1e3/0x350 [ 438.826174][T10670] ? __pfx_do_futex+0x10/0x10 [ 438.826201][T10670] ? __pfx___might_resched+0x10/0x10 [ 438.826229][T10670] __x64_sys_futex+0x1e0/0x4c0 [ 438.826258][T10670] ? __pfx___x64_sys_futex+0x10/0x10 [ 438.826284][T10670] ? rcu_is_watching+0x12/0xc0 [ 438.826319][T10670] do_syscall_64+0xcd/0x230 [ 438.826351][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.826373][T10670] RIP: 0033:0x7f11a2d8e969 [ 438.826391][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.826414][T10670] RSP: 002b:00007f11a3c700e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 438.826436][T10670] RAX: ffffffffffffffda RBX: 00007f11a2fb5fa8 RCX: 00007f11a2d8e969 [ 438.826451][T10670] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11a2fb5fac [ 438.826465][T10670] RBP: 00007f11a2fb5fa0 R08: 00007f11a3c71000 R09: 0000000000000000 [ 438.826479][T10670] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f11a2fb5fac [ 438.826494][T10670] R13: 0000000000000000 R14: 00007ffd1a105390 R15: 00007ffd1a105478 [ 438.826522][T10670] [ 439.294952][T10679] netlink: 'syz.3.1110': attribute type 1 has an invalid length. [ 439.748497][T10668] sp0: Synchronizing with TNC [ 439.825802][T10668] [U] è [ 441.452436][T10715] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1116'. [ 441.672866][T10708] can: request_module (can-proto-3) failed. [ 442.130413][T10727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1117'. [ 442.842596][T10742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1120'. [ 443.998651][T10752] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1123'. [ 444.047821][T10753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1122'. [ 444.768170][T10737] sp0: Synchronizing with TNC [ 444.841338][T10737] [U] è [ 445.293735][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.301087][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.147657][T10762] sp0: Synchronizing with TNC [ 447.297745][T10762] [U] è [ 452.436938][T10838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1141'. [ 454.598988][T10863] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1148'. [ 456.132355][T10900] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1157'. [ 456.319890][T10902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1158'. [ 457.533898][T10891] sp0: Synchronizing with TNC [ 457.715444][T10891] [U] è [ 460.036466][T10944] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1168'. [ 461.057120][T10954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1169'. [ 461.995586][T10963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1171'. [ 462.083457][T10963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1171'. [ 462.653306][T10976] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1173'. [ 462.722504][T10978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1173'. [ 463.442242][T10974] FAULT_INJECTION: forcing a failure. [ 463.442242][T10974] name fail_futex, interval 1, probability 0, space 0, times 0 [ 463.442297][T10974] CPU: 1 UID: 0 PID: 10974 Comm: syz.3.1172 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 463.442342][T10974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 463.442364][T10974] Call Trace: [ 463.442375][T10974] [ 463.442388][T10974] dump_stack_lvl+0x16c/0x1f0 [ 463.442435][T10974] should_fail_ex+0x512/0x640 [ 463.442513][T10974] get_futex_key+0x49e/0x1000 [ 463.442555][T10974] ? __pfx_get_futex_key+0x10/0x10 [ 463.442632][T10974] ? find_held_lock+0x2b/0x80 [ 463.442681][T10974] futex_wait_setup+0x78/0x290 [ 463.442768][T10974] __futex_wait+0x266/0x3c0 [ 463.442813][T10974] ? __pfx___futex_wait+0x10/0x10 [ 463.442864][T10974] ? __pfx_futex_wake_mark+0x10/0x10 [ 463.442926][T10974] futex_wait+0xe8/0x380 [ 463.442968][T10974] ? __pfx_futex_wait+0x10/0x10 [ 463.443018][T10974] ? percpu_counter_add_batch+0xb8/0x1f0 [ 463.443058][T10974] ? errseq_sample+0x53/0x70 [ 463.443106][T10974] ? file_init_path+0x4fe/0x760 [ 463.443153][T10974] do_futex+0x229/0x350 [ 463.443187][T10974] ? __pfx_do_futex+0x10/0x10 [ 463.443222][T10974] ? fd_install+0x225/0x750 [ 463.443280][T10974] __x64_sys_futex+0x1e0/0x4c0 [ 463.443320][T10974] ? __pfx___x64_sys_futex+0x10/0x10 [ 463.443354][T10974] ? rcu_is_watching+0x12/0xc0 [ 463.443392][T10974] do_syscall_64+0xcd/0x230 [ 463.443435][T10974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.443469][T10974] RIP: 0033:0x7f11a2d8e969 [ 463.443497][T10974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.443528][T10974] RSP: 002b:00007f11a3c4f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 463.443559][T10974] RAX: ffffffffffffffda RBX: 00007f11a2fb6088 RCX: 00007f11a2d8e969 [ 463.443589][T10974] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f11a2fb6088 [ 463.443610][T10974] RBP: 00007f11a2fb6080 R08: 0000000000000000 R09: 0000000000000000 [ 463.443629][T10974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11a2fb608c [ 463.443649][T10974] R13: 0000000000000000 R14: 00007ffd1a105390 R15: 00007ffd1a105478 [ 463.443692][T10974] [ 464.524999][T10988] tty tty12: ldisc open failed (-12), clearing slot 11 [ 465.430015][T11019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1182'. [ 465.524721][T11021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1183'. [ 465.600917][T11021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1183'. [ 467.985656][T11047] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1187'. [ 468.019267][T11047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1187'. [ 468.370177][T11033] sp0: Synchronizing with TNC [ 468.508403][T11033] [U] è [ 469.973255][T11081] FAULT_INJECTION: forcing a failure. [ 469.973255][T11081] name failslab, interval 1, probability 0, space 0, times 0 [ 469.994774][T11081] CPU: 0 UID: 0 PID: 11081 Comm: syz.1.1197 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 469.994828][T11081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 469.994846][T11081] Call Trace: [ 469.994856][T11081] [ 469.994870][T11081] dump_stack_lvl+0x16c/0x1f0 [ 469.994915][T11081] should_fail_ex+0x512/0x640 [ 469.994960][T11081] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 469.994999][T11081] ? __pfx_filemap_map_pages+0x10/0x10 [ 469.995040][T11081] should_failslab+0xc2/0x120 [ 469.995077][T11081] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 469.995121][T11081] ? ptlock_alloc+0x1f/0x70 [ 469.995152][T11081] ? __pfx_filemap_map_pages+0x10/0x10 [ 469.995189][T11081] ptlock_alloc+0x1f/0x70 [ 469.995218][T11081] pte_alloc_one+0x6d/0x380 [ 469.995254][T11081] __do_fault+0x320/0x490 [ 469.995297][T11081] ? __pfx_filemap_map_pages+0x10/0x10 [ 469.995335][T11081] do_pte_missing+0x1a6/0x3fb0 [ 469.995367][T11081] ? do_raw_spin_unlock+0x172/0x230 [ 469.995417][T11081] ? __pmd_alloc+0x3c2/0x870 [ 469.995457][T11081] ? find_held_lock+0x2b/0x80 [ 469.995490][T11081] __handle_mm_fault+0x103d/0x2a40 [ 469.995535][T11081] ? __pfx___handle_mm_fault+0x10/0x10 [ 469.995592][T11081] ? find_vma+0xbf/0x140 [ 469.995635][T11081] ? __pfx_find_vma+0x10/0x10 [ 469.995680][T11081] handle_mm_fault+0x3fe/0xad0 [ 469.995719][T11081] do_user_addr_fault+0x7a6/0x1370 [ 469.995775][T11081] ? rcu_is_watching+0x12/0xc0 [ 469.995815][T11081] exc_page_fault+0x5c/0xc0 [ 469.995859][T11081] asm_exc_page_fault+0x26/0x30 [ 469.995890][T11081] RIP: 0010:__put_user_4+0xd/0x20 [ 469.995942][T11081] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 [ 469.995971][T11081] RSP: 0018:ffffc90018f97dd8 EFLAGS: 00050206 [ 469.995998][T11081] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000005 [ 469.996017][T11081] RDX: ffff88807b3e5a00 RSI: ffffffff8909ee55 RDI: ffffffff8bf467e0 [ 469.996039][T11081] RBP: 0000000000000005 R08: 6e3da4e5b782f7c8 R09: 0000000000000001 [ 469.996058][T11081] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920031f2fc3 [ 469.996078][T11081] R13: 0000000080044df9 R14: ffff888034749dc0 R15: 0000000000000003 [ 469.996119][T11081] ? snd_pcm_oss_ioctl+0x13c5/0x37a0 [ 469.996167][T11081] snd_pcm_oss_ioctl+0x13d2/0x37a0 [ 469.996210][T11081] ? find_held_lock+0x2b/0x80 [ 469.996238][T11081] ? hook_file_ioctl_common+0x145/0x410 [ 469.996272][T11081] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 469.996315][T11081] ? __fget_files+0x20e/0x3c0 [ 469.996367][T11081] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 469.996407][T11081] __x64_sys_ioctl+0x190/0x200 [ 469.996450][T11081] do_syscall_64+0xcd/0x230 [ 469.996488][T11081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.996516][T11081] RIP: 0033:0x7fe297b8e969 [ 469.996539][T11081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.996567][T11081] RSP: 002b:00007fe2959f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.996592][T11081] RAX: ffffffffffffffda RBX: 00007fe297db5fa0 RCX: 00007fe297b8e969 [ 469.996612][T11081] RDX: 0000000000000005 RSI: 0000000080044df9 RDI: 0000000000000003 [ 469.996628][T11081] RBP: 00007fe2959f6090 R08: 0000000000000000 R09: 0000000000000000 [ 469.996646][T11081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 469.996663][T11081] R13: 0000000000000000 R14: 00007fe297db5fa0 R15: 00007ffce5b96da8 [ 469.996702][T11081] [ 471.270441][T11097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1199'. [ 471.302242][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1199'. [ 473.347967][T11130] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1209'. [ 473.490499][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1209'. [ 474.607500][T11135] usb usb34: usbfs: process 11135 (syz.1.1210) did not claim interface 0 before use [ 476.676473][T11180] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1223'. [ 476.789467][T11182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1223'. [ 478.840766][T11203] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 478.871804][T11201] BUG: unable to handle page fault for address: ffffc9001826c6e8 [ 478.882997][T11201] #PF: supervisor write access in kernel mode [ 478.893738][T11201] #PF: error_code(0x0002) - not-present page [ 478.900921][T11201] PGD 1b400067 P4D 1b400067 PUD 1c2ff067 PMD 64633067 PTE 0 [ 478.910322][T11201] Oops: Oops: 0002 [#1] SMP KASAN PTI [ 478.917252][T11201] CPU: 0 UID: 0 PID: 11201 Comm: syz.3.1228 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 478.925416][T11203] FAULT_INJECTION: forcing a failure. [ 478.925416][T11203] name failslab, interval 1, probability 0, space 0, times 0 [ 478.931750][T11201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 478.931776][T11201] RIP: 0010:memset_orig+0x46/0xb0 [ 478.956048][T11203] CPU: 1 UID: 0 PID: 11203 Comm: syz.0.1229 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full) [ 478.956104][T11203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 478.956128][T11203] Call Trace: [ 478.956138][T11203] [ 478.956150][T11203] dump_stack_lvl+0x16c/0x1f0 [ 478.956199][T11203] should_fail_ex+0x512/0x640 [ 478.956252][T11203] should_failslab+0xc2/0x120 [ 478.956295][T11203] __kmalloc_cache_noprof+0x6a/0x3e0 [ 478.956352][T11203] ? hub_ext_port_status+0x5e/0x670 [ 478.956408][T11203] ? usb_control_msg+0xbc/0x4a0 [ 478.956457][T11203] usb_control_msg+0xbc/0x4a0 [ 478.956495][T11203] ? __pfx_usb_control_msg+0x10/0x10 [ 478.956533][T11203] ? __pfx_process_timeout+0x10/0x10 [ 478.956570][T11203] hub_ext_port_status+0x14e/0x670 [ 478.956634][T11203] hub_activate+0x6e5/0x1be0 [ 478.956676][T11203] ? __pfx_hub_activate+0x10/0x10 [ 478.956711][T11203] ? usb_generic_driver_resume+0x70/0xa0 [ 478.956749][T11203] ? init_srcu_struct_nodes+0xc70/0x1060 [ 478.956797][T11203] ? lock_release+0x201/0x2f0 [ 478.956839][T11203] ? usbfs_notify_resume+0x25/0xf0 [ 478.956877][T11203] hub_resume+0xa8/0x3f0 [ 478.956913][T11203] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 478.956962][T11203] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 478.957009][T11203] ? __pfx_hub_resume+0x10/0x10 [ 478.957046][T11203] ? __pfx_hcd_bus_resume+0x10/0x10 [ 478.957105][T11203] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 478.957159][T11203] usb_resume_both+0x273/0x800 [ 478.957207][T11203] ? __pfx_usb_resume_both+0x10/0x10 [ 478.957254][T11203] ? __rpm_callback+0x1e2/0x610 [ 478.957299][T11203] ? __pfx_usb_runtime_resume+0x10/0x10 [ 478.957359][T11203] ? rcu_is_watching+0x12/0xc0 [ 478.957391][T11203] ? __pfx_usb_runtime_resume+0x10/0x10 [ 478.957456][T11203] __rpm_callback+0xc5/0x610 [ 478.957489][T11203] ? rcu_is_watching+0x12/0xc0 [ 478.957521][T11203] ? __pfx_usb_runtime_resume+0x10/0x10 [ 478.957577][T11203] rpm_callback+0x1b7/0x200 [ 478.957610][T11203] ? __pfx_usb_runtime_resume+0x10/0x10 [ 478.957666][T11203] rpm_resume+0xd0a/0x1310 [ 478.957698][T11203] ? trace_contention_end+0x111/0x130 [ 478.957749][T11203] ? __pfx_rpm_resume+0x10/0x10 [ 478.957782][T11203] ? do_raw_spin_lock+0x12c/0x2b0 [ 478.957834][T11203] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 478.957886][T11203] ? lock_acquire+0x2cd/0x350 [ 478.957936][T11203] __pm_runtime_resume+0xb6/0x170 [ 478.957973][T11203] usb_autoresume_device+0x23/0xe0 [ 478.958028][T11203] usbdev_open+0x228/0x8b0 [ 478.958082][T11203] ? do_raw_spin_lock+0x12c/0x2b0 [ 478.958134][T11203] ? __pfx_usbdev_open+0x10/0x10 [ 478.958186][T11203] ? chrdev_open+0x58c/0x6a0 [ 478.958221][T11203] ? lock_release+0x201/0x2f0 [ 478.958266][T11203] ? __pfx_usbdev_open+0x10/0x10 [ 478.958318][T11203] chrdev_open+0x231/0x6a0 [ 478.958354][T11203] ? __pfx_chrdev_open+0x10/0x10 [ 478.958392][T11203] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 478.958458][T11203] do_dentry_open+0x741/0x1c10 [ 478.958493][T11203] ? __pfx_chrdev_open+0x10/0x10 [ 478.958533][T11203] vfs_open+0x82/0x3f0 [ 478.958578][T11203] path_openat+0x1e5e/0x2d40 [ 478.958618][T11203] ? __pfx_path_openat+0x10/0x10 [ 478.958656][T11203] do_filp_open+0x20b/0x470 [ 478.958687][T11203] ? __pfx_do_filp_open+0x10/0x10 [ 478.958734][T11203] ? alloc_fd+0x471/0x7d0 [ 478.958811][T11203] do_sys_openat2+0x11b/0x1d0 [ 478.958858][T11203] ? __pfx_do_sys_openat2+0x10/0x10 [ 478.958914][T11203] __x64_sys_openat+0x174/0x210 [ 478.958964][T11203] ? __pfx___x64_sys_openat+0x10/0x10 [ 478.959015][T11203] ? rcu_is_watching+0x12/0xc0 [ 478.959047][T11203] ? rcu_is_watching+0x12/0xc0 [ 478.959083][T11203] do_syscall_64+0xcd/0x230 [ 478.959130][T11203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.959168][T11203] RIP: 0033:0x7fa2fa18e969 [ 478.959199][T11203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.959237][T11203] RSP: 002b:00007fa2fafd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 478.959276][T11203] RAX: ffffffffffffffda RBX: 00007fa2fa3b5fa0 RCX: 00007fa2fa18e969 [ 478.959301][T11203] RDX: 000000000002ab01 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 478.959325][T11203] RBP: 00007fa2fa210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 478.959348][T11203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.959371][T11203] R13: 0000000000000000 R14: 00007fa2fa3b5fa0 R15: 00007ffc2a52f148 [ 478.959406][T11203] [ 478.965139][T11203] hub 36-0:1.0: hub_ext_port_status failed (err = -12) [ 478.966379][T11201] Code: 75 74 48 89 d1 48 c1 e9 06 74 39 66 0f 1f 84 00 00 00 00 00 48 ff c9 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 <48> 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d8 0f 1f 84 00 [ 479.543239][T11201] RSP: 0018:ffffc9001921fa60 EFLAGS: 00010202 [ 479.550165][T11201] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000006da4 [ 479.558690][T11201] RDX: 0000000000200000 RSI: 0000000000000000 RDI: ffffc9001826c6c0 [ 479.567418][T11201] RBP: 0000000000200000 R08: 0000000000000001 R09: 0000000000000000 [ 479.576820][T11201] R10: ffffc90018223000 R11: 0000000000000000 R12: 0000000000100000 [ 479.586206][T11201] R13: ffffc90018223000 R14: ffffffff8cb35e9c R15: 000000000000001c [ 479.595273][T11201] FS: 00007f11a3c4f6c0(0000) GS:ffff8881249ef000(0000) knlGS:0000000000000000 [ 479.604875][T11201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 479.612880][T11201] CR2: ffffc9001826c6e8 CR3: 000000001b5e4000 CR4: 00000000003526f0 [ 479.621406][T11201] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 479.629955][T11201] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 479.638677][T11201] Call Trace: [ 479.642255][T11201] [ 479.645403][T11201] snd_pcm_format_set_silence+0x211/0x340 [ 479.651912][T11201] snd_pcm_oss_change_params_locked+0x1eb4/0x3b40 [ 479.659026][T11201] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 479.666280][T11201] ? __pfx___futex_wait+0x10/0x10 [ 479.671403][T11201] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 479.679249][T11201] snd_pcm_oss_read+0x39b/0x760 [ 479.684843][T11201] ? security_file_permission+0x71/0x210 [ 479.690645][T11201] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 479.696081][T11201] vfs_read+0x1de/0xc70 [ 479.700824][T11201] ? __pfx_vfs_read+0x10/0x10 [ 479.706083][T11201] ? find_held_lock+0x2b/0x80 [ 479.710985][T11201] ? __fget_files+0x204/0x3c0 [ 479.716064][T11201] ? __fget_files+0x20e/0x3c0 [ 479.721275][T11201] ksys_read+0x12a/0x240 [ 479.726395][T11201] ? __pfx_ksys_read+0x10/0x10 [ 479.731516][T11201] ? rcu_is_watching+0x12/0xc0 [ 479.737427][T11201] do_syscall_64+0xcd/0x230 [ 479.742469][T11201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.748947][T11201] RIP: 0033:0x7f11a2d8e969 [ 479.754221][T11201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.775739][T11201] RSP: 002b:00007f11a3c4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 479.785761][T11201] RAX: ffffffffffffffda RBX: 00007f11a2fb6080 RCX: 00007f11a2d8e969 [ 479.795156][T11201] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000005 [ 479.804643][T11201] RBP: 00007f11a2e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 479.812730][T11201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.821156][T11201] R13: 0000000000000000 R14: 00007f11a2fb6080 R15: 00007ffd1a105478 [ 479.829660][T11201] [ 479.832731][T11201] Modules linked in: [ 479.836839][T11201] CR2: ffffc9001826c6e8 [ 479.841297][T11201] ---[ end trace 0000000000000000 ]--- [ 479.846956][T11201] RIP: 0010:memset_orig+0x46/0xb0 [ 479.852814][T11201] Code: 75 74 48 89 d1 48 c1 e9 06 74 39 66 0f 1f 84 00 00 00 00 00 48 ff c9 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 <48> 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d8 0f 1f 84 00 [ 479.876253][T11201] RSP: 0018:ffffc9001921fa60 EFLAGS: 00010202 [ 479.884299][T11201] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000006da4 [ 479.893631][T11201] RDX: 0000000000200000 RSI: 0000000000000000 RDI: ffffc9001826c6c0 [ 479.901913][T11201] RBP: 0000000000200000 R08: 0000000000000001 R09: 0000000000000000 [ 479.910412][T11201] R10: ffffc90018223000 R11: 0000000000000000 R12: 0000000000100000 [ 479.919157][T11201] R13: ffffc90018223000 R14: ffffffff8cb35e9c R15: 000000000000001c [ 479.927526][T11201] FS: 00007f11a3c4f6c0(0000) GS:ffff8881249ef000(0000) knlGS:0000000000000000 [ 479.936695][T11201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 479.944210][T11201] CR2: ffffc9001826c6e8 CR3: 000000001b5e4000 CR4: 00000000003526f0 [ 479.952811][T11201] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 479.961038][T11201] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 479.969523][T11201] Kernel panic - not syncing: Fatal exception [ 479.976299][T11201] Kernel Offset: disabled [ 479.981373][T11201] Rebooting in 86400 seconds..