last executing test programs: 3.302840062s ago: executing program 1 (id=2993): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r0 = set_tid_address$auto(0x0) r1 = syz_open_procfs$namespace(r0, &(0x7f0000000080)) getdents$auto(r1, 0x0, 0x3f1) getdents$auto(r1, 0x0, 0xa2b0) 2.478854831s ago: executing program 1 (id=3000): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') 1.896693134s ago: executing program 1 (id=3004): r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) lseek$auto(0xffffffffffffffff, 0x80, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0xee8c, 0x4) 1.336486775s ago: executing program 1 (id=3011): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) eventfd$auto(0x7) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1aa57c94, 0x95, 0x5, 0x100000003, 0x8475, 0x6, 0x1, 0x9, 0xec, 0x2, 0x8, 0x8, 0x200, 0x7]}, 0x0) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) 1.146656094s ago: executing program 3 (id=3015): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)='S', 0x7}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) 1.11240714s ago: executing program 0 (id=3016): sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x3000000, 0x0, 0x1}, 0x8010) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0x1, 0x0, 0x20, 0x3}, 0x5b3}, 0x200, 0x101) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x1fe, 0x8, 0x0) 990.267207ms ago: executing program 0 (id=3018): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x301, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) 943.192171ms ago: executing program 3 (id=3019): socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x88, 0x20000001, 0xfffffffffffffffe, 0x0) 870.173243ms ago: executing program 2 (id=3020): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS1\x00', 0x101e81, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r1, 0x0, 0xfff) ioctl$auto_TCFLSH2(r0, 0x5408, 0x0) 839.08979ms ago: executing program 0 (id=3021): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 697.145655ms ago: executing program 3 (id=3022): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x1000000000004}, 0x2bc) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) io_uring_register$auto(0x2, 0x1a, &(0x7f00000000c0), 0x1) 533.464977ms ago: executing program 2 (id=3023): socket(0x15, 0x5, 0x0) eventfd$auto(0x7) open(&(0x7f0000004080)='./file0\x00', 0x40, 0x23) socket(0x2, 0x3, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x0, 0x22, 0xfffffffffffffffe, 0x0) 500.724971ms ago: executing program 3 (id=3024): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES32, @ANYRES32, @ANYRES64, @ANYRES32], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f0000000080)={&(0x7f0000000040), 0x200}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) 446.935362ms ago: executing program 0 (id=3025): open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) socket(0x2, 0x5, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) socket(0x2, 0x2, 0x1) socket(0x25, 0x5, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) 392.552044ms ago: executing program 2 (id=3026): socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a0000000800", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 334.329911ms ago: executing program 3 (id=3027): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100"], 0x24}, 0x1, 0x0, 0x0, 0x2c0080c0}, 0x80) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x8, 0x4008) 307.366893ms ago: executing program 0 (id=3028): mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/kvm/irq_exits\x00', 0x22002, 0x0) read$auto(0x3, 0x0, 0x1f40) write$auto(0x3, 0x0, 0x3f00) 265.862374ms ago: executing program 1 (id=3029): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8000, 0x0) 237.461833ms ago: executing program 2 (id=3030): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x1, 0xb, 0xfffffffffffffffc, 0x0) 134.010799ms ago: executing program 2 (id=3031): r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0) ioctl$auto_IMDELTIMER(r0, 0x80044941, &(0x7f0000000100)=0x6) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x8040, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x20a000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x10000000001000, 0x0) 129.560195ms ago: executing program 0 (id=3032): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, 0x0, 0xe) 109.870111ms ago: executing program 3 (id=3033): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2b, 0x1, 0x1) pipe2$auto(0x0, 0x80) r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$auto(r0, 0x11, 0x64, 0x0, 0x7) 164.034µs ago: executing program 2 (id=3034): mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x8) 0s ago: executing program 1 (id=3035): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r0) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000008000300"/18, @ANYRES32=0x0, @ANYBLOB="080001"], 0x24}, 0x1, 0x0, 0x0, 0x4000c00}, 0x4000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.165' (ED25519) to the list of known hosts. [ 92.703607][ T5821] cgroup: Unknown subsys name 'net' [ 92.878981][ T5821] cgroup: Unknown subsys name 'cpuset' [ 92.888976][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.660292][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.946085][ T9] cfg80211: failed to load regulatory.db [ 97.105008][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.113669][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.121893][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.144447][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.152280][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.160773][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.169610][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.177823][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.179680][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.186600][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.199728][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.200218][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.209636][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.216866][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.230668][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.244729][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.254605][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.263050][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.271496][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.279192][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.800143][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 97.977244][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 97.991850][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 98.090138][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.097964][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.105966][ T5831] bridge_slave_0: entered allmulticast mode [ 98.114877][ T5831] bridge_slave_0: entered promiscuous mode [ 98.138413][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 98.169190][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.176880][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.184090][ T5831] bridge_slave_1: entered allmulticast mode [ 98.192010][ T5831] bridge_slave_1: entered promiscuous mode [ 98.345742][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.352965][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.360651][ T5833] bridge_slave_0: entered allmulticast mode [ 98.368958][ T5833] bridge_slave_0: entered promiscuous mode [ 98.380198][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.396760][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.403943][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.411342][ T5832] bridge_slave_0: entered allmulticast mode [ 98.419762][ T5832] bridge_slave_0: entered promiscuous mode [ 98.427504][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.435197][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.442388][ T5833] bridge_slave_1: entered allmulticast mode [ 98.449928][ T5833] bridge_slave_1: entered promiscuous mode [ 98.459265][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.497107][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.504362][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.511674][ T5832] bridge_slave_1: entered allmulticast mode [ 98.519221][ T5832] bridge_slave_1: entered promiscuous mode [ 98.628377][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.645504][ T5831] team0: Port device team_slave_0 added [ 98.651753][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.659379][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.666705][ T5837] bridge_slave_0: entered allmulticast mode [ 98.674039][ T5837] bridge_slave_0: entered promiscuous mode [ 98.685461][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.701314][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.728415][ T5831] team0: Port device team_slave_1 added [ 98.749050][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.756630][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.763780][ T5837] bridge_slave_1: entered allmulticast mode [ 98.772154][ T5837] bridge_slave_1: entered promiscuous mode [ 98.781485][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.869380][ T5832] team0: Port device team_slave_0 added [ 98.878544][ T5833] team0: Port device team_slave_0 added [ 98.886294][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.893278][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.920066][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.949350][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.961156][ T5832] team0: Port device team_slave_1 added [ 98.982939][ T5833] team0: Port device team_slave_1 added [ 99.003726][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.013422][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.039819][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.054867][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.130998][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.138485][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.164685][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.177656][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.184909][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.211181][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.223262][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.230308][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.257229][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.257317][ T5847] Bluetooth: hci3: command tx timeout [ 99.270550][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.281295][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.307582][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.334867][ T5847] Bluetooth: hci0: command tx timeout [ 99.334880][ T5838] Bluetooth: hci1: command tx timeout [ 99.335047][ T5838] Bluetooth: hci2: command tx timeout [ 99.356944][ T5837] team0: Port device team_slave_0 added [ 99.399347][ T5837] team0: Port device team_slave_1 added [ 99.411474][ T5831] hsr_slave_0: entered promiscuous mode [ 99.419263][ T5831] hsr_slave_1: entered promiscuous mode [ 99.525655][ T5832] hsr_slave_0: entered promiscuous mode [ 99.532085][ T5832] hsr_slave_1: entered promiscuous mode [ 99.538549][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.546394][ T5832] Cannot create hsr debugfs directory [ 99.559974][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.567131][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.594462][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.634934][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.641917][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.668171][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.686945][ T5833] hsr_slave_0: entered promiscuous mode [ 99.693509][ T5833] hsr_slave_1: entered promiscuous mode [ 99.699970][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.707995][ T5833] Cannot create hsr debugfs directory [ 99.894387][ T5837] hsr_slave_0: entered promiscuous mode [ 99.901257][ T5837] hsr_slave_1: entered promiscuous mode [ 99.907674][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.915390][ T5837] Cannot create hsr debugfs directory [ 100.311677][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.326093][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.363541][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.377026][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.434075][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.463843][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.491784][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.502213][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.562309][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.584888][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.597824][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.620687][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.696627][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.711543][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.723576][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.754307][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.868748][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.939440][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.951991][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.980863][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.014700][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.022144][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.033014][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.040234][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.110170][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.131257][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.147288][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.154509][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.186238][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.193407][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.210519][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.217769][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.243658][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.273394][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.280608][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.335096][ T5838] Bluetooth: hci3: command tx timeout [ 101.368453][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.415351][ T5838] Bluetooth: hci2: command tx timeout [ 101.419939][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.431935][ T5838] Bluetooth: hci0: command tx timeout [ 101.431993][ T5838] Bluetooth: hci1: command tx timeout [ 101.492061][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.566836][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.574062][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.591541][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.598823][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.921254][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.088874][ T5831] veth0_vlan: entered promiscuous mode [ 102.109551][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.171089][ T5831] veth1_vlan: entered promiscuous mode [ 102.277404][ T5832] veth0_vlan: entered promiscuous mode [ 102.298146][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.329251][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.342242][ T5831] veth0_macvtap: entered promiscuous mode [ 102.352936][ T5832] veth1_vlan: entered promiscuous mode [ 102.377353][ T5831] veth1_macvtap: entered promiscuous mode [ 102.423331][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.438001][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.483681][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.495618][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.504985][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.513729][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.549415][ T5837] veth0_vlan: entered promiscuous mode [ 102.563441][ T5833] veth0_vlan: entered promiscuous mode [ 102.601969][ T5832] veth0_macvtap: entered promiscuous mode [ 102.622028][ T5832] veth1_macvtap: entered promiscuous mode [ 102.630945][ T5837] veth1_vlan: entered promiscuous mode [ 102.648980][ T5833] veth1_vlan: entered promiscuous mode [ 102.717831][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.779660][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.789762][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.795840][ T5833] veth0_macvtap: entered promiscuous mode [ 102.815221][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.835067][ T5837] veth0_macvtap: entered promiscuous mode [ 102.857693][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.867143][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.876695][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.885787][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.899472][ T5833] veth1_macvtap: entered promiscuous mode [ 102.924155][ T5837] veth1_macvtap: entered promiscuous mode [ 102.940974][ T3005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.955547][ T3005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.010047][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.047305][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.061245][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.078075][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.118937][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.128444][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.139858][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.149256][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.209994][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.251850][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.253327][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.277258][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.285161][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.296296][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.306290][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.417457][ T51] Bluetooth: hci3: command tx timeout [ 103.440553][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.466039][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.494716][ T51] Bluetooth: hci1: command tx timeout [ 103.500342][ T5838] Bluetooth: hci0: command tx timeout [ 103.500545][ T5847] Bluetooth: hci2: command tx timeout [ 103.640148][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.652068][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.716315][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.764390][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.911762][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.934344][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.937722][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.965039][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.369816][ T5917] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.927784][ T5931] capability: warning: `syz.2.14' uses 32-bit capabilities (legacy support in use) [ 105.322427][ T5941] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(4.32768.1), cmd(10) [ 105.494916][ T5847] Bluetooth: hci3: command tx timeout [ 105.576686][ T5847] Bluetooth: hci2: command tx timeout [ 105.581778][ T5838] Bluetooth: hci0: command tx timeout [ 105.582146][ T5847] Bluetooth: hci1: command tx timeout [ 106.126222][ T5961] netlink: 'syz.1.28': attribute type 1 has an invalid length. [ 108.361541][ T6028] kAFS: Invalid Command on /proc/fs/afs/cells file [ 108.755155][ T6036] Device name cannot be null; rc = [-22] [ 109.505459][ T6057] Zero length message leads to an empty skb [ 109.886890][ T6069] process 'syz.3.73' launched ':,' with NULL argv: empty string added [ 110.712943][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.83'. [ 110.761606][ T6094] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.212080][ T6106] FAULT_INJECTION: forcing a failure. [ 111.212080][ T6106] name failslab, interval 1, probability 0, space 0, times 1 [ 111.262015][ T6106] CPU: 0 UID: 0 PID: 6106 Comm: syz.0.90 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 111.262084][ T6106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.262108][ T6106] Call Trace: [ 111.262119][ T6106] [ 111.262135][ T6106] dump_stack_lvl+0x16c/0x1f0 [ 111.262183][ T6106] should_fail_ex+0x512/0x640 [ 111.262236][ T6106] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 111.262284][ T6106] should_failslab+0xc2/0x120 [ 111.262333][ T6106] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 111.262378][ T6106] ? __pmd_alloc+0xbf/0x930 [ 111.262425][ T6106] __pmd_alloc+0xbf/0x930 [ 111.262475][ T6106] huge_pte_alloc+0x41d/0x5b0 [ 111.262516][ T6106] hugetlb_fault+0x373/0x3060 [ 111.262560][ T6106] ? __pfx_hugetlb_fault+0x10/0x10 [ 111.262613][ T6106] ? find_vma+0xbf/0x140 [ 111.262662][ T6106] ? __pfx_find_vma+0x10/0x10 [ 111.262716][ T6106] handle_mm_fault+0xbfa/0xd10 [ 111.262755][ T6106] ? __pkru_allows_pkey+0x21/0xb0 [ 111.262793][ T6106] do_user_addr_fault+0x7a6/0x1370 [ 111.262835][ T6106] ? rcu_is_watching+0x12/0xc0 [ 111.262888][ T6106] exc_page_fault+0x5c/0xb0 [ 111.262932][ T6106] asm_exc_page_fault+0x26/0x30 [ 111.262963][ T6106] RIP: 0010:strncpy_from_user+0x147/0x2e0 [ 111.263012][ T6106] Code: 00 00 4d 89 74 1d 00 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 27 fb b2 fc 48 83 fd 07 76 22 e8 ac ff b2 fc 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 d8 fa b2 fc 45 85 ff 0f 84 [ 111.263053][ T6106] RSP: 0018:ffffc9000b2a7d10 EFLAGS: 00050246 [ 111.263080][ T6106] RAX: 000000000000003c RBX: 0000000000000000 RCX: ffffc9000c0e9000 [ 111.263101][ T6106] RDX: 0000000000080000 RSI: ffffffff85086e04 RDI: 0000000000000007 [ 111.263121][ T6106] RBP: 0000000000000fe0 R08: 0000000000000007 R09: 0000000000000007 [ 111.263140][ T6106] R10: 0000000000000fe0 R11: 0000000000000000 R12: 0000000000000000 [ 111.263159][ T6106] R13: ffff88802332a220 R14: 0000000000000fe0 R15: 0000000000000000 [ 111.263193][ T6106] ? strncpy_from_user+0x144/0x2e0 [ 111.263255][ T6106] getname_flags.part.0+0x8f/0x550 [ 111.263314][ T6106] getname_flags+0x93/0xf0 [ 111.263364][ T6106] do_sys_openat2+0xb8/0x1d0 [ 111.263391][ T6106] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.263457][ T6106] __x64_sys_openat+0x174/0x210 [ 111.263487][ T6106] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.263532][ T6106] do_syscall_64+0xcd/0x490 [ 111.263578][ T6106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.263608][ T6106] RIP: 0033:0x7f400798e969 [ 111.263632][ T6106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.263660][ T6106] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.263687][ T6106] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 111.263707][ T6106] RDX: 0000000000512002 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 111.263726][ T6106] RBP: 00007f4007a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 111.263744][ T6106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.263762][ T6106] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 111.263801][ T6106] [ 115.326238][ T6215] bridge0: port 3(gretap0) entered blocking state [ 115.363637][ T6215] bridge0: port 3(gretap0) entered disabled state [ 115.374524][ T6215] gretap0: entered allmulticast mode [ 115.411317][ T6215] gretap0: entered promiscuous mode [ 115.438252][ T6215] bridge0: port 3(gretap0) entered blocking state [ 115.445130][ T6215] bridge0: port 3(gretap0) entered forwarding state [ 115.893440][ T6237] sctp: [Deprecated]: syz.2.148 (pid 6237) Use of struct sctp_assoc_value in delayed_ack socket option. [ 115.893440][ T6237] Use struct sctp_sack_info instead [ 117.660622][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.169'. [ 121.869869][ T6383] netlink: set zone limit has 8 unknown bytes [ 123.733714][ T6428] netlink: 342 bytes leftover after parsing attributes in process `syz.3.224'. [ 129.167137][ T30] audit: type=1800 audit(1748786710.268:2): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.277" name="dbroot" dev="configfs" ino=8147 res=0 errno=0 [ 129.222295][ T6561] db_root: cannot open: [ 129.222295][ T6561] use_profile 0 [ 129.222295][ T6561] [ 129.222295][ T6561] file mkdir/chmod /dev/ 0755 [ 129.222295][ T6561] file chown/chgrp /dev/ 0 [ 129.222295][ T6561] file mkchar /dev/console 0600 5 1 [ 129.222295][ T6561] file chown/chgrp /dev/console 0 [ 129.222295][ T6561] file chmod /dev/console 0600 [ 129.222295][ T6561] file mkdir/chmod /root/ 0700 [ 129.222295][ T6561] file chown/chgrp /root/ 0 [ 129.222295][ T6561] file read/write /dev/console [ 129.222295][ T6561] file mkblock /dev/ram 0600 1 0 [ 129.222295][ T6561] file read/write/unlink /dev/ram [ 129.222295][ T6561] file mkblock /dev/root 0600 8 1 [ 129.222295][ T6561] file mount /dev/root /root/ ext3 0x8001 [ 129.222295][ T6561] file mount /dev/root /root/ ext2 0x8001 [ 129.222295][ T6561] file mount /dev/root /root/ ext4 0x8001 [ 129.222295][ T6561] file mount devtmpfs /root/dev/ devtmpfs 0x8000 [ 129.222295][ T6561] file mount /root/ / --move 0x0 [ 129.222295][ T6561] file chroot / [ 129.222295][ T6561] file write proc:/sys/kernel/hung_task_all_cpu_backtrace [ 129.222295][ T6561] file write proc:/sys/vm/nr_hugepages [ 129.222295][ T6561] file write proc:/sys/vm/nr_overcommit_hugepages [ 129.222295][ T6561] file write proc:/sys/net/core/netdev_unregister_timeout_secs [ 129.222295][ T6561] file execute /sbin/init exec.realpath="/sbin/init" exec.argv[0]="/sbin/init" [ 129.222295][ T6561] file execute /sbin/modprobe exec.realpath="/sbin/modprobe" exec.argv[0]="/sbin/modprobe" [ 129.222295][ T6561] [ 129.222295][ T6561] /sbin/init [ 129.222295][ T6561] use_profile 0 [ 129.222295][ T6561] [ 129.222295][ T6561] misc env HOME [ 129.222295][ T6561] misc env TERM [ 129.222295][ T6561] misc [ 129.830241][ T6587] TCP: TCP_TX_DELAY enabled [ 130.678191][ T6580] kexec: Could not allocate control_code_buffer [ 135.483966][ T6696] netlink: 206 bytes leftover after parsing attributes in process `syz.2.327'. [ 137.061187][ T6735] netlink: 338 bytes leftover after parsing attributes in process `syz.0.341'. [ 137.899446][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.907065][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.162630][ T6816] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 141.162630][ T6816] program syz.2.374 not setting count and/or reply_len properly [ 141.616374][ T6830] netlink: 'syz.2.379': attribute type 1 has an invalid length. [ 145.521875][ T6911] bridge0: port 4(vlan1) entered blocking state [ 145.538443][ T6911] bridge0: port 4(vlan1) entered disabled state [ 145.559961][ T6911] vlan1: entered allmulticast mode [ 145.569887][ T6911] veth0_vlan: entered allmulticast mode [ 145.586742][ T6911] vlan1: entered promiscuous mode [ 145.615144][ T6911] bridge0: port 4(vlan1) entered blocking state [ 145.621612][ T6911] bridge0: port 4(vlan1) entered forwarding state [ 145.634546][ T6913] netlink: 214 bytes leftover after parsing attributes in process `syz.3.410'. [ 145.660787][ T6886] kexec: Could not allocate control_code_buffer [ 145.847453][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'. [ 146.253673][ T6932] netlink: 28 bytes leftover after parsing attributes in process `syz.1.421'. [ 147.354962][ T6966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.433'. [ 147.379520][ T6966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.433'. [ 148.095935][ T6990] netlink: 338 bytes leftover after parsing attributes in process `syz.2.441'. [ 150.746288][ T5847] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 150.917154][ T7029] kexec: Could not allocate control_code_buffer [ 152.137855][ T7095] netlink: 338 bytes leftover after parsing attributes in process `syz.3.483'. [ 153.644703][ T7138] netlink: 338 bytes leftover after parsing attributes in process `syz.1.500'. [ 155.168071][ T7172] netlink: 338 bytes leftover after parsing attributes in process `syz.3.514'. [ 156.833973][ T7203] netlink: 28 bytes leftover after parsing attributes in process `syz.0.527'. [ 156.878286][ T7203] ipvlan0: entered allmulticast mode [ 156.883685][ T7203] veth0_vlan: entered allmulticast mode [ 156.934606][ T30] audit: type=1800 audit(1748786738.038:3): pid=7204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.526" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 157.294909][ T7215] netlink: 'syz.0.533': attribute type 1 has an invalid length. [ 157.334350][ T7215] netlink: 206 bytes leftover after parsing attributes in process `syz.0.533'. [ 158.709648][ T7246] netlink: 342 bytes leftover after parsing attributes in process `syz.0.546'. [ 161.379827][ T7294] qrtr: Invalid version 0 [ 162.293682][ T7319] netlink: 338 bytes leftover after parsing attributes in process `syz.1.575'. [ 162.505428][ T7324] ecryptfs_miscdev_write: Error while inspecting packet size [ 166.474294][ T30] audit: type=1800 audit(1748786747.568:4): pid=7421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.616" name="dmabuf" dev="dmabuf" ino=5 res=0 errno=0 [ 170.893148][ T7542] netlink: 342 bytes leftover after parsing attributes in process `syz.0.662'. [ 173.314498][ T7628] syz.3.690 uses obsolete (PF_INET,SOCK_PACKET) [ 173.715614][ T7639] sctp: [Deprecated]: syz.3.692 (pid 7639) Use of int in max_burst socket option deprecated. [ 173.715614][ T7639] Use struct sctp_assoc_value instead [ 174.115898][ T7653] netlink: 'syz.3.700': attribute type 5 has an invalid length. [ 175.133862][ T7688] capability: warning: `syz.0.709' uses deprecated v2 capabilities in a way that may be insecure [ 176.491341][ T7732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.724'. [ 176.953982][ T7746] netlink: 334 bytes leftover after parsing attributes in process `syz.2.729'. [ 178.996408][ T7811] netlink: 346 bytes leftover after parsing attributes in process `syz.1.752'. [ 184.230115][ T7946] ima: policy update failed [ 184.237579][ T30] audit: type=1802 audit(1748786765.348:5): pid=7946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.815" res=0 errno=0 [ 185.115475][ T7976] FAULT_INJECTION: forcing a failure. [ 185.115475][ T7976] name failslab, interval 1, probability 0, space 0, times 0 [ 185.167898][ T7976] CPU: 0 UID: 0 PID: 7976 Comm: syz.0.827 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 185.167960][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.167980][ T7976] Call Trace: [ 185.167991][ T7976] [ 185.168007][ T7976] dump_stack_lvl+0x16c/0x1f0 [ 185.168059][ T7976] should_fail_ex+0x512/0x640 [ 185.168111][ T7976] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 185.168153][ T7976] should_failslab+0xc2/0x120 [ 185.168199][ T7976] __kmalloc_cache_noprof+0x6a/0x3e0 [ 185.168276][ T7976] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 185.168319][ T7976] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 185.168359][ T7976] ? rcu_is_watching+0x12/0xc0 [ 185.168411][ T7976] ? __mutex_lock+0x1ca/0xb90 [ 185.168462][ T7976] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 185.168499][ T7976] ? __pfx___mutex_lock+0x10/0x10 [ 185.168553][ T7976] ? __fsnotify_parent+0x24b/0xc40 [ 185.168599][ T7976] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 185.168633][ T7976] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 185.168665][ T7976] snd_pcm_oss_sync+0x1de/0x840 [ 185.168702][ T7976] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 185.168735][ T7976] snd_pcm_oss_release+0x28b/0x310 [ 185.168770][ T7976] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 185.168801][ T7976] __fput+0x3ff/0xb70 [ 185.168858][ T7976] task_work_run+0x150/0x240 [ 185.168900][ T7976] ? __pfx_task_work_run+0x10/0x10 [ 185.168941][ T7976] ? __pfx___do_sys_close_range+0x10/0x10 [ 185.168991][ T7976] exit_to_user_mode_loop+0xeb/0x110 [ 185.169034][ T7976] do_syscall_64+0x3f6/0x490 [ 185.169081][ T7976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.169114][ T7976] RIP: 0033:0x7f400798e969 [ 185.169140][ T7976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.169171][ T7976] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 185.169209][ T7976] RAX: 0000000000000000 RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 185.169229][ T7976] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 185.169249][ T7976] RBP: 00007f4007a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 185.169269][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.169288][ T7976] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 185.169329][ T7976] [ 185.873774][ T51] Bluetooth: hci3: Malformed Event: 0x2f [ 189.372957][ T8082] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 189.892715][ T8095] netlink: 28 bytes leftover after parsing attributes in process `syz.0.877'. [ 189.937491][ T8095] vlan1: entered allmulticast mode [ 191.457304][ T8142] mmap: syz.3.898 (8142) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 192.251355][ T8167] bridge0: port 3(vlan1) entered blocking state [ 192.264066][ T8167] bridge0: port 3(vlan1) entered disabled state [ 192.294443][ T8167] vlan1: entered allmulticast mode [ 192.299628][ T8167] veth0_vlan: entered allmulticast mode [ 192.309369][ T8167] vlan1: entered promiscuous mode [ 192.345357][ T8167] bridge0: port 3(vlan1) entered blocking state [ 192.351858][ T8167] bridge0: port 3(vlan1) entered forwarding state [ 192.628647][ T8175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.910'. [ 194.523648][ T8221] sctp: [Deprecated]: syz.3.927 (pid 8221) Use of int in maxseg socket option. [ 194.523648][ T8221] Use struct sctp_assoc_value instead [ 197.796151][ T8309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.965'. [ 199.348707][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.359330][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.321312][ T51] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 203.488610][ T8451] netlink: 'syz.1.1029': attribute type 1 has an invalid length. [ 203.536358][ T8451] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1029'. [ 203.725950][ T8459] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1023'. [ 203.738990][ T8459] ipvlan0: entered allmulticast mode [ 209.476844][ T8543] qrtr: Invalid version 0 [ 211.360144][ T8587] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 211.375846][ T8587] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 213.039966][ T8629] ecryptfs_miscdev_write: Error while inspecting packet size [ 215.509321][ T30] audit: type=1800 audit(1748786796.618:6): pid=8685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1114" name="dmabuf" dev="dmabuf" ino=7 res=0 errno=0 [ 219.434030][ T8731] kexec: Could not allocate control_code_buffer [ 221.866692][ T8799] kexec: Could not allocate control_code_buffer [ 221.898294][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 221.899065][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 221.906044][ T5845] Bluetooth: hci1: command 0x0406 tx timeout [ 221.918402][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 222.267757][ T8841] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1177'. [ 224.236757][ T8848] kexec: Could not allocate control_code_buffer [ 228.190065][ T8991] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1226'. [ 230.991107][ T9008] kexec: Could not allocate control_code_buffer [ 231.235934][ T9053] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1250'. [ 235.134658][ T9160] netlink: 'syz.1.1303': attribute type 5 has an invalid length. [ 237.135194][ T9210] ima: policy update failed [ 237.150635][ T30] audit: type=1802 audit(1748786818.258:7): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1315" res=0 errno=0 [ 238.092990][ T9240] FAULT_INJECTION: forcing a failure. [ 238.092990][ T9240] name failslab, interval 1, probability 0, space 0, times 0 [ 238.126062][ T9240] CPU: 0 UID: 0 PID: 9240 Comm: syz.1.1329 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 238.126111][ T9240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.126133][ T9240] Call Trace: [ 238.126144][ T9240] [ 238.126157][ T9240] dump_stack_lvl+0x16c/0x1f0 [ 238.126208][ T9240] should_fail_ex+0x512/0x640 [ 238.126354][ T9240] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 238.126406][ T9240] should_failslab+0xc2/0x120 [ 238.126465][ T9240] __kmalloc_cache_noprof+0x6a/0x3e0 [ 238.126510][ T9240] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 238.126558][ T9240] ? kasan_save_track+0x14/0x30 [ 238.126607][ T9240] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 238.126648][ T9240] ? rcu_is_watching+0x12/0xc0 [ 238.126702][ T9240] ? __mutex_lock+0x1ca/0xb90 [ 238.126755][ T9240] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 238.126794][ T9240] ? __pfx___mutex_lock+0x10/0x10 [ 238.126852][ T9240] ? __fsnotify_parent+0x24b/0xc40 [ 238.126901][ T9240] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 238.126938][ T9240] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 238.126971][ T9240] snd_pcm_oss_sync+0x1de/0x840 [ 238.127011][ T9240] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 238.127046][ T9240] snd_pcm_oss_release+0x28b/0x310 [ 238.127083][ T9240] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 238.127116][ T9240] __fput+0x3ff/0xb70 [ 238.127176][ T9240] task_work_run+0x150/0x240 [ 238.127220][ T9240] ? __pfx_task_work_run+0x10/0x10 [ 238.127263][ T9240] ? __pfx___do_sys_close_range+0x10/0x10 [ 238.127412][ T9240] exit_to_user_mode_loop+0xeb/0x110 [ 238.127460][ T9240] do_syscall_64+0x3f6/0x490 [ 238.127513][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.127550][ T9240] RIP: 0033:0x7f8a1b38e969 [ 238.127579][ T9240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.127614][ T9240] RSP: 002b:00007f8a1c1f2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 238.127647][ T9240] RAX: 0000000000000000 RBX: 00007f8a1b5b5fa0 RCX: 00007f8a1b38e969 [ 238.127670][ T9240] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 238.127691][ T9240] RBP: 00007f8a1b410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 238.127712][ T9240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.127733][ T9240] R13: 0000000000000000 R14: 00007f8a1b5b5fa0 R15: 00007ffed513e028 [ 238.127777][ T9240] [ 238.578466][ T51] Bluetooth: hci0: Malformed Event: 0x2f [ 243.463218][ T9385] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 244.276657][ T9405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1397'. [ 244.365837][ T9405] vlan1: entered allmulticast mode [ 244.372943][ T9405] veth0_vlan: entered allmulticast mode [ 247.394375][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1430'. [ 249.800497][ T9538] sctp: [Deprecated]: syz.2.1445 (pid 9538) Use of int in maxseg socket option. [ 249.800497][ T9538] Use struct sctp_assoc_value instead [ 251.011589][ T9568] FAULT_INJECTION: forcing a failure. [ 251.011589][ T9568] name failslab, interval 1, probability 0, space 0, times 0 [ 251.034856][ T9568] CPU: 1 UID: 0 PID: 9568 Comm: syz.2.1461 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 251.034901][ T9568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.034930][ T9568] Call Trace: [ 251.034940][ T9568] [ 251.034952][ T9568] dump_stack_lvl+0x16c/0x1f0 [ 251.035001][ T9568] should_fail_ex+0x512/0x640 [ 251.035050][ T9568] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 251.035092][ T9568] should_failslab+0xc2/0x120 [ 251.035141][ T9568] __kmalloc_cache_noprof+0x6a/0x3e0 [ 251.035189][ T9568] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 251.035223][ T9568] ? kasan_save_track+0x14/0x30 [ 251.035264][ T9568] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 251.035301][ T9568] ? rcu_is_watching+0x12/0xc0 [ 251.035350][ T9568] ? __mutex_lock+0x1ca/0xb90 [ 251.035398][ T9568] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 251.035433][ T9568] ? __pfx___mutex_lock+0x10/0x10 [ 251.035484][ T9568] ? __fsnotify_parent+0x24b/0xc40 [ 251.035528][ T9568] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 251.035561][ T9568] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 251.035590][ T9568] snd_pcm_oss_sync+0x1de/0x840 [ 251.035636][ T9568] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 251.035667][ T9568] snd_pcm_oss_release+0x28b/0x310 [ 251.035701][ T9568] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 251.035731][ T9568] __fput+0x3ff/0xb70 [ 251.035790][ T9568] task_work_run+0x150/0x240 [ 251.035830][ T9568] ? __pfx_task_work_run+0x10/0x10 [ 251.035869][ T9568] ? __pfx___do_sys_close_range+0x10/0x10 [ 251.035917][ T9568] exit_to_user_mode_loop+0xeb/0x110 [ 251.035958][ T9568] do_syscall_64+0x3f6/0x490 [ 251.036023][ T9568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.036056][ T9568] RIP: 0033:0x7f06ee98e969 [ 251.036081][ T9568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.036112][ T9568] RSP: 002b:00007f06ef73e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 251.036142][ T9568] RAX: 0000000000000000 RBX: 00007f06eebb5fa0 RCX: 00007f06ee98e969 [ 251.036163][ T9568] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 251.036183][ T9568] RBP: 00007f06eea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 251.036203][ T9568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.036222][ T9568] R13: 0000000000000000 R14: 00007f06eebb5fa0 R15: 00007fff8541a018 [ 251.036263][ T9568] [ 251.423295][ T51] Bluetooth: hci2: Malformed Event: 0x2f [ 252.294665][ T9599] FAULT_INJECTION: forcing a failure. [ 252.294665][ T9599] name failslab, interval 1, probability 0, space 0, times 0 [ 252.308159][ T9599] CPU: 0 UID: 0 PID: 9599 Comm: syz.3.1472 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 252.308213][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.308232][ T9599] Call Trace: [ 252.308242][ T9599] [ 252.308253][ T9599] dump_stack_lvl+0x16c/0x1f0 [ 252.308305][ T9599] should_fail_ex+0x512/0x640 [ 252.308356][ T9599] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 252.308399][ T9599] should_failslab+0xc2/0x120 [ 252.308449][ T9599] __kmalloc_cache_noprof+0x6a/0x3e0 [ 252.308487][ T9599] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 252.308523][ T9599] ? kasan_save_track+0x14/0x30 [ 252.308570][ T9599] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 252.308611][ T9599] ? rcu_is_watching+0x12/0xc0 [ 252.308665][ T9599] ? __mutex_lock+0x1ca/0xb90 [ 252.308715][ T9599] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 252.308754][ T9599] ? __pfx___mutex_lock+0x10/0x10 [ 252.308811][ T9599] ? __fsnotify_parent+0x24b/0xc40 [ 252.308860][ T9599] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 252.308896][ T9599] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 252.308929][ T9599] snd_pcm_oss_sync+0x1de/0x840 [ 252.308969][ T9599] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 252.309003][ T9599] snd_pcm_oss_release+0x28b/0x310 [ 252.309040][ T9599] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 252.309073][ T9599] __fput+0x3ff/0xb70 [ 252.309133][ T9599] task_work_run+0x150/0x240 [ 252.309185][ T9599] ? __pfx_task_work_run+0x10/0x10 [ 252.309229][ T9599] ? __pfx___do_sys_close_range+0x10/0x10 [ 252.309282][ T9599] exit_to_user_mode_loop+0xeb/0x110 [ 252.309337][ T9599] do_syscall_64+0x3f6/0x490 [ 252.309385][ T9599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.309418][ T9599] RIP: 0033:0x7fb8a978e969 [ 252.309445][ T9599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.309477][ T9599] RSP: 002b:00007fb8aa61e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 252.309508][ T9599] RAX: 0000000000000000 RBX: 00007fb8a99b5fa0 RCX: 00007fb8a978e969 [ 252.309529][ T9599] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 252.309550][ T9599] RBP: 00007fb8a9810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 252.309570][ T9599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 252.309589][ T9599] R13: 0000000000000000 R14: 00007fb8a99b5fa0 R15: 00007ffd0479d0f8 [ 252.309631][ T9599] [ 253.452103][ T51] Bluetooth: hci1: Malformed Event: 0x2f [ 254.685824][ T9659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1497'. [ 258.366405][ T9761] sctp: [Deprecated]: syz.0.1534 (pid 9761) Use of int in maxseg socket option. [ 258.366405][ T9761] Use struct sctp_assoc_value instead [ 260.780644][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.787272][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.838683][ T9811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1563'. [ 262.648219][ T9849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1567'. [ 265.292040][ T9922] dyndbg: bad flag-op , at start of  [ 265.299910][ T9922] dyndbg: flags parse failed [ 265.568600][ T9934] FAULT_INJECTION: forcing a failure. [ 265.568600][ T9934] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 265.599327][ T9934] CPU: 1 UID: 0 PID: 9934 Comm: syz.1.1604 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 265.599372][ T9934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.599391][ T9934] Call Trace: [ 265.599401][ T9934] [ 265.599413][ T9934] dump_stack_lvl+0x16c/0x1f0 [ 265.599463][ T9934] should_fail_ex+0x512/0x640 [ 265.599529][ T9934] should_fail_alloc_page+0xe7/0x130 [ 265.599580][ T9934] prepare_alloc_pages+0x3c2/0x610 [ 265.599618][ T9934] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 265.599665][ T9934] ? __pfx_stack_trace_save+0x10/0x10 [ 265.599714][ T9934] ? stack_depot_save_flags+0x28/0xa40 [ 265.599769][ T9934] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 265.599817][ T9934] ? kasan_save_stack+0x42/0x60 [ 265.599854][ T9934] ? kasan_save_stack+0x33/0x60 [ 265.599894][ T9934] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 265.599936][ T9934] ? __pmd_alloc+0xbf/0x930 [ 265.599963][ T9934] ? handle_mm_fault+0x589/0xd10 [ 265.599998][ T9934] ? populate_vma_page_range+0x278/0x3a0 [ 265.600030][ T9934] ? __mm_populate+0x1d8/0x380 [ 265.600059][ T9934] ? vm_mmap_pgoff+0x362/0x450 [ 265.600105][ T9934] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 265.600154][ T9934] ? __x64_sys_mmap+0x125/0x190 [ 265.600188][ T9934] ? do_syscall_64+0xcd/0x490 [ 265.600231][ T9934] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.600281][ T9934] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 265.600324][ T9934] ? policy_nodemask+0xea/0x4e0 [ 265.600375][ T9934] alloc_pages_mpol+0x1fb/0x550 [ 265.600425][ T9934] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 265.600479][ T9934] ? css_rstat_updated+0x9d/0xd30 [ 265.600541][ T9934] alloc_pages_noprof+0x131/0x390 [ 265.600588][ T9934] pte_alloc_one+0x1c/0x3a0 [ 265.600633][ T9934] __pte_alloc+0x6d/0x3c0 [ 265.600699][ T9934] ? __pfx___pte_alloc+0x10/0x10 [ 265.600749][ T9934] ? _raw_spin_unlock+0x28/0x50 [ 265.600786][ T9934] ? __pmd_alloc+0x3fb/0x930 [ 265.600821][ T9934] __handle_mm_fault+0x4262/0x53d0 [ 265.600871][ T9934] ? __pfx___handle_mm_fault+0x10/0x10 [ 265.600945][ T9934] handle_mm_fault+0x589/0xd10 [ 265.600992][ T9934] __get_user_pages+0x589/0x3b80 [ 265.601057][ T9934] ? __pfx_mt_find+0x10/0x10 [ 265.601105][ T9934] ? __pfx___get_user_pages+0x10/0x10 [ 265.601174][ T9934] populate_vma_page_range+0x278/0x3a0 [ 265.601212][ T9934] ? __pfx_populate_vma_page_range+0x10/0x10 [ 265.601246][ T9934] ? __pfx_find_vma_intersection+0x10/0x10 [ 265.601303][ T9934] ? do_mmap+0x69c/0x1210 [ 265.601337][ T9934] __mm_populate+0x1d8/0x380 [ 265.601371][ T9934] ? __pfx___mm_populate+0x10/0x10 [ 265.601407][ T9934] ? up_write+0x1b2/0x520 [ 265.601451][ T9934] vm_mmap_pgoff+0x362/0x450 [ 265.601516][ T9934] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 265.601578][ T9934] ? __x64_sys_futex+0x1e0/0x4c0 [ 265.601607][ T9934] ? __x64_sys_futex+0x1e9/0x4c0 [ 265.601644][ T9934] ksys_mmap_pgoff+0x7d/0x5c0 [ 265.601718][ T9934] ? xfd_validate_state+0x61/0x180 [ 265.601752][ T9934] ? __pfx_ksys_write+0x10/0x10 [ 265.601812][ T9934] __x64_sys_mmap+0x125/0x190 [ 265.601865][ T9934] do_syscall_64+0xcd/0x490 [ 265.601914][ T9934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.601947][ T9934] RIP: 0033:0x7f8a1b38e969 [ 265.601974][ T9934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.602012][ T9934] RSP: 002b:00007f8a1c1f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 265.602042][ T9934] RAX: ffffffffffffffda RBX: 00007f8a1b5b5fa0 RCX: 00007f8a1b38e969 [ 265.602063][ T9934] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 265.602082][ T9934] RBP: 00007f8a1b410ab1 R08: 0000000000000002 R09: 0000000000008000 [ 265.602101][ T9934] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 265.602119][ T9934] R13: 0000000000000000 R14: 00007f8a1b5b5fa0 R15: 00007ffed513e028 [ 265.602159][ T9934] [ 266.446469][ T9949] dyndbg: bad flag-op , at start of  [ 266.451994][ T9949] dyndbg: flags parse failed [ 267.158840][ T9969] FAULT_INJECTION: forcing a failure. [ 267.158840][ T9969] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 267.172342][ T9969] CPU: 0 UID: 0 PID: 9969 Comm: syz.2.1617 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 267.172387][ T9969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.172407][ T9969] Call Trace: [ 267.172418][ T9969] [ 267.172431][ T9969] dump_stack_lvl+0x16c/0x1f0 [ 267.172482][ T9969] should_fail_ex+0x512/0x640 [ 267.172542][ T9969] should_fail_alloc_page+0xe7/0x130 [ 267.172595][ T9969] prepare_alloc_pages+0x3c2/0x610 [ 267.172635][ T9969] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 267.172683][ T9969] ? __pfx_stack_trace_save+0x10/0x10 [ 267.172734][ T9969] ? stack_depot_save_flags+0x28/0xa40 [ 267.172793][ T9969] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 267.172841][ T9969] ? kasan_save_stack+0x42/0x60 [ 267.172881][ T9969] ? kasan_save_stack+0x33/0x60 [ 267.172923][ T9969] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 267.172963][ T9969] ? __pmd_alloc+0xbf/0x930 [ 267.172992][ T9969] ? handle_mm_fault+0x589/0xd10 [ 267.173026][ T9969] ? populate_vma_page_range+0x278/0x3a0 [ 267.173058][ T9969] ? __mm_populate+0x1d8/0x380 [ 267.173088][ T9969] ? vm_mmap_pgoff+0x362/0x450 [ 267.173134][ T9969] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 267.173182][ T9969] ? __x64_sys_mmap+0x125/0x190 [ 267.173215][ T9969] ? do_syscall_64+0xcd/0x490 [ 267.173260][ T9969] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.173318][ T9969] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 267.173363][ T9969] ? policy_nodemask+0xea/0x4e0 [ 267.173414][ T9969] alloc_pages_mpol+0x1fb/0x550 [ 267.173465][ T9969] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 267.173512][ T9969] ? css_rstat_updated+0x9d/0xd30 [ 267.173574][ T9969] alloc_pages_noprof+0x131/0x390 [ 267.173624][ T9969] pte_alloc_one+0x1c/0x3a0 [ 267.173668][ T9969] __pte_alloc+0x6d/0x3c0 [ 267.173717][ T9969] ? __pfx___pte_alloc+0x10/0x10 [ 267.173768][ T9969] ? _raw_spin_unlock+0x28/0x50 [ 267.173805][ T9969] ? __pmd_alloc+0x3fb/0x930 [ 267.173838][ T9969] __handle_mm_fault+0x4262/0x53d0 [ 267.173887][ T9969] ? __pfx___handle_mm_fault+0x10/0x10 [ 267.173962][ T9969] handle_mm_fault+0x589/0xd10 [ 267.174009][ T9969] __get_user_pages+0x589/0x3b80 [ 267.174083][ T9969] ? __pfx_mt_find+0x10/0x10 [ 267.174133][ T9969] ? __pfx___get_user_pages+0x10/0x10 [ 267.174203][ T9969] populate_vma_page_range+0x278/0x3a0 [ 267.174240][ T9969] ? __pfx_populate_vma_page_range+0x10/0x10 [ 267.174273][ T9969] ? __pfx_find_vma_intersection+0x10/0x10 [ 267.174337][ T9969] ? do_mmap+0x69c/0x1210 [ 267.174372][ T9969] __mm_populate+0x1d8/0x380 [ 267.174408][ T9969] ? __pfx___mm_populate+0x10/0x10 [ 267.174446][ T9969] ? up_write+0x1b2/0x520 [ 267.174500][ T9969] vm_mmap_pgoff+0x362/0x450 [ 267.174554][ T9969] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 267.174612][ T9969] ? __x64_sys_futex+0x1e0/0x4c0 [ 267.174640][ T9969] ? __x64_sys_futex+0x1e9/0x4c0 [ 267.174676][ T9969] ksys_mmap_pgoff+0x7d/0x5c0 [ 267.174725][ T9969] ? xfd_validate_state+0x61/0x180 [ 267.174757][ T9969] ? __pfx_ksys_write+0x10/0x10 [ 267.174802][ T9969] __x64_sys_mmap+0x125/0x190 [ 267.174841][ T9969] do_syscall_64+0xcd/0x490 [ 267.174889][ T9969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.174921][ T9969] RIP: 0033:0x7f06ee98e969 [ 267.174947][ T9969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.174977][ T9969] RSP: 002b:00007f06ef73e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 267.175007][ T9969] RAX: ffffffffffffffda RBX: 00007f06eebb5fa0 RCX: 00007f06ee98e969 [ 267.175028][ T9969] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 267.175047][ T9969] RBP: 00007f06eea10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 267.175067][ T9969] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 267.175086][ T9969] R13: 0000000000000000 R14: 00007f06eebb5fa0 R15: 00007fff8541a018 [ 267.175127][ T9969] [ 268.191740][ T9990] netlink: 'syz.0.1627': attribute type 1 has an invalid length. [ 269.689490][T10033] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1645'. [ 269.959862][T10037] FAULT_INJECTION: forcing a failure. [ 269.959862][T10037] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 269.995105][T10037] CPU: 1 UID: 0 PID: 10037 Comm: syz.0.1647 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 269.995152][T10037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.995178][T10037] Call Trace: [ 269.995189][T10037] [ 269.995202][T10037] dump_stack_lvl+0x16c/0x1f0 [ 269.995253][T10037] should_fail_ex+0x512/0x640 [ 269.995313][T10037] should_fail_alloc_page+0xe7/0x130 [ 269.995364][T10037] prepare_alloc_pages+0x3c2/0x610 [ 269.995403][T10037] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 269.995450][T10037] ? __pfx_stack_trace_save+0x10/0x10 [ 269.995500][T10037] ? stack_depot_save_flags+0x28/0xa40 [ 269.995562][T10037] ? kasan_save_stack+0x42/0x60 [ 269.995599][T10037] ? kasan_save_stack+0x33/0x60 [ 269.995639][T10037] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 269.995681][T10037] ? __pmd_alloc+0xbf/0x930 [ 269.995708][T10037] ? handle_mm_fault+0x589/0xd10 [ 269.995742][T10037] ? populate_vma_page_range+0x278/0x3a0 [ 269.995773][T10037] ? __mm_populate+0x1d8/0x380 [ 269.995801][T10037] ? vm_mmap_pgoff+0x362/0x450 [ 269.995845][T10037] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 269.995893][T10037] ? __x64_sys_mmap+0x125/0x190 [ 269.995925][T10037] ? do_syscall_64+0xcd/0x490 [ 269.995967][T10037] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.996017][T10037] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 269.996061][T10037] ? policy_nodemask+0xea/0x4e0 [ 269.996110][T10037] alloc_pages_mpol+0x1fb/0x550 [ 269.996159][T10037] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 269.996211][T10037] ? css_rstat_updated+0x9d/0xd30 [ 269.996279][T10037] alloc_pages_noprof+0x131/0x390 [ 269.996325][T10037] pte_alloc_one+0x1c/0x3a0 [ 269.996364][T10037] __pte_alloc+0x6d/0x3c0 [ 269.996408][T10037] ? __pfx___pte_alloc+0x10/0x10 [ 269.996452][T10037] ? _raw_spin_unlock+0x28/0x50 [ 269.996486][T10037] ? __pmd_alloc+0x3fb/0x930 [ 269.996517][T10037] __handle_mm_fault+0x4262/0x53d0 [ 269.996562][T10037] ? __pfx___handle_mm_fault+0x10/0x10 [ 269.996629][T10037] handle_mm_fault+0x589/0xd10 [ 269.996671][T10037] __get_user_pages+0x589/0x3b80 [ 269.996732][T10037] ? __pfx_mt_find+0x10/0x10 [ 269.996777][T10037] ? __pfx___get_user_pages+0x10/0x10 [ 269.996842][T10037] populate_vma_page_range+0x278/0x3a0 [ 269.996876][T10037] ? __pfx_populate_vma_page_range+0x10/0x10 [ 269.996906][T10037] ? __pfx_find_vma_intersection+0x10/0x10 [ 269.996958][T10037] ? do_mmap+0x69c/0x1210 [ 269.996989][T10037] __mm_populate+0x1d8/0x380 [ 269.997021][T10037] ? __pfx___mm_populate+0x10/0x10 [ 269.997054][T10037] ? up_write+0x1b2/0x520 [ 269.997095][T10037] vm_mmap_pgoff+0x362/0x450 [ 269.997146][T10037] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 269.997209][T10037] ? __x64_sys_futex+0x1e0/0x4c0 [ 269.997237][T10037] ? __x64_sys_futex+0x1e9/0x4c0 [ 269.997272][T10037] ksys_mmap_pgoff+0x7d/0x5c0 [ 269.997319][T10037] ? xfd_validate_state+0x61/0x180 [ 269.997348][T10037] ? __pfx_ksys_write+0x10/0x10 [ 269.997390][T10037] __x64_sys_mmap+0x125/0x190 [ 269.997428][T10037] do_syscall_64+0xcd/0x490 [ 269.997473][T10037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.997503][T10037] RIP: 0033:0x7f400798e969 [ 269.997527][T10037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.997556][T10037] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 269.997584][T10037] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 269.997603][T10037] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 269.997622][T10037] RBP: 00007f4007a10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 269.997639][T10037] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 269.997657][T10037] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 269.997696][T10037] [ 270.606880][T10050] netlink: 'syz.3.1654': attribute type 1 has an invalid length. [ 277.488126][T10197] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1710'. [ 279.615261][T10204] kexec: Could not allocate control_code_buffer [ 281.085715][T10261] nbd: socks must be embedded in a SOCK_ITEM attr [ 281.105468][T10261] block nbd2: shutting down sockets [ 281.242729][T10231] syz.0.1724: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 281.334336][T10231] CPU: 0 UID: 0 PID: 10231 Comm: syz.0.1724 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 281.334387][T10231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.334406][T10231] Call Trace: [ 281.334417][T10231] [ 281.334429][T10231] dump_stack_lvl+0x16c/0x1f0 [ 281.334480][T10231] warn_alloc+0x248/0x3a0 [ 281.334525][T10231] ? __pfx_warn_alloc+0x10/0x10 [ 281.334582][T10231] ? packet_set_ring+0xb07/0x18d0 [ 281.334618][T10231] ? __vmalloc_node_noprof+0xad/0xf0 [ 281.334661][T10231] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 281.334712][T10231] ? packet_set_ring+0xb07/0x18d0 [ 281.334760][T10231] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 281.334796][T10231] ? alloc_pages_mpol+0x25a/0x550 [ 281.334845][T10231] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 281.334899][T10231] ? packet_set_ring+0xb07/0x18d0 [ 281.334934][T10231] __vmalloc_node_noprof+0xad/0xf0 [ 281.334969][T10231] ? packet_set_ring+0xb07/0x18d0 [ 281.335011][T10231] packet_set_ring+0xb07/0x18d0 [ 281.335066][T10231] packet_setsockopt+0x121b/0x33c0 [ 281.335117][T10231] ? __pfx_packet_setsockopt+0x10/0x10 [ 281.335167][T10231] ? aa_sk_perm+0x2f4/0xb10 [ 281.335214][T10231] ? __pfx_aa_sk_perm+0x10/0x10 [ 281.335265][T10231] ? errseq_sample+0x53/0x70 [ 281.335306][T10231] ? __pfx_packet_setsockopt+0x10/0x10 [ 281.335348][T10231] do_sock_setsockopt+0x221/0x470 [ 281.335403][T10231] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 281.335482][T10231] __sys_setsockopt+0x120/0x1a0 [ 281.335534][T10231] __x64_sys_setsockopt+0xbd/0x160 [ 281.335576][T10231] ? do_syscall_64+0x91/0x490 [ 281.335618][T10231] ? lockdep_hardirqs_on+0x7c/0x110 [ 281.335662][T10231] do_syscall_64+0xcd/0x490 [ 281.335709][T10231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.335741][T10231] RIP: 0033:0x7f400798e969 [ 281.335767][T10231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.335797][T10231] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 281.335825][T10231] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 281.335846][T10231] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000003 [ 281.335864][T10231] RBP: 00007f4007a10ab1 R08: 000000000000ce24 R09: 0000000000000000 [ 281.335882][T10231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.335900][T10231] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 281.335939][T10231] [ 281.336667][T10267] ======================================================= [ 281.336667][T10267] WARNING: The mand mount option has been deprecated and [ 281.336667][T10267] and is ignored by this kernel. Remove the mand [ 281.336667][T10267] option from the mount to silence this warning. [ 281.336667][T10267] ======================================================= [ 281.340532][T10231] Mem-Info: [ 281.672499][T10231] active_anon:91652 inactive_anon:1 isolated_anon:0 [ 281.672499][T10231] active_file:10610 inactive_file:47289 isolated_file:0 [ 281.672499][T10231] unevictable:768 dirty:73 writeback:0 [ 281.672499][T10231] slab_reclaimable:10157 slab_unreclaimable:95211 [ 281.672499][T10231] mapped:33822 shmem:86195 pagetables:1425 [ 281.672499][T10231] sec_pagetables:0 bounce:0 [ 281.672499][T10231] kernel_misc_reclaimable:0 [ 281.672499][T10231] free:1209774 free_pcp:36108 free_cma:0 [ 281.733905][T10231] Node 0 active_anon:362008kB inactive_anon:4kB active_file:42440kB inactive_file:189024kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135388kB dirty:292kB writeback:0kB shmem:338444kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11036kB pagetables:5344kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 281.814359][T10231] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 281.967588][T10231] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 282.016139][T10231] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 282.022120][T10231] Node 0 DMA32 free:963492kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:332120kB inactive_anon:4kB active_file:42440kB inactive_file:187456kB unevictable:1536kB writepending:412kB present:3129332kB managed:2541088kB mlocked:0kB bounce:0kB free_pcp:122132kB local_pcp:31692kB free_cma:0kB [ 282.104146][T10231] lowmem_reserve[]: 0 0 1 1 1 [ 282.124254][T10231] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 282.185908][T10231] lowmem_reserve[]: 0 0 0 0 0 [ 282.190776][T10231] Node 1 Normal free:3891636kB boost:0kB min:55788kB low:69732kB high:83676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:25212kB local_pcp:18044kB free_cma:0kB [ 282.274126][T10231] lowmem_reserve[]: 0 0 0 0 0 [ 282.278965][T10231] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 282.318416][T10231] Node 0 DMA32: 793*4kB (ME) 495*8kB (M) 387*16kB (M) 330*32kB (UME) 176*64kB (M) 124*128kB (UME) 63*256kB (ME) 76*512kB (UM) 46*1024kB (UME) 18*2048kB (UME) 195*4096kB (UM) = 988748kB [ 282.337844][T10231] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 282.360885][T10231] Node 1 Normal: 179*4kB (UME) 55*8kB (UME) 59*16kB (UME) 118*32kB (UME) 29*64kB (UME) 13*128kB (UME) 5*256kB (ME) 2*512kB (M) 1*1024kB (U) 2*2048kB (ME) 946*4096kB (M) = 3891636kB [ 282.404132][T10231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 282.424041][T10231] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 282.433757][T10231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 282.477369][T10231] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 282.494189][T10231] 123473 total pagecache pages [ 282.499020][T10231] 1 pages in swap cache [ 282.527538][T10231] Free swap = 124992kB [ 282.531766][T10231] Total swap = 124996kB [ 282.541614][T10231] 2097051 pages RAM [ 282.549061][T10231] 0 pages HighMem/MovableOnly [ 282.553785][T10231] 429737 pages reserved [ 282.559492][T10231] 0 pages cma reserved [ 282.854796][T10271] netlink: 130 bytes leftover after parsing attributes in process `syz.3.1733'. [ 283.350358][T10288] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1738'. [ 283.457360][T10292] nbd: socks must be embedded in a SOCK_ITEM attr [ 283.475271][T10292] block nbd2: shutting down sockets [ 284.406130][T10319] nbd: socks must be embedded in a SOCK_ITEM attr [ 284.419726][T10319] block nbd2: shutting down sockets [ 291.614892][T10483] netlink: 130 bytes leftover after parsing attributes in process `syz.1.1806'. [ 291.961048][T10437] kexec: Could not allocate control_code_buffer [ 293.246379][T10507] netlink: 130 bytes leftover after parsing attributes in process `syz.0.1816'. [ 295.344971][T10555] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 299.784546][T10635] FAULT_INJECTION: forcing a failure. [ 299.784546][T10635] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 299.880780][T10635] CPU: 0 UID: 0 PID: 10635 Comm: syz.3.1863 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 299.880829][T10635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.880849][T10635] Call Trace: [ 299.880861][T10635] [ 299.880874][T10635] dump_stack_lvl+0x16c/0x1f0 [ 299.880927][T10635] should_fail_ex+0x512/0x640 [ 299.880989][T10635] should_fail_alloc_page+0xe7/0x130 [ 299.881043][T10635] prepare_alloc_pages+0x3c2/0x610 [ 299.881083][T10635] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 299.881134][T10635] ? __lock_acquire+0x622/0x1c90 [ 299.881185][T10635] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 299.881236][T10635] ? find_held_lock+0x2b/0x80 [ 299.881293][T10635] ? page_table_check_set+0x631/0x750 [ 299.881345][T10635] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 299.881391][T10635] ? policy_nodemask+0xea/0x4e0 [ 299.881444][T10635] alloc_pages_mpol+0x1fb/0x550 [ 299.881494][T10635] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 299.881553][T10635] folio_alloc_mpol_noprof+0x36/0x2f0 [ 299.881612][T10635] vma_alloc_folio_noprof+0xed/0x1e0 [ 299.881678][T10635] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 299.881733][T10635] ? find_held_lock+0x2b/0x80 [ 299.881782][T10635] ? __handle_mm_fault+0x1092/0x53d0 [ 299.881827][T10635] __handle_mm_fault+0x2f21/0x53d0 [ 299.881877][T10635] ? __pfx___handle_mm_fault+0x10/0x10 [ 299.881916][T10635] ? lock_vma_under_rcu+0x47d/0x970 [ 299.881954][T10635] ? lock_vma_under_rcu+0x47d/0x970 [ 299.882024][T10635] handle_mm_fault+0x589/0xd10 [ 299.882064][T10635] ? __pkru_allows_pkey+0x21/0xb0 [ 299.882103][T10635] do_user_addr_fault+0x60c/0x1370 [ 299.882144][T10635] ? rcu_is_watching+0x12/0xc0 [ 299.882200][T10635] exc_page_fault+0x5c/0xb0 [ 299.882245][T10635] asm_exc_page_fault+0x26/0x30 [ 299.882279][T10635] RIP: 0033:0x7fb8a965a35b [ 299.882307][T10635] Code: 00 00 00 48 8d 3d dd 2b 19 00 48 89 c1 31 c0 e8 db 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 2c 19 00 48 89 34 24 48 8b 14 24 48 8b [ 299.882339][T10635] RSP: 002b:00007fb8aa61cfb0 EFLAGS: 00010202 [ 299.882365][T10635] RAX: 0000000000000000 RBX: 00007fb8a99b5fa0 RCX: 0000000000000000 [ 299.882386][T10635] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 299.882406][T10635] RBP: 00007fb8a9810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 299.882427][T10635] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 299.882447][T10635] R13: 0000000000000000 R14: 00007fb8a99b5fa0 R15: 00007ffd0479d0f8 [ 299.882489][T10635] [ 299.882721][T10635] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 300.996241][T10614] kexec: Could not allocate control_code_buffer [ 301.193686][T10653] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1871'. [ 304.205740][T10722] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1896'. [ 305.510421][T10751] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1908'. [ 306.551638][ T1151] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.661408][ T1151] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.761477][ T1151] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.829753][ T1151] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.991752][ T1151] vlan1: left allmulticast mode [ 307.001071][ T1151] vlan1: left promiscuous mode [ 307.012797][ T1151] bridge0: port 4(vlan1) entered disabled state [ 307.027500][ T1151] gretap0: left allmulticast mode [ 307.032647][ T1151] gretap0: left promiscuous mode [ 307.041095][ T1151] bridge0: port 3(gretap0) entered disabled state [ 307.058780][ T1151] bridge_slave_1: left allmulticast mode [ 307.074295][ T1151] bridge_slave_1: left promiscuous mode [ 307.085308][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.098716][ T1151] bridge_slave_0: left allmulticast mode [ 307.106971][ T1151] bridge_slave_0: left promiscuous mode [ 307.112976][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.463543][T10790] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1921'. [ 308.201515][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 308.221650][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 308.230784][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 308.253087][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 308.265234][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 308.514524][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 308.560656][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 308.580182][ T1151] bond0 (unregistering): Released all slaves [ 309.361878][ T1151] hsr_slave_0: left promiscuous mode [ 309.375483][ T1151] hsr_slave_1: left promiscuous mode [ 309.381839][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 309.389955][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 309.399807][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 309.418442][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 309.485536][ T1151] veth1_macvtap: left promiscuous mode [ 309.491894][ T1151] veth0_macvtap: left promiscuous mode [ 309.498240][ T1151] veth1_vlan: left promiscuous mode [ 309.508309][ T1151] veth0_vlan: left promiscuous mode [ 310.093781][ T1151] team0 (unregistering): Port device team_slave_1 removed [ 310.129692][ T1151] team0 (unregistering): Port device team_slave_0 removed [ 310.379761][ T5154] Bluetooth: hci1: command tx timeout [ 310.948076][T10808] chnl_net:caif_netlink_parms(): no params data found [ 311.304678][T10808] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.325883][T10808] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.338260][T10808] bridge_slave_0: entered allmulticast mode [ 311.348413][T10808] bridge_slave_0: entered promiscuous mode [ 311.369849][T10808] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.377948][T10808] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.385789][T10808] bridge_slave_1: entered allmulticast mode [ 311.393991][T10808] bridge_slave_1: entered promiscuous mode [ 311.496422][T10808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.518486][T10864] syz.2.1942 (10864): /proc/10863/oom_adj is deprecated, please use /proc/10863/oom_score_adj instead. [ 311.531774][T10808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.750948][T10808] team0: Port device team_slave_0 added [ 311.789880][T10808] team0: Port device team_slave_1 added [ 311.918812][T10808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.946347][T10808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.022520][T10808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.057774][T10808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 312.075779][T10808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.144414][T10808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.353231][T10808] hsr_slave_0: entered promiscuous mode [ 312.362028][T10808] hsr_slave_1: entered promiscuous mode [ 312.371005][T10808] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 312.386527][T10808] Cannot create hsr debugfs directory [ 312.454437][ T5154] Bluetooth: hci1: command tx timeout [ 314.398502][T10808] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 314.431737][T10808] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 314.475940][T10808] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 314.498454][T10808] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 314.544469][ T5154] Bluetooth: hci1: command tx timeout [ 315.153537][T10808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.253371][T10808] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.448506][ T3005] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.455789][ T3005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.509393][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.516667][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.614433][ T5154] Bluetooth: hci1: command tx timeout [ 316.722684][T10808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.882228][T10808] veth0_vlan: entered promiscuous mode [ 316.913918][T10808] veth1_vlan: entered promiscuous mode [ 316.995821][T10808] veth0_macvtap: entered promiscuous mode [ 317.021704][T10808] veth1_macvtap: entered promiscuous mode [ 317.060280][T10808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.079038][T10808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.117670][T10808] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.144979][T10808] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.153758][T10808] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.164611][T10808] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.330412][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.364740][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.452104][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.462010][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.022782][T11092] zero sized request [ 321.333689][T11097] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1986'. [ 321.797182][T11102] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 322.211093][T11123] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1994'. [ 322.226368][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.226462][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.381447][T11123] team0: Port device team_slave_0 removed [ 324.047476][T11171] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 324.114863][T11174] zero sized request [ 325.083906][T11190] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2014'. [ 326.396681][T11215] zero sized request [ 326.417845][T11209] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 326.955286][T11231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2032'. [ 327.261733][T11231] team0: Port device team_slave_0 removed [ 327.489109][T11241] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2034'. [ 328.673062][T11267] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2045'. [ 330.060752][T11307] FAULT_INJECTION: forcing a failure. [ 330.060752][T11307] name failslab, interval 1, probability 0, space 0, times 0 [ 330.085248][T11307] CPU: 0 UID: 0 PID: 11307 Comm: syz.1.2063 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 330.085300][T11307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 330.085317][T11307] Call Trace: [ 330.085327][T11307] [ 330.085338][T11307] dump_stack_lvl+0x16c/0x1f0 [ 330.085388][T11307] should_fail_ex+0x512/0x640 [ 330.085439][T11307] ? fs_reclaim_acquire+0xae/0x150 [ 330.085474][T11307] should_failslab+0xc2/0x120 [ 330.085522][T11307] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 330.085566][T11307] ? security_inode_alloc+0x3b/0x2b0 [ 330.085618][T11307] security_inode_alloc+0x3b/0x2b0 [ 330.085659][T11307] inode_init_always_gfp+0xce4/0x1030 [ 330.085705][T11307] alloc_inode+0x86/0x240 [ 330.085753][T11307] create_pipe_files+0x4c/0x930 [ 330.085801][T11307] do_pipe2+0xaf/0x1c0 [ 330.085841][T11307] ? __pfx_do_pipe2+0x10/0x10 [ 330.085885][T11307] ? xfd_validate_state+0x61/0x180 [ 330.085916][T11307] ? __pfx___x64_sys_epoll_pwait2+0x10/0x10 [ 330.085964][T11307] __x64_sys_pipe+0x33/0x50 [ 330.086007][T11307] do_syscall_64+0xcd/0x490 [ 330.086062][T11307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.086092][T11307] RIP: 0033:0x7f805e78e969 [ 330.086116][T11307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.086145][T11307] RSP: 002b:00007f805f55a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 330.086191][T11307] RAX: ffffffffffffffda RBX: 00007f805e9b5fa0 RCX: 00007f805e78e969 [ 330.086212][T11307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 330.086230][T11307] RBP: 00007f805e810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 330.086250][T11307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.086269][T11307] R13: 0000000000000000 R14: 00007f805e9b5fa0 R15: 00007fff212e2868 [ 330.086309][T11307] [ 330.729113][T11324] FAULT_INJECTION: forcing a failure. [ 330.729113][T11324] name failslab, interval 1, probability 0, space 0, times 0 [ 330.778649][T11324] CPU: 0 UID: 0 PID: 11324 Comm: syz.3.2067 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 330.778699][T11324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 330.778716][T11324] Call Trace: [ 330.778725][T11324] [ 330.778735][T11324] dump_stack_lvl+0x16c/0x1f0 [ 330.778779][T11324] should_fail_ex+0x512/0x640 [ 330.778824][T11324] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 330.778865][T11324] should_failslab+0xc2/0x120 [ 330.778906][T11324] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 330.778941][T11324] ? __pfx_map_id_range_down+0x10/0x10 [ 330.778975][T11324] ? prepare_creds+0x2c/0x7d0 [ 330.779011][T11324] prepare_creds+0x2c/0x7d0 [ 330.779046][T11324] __sys_setfsuid+0xda/0x350 [ 330.779086][T11324] ? rcu_is_watching+0x12/0xc0 [ 330.779129][T11324] do_syscall_64+0xcd/0x490 [ 330.779170][T11324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.779198][T11324] RIP: 0033:0x7fb8a978e969 [ 330.779220][T11324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.779246][T11324] RSP: 002b:00007fb8aa61e038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a [ 330.779271][T11324] RAX: ffffffffffffffda RBX: 00007fb8a99b5fa0 RCX: 00007fb8a978e969 [ 330.779289][T11324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00 [ 330.779313][T11324] RBP: 00007fb8a9810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 330.779330][T11324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.779346][T11324] R13: 0000000000000000 R14: 00007fb8a99b5fa0 R15: 00007ffd0479d0f8 [ 330.779380][T11324] [ 331.747232][T11343] netlink: 294 bytes leftover after parsing attributes in process `syz.3.2074'. [ 334.263904][T11425] XFS: Clearing xfsstats [ 334.496256][T11431] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2112'. [ 334.625188][T11435] netlink: 19 bytes leftover after parsing attributes in process `syz.3.2114'. [ 335.284195][T11454] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2121'. [ 335.292870][T11444] program syz.0.2117 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 337.302031][T11511] netlink: 'syz.2.2143': attribute type 9 has an invalid length. [ 337.328039][T11511] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2143'. [ 339.151749][T11574] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 340.457264][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2193'. [ 341.730710][T11665] nbd: socks must be embedded in a SOCK_ITEM attr [ 341.739165][T11665] block nbd2: shutting down sockets [ 341.862288][T11667] netlink: 280 bytes leftover after parsing attributes in process `syz.2.2212'. [ 342.339526][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.469647][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.643146][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.773237][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.051913][ T49] vlan1: left allmulticast mode [ 343.056927][ T49] veth0_vlan: left allmulticast mode [ 343.080208][ T49] vlan1: left promiscuous mode [ 343.091362][ T49] bridge0: port 3(vlan1) entered disabled state [ 343.118912][ T49] bridge_slave_1: left allmulticast mode [ 343.140980][ T49] bridge_slave_1: left promiscuous mode [ 343.146876][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.166804][ T49] bridge_slave_0: left allmulticast mode [ 343.180947][ T49] bridge_slave_0: left promiscuous mode [ 343.186814][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.225177][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 343.241430][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 343.249281][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 343.258406][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 343.271693][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 344.152749][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 344.165642][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 344.195250][ T49] bond0 (unregistering): Released all slaves [ 345.087340][ T49] hsr_slave_0: left promiscuous mode [ 345.128117][ T49] hsr_slave_1: left promiscuous mode [ 345.142292][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.149746][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.254264][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.271893][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 345.341651][ T49] veth1_macvtap: left promiscuous mode [ 345.352088][ T51] Bluetooth: hci4: command tx timeout [ 345.381963][ T49] veth0_macvtap: left promiscuous mode [ 345.398918][ T49] veth1_vlan: left promiscuous mode [ 345.422398][ T49] veth0_vlan: left promiscuous mode [ 346.420840][ T49] team0 (unregistering): Port device team_slave_1 removed [ 346.465794][ T49] team0 (unregistering): Port device team_slave_0 removed [ 347.007381][T11689] chnl_net:caif_netlink_parms(): no params data found [ 347.410038][T11689] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.422996][ T51] Bluetooth: hci4: command tx timeout [ 347.431693][T11689] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.447931][T11689] bridge_slave_0: entered allmulticast mode [ 347.496210][T11689] bridge_slave_0: entered promiscuous mode [ 347.528548][T11689] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.547978][T11689] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.565364][T11689] bridge_slave_1: entered allmulticast mode [ 347.584602][T11689] bridge_slave_1: entered promiscuous mode [ 347.896126][T11689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.961814][T11689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.138594][T11689] team0: Port device team_slave_0 added [ 348.187149][T11689] team0: Port device team_slave_1 added [ 348.330248][T11689] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.353592][T11689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.403848][T11689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.425639][T11689] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 348.442981][T11689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.482600][T11689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 348.711156][T11825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2263'. [ 348.749197][T11689] hsr_slave_0: entered promiscuous mode [ 348.764799][T11689] hsr_slave_1: entered promiscuous mode [ 349.504135][ T51] Bluetooth: hci4: command tx timeout [ 350.685087][T11689] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 350.699948][T11689] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 350.762017][T11689] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 350.807926][T11689] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 351.064437][T11689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.139895][T11689] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.172327][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.179607][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.246008][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.253252][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.595214][ T51] Bluetooth: hci4: command tx timeout [ 352.081026][T11689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.318840][T11689] veth0_vlan: entered promiscuous mode [ 352.362265][T11689] veth1_vlan: entered promiscuous mode [ 352.481556][T11689] veth0_macvtap: entered promiscuous mode [ 352.511219][T11689] veth1_macvtap: entered promiscuous mode [ 352.596510][T11689] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.625225][T11689] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 352.669192][T11689] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.704349][T11689] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.717363][T11689] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.726911][T11689] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.056721][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.065305][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.223119][ T3005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.246655][ T3005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.111121][T12015] netlink: 'syz.2.2313': attribute type 1 has an invalid length. [ 355.857563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 355.957860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 356.561313][T12055] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2327'. [ 356.962080][T12067] sock: sock_timestamping_bind_phc: sock not bind to device [ 360.985785][T12187] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2381'. [ 362.412906][T12241] nbd: socks must be embedded in a SOCK_ITEM attr [ 362.440203][T12241] block nbd2: shutting down sockets [ 362.984893][T12263] XFS: Clearing xfsstats [ 363.148203][T12260] program syz.2.2412 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 363.509839][T12280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2420'. [ 363.534701][T12280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2420'. [ 364.057510][T12295] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2425'. [ 365.103627][T12336] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2441'. [ 365.811935][T12355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2449'. [ 365.882420][T12355] caif0: entered promiscuous mode [ 367.172645][T12398] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2468'. [ 371.349840][T12530] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2522'. [ 372.696433][T12571] Value of "id" is too big. [ 374.128714][ T30] audit: type=1804 audit(1748787978.211:8): pid=12629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2564" name="/newroot/631/file0" dev="tmpfs" ino=3215 res=1 errno=0 [ 374.195246][ T30] audit: type=1800 audit(1748787978.211:9): pid=12629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2564" name="file0" dev="tmpfs" ino=3215 res=0 errno=0 [ 374.232196][ T30] audit: type=1800 audit(1748787978.231:10): pid=12629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2564" name="file0" dev="tmpfs" ino=3215 res=0 errno=0 [ 377.169827][T12708] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2595'. [ 377.178730][T12705] CIFS: VFS: Unsupported security flags: 0x10 [ 381.616078][T12835] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2643'. [ 381.768139][T12835] team0: Port device team_slave_0 removed [ 383.686201][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.693598][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.147416][T12920] netlink: 'syz.0.2677': attribute type 9 has an invalid length. [ 385.165511][T12920] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2677'. [ 385.851446][T12939] netlink: 198 bytes leftover after parsing attributes in process `syz.0.2685'. [ 389.359550][T13030] ptrace attach of "./syz-executor exec"[10808] was attempted by ""[13030] [ 391.820589][ T51] Bluetooth: hci3: Malformed Event: 0x02 [ 392.537735][T13092] Invalid ELF header magic: != ELF [ 393.165807][T13116] svc: failed to register nfsdv3 RPC service (errno 111). [ 393.177867][ T51] Bluetooth: hci2: Malformed Event: 0x02 [ 393.184334][T13116] svc: failed to register nfsaclv3 RPC service (errno 111). [ 397.639738][T13222] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2793'. [ 402.745524][T13316] Invalid ELF header magic: != ELF [ 403.600068][T13353] tipc: Started in network mode [ 403.615737][T13353] tipc: Node identity ee00, cluster identity 4711 [ 403.634803][T13353] tipc: Node number set to 60928 [ 403.752002][T13357] batman_adv: batadv0: adding TT local entry 00:00:01:00:00:00 to non-existent VLAN 16 [ 404.273462][T13373] zswap: compressor not available [ 405.297517][T13409] nbd2: detected capacity change from 0 to 68719476736 [ 405.336810][T13415] block nbd2: Send control failed (result -22) [ 405.354858][T13415] block nbd2: Request send failed, requeueing [ 405.384833][ T51] block nbd2: Receive control failed (result -32) [ 405.428082][ T95] block nbd2: Dead connection, failed to find a fallback [ 405.435630][ T95] block nbd2: shutting down sockets [ 405.441237][ T95] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.450883][ T95] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.460601][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.478534][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.490333][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.499717][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.511663][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.522409][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.530920][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.540090][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.548418][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.557598][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.565707][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.575028][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.583040][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.592253][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.595967][T13417] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2871'. [ 405.600486][T13415] ldm_validate_partition_table(): Disk read failed. [ 405.627798][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.654714][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.683026][T13415] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 405.714546][T13415] Buffer I/O error on dev nbd2, logical block 0, async page read [ 405.744441][T13415] Dev nbd2: unable to read RDB block 0 [ 405.763581][T13415] nbd2: unable to read partition table [ 405.805286][T13415] ldm_validate_partition_table(): Disk read failed. [ 405.826033][T13415] Dev nbd2: unable to read RDB block 0 [ 405.842592][T13415] nbd2: unable to read partition table [ 406.466430][T13438] svc: failed to register nfsdv3 RPC service (errno 111). [ 406.480722][T13438] svc: failed to register nfsaclv3 RPC service (errno 111). [ 407.275093][T13462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2891'. [ 408.437548][T13491] netlink: 'syz.0.2901': attribute type 2 has an invalid length. [ 408.467055][T13491] netlink: 'syz.0.2901': attribute type 2 has an invalid length. [ 409.069632][T13516] FAULT_INJECTION: forcing a failure. [ 409.069632][T13516] name failslab, interval 1, probability 0, space 0, times 0 [ 409.089413][T13516] CPU: 1 UID: 0 PID: 13516 Comm: syz.0.2911 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 409.089470][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 409.089491][T13516] Call Trace: [ 409.089503][T13516] [ 409.089515][T13516] dump_stack_lvl+0x16c/0x1f0 [ 409.089568][T13516] should_fail_ex+0x512/0x640 [ 409.089622][T13516] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 409.089677][T13516] should_failslab+0xc2/0x120 [ 409.089725][T13516] __kmalloc_cache_noprof+0x6a/0x3e0 [ 409.089762][T13516] ? nat_init_net+0x56/0x270 [ 409.089814][T13516] ? __pfx_nat_init_net+0x10/0x10 [ 409.089865][T13516] nat_init_net+0x56/0x270 [ 409.089916][T13516] ops_init+0x1e2/0x5f0 [ 409.089967][T13516] setup_net+0x1ff/0x510 [ 409.090013][T13516] ? lockdep_init_map_type+0x5c/0x280 [ 409.090049][T13516] ? __pfx_setup_net+0x10/0x10 [ 409.090099][T13516] ? debug_mutex_init+0x37/0x70 [ 409.090148][T13516] copy_net_ns+0x2a6/0x5f0 [ 409.090181][T13516] create_new_namespaces+0x3ea/0xa90 [ 409.090240][T13516] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 409.090293][T13516] ksys_unshare+0x45b/0xa40 [ 409.090328][T13516] ? __pfx_ksys_unshare+0x10/0x10 [ 409.090363][T13516] ? xfd_validate_state+0x61/0x180 [ 409.090413][T13516] __x64_sys_unshare+0x31/0x40 [ 409.090470][T13516] do_syscall_64+0xcd/0x490 [ 409.090520][T13516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.090553][T13516] RIP: 0033:0x7f400798e969 [ 409.090580][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.090612][T13516] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 409.090644][T13516] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 409.090671][T13516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 409.090691][T13516] RBP: 00007f4007a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 409.090711][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.090730][T13516] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 409.090773][T13516] [ 409.325144][T13519] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2912'. [ 409.578650][T13525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 409.990841][T13540] Process accounting resumed [ 410.388664][T13566] FAULT_INJECTION: forcing a failure. [ 410.388664][T13566] name failslab, interval 1, probability 0, space 0, times 0 [ 410.413493][T13566] CPU: 0 UID: 0 PID: 13566 Comm: syz.2.2933 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 410.413540][T13566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 410.413559][T13566] Call Trace: [ 410.413569][T13566] [ 410.413588][T13566] dump_stack_lvl+0x16c/0x1f0 [ 410.413638][T13566] should_fail_ex+0x512/0x640 [ 410.413689][T13566] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 410.413730][T13566] should_failslab+0xc2/0x120 [ 410.413778][T13566] __kmalloc_cache_noprof+0x6a/0x3e0 [ 410.413816][T13566] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 410.413852][T13566] ? kasan_save_track+0x14/0x30 [ 410.413896][T13566] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 410.413934][T13566] ? rcu_is_watching+0x12/0xc0 [ 410.413986][T13566] ? __mutex_lock+0x1ca/0xb90 [ 410.414035][T13566] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 410.414073][T13566] ? __pfx___mutex_lock+0x10/0x10 [ 410.414127][T13566] ? __fsnotify_parent+0x24b/0xc40 [ 410.414173][T13566] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 410.414208][T13566] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 410.414240][T13566] snd_pcm_oss_sync+0x1de/0x840 [ 410.414275][T13566] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 410.414307][T13566] snd_pcm_oss_release+0x28b/0x310 [ 410.414342][T13566] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 410.414375][T13566] __fput+0x3ff/0xb70 [ 410.414443][T13566] task_work_run+0x150/0x240 [ 410.414482][T13566] ? __pfx_task_work_run+0x10/0x10 [ 410.414525][T13566] ? __pfx___do_sys_close_range+0x10/0x10 [ 410.414574][T13566] exit_to_user_mode_loop+0xeb/0x110 [ 410.414638][T13566] do_syscall_64+0x3f6/0x490 [ 410.414686][T13566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.414717][T13566] RIP: 0033:0x7f06ee98e969 [ 410.414742][T13566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.414773][T13566] RSP: 002b:00007f06ef73e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 410.414801][T13566] RAX: 0000000000000000 RBX: 00007f06eebb5fa0 RCX: 00007f06ee98e969 [ 410.414819][T13566] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 410.414838][T13566] RBP: 00007f06eea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 410.414856][T13566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.414873][T13566] R13: 0000000000000000 R14: 00007f06eebb5fa0 R15: 00007fff8541a018 [ 410.414912][T13566] [ 412.075768][T13608] netlink: 'syz.2.2958': attribute type 13 has an invalid length. [ 414.242552][T13652] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2969'. [ 415.585653][T13680] netlink: 'syz.2.2978': attribute type 15 has an invalid length. [ 415.603832][T13680] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2978'. [ 415.849187][T13686] RDS: rds_bind could not find a transport for fe80::465:4157:bc30:9bbd, load rds_tcp or rds_rdma? [ 417.188582][T13711] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2992'. [ 417.868854][T13728] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2999'. [ 418.011166][T13730] FAULT_INJECTION: forcing a failure. [ 418.011166][T13730] name failslab, interval 1, probability 0, space 0, times 0 [ 418.024260][T13730] CPU: 1 UID: 0 PID: 13730 Comm: syz.1.3000 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 418.024304][T13730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 418.024323][T13730] Call Trace: [ 418.024334][T13730] [ 418.024346][T13730] dump_stack_lvl+0x16c/0x1f0 [ 418.024398][T13730] should_fail_ex+0x512/0x640 [ 418.024452][T13730] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 418.024502][T13730] should_failslab+0xc2/0x120 [ 418.024551][T13730] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 418.024601][T13730] ? __d_alloc+0x31/0xaa0 [ 418.024650][T13730] __d_alloc+0x31/0xaa0 [ 418.024701][T13730] path_from_stashed+0x500/0xb00 [ 418.024750][T13730] ? __pfx_path_from_stashed+0x10/0x10 [ 418.024796][T13730] ? do_raw_spin_unlock+0x172/0x230 [ 418.024848][T13730] ns_get_path+0x5f/0x80 [ 418.024884][T13730] proc_ns_get_link+0x121/0x260 [ 418.024924][T13730] ? __pfx_proc_ns_get_link+0x10/0x10 [ 418.024969][T13730] ? atime_needs_update+0x8b/0x710 [ 418.025035][T13730] ? __pfx_proc_ns_get_link+0x10/0x10 [ 418.025076][T13730] step_into+0x1a2c/0x2270 [ 418.025120][T13730] ? __pfx_step_into+0x10/0x10 [ 418.025154][T13730] ? find_held_lock+0x2b/0x80 [ 418.025214][T13730] path_openat+0x6db/0x2cb0 [ 418.025278][T13730] ? __pfx_path_openat+0x10/0x10 [ 418.025320][T13730] ? __lock_acquire+0xb8a/0x1c90 [ 418.025358][T13730] do_filp_open+0x20b/0x470 [ 418.025397][T13730] ? __pfx_do_filp_open+0x10/0x10 [ 418.025466][T13730] ? alloc_fd+0x471/0x7d0 [ 418.025514][T13730] do_sys_openat2+0x11b/0x1d0 [ 418.025542][T13730] ? __pfx_do_sys_openat2+0x10/0x10 [ 418.025611][T13730] __x64_sys_openat+0x174/0x210 [ 418.025641][T13730] ? __pfx___x64_sys_openat+0x10/0x10 [ 418.025688][T13730] do_syscall_64+0xcd/0x490 [ 418.025733][T13730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.025765][T13730] RIP: 0033:0x7f805e78d2d0 [ 418.025790][T13730] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 418.025821][T13730] RSP: 002b:00007f805f559f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 418.025851][T13730] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f805e78d2d0 [ 418.025871][T13730] RDX: 0000000000000002 RSI: 00007f805f559fa0 RDI: 00000000ffffff9c [ 418.025891][T13730] RBP: 00007f805f559fa0 R08: 0000000000000000 R09: 0000000000000000 [ 418.025911][T13730] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 418.025930][T13730] R13: 0000000000000000 R14: 00007f805e9b5fa0 R15: 00007fff212e2868 [ 418.025971][T13730] [ 418.355821][T13736] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3003'. [ 418.820333][T13747] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3007'. [ 419.166811][T13752] netlink: 350 bytes leftover after parsing attributes in process `syz.2.3010'. [ 420.081770][T13785] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3026'. [ 420.428136][T13799] ================================================================== [ 420.436281][T13799] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 420.444260][T13799] Read of size 8 at addr ffff88804c21c800 by task syz.0.3032/13799 [ 420.452192][T13799] [ 420.454551][T13799] CPU: 1 UID: 0 PID: 13799 Comm: syz.0.3032 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 420.454593][T13799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 420.454614][T13799] Call Trace: [ 420.454625][T13799] [ 420.454636][T13799] dump_stack_lvl+0x116/0x1f0 [ 420.454687][T13799] print_report+0xcd/0x680 [ 420.454735][T13799] ? __virt_addr_valid+0x81/0x610 [ 420.454787][T13799] ? __phys_addr+0xe8/0x180 [ 420.454836][T13799] ? force_devcd_write+0x312/0x340 [ 420.454893][T13799] kasan_report+0xe0/0x110 [ 420.454941][T13799] ? force_devcd_write+0x312/0x340 [ 420.454996][T13799] force_devcd_write+0x312/0x340 [ 420.455045][T13799] ? __pfx_force_devcd_write+0x10/0x10 [ 420.455095][T13799] ? __debugfs_file_get+0x1fe/0x840 [ 420.455143][T13799] ? __pfx___debugfs_file_get+0x10/0x10 [ 420.455197][T13799] full_proxy_write+0x13c/0x200 [ 420.455248][T13799] ? __pfx_full_proxy_write+0x10/0x10 [ 420.455297][T13799] vfs_write+0x2a0/0x1150 [ 420.455340][T13799] ? __pfx___mutex_lock+0x10/0x10 [ 420.455387][T13799] ? __pfx_vfs_write+0x10/0x10 [ 420.455431][T13799] ? __fget_files+0x20e/0x3c0 [ 420.455475][T13799] ksys_write+0x12a/0x250 [ 420.455515][T13799] ? __pfx_ksys_write+0x10/0x10 [ 420.455562][T13799] do_syscall_64+0xcd/0x490 [ 420.455610][T13799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.455644][T13799] RIP: 0033:0x7f400798e969 [ 420.455670][T13799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.455703][T13799] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 420.455735][T13799] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 420.455758][T13799] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000005 [ 420.455778][T13799] RBP: 00007f4007a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 420.455798][T13799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.455818][T13799] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 420.455850][T13799] [ 420.455868][T13799] [ 420.664726][T13799] Allocated by task 1099: [ 420.669069][T13799] kasan_save_stack+0x33/0x60 [ 420.673783][T13799] kasan_save_track+0x14/0x30 [ 420.678496][T13799] __kasan_kmalloc+0xaa/0xb0 [ 420.683118][T13799] __kmalloc_noprof+0x223/0x510 [ 420.688000][T13799] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 420.693922][T13799] ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 420.700111][T13799] ieee80211_iface_work+0xbf4/0x1020 [ 420.705432][T13799] cfg80211_wiphy_work+0x3dc/0x550 [ 420.710585][T13799] process_one_work+0x9cf/0x1b70 [ 420.715555][T13799] worker_thread+0x6c8/0xf10 [ 420.720177][T13799] kthread+0x3c2/0x780 [ 420.724269][T13799] ret_from_fork+0x5d4/0x6f0 [ 420.728883][T13799] ret_from_fork_asm+0x1a/0x30 [ 420.733668][T13799] [ 420.736005][T13799] Freed by task 1099: [ 420.739995][T13799] kasan_save_stack+0x33/0x60 [ 420.744705][T13799] kasan_save_track+0x14/0x30 [ 420.749429][T13799] kasan_save_free_info+0x3b/0x60 [ 420.754476][T13799] __kasan_slab_free+0x51/0x70 [ 420.759270][T13799] kfree+0x2b4/0x4d0 [ 420.763192][T13799] ieee80211_ibss_rx_queued_mgmt+0x1a92/0x2fd0 [ 420.769374][T13799] ieee80211_iface_work+0xbf4/0x1020 [ 420.774835][T13799] cfg80211_wiphy_work+0x3dc/0x550 [ 420.780007][T13799] process_one_work+0x9cf/0x1b70 [ 420.784980][T13799] worker_thread+0x6c8/0xf10 [ 420.789601][T13799] kthread+0x3c2/0x780 [ 420.793702][T13799] ret_from_fork+0x5d4/0x6f0 [ 420.798318][T13799] ret_from_fork_asm+0x1a/0x30 [ 420.803106][T13799] [ 420.805445][T13799] The buggy address belongs to the object at ffff88804c21c800 [ 420.805445][T13799] which belongs to the cache kmalloc-1k of size 1024 [ 420.819516][T13799] The buggy address is located 0 bytes inside of [ 420.819516][T13799] freed 1024-byte region [ffff88804c21c800, ffff88804c21cc00) [ 420.833255][T13799] [ 420.835598][T13799] The buggy address belongs to the physical page: [ 420.842029][T13799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c218 [ 420.850815][T13799] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 420.859353][T13799] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 420.867352][T13799] page_type: f5(slab) [ 420.871352][T13799] raw: 00fff00000000040 ffff88801b441dc0 0000000000000000 dead000000000001 [ 420.880019][T13799] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 420.888630][T13799] head: 00fff00000000040 ffff88801b441dc0 0000000000000000 dead000000000001 [ 420.897323][T13799] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 420.906014][T13799] head: 00fff00000000003 ffffea0001308601 00000000ffffffff 00000000ffffffff [ 420.914707][T13799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 420.923388][T13799] page dumped because: kasan: bad access detected [ 420.929828][T13799] page_owner tracks the page as allocated [ 420.935554][T13799] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5210, tgid 5210 (udevd), ts 52787554040, free_ts 52766280224 [ 420.956343][T13799] post_alloc_hook+0x1c0/0x230 [ 420.961141][T13799] get_page_from_freelist+0x1321/0x3890 [ 420.966718][T13799] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 420.972648][T13799] alloc_pages_mpol+0x1fb/0x550 [ 420.977536][T13799] new_slab+0x23b/0x330 [ 420.981718][T13799] ___slab_alloc+0xd9c/0x1940 [ 420.986420][T13799] __slab_alloc.constprop.0+0x56/0xb0 [ 420.991823][T13799] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 420.998287][T13799] kmalloc_reserve+0xef/0x2c0 [ 421.002982][T13799] __alloc_skb+0x166/0x380 [ 421.007426][T13799] netlink_alloc_large_skb+0x69/0x130 [ 421.012843][T13799] netlink_sendmsg+0x6a1/0xdd0 [ 421.017626][T13799] ____sys_sendmsg+0xa95/0xc70 [ 421.022411][T13799] ___sys_sendmsg+0x134/0x1d0 [ 421.027125][T13799] __sys_sendmsg+0x16d/0x220 [ 421.031745][T13799] do_syscall_64+0xcd/0x490 [ 421.036291][T13799] page last free pid 5344 tgid 5344 stack trace: [ 421.042633][T13799] __free_frozen_pages+0x7fe/0x1180 [ 421.047887][T13799] __put_partials+0x16d/0x1c0 [ 421.052588][T13799] qlist_free_all+0x4d/0x120 [ 421.057206][T13799] kasan_quarantine_reduce+0x195/0x1e0 [ 421.062689][T13799] __kasan_slab_alloc+0x69/0x90 [ 421.067600][T13799] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 421.073087][T13799] vm_area_alloc+0x1f/0x160 [ 421.077618][T13799] __mmap_region+0xf0e/0x25e0 [ 421.082337][T13799] mmap_region+0x1ab/0x3f0 [ 421.086786][T13799] do_mmap+0xa3e/0x1210 [ 421.090983][T13799] vm_mmap_pgoff+0x281/0x450 [ 421.095616][T13799] ksys_mmap_pgoff+0x32c/0x5c0 [ 421.100422][T13799] __x64_sys_mmap+0x125/0x190 [ 421.105127][T13799] do_syscall_64+0xcd/0x490 [ 421.109667][T13799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.115593][T13799] [ 421.117931][T13799] Memory state around the buggy address: [ 421.123579][T13799] ffff88804c21c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 421.131676][T13799] ffff88804c21c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 421.139768][T13799] >ffff88804c21c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.147850][T13799] ^ [ 421.151953][T13799] ffff88804c21c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.160048][T13799] ffff88804c21c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.168217][T13799] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 421.350432][T13799] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 421.357804][T13799] CPU: 1 UID: 0 PID: 13799 Comm: syz.0.3032 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 421.369577][T13799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.379673][T13799] Call Trace: [ 421.382981][T13799] [ 421.385947][T13799] dump_stack_lvl+0x3d/0x1f0 [ 421.390593][T13799] panic+0x71c/0x800 [ 421.394534][T13799] ? __pfx_panic+0x10/0x10 [ 421.398997][T13799] ? mark_held_locks+0x49/0x80 [ 421.403808][T13799] ? preempt_schedule_thunk+0x16/0x30 [ 421.409231][T13799] ? force_devcd_write+0x312/0x340 [ 421.414402][T13799] ? preempt_schedule_common+0x44/0xc0 [ 421.419923][T13799] ? force_devcd_write+0x312/0x340 [ 421.425091][T13799] check_panic_on_warn+0xab/0xb0 [ 421.430081][T13799] end_report+0x107/0x170 [ 421.434475][T13799] kasan_report+0xee/0x110 [ 421.438973][T13799] ? force_devcd_write+0x312/0x340 [ 421.444163][T13799] force_devcd_write+0x312/0x340 [ 421.449174][T13799] ? __pfx_force_devcd_write+0x10/0x10 [ 421.454702][T13799] ? __debugfs_file_get+0x1fe/0x840 [ 421.459964][T13799] ? __pfx___debugfs_file_get+0x10/0x10 [ 421.465586][T13799] full_proxy_write+0x13c/0x200 [ 421.470510][T13799] ? __pfx_full_proxy_write+0x10/0x10 [ 421.475948][T13799] vfs_write+0x2a0/0x1150 [ 421.480340][T13799] ? __pfx___mutex_lock+0x10/0x10 [ 421.485424][T13799] ? __pfx_vfs_write+0x10/0x10 [ 421.490259][T13799] ? __fget_files+0x20e/0x3c0 [ 421.495007][T13799] ksys_write+0x12a/0x250 [ 421.499410][T13799] ? __pfx_ksys_write+0x10/0x10 [ 421.504330][T13799] do_syscall_64+0xcd/0x490 [ 421.508911][T13799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.514881][T13799] RIP: 0033:0x7f400798e969 [ 421.519350][T13799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.539125][T13799] RSP: 002b:00007f40088a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 421.547604][T13799] RAX: ffffffffffffffda RBX: 00007f4007bb5fa0 RCX: 00007f400798e969 [ 421.555625][T13799] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000005 [ 421.563636][T13799] RBP: 00007f4007a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 421.571646][T13799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.579663][T13799] R13: 0000000000000000 R14: 00007f4007bb5fa0 R15: 00007ffdda203458 [ 421.587755][T13799] [ 421.591080][T13799] Kernel Offset: disabled [ 421.595433][T13799] Rebooting in 86400 seconds..