last executing test programs: 14.443860236s ago: executing program 1 (id=3191): close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) mremap$auto(0x0, 0x9, 0x2, 0x3, 0x7fffffffb000) 9.295655374s ago: executing program 2 (id=3200): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) setregid$auto(0x0, 0x3) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000002, 0x0) ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8) 8.189481484s ago: executing program 2 (id=3203): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0xb, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r1, 0xc038563c, r0) 7.11746279s ago: executing program 2 (id=3208): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x28, 0x801, 0x0) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) tee$auto(r0, 0x3, 0x402, 0xe) 6.645760667s ago: executing program 2 (id=3212): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) 6.18723438s ago: executing program 2 (id=3215): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) r0 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="090027bd7000fbdbdf250200000008000800", @ANYRES32=r2, @ANYBLOB="140001800800020006000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x3, 0x0, 0x7, 0xa505}, 0x8800}, 0x80000000, 0x4008) 5.713931784s ago: executing program 2 (id=3217): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0xe) 5.16078204s ago: executing program 0 (id=3219): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x1) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) 4.658162155s ago: executing program 0 (id=3221): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) 3.415390126s ago: executing program 1 (id=3224): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) 3.323605762s ago: executing program 3 (id=3225): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0x5450, 0x0) 3.095464249s ago: executing program 1 (id=3226): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x106) getcwd$auto(0x0, 0xffffffffffffffff) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0x9) getcwd$auto(0x0, 0xffffffffffffffff) inotify_add_watch$auto(0x4, 0x0, 0x9) 2.989307074s ago: executing program 0 (id=3227): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x2, 0x0, [{0x2ff, 0x10, 0x1}]}) 2.799656647s ago: executing program 1 (id=3228): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400, 0x200000df, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0x3, 0x5412, 0x38) sysfs$auto(0x2, 0x2, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 2.728746779s ago: executing program 3 (id=3229): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0) read$auto(0x3, 0x0, 0x80) r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r0, 0x0, 0x9) 1.604189732s ago: executing program 3 (id=3230): openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_score_adj\x00', 0x4040, 0x0) r0 = socket(0x2a, 0x2, 0x1) bpf$auto(0x7, &(0x7f00000000c0)=@bpf_attr_7={@start_id=0x4, 0x14, 0x7}, 0x10) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) read$auto(r1, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 1.324350303s ago: executing program 0 (id=3231): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/loop4/size\x00', 0x80, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, '\v\x00\x00\x00\x00\x00\x00\x00'}, 0x2) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/17, 0x11) 1.02139157s ago: executing program 3 (id=3232): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) r0 = socket(0x2, 0x801, 0x106) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(r0, 0x0, 0x13, 0x0, 0x8009) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) 843.542102ms ago: executing program 0 (id=3233): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x890) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB='1'], 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}, 0x1, 0x0, 0x0, 0x20000820}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 726.93003ms ago: executing program 3 (id=3234): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r0, 0x402, 0xffffffffffffffff) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r1, 0x402, 0x2) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) r3 = gettid() fcntl$auto(r2, 0x402, r3) 384.718889ms ago: executing program 1 (id=3235): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) getpeername$auto(0x3, 0x0, 0x0) 269.288255ms ago: executing program 0 (id=3236): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80046f49, r0) 115.312489ms ago: executing program 1 (id=3237): kexec_load$auto(0x6, 0x2, &(0x7f00000002c0)={@buf=&(0x7f0000000200)="54d407", 0x2aa7, 0x6c0000bffd, 0xbffe}, 0x4) mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x7}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) 0s ago: executing program 3 (id=3238): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x26f, 0xe3, 0x80}]}) kernel console output (not intermixed with test programs): 00000 R09: 0000000000000000 [ 353.506178][T10780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.506196][T10780] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 353.506225][T10780] [ 355.056707][T10800] FAULT_INJECTION: forcing a failure. [ 355.056707][T10800] name failslab, interval 1, probability 0, space 0, times 0 [ 355.152669][T10800] CPU: 1 UID: 0 PID: 10800 Comm: syz.0.1897 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 355.152706][T10800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.152726][T10800] Call Trace: [ 355.152734][T10800] [ 355.152744][T10800] dump_stack_lvl+0x16c/0x1f0 [ 355.152786][T10800] should_fail_ex+0x512/0x640 [ 355.152822][T10800] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 355.152858][T10800] should_failslab+0xc2/0x120 [ 355.152881][T10800] __kmalloc_cache_noprof+0x6a/0x3e0 [ 355.152914][T10800] ? pty_common_install+0x10e/0xb30 [ 355.152952][T10800] pty_common_install+0x10e/0xb30 [ 355.152988][T10800] ? __pfx_pty_install+0x10/0x10 [ 355.153021][T10800] tty_init_dev.part.0+0x99/0x500 [ 355.153047][T10800] tty_open+0xa50/0xf90 [ 355.153076][T10800] ? __pfx_tty_open+0x10/0x10 [ 355.153098][T10800] ? chrdev_open+0x58c/0x6a0 [ 355.153140][T10800] ? __pfx_tty_open+0x10/0x10 [ 355.153162][T10800] chrdev_open+0x231/0x6a0 [ 355.153201][T10800] ? __pfx_chrdev_open+0x10/0x10 [ 355.153242][T10800] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 355.153280][T10800] do_dentry_open+0x744/0x1c10 [ 355.153317][T10800] ? __pfx_chrdev_open+0x10/0x10 [ 355.153361][T10800] vfs_open+0x82/0x3f0 [ 355.153390][T10800] path_openat+0x1de4/0x2cb0 [ 355.153435][T10800] ? __pfx_path_openat+0x10/0x10 [ 355.153472][T10800] ? __lock_acquire+0xb8a/0x1c90 [ 355.153509][T10800] do_filp_open+0x20b/0x470 [ 355.153545][T10800] ? __pfx_do_filp_open+0x10/0x10 [ 355.153605][T10800] ? alloc_fd+0x471/0x7d0 [ 355.153645][T10800] do_sys_openat2+0x11b/0x1d0 [ 355.153671][T10800] ? __pfx_do_sys_openat2+0x10/0x10 [ 355.153709][T10800] __x64_sys_openat+0x174/0x210 [ 355.153743][T10800] ? __pfx___x64_sys_openat+0x10/0x10 [ 355.153782][T10800] do_syscall_64+0xcd/0x490 [ 355.153821][T10800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.153845][T10800] RIP: 0033:0x7f5ee918e929 [ 355.153862][T10800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.153884][T10800] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 355.153906][T10800] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 355.153921][T10800] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 355.153935][T10800] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 355.153949][T10800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.153962][T10800] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 355.153991][T10800] [ 355.853997][T10802] zswap: compressor not available [ 356.730745][T10823] netlink: 'syz.1.1901': attribute type 15 has an invalid length. [ 359.263966][T10876] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1918'. [ 359.865810][T10892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1924'. [ 360.348707][T10899] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1927'. [ 360.570084][T10905] FAULT_INJECTION: forcing a failure. [ 360.570084][T10905] name failslab, interval 1, probability 0, space 0, times 0 [ 360.672877][T10905] CPU: 1 UID: 0 PID: 10905 Comm: syz.3.1929 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 360.672910][T10905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 360.672924][T10905] Call Trace: [ 360.672932][T10905] [ 360.672941][T10905] dump_stack_lvl+0x16c/0x1f0 [ 360.672981][T10905] should_fail_ex+0x512/0x640 [ 360.673023][T10905] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 360.673064][T10905] should_failslab+0xc2/0x120 [ 360.673087][T10905] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 360.673125][T10905] ? shmem_alloc_inode+0x25/0x50 [ 360.673152][T10905] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 360.673174][T10905] shmem_alloc_inode+0x25/0x50 [ 360.673197][T10905] alloc_inode+0x64/0x240 [ 360.673221][T10905] new_inode+0x22/0x1c0 [ 360.673248][T10905] shmem_get_inode+0x19a/0xfb0 [ 360.673281][T10905] shmem_mknod+0x1a8/0x450 [ 360.673311][T10905] ? __pfx_shmem_create+0x10/0x10 [ 360.673336][T10905] lookup_open.isra.0+0x11d0/0x1580 [ 360.673373][T10905] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 360.673419][T10905] ? __pfx_down_write+0x10/0x10 [ 360.673438][T10905] ? mnt_get_write_access+0x20c/0x300 [ 360.673469][T10905] path_openat+0x893/0x2cb0 [ 360.673513][T10905] ? __pfx_path_openat+0x10/0x10 [ 360.673550][T10905] ? __lock_acquire+0xb8a/0x1c90 [ 360.673590][T10905] do_filp_open+0x20b/0x470 [ 360.673625][T10905] ? __pfx_do_filp_open+0x10/0x10 [ 360.673681][T10905] ? alloc_fd+0x471/0x7d0 [ 360.673721][T10905] do_sys_openat2+0x11b/0x1d0 [ 360.673748][T10905] ? __pfx_do_sys_openat2+0x10/0x10 [ 360.673804][T10905] __x64_sys_openat+0x174/0x210 [ 360.673833][T10905] ? __pfx___x64_sys_openat+0x10/0x10 [ 360.673872][T10905] do_syscall_64+0xcd/0x490 [ 360.673911][T10905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.673935][T10905] RIP: 0033:0x7fc53018e929 [ 360.673953][T10905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.673975][T10905] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 360.674002][T10905] RAX: ffffffffffffffda RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 360.674017][T10905] RDX: 0000000000040a40 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 360.674031][T10905] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 360.674045][T10905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.674058][T10905] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 360.674087][T10905] [ 361.285917][T10916] FAULT_INJECTION: forcing a failure. [ 361.285917][T10916] name failslab, interval 1, probability 0, space 0, times 0 [ 361.326601][T10916] CPU: 1 UID: 0 PID: 10916 Comm: syz.1.1935 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 361.326634][T10916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.326648][T10916] Call Trace: [ 361.326655][T10916] [ 361.326664][T10916] dump_stack_lvl+0x16c/0x1f0 [ 361.326705][T10916] should_fail_ex+0x512/0x640 [ 361.326740][T10916] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 361.326782][T10916] should_failslab+0xc2/0x120 [ 361.326806][T10916] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 361.326844][T10916] ? __d_alloc+0x31/0xaa0 [ 361.326886][T10916] __d_alloc+0x31/0xaa0 [ 361.326927][T10916] d_alloc+0x4a/0x1e0 [ 361.326966][T10916] d_alloc_parallel+0xe3/0x12e0 [ 361.326996][T10916] ? __lock_acquire+0xb8a/0x1c90 [ 361.327031][T10916] ? look_up_lock_class+0x6b/0x150 [ 361.327067][T10916] ? register_lock_class+0x41/0x4c0 [ 361.327103][T10916] ? __pfx_d_alloc_parallel+0x10/0x10 [ 361.327134][T10916] ? lockdep_init_map_type+0x5c/0x280 [ 361.327178][T10916] ? lockdep_init_map_type+0x5c/0x280 [ 361.327217][T10916] __lookup_slow+0x193/0x460 [ 361.327246][T10916] ? __pfx___lookup_slow+0x10/0x10 [ 361.327291][T10916] ? lookup_fast+0x156/0x610 [ 361.327324][T10916] walk_component+0x353/0x5b0 [ 361.327358][T10916] link_path_walk+0x627/0xe20 [ 361.327399][T10916] path_openat+0x1b0/0x2cb0 [ 361.327431][T10916] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.327465][T10916] ? __pfx_path_openat+0x10/0x10 [ 361.327501][T10916] ? __lock_acquire+0xb8a/0x1c90 [ 361.327540][T10916] do_filp_open+0x20b/0x470 [ 361.327575][T10916] ? __pfx_do_filp_open+0x10/0x10 [ 361.327620][T10916] ? __pfx_kfree_link+0x10/0x10 [ 361.327655][T10916] ? alloc_fd+0x471/0x7d0 [ 361.327695][T10916] do_sys_openat2+0x11b/0x1d0 [ 361.327722][T10916] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.327760][T10916] __x64_sys_openat+0x174/0x210 [ 361.327788][T10916] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.327827][T10916] do_syscall_64+0xcd/0x490 [ 361.327865][T10916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.327888][T10916] RIP: 0033:0x7fe86eb8e929 [ 361.327907][T10916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.327929][T10916] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.327951][T10916] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 361.327966][T10916] RDX: 0000000000101002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 361.327981][T10916] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 361.327994][T10916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.328008][T10916] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 361.328038][T10916] [ 362.356734][T10935] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1943'. [ 362.696690][T10924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 362.720537][T10924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 362.749573][T10924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 362.760456][ T5855] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 362.760489][ T5855] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 362.777318][ T5855] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 362.777346][ T5855] Bluetooth: hci3: adv larger than maximum supported [ 362.786809][ T5855] Bluetooth: hci3: Unknown advertising packet type: 0x7b [ 362.794874][ T5855] Bluetooth: hci3: Malformed LE Event: 0x0d [ 362.836758][T10924] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 362.876134][T10924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 362.920369][T10924] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 362.987216][T10924] CPU0 is offline. [ 363.602228][ T5855] Bluetooth: hci3: Malformed LE Event: 0x1b [ 364.097015][T10958] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1951'. [ 364.168095][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 364.727100][ T5855] Bluetooth: hci3: command 0x0c1a tx timeout [ 364.753640][T10969] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1956'. [ 364.806456][ T5855] Bluetooth: hci2: command 0x0406 tx timeout [ 364.883067][ T5855] Bluetooth: hci0: command 0x0406 tx timeout [ 364.905129][T10973] Console: switching to colour VGA+ 80x25 [ 365.010497][T10973] Console: switching to colour frame buffer device 14x6 [ 366.882988][ T5855] Bluetooth: hci2: command 0x0406 tx timeout [ 366.963105][ T5855] Bluetooth: hci0: command 0x0406 tx timeout [ 367.472916][T11012] nbd: must specify at least one socket [ 367.857422][T11019] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1977'. [ 368.621987][T10931] syz.0.1941 (10931): drop_caches: 1 [ 369.385839][T11040] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1984'. [ 370.336387][T11057] openvswitch: netlink: Unknown nsh attribute 0 [ 370.884607][T11070] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1996'. [ 370.886935][T11070] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1996'. [ 373.873926][T11119] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2015'. [ 376.108516][T11148] FAULT_INJECTION: forcing a failure. [ 376.108516][T11148] name failslab, interval 1, probability 0, space 0, times 0 [ 376.205862][T11148] CPU: 1 UID: 0 PID: 11148 Comm: syz.3.2027 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 376.205897][T11148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 376.205912][T11148] Call Trace: [ 376.205919][T11148] [ 376.205928][T11148] dump_stack_lvl+0x16c/0x1f0 [ 376.205970][T11148] should_fail_ex+0x512/0x640 [ 376.206005][T11148] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 376.206042][T11148] should_failslab+0xc2/0x120 [ 376.206065][T11148] __kmalloc_cache_noprof+0x6a/0x3e0 [ 376.206099][T11148] ? mon_bin_open+0x1a8/0x4a0 [ 376.206127][T11148] mon_bin_open+0x1a8/0x4a0 [ 376.206151][T11148] ? __pfx_mon_bin_open+0x10/0x10 [ 376.206174][T11148] chrdev_open+0x231/0x6a0 [ 376.206213][T11148] ? __pfx_apparmor_file_open+0x10/0x10 [ 376.206245][T11148] ? __pfx_chrdev_open+0x10/0x10 [ 376.206285][T11148] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 376.206324][T11148] do_dentry_open+0x744/0x1c10 [ 376.206362][T11148] ? __pfx_chrdev_open+0x10/0x10 [ 376.206406][T11148] vfs_open+0x82/0x3f0 [ 376.206436][T11148] path_openat+0x1de4/0x2cb0 [ 376.206481][T11148] ? __pfx_path_openat+0x10/0x10 [ 376.206521][T11148] ? __lock_acquire+0xb8a/0x1c90 [ 376.206558][T11148] do_filp_open+0x20b/0x470 [ 376.206599][T11148] ? __pfx_do_filp_open+0x10/0x10 [ 376.206656][T11148] ? alloc_fd+0x471/0x7d0 [ 376.206697][T11148] do_sys_openat2+0x11b/0x1d0 [ 376.206724][T11148] ? __pfx_do_sys_openat2+0x10/0x10 [ 376.206763][T11148] __x64_sys_openat+0x174/0x210 [ 376.206791][T11148] ? __pfx___x64_sys_openat+0x10/0x10 [ 376.206830][T11148] do_syscall_64+0xcd/0x490 [ 376.206869][T11148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.206893][T11148] RIP: 0033:0x7fc53018e929 [ 376.206911][T11148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.206934][T11148] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 376.206957][T11148] RAX: ffffffffffffffda RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 376.206973][T11148] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 376.206988][T11148] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 376.207001][T11148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.207015][T11148] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 376.207044][T11148] [ 376.944672][T11155] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2037'. [ 377.601641][T11167] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2035'. [ 378.473815][T11174] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2039'. [ 380.859936][T11202] netlink: 'syz.1.2050': attribute type 3 has an invalid length. [ 381.423837][T11213] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2054'. [ 383.417994][T11241] FAULT_INJECTION: forcing a failure. [ 383.417994][T11241] name failslab, interval 1, probability 0, space 0, times 0 [ 383.447747][T11243] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2068'. [ 383.487109][T11241] CPU: 1 UID: 0 PID: 11241 Comm: syz.3.2066 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 383.487144][T11241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.487158][T11241] Call Trace: [ 383.487166][T11241] [ 383.487176][T11241] dump_stack_lvl+0x16c/0x1f0 [ 383.487222][T11241] should_fail_ex+0x512/0x640 [ 383.487257][T11241] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 383.487293][T11241] should_failslab+0xc2/0x120 [ 383.487316][T11241] __kmalloc_cache_noprof+0x6a/0x3e0 [ 383.487349][T11241] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 383.487377][T11241] ? kasan_save_track+0x14/0x30 [ 383.487415][T11241] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 383.487444][T11241] ? rcu_is_watching+0x12/0xc0 [ 383.487474][T11241] ? __mutex_lock+0x1ca/0xb90 [ 383.487509][T11241] ? lockdep_hardirqs_on+0x7c/0x110 [ 383.487547][T11241] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 383.487576][T11241] ? __pfx___mutex_lock+0x10/0x10 [ 383.487612][T11241] ? tomoyo_path_number_perm+0x295/0x580 [ 383.487650][T11241] ? __lock_acquire+0xb8a/0x1c90 [ 383.487691][T11241] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 383.487724][T11241] snd_pcm_oss_get_formats+0x7e/0x340 [ 383.487749][T11241] ? find_held_lock+0x2b/0x80 [ 383.487774][T11241] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 383.487799][T11241] ? __might_fault+0x13b/0x190 [ 383.487843][T11241] snd_pcm_oss_ioctl+0x2efb/0x37a0 [ 383.487870][T11241] ? find_held_lock+0x2b/0x80 [ 383.487894][T11241] ? hook_file_ioctl_common+0x145/0x410 [ 383.487921][T11241] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 383.487960][T11241] ? __fget_files+0x20e/0x3c0 [ 383.487999][T11241] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 383.488031][T11241] __x64_sys_ioctl+0x18b/0x210 [ 383.488062][T11241] do_syscall_64+0xcd/0x490 [ 383.488101][T11241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.488125][T11241] RIP: 0033:0x7fc53018e929 [ 383.488144][T11241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.488168][T11241] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 383.488189][T11241] RAX: ffffffffffffffda RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 383.488205][T11241] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004 [ 383.488219][T11241] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 383.488233][T11241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.488247][T11241] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 383.488280][T11241] [ 384.208736][T11252] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2071'. [ 384.490346][T11259] FAULT_INJECTION: forcing a failure. [ 384.490346][T11259] name failslab, interval 1, probability 0, space 0, times 0 [ 384.536619][T11259] CPU: 1 UID: 0 PID: 11259 Comm: syz.1.2075 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 384.536653][T11259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.536668][T11259] Call Trace: [ 384.536676][T11259] [ 384.536684][T11259] dump_stack_lvl+0x16c/0x1f0 [ 384.536725][T11259] should_fail_ex+0x512/0x640 [ 384.536761][T11259] ? __kmalloc_noprof+0xbf/0x510 [ 384.536800][T11259] ? handler_new_ref+0x1b0/0xc60 [ 384.536837][T11259] should_failslab+0xc2/0x120 [ 384.536869][T11259] __kmalloc_noprof+0xd2/0x510 [ 384.536907][T11259] ? __asan_memcpy+0x3c/0x60 [ 384.536945][T11259] handler_new_ref+0x1b0/0xc60 [ 384.536990][T11259] v4l2_ctrl_new+0x1963/0x2180 [ 384.537038][T11259] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 384.537085][T11259] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 384.537125][T11259] v4l2_ctrl_new_std+0x1be/0x290 [ 384.537172][T11259] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 384.537213][T11259] ? rcu_is_watching+0x12/0xc0 [ 384.537238][T11259] ? trace_kmalloc+0x2b/0xd0 [ 384.537261][T11259] ? __kvmalloc_node_noprof+0x298/0x620 [ 384.537297][T11259] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 384.537338][T11259] ? media_request_object_init+0x100/0x180 [ 384.537373][T11259] vim2m_open+0x160/0x8a0 [ 384.537400][T11259] v4l2_open+0x225/0x490 [ 384.537432][T11259] ? __pfx_v4l2_open+0x10/0x10 [ 384.537465][T11259] chrdev_open+0x231/0x6a0 [ 384.537501][T11259] ? __pfx_apparmor_file_open+0x10/0x10 [ 384.537532][T11259] ? __pfx_chrdev_open+0x10/0x10 [ 384.537571][T11259] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 384.537609][T11259] do_dentry_open+0x744/0x1c10 [ 384.537645][T11259] ? __pfx_chrdev_open+0x10/0x10 [ 384.537687][T11259] vfs_open+0x82/0x3f0 [ 384.537716][T11259] path_openat+0x1de4/0x2cb0 [ 384.537760][T11259] ? __pfx_path_openat+0x10/0x10 [ 384.537796][T11259] ? __lock_acquire+0xb8a/0x1c90 [ 384.537832][T11259] do_filp_open+0x20b/0x470 [ 384.537874][T11259] ? __pfx_do_filp_open+0x10/0x10 [ 384.537930][T11259] ? alloc_fd+0x471/0x7d0 [ 384.537971][T11259] do_sys_openat2+0x11b/0x1d0 [ 384.537997][T11259] ? __pfx_do_sys_openat2+0x10/0x10 [ 384.538035][T11259] __x64_sys_openat+0x174/0x210 [ 384.538062][T11259] ? __pfx___x64_sys_openat+0x10/0x10 [ 384.538103][T11259] do_syscall_64+0xcd/0x490 [ 384.538143][T11259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.538167][T11259] RIP: 0033:0x7fe86eb8e929 [ 384.538186][T11259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.538210][T11259] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 384.538233][T11259] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 384.538249][T11259] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 384.538264][T11259] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 384.538278][T11259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.538293][T11259] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 384.538322][T11259] [ 385.460298][ T5855] Bluetooth: hci2: unexpected event 0x03 length: 725 > 11 [ 386.482576][T11290] FAULT_INJECTION: forcing a failure. [ 386.482576][T11290] name failslab, interval 1, probability 0, space 0, times 0 [ 386.610894][T11290] CPU: 1 UID: 0 PID: 11290 Comm: syz.1.2089 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 386.610929][T11290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 386.610943][T11290] Call Trace: [ 386.610953][T11290] [ 386.610963][T11290] dump_stack_lvl+0x16c/0x1f0 [ 386.611004][T11290] should_fail_ex+0x512/0x640 [ 386.611038][T11290] ? __kmalloc_noprof+0xbf/0x510 [ 386.611076][T11290] ? binder_open+0x168/0xde0 [ 386.611111][T11290] should_failslab+0xc2/0x120 [ 386.611134][T11290] __kmalloc_noprof+0xd2/0x510 [ 386.611176][T11290] binder_open+0x168/0xde0 [ 386.611212][T11290] ? __pfx_apparmor_file_open+0x10/0x10 [ 386.611243][T11290] ? __pfx_binder_open+0x10/0x10 [ 386.611280][T11290] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 386.611318][T11290] do_dentry_open+0x744/0x1c10 [ 386.611355][T11290] ? __pfx_binder_open+0x10/0x10 [ 386.611396][T11290] vfs_open+0x82/0x3f0 [ 386.611424][T11290] path_openat+0x1de4/0x2cb0 [ 386.611469][T11290] ? __pfx_path_openat+0x10/0x10 [ 386.611525][T11290] ? __lock_acquire+0xb8a/0x1c90 [ 386.611562][T11290] do_filp_open+0x20b/0x470 [ 386.611597][T11290] ? __pfx_do_filp_open+0x10/0x10 [ 386.611653][T11290] ? alloc_fd+0x471/0x7d0 [ 386.611692][T11290] do_sys_openat2+0x11b/0x1d0 [ 386.611725][T11290] ? __pfx_do_sys_openat2+0x10/0x10 [ 386.611763][T11290] __x64_sys_openat+0x174/0x210 [ 386.611791][T11290] ? __pfx___x64_sys_openat+0x10/0x10 [ 386.611830][T11290] do_syscall_64+0xcd/0x490 [ 386.611869][T11290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.611893][T11290] RIP: 0033:0x7fe86eb8e929 [ 386.611911][T11290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.611934][T11290] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 386.611957][T11290] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 386.611973][T11290] RDX: 0000000000002001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 386.611987][T11290] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 386.612002][T11290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.612016][T11290] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 386.612045][T11290] [ 387.059113][T11293] netlink: 'syz.1.2090': attribute type 19 has an invalid length. [ 387.068144][T11293] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2090'. [ 387.202283][T11297] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 388.052540][T11312] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 388.293556][T11315] FAULT_INJECTION: forcing a failure. [ 388.293556][T11315] name failslab, interval 1, probability 0, space 0, times 0 [ 388.373959][T11315] CPU: 1 UID: 0 PID: 11315 Comm: syz.1.2098 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 388.373994][T11315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 388.374009][T11315] Call Trace: [ 388.374016][T11315] [ 388.374025][T11315] dump_stack_lvl+0x16c/0x1f0 [ 388.374066][T11315] should_fail_ex+0x512/0x640 [ 388.374100][T11315] ? fs_reclaim_acquire+0xae/0x150 [ 388.374131][T11315] ? tomoyo_open_control+0x51f/0xa30 [ 388.374168][T11315] should_failslab+0xc2/0x120 [ 388.374191][T11315] __kmalloc_noprof+0xd2/0x510 [ 388.374233][T11315] tomoyo_open_control+0x51f/0xa30 [ 388.374276][T11315] do_dentry_open+0x744/0x1c10 [ 388.374313][T11315] ? __pfx_tomoyo_open+0x10/0x10 [ 388.374357][T11315] vfs_open+0x82/0x3f0 [ 388.374386][T11315] path_openat+0x1de4/0x2cb0 [ 388.374431][T11315] ? __pfx_path_openat+0x10/0x10 [ 388.374468][T11315] ? __lock_acquire+0xb8a/0x1c90 [ 388.374504][T11315] do_filp_open+0x20b/0x470 [ 388.374547][T11315] ? __pfx_do_filp_open+0x10/0x10 [ 388.374603][T11315] ? alloc_fd+0x471/0x7d0 [ 388.374644][T11315] do_sys_openat2+0x11b/0x1d0 [ 388.374670][T11315] ? __pfx_do_sys_openat2+0x10/0x10 [ 388.374708][T11315] __x64_sys_openat+0x174/0x210 [ 388.374736][T11315] ? __pfx___x64_sys_openat+0x10/0x10 [ 388.374775][T11315] do_syscall_64+0xcd/0x490 [ 388.374813][T11315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.374837][T11315] RIP: 0033:0x7fe86eb8e929 [ 388.374855][T11315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.374878][T11315] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 388.374906][T11315] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 388.374922][T11315] RDX: 00000000000c0802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 388.374937][T11315] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 388.374951][T11315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.374965][T11315] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 388.374994][T11315] [ 389.073929][T11325] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2102'. [ 389.170076][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.178298][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.279237][T11360] qrtr: Invalid version 160 [ 393.589710][T11404] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2134'. [ 393.999847][T11411] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2138'. [ 394.129925][ T5855] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 394.129970][ T5855] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 394.146890][ T5855] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 394.146917][ T5855] Bluetooth: hci0: adv larger than maximum supported [ 394.155109][ T5855] Bluetooth: hci0: Unknown advertising packet type: 0x7b [ 394.163070][ T5855] Bluetooth: hci0: Malformed LE Event: 0x0d [ 394.232946][T11411] team0: Port device team_slave_1 removed [ 394.348189][T11416] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2139'. [ 396.192366][T11446] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2151'. [ 396.346976][T11449] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2152'. [ 396.433374][T11449] veth0_macvtap: left promiscuous mode [ 399.038919][T11488] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2167'. [ 399.163954][T11492] netlink: 'syz.0.2170': attribute type 2 has an invalid length. [ 399.214166][T11492] netlink: 'syz.0.2170': attribute type 2 has an invalid length. [ 399.818878][T11498] FAULT_INJECTION: forcing a failure. [ 399.818878][T11498] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 400.004131][T11498] CPU: 1 UID: 0 PID: 11498 Comm: syz.2.2172 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 400.004165][T11498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.004180][T11498] Call Trace: [ 400.004188][T11498] [ 400.004197][T11498] dump_stack_lvl+0x16c/0x1f0 [ 400.004238][T11498] should_fail_ex+0x512/0x640 [ 400.004279][T11498] should_fail_alloc_page+0xe7/0x130 [ 400.004306][T11498] prepare_alloc_pages+0x3c2/0x610 [ 400.004336][T11498] ? rcu_is_watching+0x12/0xc0 [ 400.004365][T11498] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 400.004404][T11498] ? __lock_acquire+0xb8a/0x1c90 [ 400.004448][T11498] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 400.004486][T11498] ? do_raw_spin_lock+0x12c/0x2b0 [ 400.004527][T11498] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 400.004566][T11498] ? find_held_lock+0x2b/0x80 [ 400.004600][T11498] ? __lock_acquire+0xb8a/0x1c90 [ 400.004632][T11498] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 400.004671][T11498] ? policy_nodemask+0xea/0x4e0 [ 400.004703][T11498] alloc_pages_mpol+0x1fb/0x550 [ 400.004728][T11498] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 400.004759][T11498] folio_alloc_mpol_noprof+0x36/0x2f0 [ 400.004789][T11498] shmem_alloc_folio+0x135/0x160 [ 400.004820][T11498] shmem_alloc_and_add_folio+0x499/0xc20 [ 400.004861][T11498] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 400.004899][T11498] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 400.004939][T11498] shmem_get_folio_gfp+0x67f/0x1600 [ 400.004980][T11498] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 400.005017][T11498] ? __lock_acquire+0x622/0x1c90 [ 400.005053][T11498] shmem_fault+0x1fe/0xa30 [ 400.005088][T11498] ? __pfx_shmem_fault+0x10/0x10 [ 400.005128][T11498] ? __lock_acquire+0xb8a/0x1c90 [ 400.005173][T11498] __do_fault+0x10a/0x490 [ 400.005210][T11498] ? __pfx_filemap_map_pages+0x10/0x10 [ 400.005247][T11498] __handle_mm_fault+0x374c/0x5490 [ 400.005287][T11498] ? __pfx___handle_mm_fault+0x10/0x10 [ 400.005320][T11498] ? __pte_offset_map_lock+0x174/0x310 [ 400.005344][T11498] ? find_held_lock+0x2b/0x80 [ 400.005368][T11498] ? find_held_lock+0x2b/0x80 [ 400.005399][T11498] ? follow_page_pte+0x3af/0x14c0 [ 400.005433][T11498] handle_mm_fault+0x589/0xd10 [ 400.005471][T11498] __get_user_pages+0x589/0x3b80 [ 400.005510][T11498] ? __pfx___get_user_pages+0x10/0x10 [ 400.005537][T11498] ? __pfx_down_read_killable+0x10/0x10 [ 400.005562][T11498] ? __lock_acquire+0xb8a/0x1c90 [ 400.005600][T11498] faultin_page_range+0x249/0x980 [ 400.005634][T11498] ? 0xffffffffff600000 [ 400.005651][T11498] madvise_do_behavior+0x268/0x3f0 [ 400.005688][T11498] ? __pfx_madvise_do_behavior+0x10/0x10 [ 400.005727][T11498] ? 0xffffffffff600000 [ 400.005743][T11498] ? 0xffffffffff600000 [ 400.005761][T11498] do_madvise+0x161/0x230 [ 400.005785][T11498] ? _end+0x641d8fff/0x0 [ 400.005812][T11498] ? __pfx_do_madvise+0x10/0x10 [ 400.005852][T11498] ? xfd_validate_state+0x61/0x180 [ 400.005884][T11498] ? __pfx_do_writev+0x10/0x10 [ 400.005921][T11498] __x64_sys_madvise+0xa9/0x110 [ 400.005946][T11498] ? lockdep_hardirqs_on+0x7c/0x110 [ 400.005980][T11498] do_syscall_64+0xcd/0x490 [ 400.006018][T11498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.006042][T11498] RIP: 0033:0x7efdbcb8e929 [ 400.006060][T11498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.006084][T11498] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 400.006107][T11498] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 400.006123][T11498] RDX: 0000000000000017 RSI: ffffffffff600000 RDI: 0000000000000000 [ 400.006137][T11498] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 400.006151][T11498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.006165][T11498] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 400.006190][T11498] ? 0xffffffffff600000 [ 400.006210][T11498] [ 400.949619][T11502] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2176'. [ 400.985044][T11502] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 401.015201][T11502] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.263879][T11504] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 401.828288][T11502] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 401.853239][T11502] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.005103][T11565] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2200'. [ 404.804640][T11582] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2207'. [ 406.665751][T11622] sd 0:0:1:0: device reset [ 406.978607][T11632] ptp ptp0: max value is 20 [ 407.963972][T11649] FAULT_INJECTION: forcing a failure. [ 407.963972][T11649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.034705][T11649] CPU: 1 UID: 0 PID: 11649 Comm: syz.0.2236 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 408.034739][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.034754][T11649] Call Trace: [ 408.034761][T11649] [ 408.034777][T11649] dump_stack_lvl+0x16c/0x1f0 [ 408.034817][T11649] should_fail_ex+0x512/0x640 [ 408.034857][T11649] _copy_to_iter+0x29f/0x16f0 [ 408.034900][T11649] ? chacha_block_generic+0x211/0x330 [ 408.034934][T11649] ? __pfx__copy_to_iter+0x10/0x10 [ 408.034978][T11649] ? __pfx___might_resched+0x10/0x10 [ 408.035003][T11649] ? crng_make_state+0x48e/0x6d0 [ 408.035033][T11649] get_random_bytes_user+0x17f/0x3c0 [ 408.035063][T11649] ? __pfx_get_random_bytes_user+0x10/0x10 [ 408.035088][T11649] ? do_writev+0x218/0x340 [ 408.035125][T11649] ? do_futex+0x122/0x350 [ 408.035161][T11649] ? import_ubuf+0x1b6/0x220 [ 408.035198][T11649] __x64_sys_getrandom+0x183/0x290 [ 408.035228][T11649] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 408.035271][T11649] do_syscall_64+0xcd/0x490 [ 408.035310][T11649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.035333][T11649] RIP: 0033:0x7f5ee918e929 [ 408.035351][T11649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.035374][T11649] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 408.035397][T11649] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 408.035413][T11649] RDX: 0000000000000004 RSI: 00000000000077a3 RDI: 0000200000000140 [ 408.035427][T11649] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 408.035441][T11649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.035455][T11649] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 408.035484][T11649] [ 409.684597][ T30] audit: type=1800 audit(4294967312.240:7): pid=11687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2252" name="file0" dev="tmpfs" ino=1998 res=0 errno=0 [ 411.055590][T11715] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2262'. [ 411.569092][T11719] FAULT_INJECTION: forcing a failure. [ 411.569092][T11719] name failslab, interval 1, probability 0, space 0, times 0 [ 411.655197][T11719] CPU: 1 UID: 0 PID: 11719 Comm: syz.3.2263 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 411.655232][T11719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 411.655248][T11719] Call Trace: [ 411.655256][T11719] [ 411.655265][T11719] dump_stack_lvl+0x16c/0x1f0 [ 411.655306][T11719] should_fail_ex+0x512/0x640 [ 411.655342][T11719] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 411.655382][T11719] should_failslab+0xc2/0x120 [ 411.655405][T11719] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 411.655447][T11719] ? d_instantiate+0x77/0x90 [ 411.655467][T11719] ? alloc_empty_file+0x55/0x1e0 [ 411.655496][T11719] alloc_empty_file+0x55/0x1e0 [ 411.655522][T11719] alloc_file_pseudo+0x13a/0x230 [ 411.655550][T11719] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 411.655576][T11719] ? tipc_sk_finish_conn+0x580/0x790 [ 411.655621][T11719] sock_alloc_file+0x50/0x210 [ 411.655660][T11719] __sys_socketpair+0x34e/0x5a0 [ 411.655690][T11719] ? __pfx___sys_socketpair+0x10/0x10 [ 411.655717][T11719] ? fput+0x70/0xf0 [ 411.655741][T11719] ? xfd_validate_state+0x61/0x180 [ 411.655772][T11719] ? __pfx_do_writev+0x10/0x10 [ 411.655809][T11719] __x64_sys_socketpair+0x96/0x100 [ 411.655837][T11719] ? lockdep_hardirqs_on+0x7c/0x110 [ 411.655871][T11719] do_syscall_64+0xcd/0x490 [ 411.655910][T11719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.655934][T11719] RIP: 0033:0x7fc53018e929 [ 411.655952][T11719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.655975][T11719] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 411.655997][T11719] RAX: ffffffffffffffda RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 411.656013][T11719] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 411.656028][T11719] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 411.656042][T11719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.656056][T11719] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 411.656085][T11719] [ 413.555134][T11752] input: = as /devices/virtual/input/input8 [ 416.928571][T11811] FAULT_INJECTION: forcing a failure. [ 416.928571][T11811] name failslab, interval 1, probability 0, space 0, times 0 [ 416.981098][T11811] CPU: 1 UID: 0 PID: 11811 Comm: syz.2.2298 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 416.981132][T11811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 416.981147][T11811] Call Trace: [ 416.981154][T11811] [ 416.981164][T11811] dump_stack_lvl+0x16c/0x1f0 [ 416.981205][T11811] should_fail_ex+0x512/0x640 [ 416.981239][T11811] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 416.981280][T11811] should_failslab+0xc2/0x120 [ 416.981302][T11811] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 416.981339][T11811] ? security_file_alloc+0x34/0x2b0 [ 416.981377][T11811] security_file_alloc+0x34/0x2b0 [ 416.981409][T11811] init_file+0x93/0x4c0 [ 416.981434][T11811] alloc_empty_file+0x73/0x1e0 [ 416.981459][T11811] alloc_file_pseudo+0x13a/0x230 [ 416.981486][T11811] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 416.981515][T11811] ? do_raw_spin_unlock+0x172/0x230 [ 416.981541][T11811] __anon_inode_getfile+0xe8/0x280 [ 416.981579][T11811] anon_inode_getfile_fmode+0x37/0xa0 [ 416.981615][T11811] do_eventfd+0x19b/0x2c0 [ 416.981634][T11811] ? rcu_is_watching+0x12/0xc0 [ 416.981661][T11811] __x64_sys_eventfd+0x32/0x50 [ 416.981684][T11811] do_syscall_64+0xcd/0x490 [ 416.981722][T11811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.981747][T11811] RIP: 0033:0x7efdbcb8e929 [ 416.981765][T11811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.981788][T11811] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 416.981810][T11811] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 416.981825][T11811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000b1 [ 416.981839][T11811] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 416.981854][T11811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.981868][T11811] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 416.981897][T11811] [ 417.551901][T11819] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2301'. [ 417.772108][T11823] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2302'. [ 419.763886][T11851] FAULT_INJECTION: forcing a failure. [ 419.763886][T11851] name failslab, interval 1, probability 0, space 0, times 0 [ 419.810379][T11851] CPU: 1 UID: 0 PID: 11851 Comm: syz.2.2314 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 419.810414][T11851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 419.810428][T11851] Call Trace: [ 419.810435][T11851] [ 419.810444][T11851] dump_stack_lvl+0x16c/0x1f0 [ 419.810486][T11851] should_fail_ex+0x512/0x640 [ 419.810522][T11851] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 419.810563][T11851] should_failslab+0xc2/0x120 [ 419.810587][T11851] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 419.810625][T11851] ? __d_alloc+0x31/0xaa0 [ 419.810667][T11851] __d_alloc+0x31/0xaa0 [ 419.810707][T11851] path_from_stashed+0x500/0xb00 [ 419.810758][T11851] ? __pfx_path_from_stashed+0x10/0x10 [ 419.810795][T11851] ? pidns_get+0x115/0x320 [ 419.810825][T11851] ns_get_path+0x5f/0x80 [ 419.810858][T11851] proc_ns_get_link+0x121/0x260 [ 419.810891][T11851] ? __pfx_proc_ns_get_link+0x10/0x10 [ 419.810927][T11851] ? atime_needs_update+0x8b/0x710 [ 419.810955][T11851] ? __pfx_proc_ns_get_link+0x10/0x10 [ 419.810988][T11851] step_into+0x1a2c/0x2270 [ 419.811025][T11851] ? __pfx_step_into+0x10/0x10 [ 419.811054][T11851] ? find_held_lock+0x2b/0x80 [ 419.811089][T11851] path_openat+0x6db/0x2cb0 [ 419.811133][T11851] ? __pfx_path_openat+0x10/0x10 [ 419.811169][T11851] ? __lock_acquire+0xb8a/0x1c90 [ 419.811205][T11851] do_filp_open+0x20b/0x470 [ 419.811240][T11851] ? __pfx_do_filp_open+0x10/0x10 [ 419.811296][T11851] ? alloc_fd+0x471/0x7d0 [ 419.811335][T11851] do_sys_openat2+0x11b/0x1d0 [ 419.811362][T11851] ? __pfx_do_sys_openat2+0x10/0x10 [ 419.811404][T11851] __x64_sys_openat+0x174/0x210 [ 419.811432][T11851] ? __pfx___x64_sys_openat+0x10/0x10 [ 419.811471][T11851] do_syscall_64+0xcd/0x490 [ 419.811511][T11851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.811535][T11851] RIP: 0033:0x7efdbcb8d290 [ 419.811553][T11851] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 419.811577][T11851] RSP: 002b:00007efdbd952f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 419.811600][T11851] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007efdbcb8d290 [ 419.811615][T11851] RDX: 0000000000000002 RSI: 00007efdbd952fa0 RDI: 00000000ffffff9c [ 419.811630][T11851] RBP: 00007efdbd952fa0 R08: 0000000000000000 R09: 0000000000000000 [ 419.811644][T11851] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 419.811658][T11851] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 419.811687][T11851] [ 420.094096][T11855] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2315'. [ 420.105659][T11855] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2315'. [ 420.477634][T11860] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 421.785360][T11883] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2325'. [ 422.234002][T11885] ptp ptp0: new virtual clock ptp1 [ 422.246521][T11885] ptp ptp0: new virtual clock ptp2 [ 422.287253][T11885] ptp ptp0: new virtual clock ptp3 [ 422.312853][T11885] ptp ptp0: guarantee physical clock free running [ 425.242169][T11927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2339'. [ 425.324962][T11927] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2339'. [ 425.720122][T11936] FAULT_INJECTION: forcing a failure. [ 425.720122][T11936] name failslab, interval 1, probability 0, space 0, times 0 [ 425.802836][T11936] CPU: 1 UID: 0 PID: 11936 Comm: syz.2.2343 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 425.802871][T11936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 425.802886][T11936] Call Trace: [ 425.802893][T11936] [ 425.802902][T11936] dump_stack_lvl+0x16c/0x1f0 [ 425.802944][T11936] should_fail_ex+0x512/0x640 [ 425.802980][T11936] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 425.803022][T11936] should_failslab+0xc2/0x120 [ 425.803045][T11936] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 425.803083][T11936] ? vm_area_dup+0x27/0x8d0 [ 425.803119][T11936] vm_area_dup+0x27/0x8d0 [ 425.803154][T11936] __split_vma+0x18e/0x1070 [ 425.803189][T11936] ? __lock_acquire+0xb8a/0x1c90 [ 425.803224][T11936] ? __pfx___split_vma+0x10/0x10 [ 425.803266][T11936] ? lock_acquire+0x179/0x350 [ 425.803306][T11936] ? do_raw_spin_lock+0x12c/0x2b0 [ 425.803349][T11936] vms_gather_munmap_vmas+0x1c2/0x1310 [ 425.803390][T11936] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 425.803457][T11936] do_vmi_align_munmap+0x27c/0x7d0 [ 425.803498][T11936] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 425.803573][T11936] do_vmi_munmap+0x204/0x3e0 [ 425.803613][T11936] move_vma+0xb67/0x1740 [ 425.803655][T11936] ? __pfx_move_vma+0x10/0x10 [ 425.803695][T11936] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 425.803733][T11936] ? vrm_set_new_addr+0x208/0x290 [ 425.803771][T11936] __do_sys_mremap+0xe07/0x1590 [ 425.803810][T11936] ? __pfx___do_sys_mremap+0x10/0x10 [ 425.803852][T11936] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 425.803898][T11936] ? __x64_sys_futex+0x1e0/0x4c0 [ 425.803946][T11936] do_syscall_64+0xcd/0x490 [ 425.803985][T11936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.804009][T11936] RIP: 0033:0x7efdbcb8e929 [ 425.804035][T11936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.804064][T11936] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 425.804090][T11936] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 425.804106][T11936] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000001000 [ 425.804121][T11936] RBP: 00007efdbcc10b39 R08: 0000000100000000 R09: 0000000000000000 [ 425.804135][T11936] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 425.804150][T11936] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 425.804179][T11936] [ 426.397984][T11940] FAULT_INJECTION: forcing a failure. [ 426.397984][T11940] name failslab, interval 1, probability 0, space 0, times 0 [ 426.432786][T11940] CPU: 1 UID: 0 PID: 11940 Comm: syz.0.2345 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 426.432821][T11940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.432836][T11940] Call Trace: [ 426.432844][T11940] [ 426.432852][T11940] dump_stack_lvl+0x16c/0x1f0 [ 426.432892][T11940] should_fail_ex+0x512/0x640 [ 426.432928][T11940] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 426.432969][T11940] should_failslab+0xc2/0x120 [ 426.432992][T11940] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 426.433030][T11940] ? fcntl_dirnotify+0x23a/0xb50 [ 426.433071][T11940] fcntl_dirnotify+0x23a/0xb50 [ 426.433114][T11940] do_fcntl+0xe62/0x15a0 [ 426.433145][T11940] ? __pfx_do_fcntl+0x10/0x10 [ 426.433176][T11940] ? tomoyo_file_fcntl+0x6c/0xc0 [ 426.433219][T11940] __x64_sys_fcntl+0x163/0x200 [ 426.433246][T11940] do_syscall_64+0xcd/0x490 [ 426.433285][T11940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.433309][T11940] RIP: 0033:0x7f5ee918e929 [ 426.433327][T11940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.433350][T11940] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 426.433373][T11940] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 426.433388][T11940] RDX: 0000000000000002 RSI: 0000000000000402 RDI: 0000000000000003 [ 426.433402][T11940] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 426.433416][T11940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.433430][T11940] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 426.433459][T11940] [ 428.065233][T11968] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2358'. [ 428.300247][T11972] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2360'. [ 428.361545][T11974] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2361'. [ 428.373711][T11972] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2360'. [ 428.401459][T11974] vcan0: entered promiscuous mode [ 430.196024][T12014] FAULT_INJECTION: forcing a failure. [ 430.196024][T12014] name failslab, interval 1, probability 0, space 0, times 0 [ 430.277186][T12014] CPU: 1 UID: 0 PID: 12014 Comm: syz.2.2377 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 430.277221][T12014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 430.277236][T12014] Call Trace: [ 430.277245][T12014] [ 430.277254][T12014] dump_stack_lvl+0x16c/0x1f0 [ 430.277295][T12014] should_fail_ex+0x512/0x640 [ 430.277331][T12014] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 430.277367][T12014] should_failslab+0xc2/0x120 [ 430.277390][T12014] __kmalloc_cache_noprof+0x6a/0x3e0 [ 430.277422][T12014] ? vsnprintf+0x318/0x1160 [ 430.277452][T12014] ? __alloc_workqueue+0xda2/0x1810 [ 430.277488][T12014] __alloc_workqueue+0xda2/0x1810 [ 430.277519][T12014] ? __pfx_vsnprintf+0x10/0x10 [ 430.277552][T12014] ? lockdep_hardirqs_on+0x7c/0x110 [ 430.277586][T12014] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 430.277622][T12014] alloc_workqueue+0xd2/0x200 [ 430.277653][T12014] ? __pfx_alloc_workqueue+0x10/0x10 [ 430.277692][T12014] ? __pfx___debug_object_init+0x10/0x10 [ 430.277725][T12014] nci_register_device+0x21e/0xb80 [ 430.277759][T12014] ? __pfx_nci_register_device+0x10/0x10 [ 430.277795][T12014] ? lockdep_init_map_type+0x5c/0x280 [ 430.277835][T12014] virtual_ncidev_open+0x141/0x220 [ 430.277866][T12014] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 430.277895][T12014] misc_open+0x35d/0x420 [ 430.277925][T12014] ? __pfx_misc_open+0x10/0x10 [ 430.277954][T12014] chrdev_open+0x231/0x6a0 [ 430.277992][T12014] ? __pfx_apparmor_file_open+0x10/0x10 [ 430.278023][T12014] ? __pfx_chrdev_open+0x10/0x10 [ 430.278072][T12014] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 430.278110][T12014] do_dentry_open+0x744/0x1c10 [ 430.278147][T12014] ? __pfx_chrdev_open+0x10/0x10 [ 430.278190][T12014] vfs_open+0x82/0x3f0 [ 430.278219][T12014] path_openat+0x1de4/0x2cb0 [ 430.278264][T12014] ? __pfx_path_openat+0x10/0x10 [ 430.278300][T12014] ? __lock_acquire+0xb8a/0x1c90 [ 430.278336][T12014] do_filp_open+0x20b/0x470 [ 430.278372][T12014] ? __pfx_do_filp_open+0x10/0x10 [ 430.278428][T12014] ? alloc_fd+0x471/0x7d0 [ 430.278468][T12014] do_sys_openat2+0x11b/0x1d0 [ 430.278494][T12014] ? __pfx_do_sys_openat2+0x10/0x10 [ 430.278532][T12014] __x64_sys_openat+0x174/0x210 [ 430.278559][T12014] ? __pfx___x64_sys_openat+0x10/0x10 [ 430.278599][T12014] do_syscall_64+0xcd/0x490 [ 430.278638][T12014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.278662][T12014] RIP: 0033:0x7efdbcb8e929 [ 430.278681][T12014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.278704][T12014] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 430.278726][T12014] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 430.278742][T12014] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 430.278757][T12014] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 430.278771][T12014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.278786][T12014] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 430.278815][T12014] [ 432.931156][T12031] FAULT_INJECTION: forcing a failure. [ 432.931156][T12031] name failslab, interval 1, probability 0, space 0, times 0 [ 433.044980][T12031] CPU: 1 UID: 0 PID: 12031 Comm: syz.1.2383 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 433.045016][T12031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.045031][T12031] Call Trace: [ 433.045039][T12031] [ 433.045048][T12031] dump_stack_lvl+0x16c/0x1f0 [ 433.045089][T12031] should_fail_ex+0x512/0x640 [ 433.045124][T12031] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 433.045160][T12031] should_failslab+0xc2/0x120 [ 433.045183][T12031] __kmalloc_cache_noprof+0x6a/0x3e0 [ 433.045215][T12031] ? mark_held_locks+0x49/0x80 [ 433.045246][T12031] ? rfkill_fop_open+0x1b6/0x750 [ 433.045278][T12031] rfkill_fop_open+0x1b6/0x750 [ 433.045310][T12031] ? __pfx_rfkill_fop_open+0x10/0x10 [ 433.045339][T12031] misc_open+0x35d/0x420 [ 433.045369][T12031] ? __pfx_misc_open+0x10/0x10 [ 433.045398][T12031] chrdev_open+0x231/0x6a0 [ 433.045435][T12031] ? __pfx_apparmor_file_open+0x10/0x10 [ 433.045466][T12031] ? __pfx_chrdev_open+0x10/0x10 [ 433.045506][T12031] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 433.045549][T12031] do_dentry_open+0x744/0x1c10 [ 433.045586][T12031] ? __pfx_chrdev_open+0x10/0x10 [ 433.045631][T12031] vfs_open+0x82/0x3f0 [ 433.045660][T12031] path_openat+0x1de4/0x2cb0 [ 433.045704][T12031] ? __pfx_path_openat+0x10/0x10 [ 433.045741][T12031] ? __lock_acquire+0xb8a/0x1c90 [ 433.045777][T12031] do_filp_open+0x20b/0x470 [ 433.045812][T12031] ? __pfx_do_filp_open+0x10/0x10 [ 433.045869][T12031] ? alloc_fd+0x471/0x7d0 [ 433.045910][T12031] do_sys_openat2+0x11b/0x1d0 [ 433.045936][T12031] ? __pfx_do_sys_openat2+0x10/0x10 [ 433.045974][T12031] __x64_sys_openat+0x174/0x210 [ 433.046002][T12031] ? __pfx___x64_sys_openat+0x10/0x10 [ 433.046041][T12031] do_syscall_64+0xcd/0x490 [ 433.046080][T12031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.046105][T12031] RIP: 0033:0x7fe86eb8e929 [ 433.046123][T12031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.046146][T12031] RSP: 002b:00007fe86fa32038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 433.046168][T12031] RAX: ffffffffffffffda RBX: 00007fe86edb6080 RCX: 00007fe86eb8e929 [ 433.046184][T12031] RDX: 0000000000080480 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 433.046199][T12031] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 433.046214][T12031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.046227][T12031] R13: 0000000000000000 R14: 00007fe86edb6080 R15: 00007ffd8335f6e8 [ 433.046257][T12031] [ 434.402957][ T5855] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 434.402994][ T5855] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 434.419970][ T5855] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 434.420001][ T5855] Bluetooth: hci3: adv larger than maximum supported [ 434.428008][ T5855] Bluetooth: hci3: Unknown advertising packet type: 0x40 [ 434.435668][ T5855] Bluetooth: hci3: adv larger than maximum supported [ 434.443657][ T5855] Bluetooth: hci3: Malformed LE Event: 0x0d [ 434.627026][T12020] kexec: Could not allocate control_code_buffer [ 437.344935][ T5855] Bluetooth: hci2: ISO packet too small [ 438.898155][T12108] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2413'. [ 440.305679][T12126] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 442.047414][T12154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2430'. [ 443.720961][T12181] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2439'. [ 443.771962][T12181] hsr0: entered allmulticast mode [ 443.804528][T12181] hsr_slave_0: entered allmulticast mode [ 443.810790][T12181] hsr_slave_1: entered allmulticast mode [ 446.180417][T12219] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2453'. [ 446.429569][T12227] sctp: [Deprecated]: syz.0.2456 (pid 12227) Use of int in max_burst socket option deprecated. [ 446.429569][T12227] Use struct sctp_assoc_value instead [ 446.464325][ T30] audit: type=1326 audit(4294967349.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12222 comm="syz.2.2457" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efdbcb8e929 code=0x0 [ 447.224289][T12243] netlink: 'syz.0.2462': attribute type 8 has an invalid length. [ 449.873284][T12287] ptp: physical clock is free running [ 450.568574][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.577695][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.005607][T12306] FAULT_INJECTION: forcing a failure. [ 451.005607][T12306] name failslab, interval 1, probability 0, space 0, times 0 [ 451.187212][T12306] CPU: 1 UID: 0 PID: 12306 Comm: syz.1.2486 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 451.187246][T12306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.187261][T12306] Call Trace: [ 451.187269][T12306] [ 451.187278][T12306] dump_stack_lvl+0x16c/0x1f0 [ 451.187319][T12306] should_fail_ex+0x512/0x640 [ 451.187355][T12306] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 451.187400][T12306] should_failslab+0xc2/0x120 [ 451.187423][T12306] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 451.187462][T12306] ? __pfx_proc_create_net_data+0x10/0x10 [ 451.187486][T12306] ? nf_log_net_init+0x9f/0x450 [ 451.187509][T12306] ? __pfx_nf_log_net_init+0x10/0x10 [ 451.187532][T12306] kmemdup_noprof+0x29/0x60 [ 451.187569][T12306] nf_log_net_init+0x9f/0x450 [ 451.187592][T12306] ? __pfx_nf_log_net_init+0x10/0x10 [ 451.187614][T12306] ops_init+0x1df/0x5f0 [ 451.187656][T12306] setup_net+0x1ff/0x510 [ 451.187692][T12306] ? lockdep_init_map_type+0x5c/0x280 [ 451.187728][T12306] ? __pfx_setup_net+0x10/0x10 [ 451.187768][T12306] ? debug_mutex_init+0x37/0x70 [ 451.187796][T12306] copy_net_ns+0x2a6/0x5f0 [ 451.187826][T12306] create_new_namespaces+0x3ea/0xa90 [ 451.187861][T12306] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 451.187891][T12306] ksys_unshare+0x45b/0xa40 [ 451.187932][T12306] ? __pfx_ksys_unshare+0x10/0x10 [ 451.187967][T12306] ? xfd_validate_state+0x61/0x180 [ 451.188010][T12306] __x64_sys_unshare+0x31/0x40 [ 451.188043][T12306] do_syscall_64+0xcd/0x490 [ 451.188082][T12306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.188106][T12306] RIP: 0033:0x7fe86eb8e929 [ 451.188125][T12306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.188150][T12306] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 451.188173][T12306] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 451.188189][T12306] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 451.188203][T12306] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 451.188217][T12306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.188232][T12306] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 451.188261][T12306] [ 453.124585][T12341] sctp: [Deprecated]: syz.3.2495 (pid 12341) Use of int in max_burst socket option deprecated. [ 453.124585][T12341] Use struct sctp_assoc_value instead [ 453.647018][T12348] netlink: 130 bytes leftover after parsing attributes in process `syz.2.2500'. [ 453.723902][T12350] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2501'. [ 454.639862][T12370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2509'. [ 455.110056][T12380] sctp: [Deprecated]: syz.1.2511 (pid 12380) Use of int in max_burst socket option deprecated. [ 455.110056][T12380] Use struct sctp_assoc_value instead [ 455.845367][T12388] FAULT_INJECTION: forcing a failure. [ 455.845367][T12388] name failslab, interval 1, probability 0, space 0, times 0 [ 455.935163][T12388] CPU: 1 UID: 0 PID: 12388 Comm: syz.1.2515 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 455.935199][T12388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 455.935215][T12388] Call Trace: [ 455.935223][T12388] [ 455.935232][T12388] dump_stack_lvl+0x16c/0x1f0 [ 455.935274][T12388] should_fail_ex+0x512/0x640 [ 455.935310][T12388] ? __kvmalloc_node_noprof+0x124/0x620 [ 455.935348][T12388] should_failslab+0xc2/0x120 [ 455.935372][T12388] __kvmalloc_node_noprof+0x137/0x620 [ 455.935409][T12388] ? io_alloc_cache_init+0x33/0x170 [ 455.935451][T12388] ? io_alloc_cache_init+0x33/0x170 [ 455.935494][T12388] io_alloc_cache_init+0x33/0x170 [ 455.935532][T12388] io_uring_setup+0x63b/0x2080 [ 455.935566][T12388] ? __pfx_io_uring_setup+0x10/0x10 [ 455.935597][T12388] ? do_futex+0x122/0x350 [ 455.935627][T12388] ? __pfx_do_futex+0x10/0x10 [ 455.935654][T12388] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 455.935708][T12388] ? xfd_validate_state+0x61/0x180 [ 455.935739][T12388] ? __pfx_do_writev+0x10/0x10 [ 455.935777][T12388] __x64_sys_io_uring_setup+0xc2/0x170 [ 455.935810][T12388] do_syscall_64+0xcd/0x490 [ 455.935848][T12388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.935873][T12388] RIP: 0033:0x7fe86eb8e929 [ 455.935891][T12388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.935915][T12388] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 455.935938][T12388] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 455.935954][T12388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000002000 [ 455.935968][T12388] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 455.935983][T12388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.935997][T12388] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 455.936026][T12388] [ 456.381119][T12391] lo: entered allmulticast mode [ 456.538021][T12394] lo: left allmulticast mode [ 457.580974][T12408] Loading of unsigned module is rejected [ 458.434346][T12422] svc: failed to register nfsdv3 RPC service (errno 22). [ 458.467946][T12422] svc: failed to register nfsaclv3 RPC service (errno 22). [ 459.347390][T12433] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2531'. [ 460.705278][T12459] random: crng reseeded on system resumption [ 462.380523][T12473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2544'. [ 462.411511][T12471] netlink: 'syz.1.2543': attribute type 4 has an invalid length. [ 462.471920][T12471] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2543'. [ 464.404756][T12504] FAULT_INJECTION: forcing a failure. [ 464.404756][T12504] name failslab, interval 1, probability 0, space 0, times 0 [ 464.497330][T12504] CPU: 1 UID: 0 PID: 12504 Comm: syz.3.2559 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 464.497365][T12504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.497379][T12504] Call Trace: [ 464.497387][T12504] [ 464.497395][T12504] dump_stack_lvl+0x16c/0x1f0 [ 464.497437][T12504] should_fail_ex+0x512/0x640 [ 464.497472][T12504] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 464.497509][T12504] should_failslab+0xc2/0x120 [ 464.497531][T12504] __kmalloc_cache_noprof+0x6a/0x3e0 [ 464.497564][T12504] ? __do_sys_fanotify_init+0x57a/0xc00 [ 464.497590][T12504] ? kasan_save_track+0x14/0x30 [ 464.497628][T12504] __do_sys_fanotify_init+0x57a/0xc00 [ 464.497657][T12504] do_syscall_64+0xcd/0x490 [ 464.497696][T12504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.497720][T12504] RIP: 0033:0x7fc53018e929 [ 464.497737][T12504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.497761][T12504] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 464.497783][T12504] RAX: ffffffffffffffda RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 464.497799][T12504] RDX: 0000000000000000 RSI: 0002010000000000 RDI: 0000000000000200 [ 464.497813][T12504] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 464.497827][T12504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.497841][T12504] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 464.497870][T12504] [ 464.684126][T12508] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2560'. [ 465.123994][T12512] FAULT_INJECTION: forcing a failure. [ 465.123994][T12512] name failslab, interval 1, probability 0, space 0, times 0 [ 465.146860][T12513] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.202448][T12512] CPU: 1 UID: 0 PID: 12512 Comm: syz.2.2563 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 465.202482][T12512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.202496][T12512] Call Trace: [ 465.202504][T12512] [ 465.202514][T12512] dump_stack_lvl+0x16c/0x1f0 [ 465.202559][T12512] should_fail_ex+0x512/0x640 [ 465.202595][T12512] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 465.202630][T12512] ? __pfx_mon_text_open+0x10/0x10 [ 465.202667][T12512] should_failslab+0xc2/0x120 [ 465.202690][T12512] __kmalloc_cache_noprof+0x6a/0x3e0 [ 465.202723][T12512] ? lockdep_init_map_type+0x5c/0x280 [ 465.202756][T12512] ? mon_text_open+0xd5/0x4f0 [ 465.202795][T12512] ? __pfx_mon_text_open+0x10/0x10 [ 465.202831][T12512] mon_text_open+0xd5/0x4f0 [ 465.202868][T12512] ? __pfx_mon_text_open+0x10/0x10 [ 465.202904][T12512] ? __debugfs_file_get+0x1fe/0x840 [ 465.202928][T12512] ? __pfx___debugfs_file_get+0x10/0x10 [ 465.202951][T12512] ? __pfx_apparmor_file_open+0x10/0x10 [ 465.202990][T12512] ? lockdown_is_locked_down+0x3f/0x130 [ 465.203024][T12512] ? bpf_lsm_locked_down+0x9/0x10 [ 465.203058][T12512] ? __pfx_mon_text_open+0x10/0x10 [ 465.203093][T12512] full_proxy_open_regular+0x1b6/0x360 [ 465.203122][T12512] do_dentry_open+0x744/0x1c10 [ 465.203159][T12512] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 465.203192][T12512] vfs_open+0x82/0x3f0 [ 465.203221][T12512] path_openat+0x1de4/0x2cb0 [ 465.203265][T12512] ? __pfx_path_openat+0x10/0x10 [ 465.203302][T12512] ? __lock_acquire+0xb8a/0x1c90 [ 465.203338][T12512] do_filp_open+0x20b/0x470 [ 465.203373][T12512] ? __pfx_do_filp_open+0x10/0x10 [ 465.203429][T12512] ? alloc_fd+0x471/0x7d0 [ 465.203469][T12512] do_sys_openat2+0x11b/0x1d0 [ 465.203496][T12512] ? __pfx_do_sys_openat2+0x10/0x10 [ 465.203534][T12512] __x64_sys_openat+0x174/0x210 [ 465.203561][T12512] ? __pfx___x64_sys_openat+0x10/0x10 [ 465.203601][T12512] do_syscall_64+0xcd/0x490 [ 465.203643][T12512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.203667][T12512] RIP: 0033:0x7efdbcb8e929 [ 465.203687][T12512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.203710][T12512] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 465.203732][T12512] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 465.203748][T12512] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 465.203764][T12512] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 465.203778][T12512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.203792][T12512] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 465.203821][T12512] [ 466.292473][T12524] netlink: 'syz.0.2567': attribute type 15 has an invalid length. [ 466.317410][T12524] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2567'. [ 466.990078][T12530] sctp: [Deprecated]: syz.0.2569 (pid 12530) Use of int in max_burst socket option deprecated. [ 466.990078][T12530] Use struct sctp_assoc_value instead [ 467.312693][T12535] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.2571: No space for directory leaf checksum. Please run e2fsck -D. [ 467.414783][T12535] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.2571: checksumming directory block 0 [ 467.491528][T12535] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc6-syzkaller/regulatory.db failed with error -74 [ 467.555555][T12535] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.2571: No space for directory leaf checksum. Please run e2fsck -D. [ 467.643860][T12535] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.2571: checksumming directory block 0 [ 467.706043][T12535] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 467.774060][T12535] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.2571: No space for directory leaf checksum. Please run e2fsck -D. [ 467.849146][T12535] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.2571: checksumming directory block 0 [ 467.933564][T12535] platform regulatory.0: loading /lib/firmware/6.16.0-rc6-syzkaller/regulatory.db failed with error -74 [ 468.004159][T12535] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.2571: No space for directory leaf checksum. Please run e2fsck -D. [ 468.144384][T12535] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.2571: checksumming directory block 0 [ 468.214690][T12535] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 468.267254][T12535] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 468.316557][T12535] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 469.922094][T12567] vivid-009: ================= START STATUS ================= [ 469.973154][T12567] vivid-009: Enable Output Cropping: true grabbed [ 469.980537][T12567] vivid-009: Enable Output Composing: true grabbed [ 470.058126][T12567] vivid-009: Enable Output Scaler: true grabbed [ 470.091255][T12571] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2584'. [ 470.106471][T12567] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 470.136947][T12567] vivid-009: Transmit Mode: HDMI grabbed [ 470.179146][T12567] vivid-009: Hotplug Present: 0x00000000 [ 470.216587][T12567] vivid-009: RxSense Present: 0x00000000 [ 470.259808][T12567] vivid-009: EDID Present: 0x00000000 [ 470.301755][T12567] vivid-009: ================== END STATUS ================== [ 473.063645][T12623] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2606'. [ 473.291272][T12625] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2607'. [ 473.415423][T12631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2610'. [ 474.359780][T12652] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2619'. [ 475.278623][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2627'. [ 475.385511][ T5855] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 475.938991][T12679] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 476.088091][T12684] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 477.411182][T12705] netlink: 'syz.0.2641': attribute type 11 has an invalid length. [ 478.820875][T12726] FAULT_INJECTION: forcing a failure. [ 478.820875][T12726] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 478.899995][T12726] CPU: 1 UID: 0 PID: 12726 Comm: syz.2.2648 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 478.900030][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 478.900045][T12726] Call Trace: [ 478.900053][T12726] [ 478.900063][T12726] dump_stack_lvl+0x16c/0x1f0 [ 478.900106][T12726] should_fail_ex+0x512/0x640 [ 478.900146][T12726] should_fail_alloc_page+0xe7/0x130 [ 478.900171][T12726] prepare_alloc_pages+0x3c2/0x610 [ 478.900200][T12726] ? rcu_is_watching+0x12/0xc0 [ 478.900229][T12726] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 478.900273][T12726] ? __lock_acquire+0x622/0x1c90 [ 478.900309][T12726] ? xas_create+0x1d7/0x1460 [ 478.900332][T12726] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 478.900372][T12726] ? lock_acquire+0x179/0x350 [ 478.900405][T12726] ? rcu_is_watching+0x12/0xc0 [ 478.900439][T12726] ? __lock_acquire+0x622/0x1c90 [ 478.900477][T12726] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 478.900516][T12726] ? policy_nodemask+0xea/0x4e0 [ 478.900542][T12726] alloc_pages_mpol+0x1fb/0x550 [ 478.900566][T12726] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 478.900592][T12726] ? filemap_get_entry+0x1a7/0x3b0 [ 478.900619][T12726] folio_alloc_noprof+0x20/0x2d0 [ 478.900647][T12726] filemap_alloc_folio_noprof+0x3a1/0x470 [ 478.900681][T12726] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 478.900721][T12726] __filemap_get_folio+0x5e1/0xc30 [ 478.900756][T12726] ioctx_alloc+0x761/0x2120 [ 478.900801][T12726] ? __pfx_ioctx_alloc+0x10/0x10 [ 478.900830][T12726] ? __might_fault+0x13b/0x190 [ 478.900874][T12726] __x64_sys_io_setup+0xc9/0x210 [ 478.900908][T12726] do_syscall_64+0xcd/0x490 [ 478.900947][T12726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.900972][T12726] RIP: 0033:0x7efdbcb8e929 [ 478.900991][T12726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.901015][T12726] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 478.901037][T12726] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 478.901053][T12726] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 478.901067][T12726] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 478.901081][T12726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.901095][T12726] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 478.901124][T12726] [ 479.610720][T12739] lo: entered allmulticast mode [ 479.722704][T12741] lo: left allmulticast mode [ 480.617878][T12757] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2657'. [ 481.210632][T12764] program syz.2.2662 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 481.471603][T12772] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2665'. [ 481.727325][T12776] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2668'. [ 483.547782][T12811] FAULT_INJECTION: forcing a failure. [ 483.547782][T12811] name failslab, interval 1, probability 0, space 0, times 0 [ 483.625217][T12811] CPU: 1 UID: 0 PID: 12811 Comm: syz.0.2684 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 483.625250][T12811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 483.625264][T12811] Call Trace: [ 483.625272][T12811] [ 483.625281][T12811] dump_stack_lvl+0x16c/0x1f0 [ 483.625321][T12811] should_fail_ex+0x512/0x640 [ 483.625357][T12811] ? fs_reclaim_acquire+0xae/0x150 [ 483.625388][T12811] should_failslab+0xc2/0x120 [ 483.625412][T12811] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 483.625450][T12811] ? security_inode_alloc+0x3b/0x2b0 [ 483.625481][T12811] security_inode_alloc+0x3b/0x2b0 [ 483.625509][T12811] inode_init_always_gfp+0xce4/0x1030 [ 483.625549][T12811] alloc_inode+0x86/0x240 [ 483.625573][T12811] path_from_stashed+0x2be/0xb00 [ 483.625609][T12811] ? do_raw_spin_lock+0x12c/0x2b0 [ 483.625651][T12811] ? __pfx_path_from_stashed+0x10/0x10 [ 483.625689][T12811] ? do_raw_spin_unlock+0x172/0x230 [ 483.625716][T12811] ns_get_path+0x5f/0x80 [ 483.625748][T12811] proc_ns_get_link+0x121/0x260 [ 483.625782][T12811] ? __pfx_proc_ns_get_link+0x10/0x10 [ 483.625818][T12811] ? atime_needs_update+0x8b/0x710 [ 483.625847][T12811] ? __pfx_proc_ns_get_link+0x10/0x10 [ 483.625880][T12811] step_into+0x1a2c/0x2270 [ 483.625918][T12811] ? __pfx_step_into+0x10/0x10 [ 483.625948][T12811] ? find_held_lock+0x2b/0x80 [ 483.625990][T12811] path_openat+0x6db/0x2cb0 [ 483.626034][T12811] ? __pfx_path_openat+0x10/0x10 [ 483.626071][T12811] ? __lock_acquire+0xb8a/0x1c90 [ 483.626107][T12811] do_filp_open+0x20b/0x470 [ 483.626142][T12811] ? __pfx_do_filp_open+0x10/0x10 [ 483.626199][T12811] ? alloc_fd+0x471/0x7d0 [ 483.626238][T12811] do_sys_openat2+0x11b/0x1d0 [ 483.626265][T12811] ? __pfx_do_sys_openat2+0x10/0x10 [ 483.626302][T12811] __x64_sys_openat+0x174/0x210 [ 483.626330][T12811] ? __pfx___x64_sys_openat+0x10/0x10 [ 483.626369][T12811] do_syscall_64+0xcd/0x490 [ 483.626408][T12811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.626432][T12811] RIP: 0033:0x7f5ee918d290 [ 483.626450][T12811] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 483.626474][T12811] RSP: 002b:00007f5eea071f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 483.626496][T12811] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5ee918d290 [ 483.626511][T12811] RDX: 0000000000000002 RSI: 00007f5eea071fa0 RDI: 00000000ffffff9c [ 483.626525][T12811] RBP: 00007f5eea071fa0 R08: 0000000000000000 R09: 0000000000000000 [ 483.626540][T12811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 483.626553][T12811] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 483.626582][T12811] [ 485.012890][T12831] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2691'. [ 486.588996][ T30] audit: type=1806 audit(4294967314.400:9): xattr="0x00060000" res=-22 [ 487.413640][T12865] FAULT_INJECTION: forcing a failure. [ 487.413640][T12865] name failslab, interval 1, probability 0, space 0, times 0 [ 487.470332][T12865] CPU: 1 UID: 0 PID: 12865 Comm: syz.0.2714 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 487.470366][T12865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 487.470381][T12865] Call Trace: [ 487.470388][T12865] [ 487.470398][T12865] dump_stack_lvl+0x16c/0x1f0 [ 487.470440][T12865] should_fail_ex+0x512/0x640 [ 487.470476][T12865] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 487.470520][T12865] should_failslab+0xc2/0x120 [ 487.470544][T12865] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 487.470586][T12865] ? __split_page_owner+0x23b/0x3b0 [ 487.470622][T12865] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 487.470666][T12865] krealloc_noprof+0x1fc/0x370 [ 487.470706][T12865] snd_pcm_hw_rule_add+0x414/0x5a0 [ 487.470744][T12865] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 487.470774][T12865] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 487.470813][T12865] ? lockdep_init_map_type+0x5c/0x280 [ 487.470850][T12865] ? debug_mutex_init+0x37/0x70 [ 487.470875][T12865] ? snd_pcm_attach_substream+0x89d/0xd60 [ 487.470914][T12865] snd_pcm_open_substream+0x534/0x17f0 [ 487.470955][T12865] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 487.470989][T12865] ? rcu_is_watching+0x12/0xc0 [ 487.471020][T12865] snd_pcm_open+0x29e/0x730 [ 487.471053][T12865] ? __pfx_snd_pcm_open+0x10/0x10 [ 487.471086][T12865] ? __pfx_default_wake_function+0x10/0x10 [ 487.471121][T12865] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 487.471151][T12865] snd_pcm_capture_open+0x89/0xe0 [ 487.471182][T12865] snd_open+0x1fe/0x450 [ 487.471219][T12865] ? __pfx_snd_open+0x10/0x10 [ 487.471256][T12865] chrdev_open+0x231/0x6a0 [ 487.471294][T12865] ? __pfx_chrdev_open+0x10/0x10 [ 487.471334][T12865] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 487.471372][T12865] do_dentry_open+0x744/0x1c10 [ 487.471408][T12865] ? __pfx_chrdev_open+0x10/0x10 [ 487.471451][T12865] vfs_open+0x82/0x3f0 [ 487.471480][T12865] path_openat+0x1de4/0x2cb0 [ 487.471525][T12865] ? __pfx_path_openat+0x10/0x10 [ 487.471561][T12865] ? __lock_acquire+0xb8a/0x1c90 [ 487.471597][T12865] do_filp_open+0x20b/0x470 [ 487.471633][T12865] ? __pfx_do_filp_open+0x10/0x10 [ 487.471689][T12865] ? alloc_fd+0x471/0x7d0 [ 487.471730][T12865] do_sys_openat2+0x11b/0x1d0 [ 487.471756][T12865] ? __pfx_do_sys_openat2+0x10/0x10 [ 487.471794][T12865] __x64_sys_openat+0x174/0x210 [ 487.471821][T12865] ? __pfx___x64_sys_openat+0x10/0x10 [ 487.471861][T12865] do_syscall_64+0xcd/0x490 [ 487.471900][T12865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.471923][T12865] RIP: 0033:0x7f5ee918e929 [ 487.471942][T12865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.471975][T12865] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 487.471999][T12865] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 487.472016][T12865] RDX: 0000000000001200 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 487.472031][T12865] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 487.472045][T12865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.472059][T12865] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 487.472089][T12865] [ 488.574850][T12879] FAULT_INJECTION: forcing a failure. [ 488.574850][T12879] name failslab, interval 1, probability 0, space 0, times 0 [ 488.622645][T12879] CPU: 1 UID: 0 PID: 12879 Comm: syz.2.2712 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 488.622678][T12879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 488.622692][T12879] Call Trace: [ 488.622700][T12879] [ 488.622709][T12879] dump_stack_lvl+0x16c/0x1f0 [ 488.622750][T12879] should_fail_ex+0x512/0x640 [ 488.622785][T12879] ? __kmalloc_noprof+0xbf/0x510 [ 488.622822][T12879] ? snd_midi_event_new+0xa1/0x210 [ 488.622858][T12879] should_failslab+0xc2/0x120 [ 488.622882][T12879] __kmalloc_noprof+0xd2/0x510 [ 488.622924][T12879] snd_midi_event_new+0xa1/0x210 [ 488.622961][T12879] snd_virmidi_output_open+0x106/0x670 [ 488.622989][T12879] open_substream+0x47b/0x9b0 [ 488.623018][T12879] rawmidi_open_priv+0x543/0x6e0 [ 488.623052][T12879] snd_rawmidi_open+0x4cc/0xbf0 [ 488.623088][T12879] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 488.623119][T12879] ? __pfx_default_wake_function+0x10/0x10 [ 488.623148][T12879] ? kobject_get_unless_zero+0x156/0x1e0 [ 488.623190][T12879] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 488.623220][T12879] snd_open+0x1fe/0x450 [ 488.623257][T12879] ? __pfx_snd_open+0x10/0x10 [ 488.623293][T12879] chrdev_open+0x231/0x6a0 [ 488.623330][T12879] ? __pfx_apparmor_file_open+0x10/0x10 [ 488.623361][T12879] ? __pfx_chrdev_open+0x10/0x10 [ 488.623401][T12879] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 488.623438][T12879] do_dentry_open+0x744/0x1c10 [ 488.623475][T12879] ? __pfx_chrdev_open+0x10/0x10 [ 488.623518][T12879] vfs_open+0x82/0x3f0 [ 488.623546][T12879] path_openat+0x1de4/0x2cb0 [ 488.623591][T12879] ? __pfx_path_openat+0x10/0x10 [ 488.623638][T12879] ? __lock_acquire+0xb8a/0x1c90 [ 488.623678][T12879] do_filp_open+0x20b/0x470 [ 488.623714][T12879] ? __pfx_do_filp_open+0x10/0x10 [ 488.623771][T12879] ? alloc_fd+0x471/0x7d0 [ 488.623811][T12879] do_sys_openat2+0x11b/0x1d0 [ 488.623837][T12879] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.623875][T12879] __x64_sys_openat+0x174/0x210 [ 488.623903][T12879] ? __pfx___x64_sys_openat+0x10/0x10 [ 488.623942][T12879] do_syscall_64+0xcd/0x490 [ 488.623981][T12879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.624005][T12879] RIP: 0033:0x7efdbcb8e929 [ 488.624023][T12879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.624047][T12879] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 488.624070][T12879] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 488.624085][T12879] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 488.624100][T12879] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 488.624114][T12879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.624128][T12879] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 488.624157][T12879] [ 490.411500][T12900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2719'. [ 490.493627][T12900] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2719'. [ 490.540391][ T5858] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 493.493973][T12942] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2733'. [ 493.557327][T12942] : renamed from bond0 (while UP) [ 494.873868][T12968] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2741'. [ 495.082076][T12972] FAULT_INJECTION: forcing a failure. [ 495.082076][T12972] name failslab, interval 1, probability 0, space 0, times 0 [ 495.194361][T12972] CPU: 1 UID: 0 PID: 12972 Comm: syz.0.2745 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 495.194396][T12972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 495.194410][T12972] Call Trace: [ 495.194418][T12972] [ 495.194427][T12972] dump_stack_lvl+0x16c/0x1f0 [ 495.194468][T12972] should_fail_ex+0x512/0x640 [ 495.194504][T12972] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 495.194545][T12972] should_failslab+0xc2/0x120 [ 495.194568][T12972] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 495.194603][T12972] ? __proc_create+0xc3/0x8c0 [ 495.194642][T12972] ? __proc_create+0x2ce/0x8c0 [ 495.194683][T12972] __proc_create+0x2ce/0x8c0 [ 495.194723][T12972] ? __pfx___proc_create+0x10/0x10 [ 495.194762][T12972] ? pcpu_chunk_relocate+0x126/0x190 [ 495.194805][T12972] proc_create_reg+0x7d/0x180 [ 495.194829][T12972] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 495.194854][T12972] proc_create_net_single+0x86/0x170 [ 495.194878][T12972] ? __pfx_proc_create_net_single+0x10/0x10 [ 495.194909][T12972] ? __pfx_xfrm_net_init+0x10/0x10 [ 495.194943][T12972] xfrm_proc_init+0x4d/0x70 [ 495.194965][T12972] xfrm_net_init+0x1f0/0xcc0 [ 495.195004][T12972] ? __pfx_xfrm_net_init+0x10/0x10 [ 495.195038][T12972] ops_init+0x1df/0x5f0 [ 495.195080][T12972] setup_net+0x1ff/0x510 [ 495.195121][T12972] ? lockdep_init_map_type+0x5c/0x280 [ 495.195156][T12972] ? __pfx_setup_net+0x10/0x10 [ 495.195196][T12972] ? debug_mutex_init+0x37/0x70 [ 495.195223][T12972] copy_net_ns+0x2a6/0x5f0 [ 495.195250][T12972] create_new_namespaces+0x3ea/0xa90 [ 495.195291][T12972] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 495.195323][T12972] ksys_unshare+0x45b/0xa40 [ 495.195356][T12972] ? __pfx_ksys_unshare+0x10/0x10 [ 495.195391][T12972] ? xfd_validate_state+0x61/0x180 [ 495.195433][T12972] __x64_sys_unshare+0x31/0x40 [ 495.195466][T12972] do_syscall_64+0xcd/0x490 [ 495.195505][T12972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.195528][T12972] RIP: 0033:0x7f5ee918e929 [ 495.195547][T12972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.195571][T12972] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 495.195593][T12972] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 495.195609][T12972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 495.195623][T12972] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 495.195637][T12972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.195651][T12972] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 495.195681][T12972] [ 495.646123][T12978] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2747'. [ 495.719324][T12980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2750'. [ 495.898078][T12984] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2751'. [ 495.923028][T12984] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2751'. [ 499.125611][T13044] netlink: 'syz.2.2773': attribute type 1 has an invalid length. [ 500.920681][T13077] FAULT_INJECTION: forcing a failure. [ 500.920681][T13077] name failslab, interval 1, probability 0, space 0, times 0 [ 501.007284][T13077] CPU: 1 UID: 0 PID: 13077 Comm: syz.2.2787 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 501.007319][T13077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 501.007334][T13077] Call Trace: [ 501.007341][T13077] [ 501.007351][T13077] dump_stack_lvl+0x16c/0x1f0 [ 501.007392][T13077] should_fail_ex+0x512/0x640 [ 501.007429][T13077] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 501.007465][T13077] should_failslab+0xc2/0x120 [ 501.007489][T13077] __kmalloc_cache_noprof+0x6a/0x3e0 [ 501.007528][T13077] ? _raw_spin_unlock+0x28/0x50 [ 501.007557][T13077] ? snd_ctl_open+0x174/0x5e0 [ 501.007594][T13077] snd_ctl_open+0x174/0x5e0 [ 501.007628][T13077] ? __pfx_snd_ctl_open+0x10/0x10 [ 501.007659][T13077] snd_open+0x1fe/0x450 [ 501.007697][T13077] ? __pfx_snd_open+0x10/0x10 [ 501.007733][T13077] chrdev_open+0x231/0x6a0 [ 501.007770][T13077] ? __pfx_apparmor_file_open+0x10/0x10 [ 501.007801][T13077] ? __pfx_chrdev_open+0x10/0x10 [ 501.007840][T13077] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 501.007878][T13077] do_dentry_open+0x744/0x1c10 [ 501.007914][T13077] ? __pfx_chrdev_open+0x10/0x10 [ 501.007962][T13077] vfs_open+0x82/0x3f0 [ 501.007990][T13077] path_openat+0x1de4/0x2cb0 [ 501.008034][T13077] ? __pfx_path_openat+0x10/0x10 [ 501.008070][T13077] ? __lock_acquire+0xb8a/0x1c90 [ 501.008107][T13077] do_filp_open+0x20b/0x470 [ 501.008141][T13077] ? __pfx_do_filp_open+0x10/0x10 [ 501.008197][T13077] ? alloc_fd+0x471/0x7d0 [ 501.008236][T13077] do_sys_openat2+0x11b/0x1d0 [ 501.008262][T13077] ? __pfx_do_sys_openat2+0x10/0x10 [ 501.008300][T13077] __x64_sys_openat+0x174/0x210 [ 501.008327][T13077] ? __pfx___x64_sys_openat+0x10/0x10 [ 501.008366][T13077] do_syscall_64+0xcd/0x490 [ 501.008404][T13077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.008428][T13077] RIP: 0033:0x7efdbcb8e929 [ 501.008447][T13077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.008471][T13077] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 501.008494][T13077] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 501.008520][T13077] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 501.008535][T13077] RBP: 00007efdbcc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 501.008551][T13077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.008568][T13077] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 501.008598][T13077] [ 507.555107][T13186] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2825'. [ 508.448438][T13199] netlink: 'syz.0.2829': attribute type 1 has an invalid length. [ 509.612107][T13217] program syz.0.2836 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 509.735797][T13219] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2837'. [ 512.011323][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.021446][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.095541][T13289] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2862'. [ 514.136115][T13290] netlink: 'syz.1.2861': attribute type 1 has an invalid length. [ 514.832722][T13295] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 516.783485][T13328] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2877'. [ 517.014159][T13333] HfR: entered promiscuous mode [ 517.070777][T13335] FAULT_INJECTION: forcing a failure. [ 517.070777][T13335] name failslab, interval 1, probability 0, space 0, times 0 [ 517.085530][T13333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2879'. [ 517.139632][T13333] HfR: left promiscuous mode [ 517.161030][T13335] CPU: 1 UID: 0 PID: 13335 Comm: syz.1.2880 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 517.161072][T13335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 517.161087][T13335] Call Trace: [ 517.161094][T13335] [ 517.161103][T13335] dump_stack_lvl+0x16c/0x1f0 [ 517.161146][T13335] should_fail_ex+0x512/0x640 [ 517.161181][T13335] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 517.161217][T13335] should_failslab+0xc2/0x120 [ 517.161240][T13335] __kmalloc_cache_noprof+0x6a/0x3e0 [ 517.161273][T13335] ? do_eventfd+0x67/0x2c0 [ 517.161298][T13335] do_eventfd+0x67/0x2c0 [ 517.161317][T13335] ? rcu_is_watching+0x12/0xc0 [ 517.161344][T13335] __x64_sys_eventfd+0x32/0x50 [ 517.161367][T13335] do_syscall_64+0xcd/0x490 [ 517.161404][T13335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.161429][T13335] RIP: 0033:0x7fe86eb8e929 [ 517.161447][T13335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.161470][T13335] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 517.161493][T13335] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 517.161509][T13335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 517.161523][T13335] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 517.161537][T13335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.161551][T13335] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 517.161580][T13335] [ 519.131842][T13363] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2890'. [ 519.479185][T13370] FAULT_INJECTION: forcing a failure. [ 519.479185][T13370] name failslab, interval 1, probability 0, space 0, times 0 [ 519.546045][T13370] CPU: 1 UID: 0 PID: 13370 Comm: syz.1.2892 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 519.546079][T13370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 519.546093][T13370] Call Trace: [ 519.546101][T13370] [ 519.546110][T13370] dump_stack_lvl+0x16c/0x1f0 [ 519.546152][T13370] should_fail_ex+0x512/0x640 [ 519.546187][T13370] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 519.546224][T13370] should_failslab+0xc2/0x120 [ 519.546247][T13370] __kmalloc_cache_noprof+0x6a/0x3e0 [ 519.546278][T13370] ? vhost_net_open+0x28/0x8a0 [ 519.546313][T13370] ? vhost_net_open+0x6e/0x8a0 [ 519.546350][T13370] ? __pfx_vhost_net_open+0x10/0x10 [ 519.546383][T13370] vhost_net_open+0x6e/0x8a0 [ 519.546415][T13370] ? __pfx_vhost_net_open+0x10/0x10 [ 519.546450][T13370] misc_open+0x35d/0x420 [ 519.546480][T13370] ? __pfx_misc_open+0x10/0x10 [ 519.546509][T13370] chrdev_open+0x231/0x6a0 [ 519.546546][T13370] ? __pfx_apparmor_file_open+0x10/0x10 [ 519.546576][T13370] ? __pfx_chrdev_open+0x10/0x10 [ 519.546616][T13370] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 519.546654][T13370] do_dentry_open+0x744/0x1c10 [ 519.546691][T13370] ? __pfx_chrdev_open+0x10/0x10 [ 519.546734][T13370] vfs_open+0x82/0x3f0 [ 519.546763][T13370] path_openat+0x1de4/0x2cb0 [ 519.546807][T13370] ? __pfx_path_openat+0x10/0x10 [ 519.546853][T13370] ? __lock_acquire+0xb8a/0x1c90 [ 519.546890][T13370] do_filp_open+0x20b/0x470 [ 519.546927][T13370] ? __pfx_do_filp_open+0x10/0x10 [ 519.546983][T13370] ? alloc_fd+0x471/0x7d0 [ 519.547024][T13370] do_sys_openat2+0x11b/0x1d0 [ 519.547050][T13370] ? __pfx_do_sys_openat2+0x10/0x10 [ 519.547088][T13370] __x64_sys_openat+0x174/0x210 [ 519.547115][T13370] ? __pfx___x64_sys_openat+0x10/0x10 [ 519.547154][T13370] do_syscall_64+0xcd/0x490 [ 519.547193][T13370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.547217][T13370] RIP: 0033:0x7fe86eb8e929 [ 519.547235][T13370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.547258][T13370] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 519.547281][T13370] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 519.547296][T13370] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 519.547311][T13370] RBP: 00007fe86ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 519.547325][T13370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.547339][T13370] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 519.547368][T13370] [ 520.507681][T13379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2896'. [ 520.549351][T13379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2896'. [ 521.984320][T13406] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2907'. [ 522.950445][T13419] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2912'. [ 523.625969][T13429] FAULT_INJECTION: forcing a failure. [ 523.625969][T13429] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 523.753305][T13429] CPU: 1 UID: 0 PID: 13429 Comm: syz.1.2916 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 523.753339][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 523.753353][T13429] Call Trace: [ 523.753360][T13429] [ 523.753370][T13429] dump_stack_lvl+0x16c/0x1f0 [ 523.753410][T13429] should_fail_ex+0x512/0x640 [ 523.753451][T13429] should_fail_alloc_page+0xe7/0x130 [ 523.753477][T13429] prepare_alloc_pages+0x3c2/0x610 [ 523.753506][T13429] ? find_held_lock+0x2b/0x80 [ 523.753535][T13429] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 523.753577][T13429] ? folio_remove_rmap_ptes+0x138/0x970 [ 523.753616][T13429] ? try_to_migrate_one+0x14e1/0x35f0 [ 523.753653][T13429] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 523.753697][T13429] ? __pfx_try_to_migrate_one+0x10/0x10 [ 523.753745][T13429] ? __up_read+0x1f8/0x750 [ 523.753783][T13429] ? __pfx___up_read+0x10/0x10 [ 523.753819][T13429] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 523.753858][T13429] ? policy_nodemask+0xea/0x4e0 [ 523.753883][T13429] alloc_pages_mpol+0x1fb/0x550 [ 523.753907][T13429] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 523.753937][T13429] folio_alloc_mpol_noprof+0x36/0x2f0 [ 523.753966][T13429] alloc_migration_target_by_mpol+0x246/0x500 [ 523.753997][T13429] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 523.754026][T13429] ? __pfx___might_resched+0x10/0x10 [ 523.754053][T13429] ? __pfx_queue_folios_pte_range+0x10/0x10 [ 523.754083][T13429] migrate_pages_batch+0x3bf/0x31a0 [ 523.754115][T13429] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 523.754154][T13429] ? __pfx_migrate_pages_batch+0x10/0x10 [ 523.754191][T13429] migrate_pages_sync+0x12d/0x8a0 [ 523.754219][T13429] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 523.754256][T13429] ? __pfx_migrate_pages_sync+0x10/0x10 [ 523.754281][T13429] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 523.754333][T13429] migrate_pages+0x1b67/0x23b0 [ 523.754363][T13429] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 523.754401][T13429] ? __pfx_migrate_pages+0x10/0x10 [ 523.754431][T13429] ? find_held_lock+0x2b/0x80 [ 523.754463][T13429] ? up_write+0x1b2/0x520 [ 523.754502][T13429] do_mbind+0x6f0/0xf30 [ 523.754538][T13429] ? __pfx_do_mbind+0x10/0x10 [ 523.754566][T13429] ? do_writev+0x218/0x340 [ 523.754611][T13429] ? __pfx_get_nodes+0x10/0x10 [ 523.754655][T13429] kernel_mbind+0x1e3/0x1f0 [ 523.754685][T13429] ? __pfx_kernel_mbind+0x10/0x10 [ 523.754726][T13429] do_syscall_64+0xcd/0x490 [ 523.754765][T13429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.754790][T13429] RIP: 0033:0x7fe86eb8e929 [ 523.754808][T13429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.754831][T13429] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 523.754854][T13429] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 523.754869][T13429] RDX: 0000000100000000 RSI: 8000000000000001 RDI: 000000000000f000 [ 523.754884][T13429] RBP: 00007fe86ec10b39 R08: 0000000000000006 R09: 0000000000000002 [ 523.754898][T13429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 523.754912][T13429] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 523.754941][T13429] [ 525.133918][T13447] usb usb28: usbfs: process 13447 (syz.0.2922) did not claim interface 0 before use [ 526.185571][T13463] FAULT_INJECTION: forcing a failure. [ 526.185571][T13463] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 526.282191][T13463] CPU: 1 UID: 0 PID: 13463 Comm: syz.2.2930 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 526.282236][T13463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 526.282250][T13463] Call Trace: [ 526.282258][T13463] [ 526.282267][T13463] dump_stack_lvl+0x16c/0x1f0 [ 526.282307][T13463] should_fail_ex+0x512/0x640 [ 526.282348][T13463] should_fail_alloc_page+0xe7/0x130 [ 526.282373][T13463] prepare_alloc_pages+0x3c2/0x610 [ 526.282407][T13463] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 526.282447][T13463] ? __pfx_stack_trace_save+0x10/0x10 [ 526.282479][T13463] ? stack_depot_save_flags+0x28/0xa40 [ 526.282517][T13463] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 526.282557][T13463] ? kasan_save_stack+0x42/0x60 [ 526.282591][T13463] ? kasan_save_stack+0x33/0x60 [ 526.282626][T13463] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 526.282663][T13463] ? __pmd_alloc+0xbf/0x930 [ 526.282687][T13463] ? handle_mm_fault+0x589/0xd10 [ 526.282717][T13463] ? populate_vma_page_range+0x278/0x3a0 [ 526.282746][T13463] ? __mm_populate+0x1d8/0x380 [ 526.282772][T13463] ? vm_mmap_pgoff+0x362/0x450 [ 526.282793][T13463] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 526.282816][T13463] ? __x64_sys_mmap+0x125/0x190 [ 526.282849][T13463] ? do_syscall_64+0xcd/0x490 [ 526.282883][T13463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.282919][T13463] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 526.282958][T13463] ? policy_nodemask+0xea/0x4e0 [ 526.282982][T13463] alloc_pages_mpol+0x1fb/0x550 [ 526.283006][T13463] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 526.283027][T13463] ? css_rstat_updated+0x9d/0xd30 [ 526.283059][T13463] alloc_pages_noprof+0x131/0x390 [ 526.283083][T13463] pte_alloc_one+0x1c/0x3a0 [ 526.283105][T13463] __pte_alloc+0x6d/0x3c0 [ 526.283128][T13463] ? __pfx___pte_alloc+0x10/0x10 [ 526.283151][T13463] ? _raw_spin_unlock+0x28/0x50 [ 526.283181][T13463] ? __pmd_alloc+0x3fb/0x930 [ 526.283216][T13463] __handle_mm_fault+0x4358/0x5490 [ 526.283256][T13463] ? __pfx___handle_mm_fault+0x10/0x10 [ 526.283314][T13463] handle_mm_fault+0x589/0xd10 [ 526.283352][T13463] __get_user_pages+0x589/0x3b80 [ 526.283388][T13463] ? __pfx_mt_find+0x10/0x10 [ 526.283410][T13463] ? __pfx___get_user_pages+0x10/0x10 [ 526.283448][T13463] populate_vma_page_range+0x278/0x3a0 [ 526.283480][T13463] ? __pfx_populate_vma_page_range+0x10/0x10 [ 526.283509][T13463] ? __pfx_find_vma_intersection+0x10/0x10 [ 526.283537][T13463] ? do_mmap+0x69c/0x1210 [ 526.283567][T13463] __mm_populate+0x1d8/0x380 [ 526.283596][T13463] ? __pfx___mm_populate+0x10/0x10 [ 526.283628][T13463] ? up_write+0x1b2/0x520 [ 526.283672][T13463] vm_mmap_pgoff+0x362/0x450 [ 526.283700][T13463] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 526.283730][T13463] ? __x64_sys_futex+0x1e0/0x4c0 [ 526.283759][T13463] ? __x64_sys_futex+0x1e9/0x4c0 [ 526.283792][T13463] ksys_mmap_pgoff+0x7d/0x5c0 [ 526.283817][T13463] ? xfd_validate_state+0x61/0x180 [ 526.283848][T13463] ? __pfx_ksys_write+0x10/0x10 [ 526.283886][T13463] __x64_sys_mmap+0x125/0x190 [ 526.283924][T13463] do_syscall_64+0xcd/0x490 [ 526.283963][T13463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.283987][T13463] RIP: 0033:0x7efdbcb8e929 [ 526.284005][T13463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.284028][T13463] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 526.284051][T13463] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 526.284067][T13463] RDX: 0000001000000004 RSI: 0000000000000008 RDI: 0000000000000000 [ 526.284081][T13463] RBP: 00007efdbcc10b39 R08: 0000000000000002 R09: 0000000000008000 [ 526.284095][T13463] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 526.284109][T13463] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 526.284139][T13463] [ 527.175367][T13483] kvm: user requested TSC rate below hardware speed [ 527.231010][T13485] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2938'. [ 527.481277][T13485] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 528.257275][T13505] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2947'. [ 528.802057][T13520] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2953'. [ 529.710837][T13543] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2962'. [ 530.195540][T13545] zswap: compressor 000 not available [ 531.293170][T13561] Device name cannot be null; rc = [-22] [ 533.196883][T13591] program syz.0.2979 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 534.830124][T13619] sctp: Failed to create the SCTP UDP tunneling v4 sock [ 536.396696][T13643] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2999'. [ 538.004249][T13665] netlink: 'syz.3.3007': attribute type 64 has an invalid length. [ 538.105617][T13665] netlink: 74 bytes leftover after parsing attributes in process `syz.3.3007'. [ 538.672134][T13673] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3013'. [ 538.892974][T13679] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3014'. [ 538.937459][T13680] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3015'. [ 539.570575][T13688] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 539.672723][T13688] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 539.761470][T13688] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 539.801783][T13688] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 539.860852][T13688] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 540.064848][T13688] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 540.096167][T13699] __vm_enough_memory: pid: 13699, comm: syz.0.3021, bytes: 4398046511104 not enough memory for the allocation [ 540.133851][T13688] CPU0 is offline. [ 541.416590][T13715] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3026'. [ 541.602727][T12907] Bluetooth: hci1: command 0x0c1a tx timeout [ 541.758491][T13721] [U]  [ 541.761970][T13721] [U] [ 541.765006][T13721] [U] [ 541.767991][T13721] [U] [ 541.772384][T12907] Bluetooth: hci3: command 0x0c1a tx timeout [ 541.833739][T13721] [U] [ 541.836772][T13721] [U] [ 541.839754][T13721] [U] [ 541.842737][T13721] [U] [ 541.846078][T12907] Bluetooth: hci2: command 0x0406 tx timeout [ 541.907090][T13725] [U] [ 541.911910][T13724] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3030'. [ 542.083019][T12907] Bluetooth: hci0: command 0x0406 tx timeout [ 542.366612][T13732] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3033'. [ 543.114106][T13719] kexec: Could not allocate control_code_buffer [ 543.180251][T13744] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3038'. [ 543.684301][T12907] Bluetooth: hci1: command 0x0c1a tx timeout [ 543.761163][T13757] random: crng reseeded on system resumption [ 543.923752][T12907] Bluetooth: hci2: command 0x0406 tx timeout [ 544.663004][T13768] netlink: 346 bytes leftover after parsing attributes in process `syz.2.3048'. [ 545.121187][T13771] sctp: [Deprecated]: syz.3.3049 (pid 13771) Use of struct sctp_assoc_value in delayed_ack socket option. [ 545.121187][T13771] Use struct sctp_sack_info instead [ 545.141616][T13777] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3051'. [ 545.497525][T13782] bridge0: port 3(macvlan0) entered blocking state [ 545.526616][T13782] bridge0: port 3(macvlan0) entered disabled state [ 545.572771][T13782] macvlan0: entered allmulticast mode [ 545.600927][T13782] veth1_vlan: entered allmulticast mode [ 545.644237][T13782] macvlan0: entered promiscuous mode [ 545.680216][T13782] bridge0: port 3(macvlan0) entered blocking state [ 545.687569][T13782] bridge0: port 3(macvlan0) entered forwarding state [ 547.228763][T13808] netlink: 'syz.0.3063': attribute type 4 has an invalid length. [ 547.778257][T13820] __vm_enough_memory: pid: 13820, comm: syz.3.3066, bytes: 4398046511104 not enough memory for the allocation [ 550.197189][T13874] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3091'. [ 551.326490][T13899] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3100'. [ 552.721327][T13924] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3110'. [ 553.513901][T13935] netlink: 322 bytes leftover after parsing attributes in process `syz.1.3116'. [ 553.962395][T13933] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 554.163535][T13946] FAULT_INJECTION: forcing a failure. [ 554.163535][T13946] name failslab, interval 1, probability 0, space 0, times 0 [ 554.264963][T13946] CPU: 1 UID: 0 PID: 13946 Comm: syz.3.3120 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 554.264997][T13946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 554.265017][T13946] Call Trace: [ 554.265025][T13946] [ 554.265034][T13946] dump_stack_lvl+0x16c/0x1f0 [ 554.265075][T13946] should_fail_ex+0x512/0x640 [ 554.265111][T13946] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 554.265147][T13946] should_failslab+0xc2/0x120 [ 554.265171][T13946] __kmalloc_cache_noprof+0x6a/0x3e0 [ 554.265204][T13946] ? drm_atomic_helper_check+0x10f/0x190 [ 554.265241][T13946] ? drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 554.265286][T13946] drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 554.265339][T13946] drm_atomic_helper_commit+0xa9/0x380 [ 554.265363][T13946] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 554.265387][T13946] drm_atomic_commit+0x231/0x300 [ 554.265414][T13946] ? __pfx_drm_atomic_commit+0x10/0x10 [ 554.265440][T13946] ? __pfx___drm_printfn_info+0x10/0x10 [ 554.265476][T13946] ? drm_client_rotation+0x4da/0x6a0 [ 554.265506][T13946] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 554.265542][T13946] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 554.265600][T13946] drm_client_modeset_commit_locked+0x14d/0x580 [ 554.265632][T13946] drm_client_modeset_commit+0x4f/0x80 [ 554.265660][T13946] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 554.265702][T13946] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 554.265737][T13946] drm_fbdev_client_restore+0x2c/0x40 [ 554.265769][T13946] drm_client_dev_restore+0x1f3/0x2a0 [ 554.265800][T13946] drm_release+0x2c4/0x360 [ 554.265826][T13946] ? __pfx_drm_release+0x10/0x10 [ 554.265847][T13946] __fput+0x3ff/0xb70 [ 554.265879][T13946] task_work_run+0x150/0x240 [ 554.265918][T13946] ? __pfx_task_work_run+0x10/0x10 [ 554.265957][T13946] ? __pfx___do_sys_close_range+0x10/0x10 [ 554.266005][T13946] exit_to_user_mode_loop+0xeb/0x110 [ 554.266051][T13946] do_syscall_64+0x3f6/0x490 [ 554.266090][T13946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.266114][T13946] RIP: 0033:0x7fc53018e929 [ 554.266133][T13946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.266157][T13946] RSP: 002b:00007fc530fe8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 554.266179][T13946] RAX: 0000000000000000 RBX: 00007fc5303b5fa0 RCX: 00007fc53018e929 [ 554.266194][T13946] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 554.266208][T13946] RBP: 00007fc530210b39 R08: 0000000000000000 R09: 0000000000000000 [ 554.266222][T13946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.266236][T13946] R13: 0000000000000000 R14: 00007fc5303b5fa0 R15: 00007ffd62a309a8 [ 554.266266][T13946] [ 554.823635][T13950] syz.2.3122 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 555.186393][T13955] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 555.430684][T13963] netlink: zone id is out of range [ 555.438328][T13963] netlink: zone id is out of range [ 555.444351][T13963] netlink: zone id is out of range [ 555.511467][T13963] netlink: zone id is out of range [ 555.574299][T13963] netlink: zone id is out of range [ 555.631284][T13963] netlink: zone id is out of range [ 555.672742][T13963] netlink: zone id is out of range [ 555.683154][T13963] netlink: zone id is out of range [ 555.728803][T13963] netlink: zone id is out of range [ 555.745918][T13963] netlink: zone id is out of range [ 555.783333][T13967] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 556.073004][T13965] [U] [ 556.076033][T13965] [U] [ 556.079013][T13965] [U] [ 556.081996][T13965] [U] [ 556.148132][T13965] [U] [ 556.151166][T13965] [U] [ 556.154161][T13965] [U] [ 556.157287][T13965] [U] [ 556.206629][T13965] [U] [ 556.209746][T13965] [U] [ 556.212746][T13965] [U] [ 556.215831][T13965] [U] [ 556.271343][T13965] [U] [ 556.274367][T13965] [U] [ 556.277352][T13965] [U] [ 556.280352][T13965] [U] [ 556.339932][T13965] [U] [ 556.342967][T13965] [U] [ 556.345953][T13965] [U] [ 556.348934][T13965] [U] [ 556.422288][T13965] [U] [ 557.223235][T13994] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3141'. [ 557.895675][T14008] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3147'. [ 559.880118][T14046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3163'. [ 559.925252][T14046] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3163'. [ 560.266664][T14051] __vm_enough_memory: pid: 14051, comm: syz.1.3164, bytes: 4398046511104 not enough memory for the allocation [ 560.897169][T14050] ima: policy update failed [ 560.984053][ T30] audit: type=1802 audit(4294967388.790:10): pid=14050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3165" res=0 errno=0 [ 561.330375][T14059] ubi0: attaching mtd0 [ 561.375383][T14059] ubi0: scanning is finished [ 561.380522][T14059] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 561.673652][T14064] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3170'. [ 561.724531][T14059] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 561.763767][T14065] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3171'. [ 562.799017][ T30] audit: type=1326 audit(4294967390.610:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14080 comm="syz.3.3177" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc53018e929 code=0x0 [ 563.303245][T14091] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3180'. [ 564.451391][T14107] __vm_enough_memory: pid: 14107, comm: syz.2.3183, bytes: 4398046511104 not enough memory for the allocation [ 564.990313][T14110] FAULT_INJECTION: forcing a failure. [ 564.990313][T14110] name failslab, interval 1, probability 0, space 0, times 0 [ 565.067783][T14110] CPU: 1 UID: 0 PID: 14110 Comm: syz.0.3185 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 565.067817][T14110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.067833][T14110] Call Trace: [ 565.067840][T14110] [ 565.067849][T14110] dump_stack_lvl+0x16c/0x1f0 [ 565.067891][T14110] should_fail_ex+0x512/0x640 [ 565.067928][T14110] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 565.067965][T14110] should_failslab+0xc2/0x120 [ 565.067988][T14110] __kmalloc_cache_noprof+0x6a/0x3e0 [ 565.068021][T14110] ? snd_seq_oss_open+0x55/0xa20 [ 565.068058][T14110] snd_seq_oss_open+0x55/0xa20 [ 565.068087][T14110] odev_open+0x6f/0x90 [ 565.068121][T14110] ? __pfx_odev_open+0x10/0x10 [ 565.068157][T14110] soundcore_open+0x40c/0x580 [ 565.068197][T14110] ? __pfx_soundcore_open+0x10/0x10 [ 565.068232][T14110] chrdev_open+0x231/0x6a0 [ 565.068269][T14110] ? __pfx_apparmor_file_open+0x10/0x10 [ 565.068301][T14110] ? __pfx_chrdev_open+0x10/0x10 [ 565.068340][T14110] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 565.068378][T14110] do_dentry_open+0x744/0x1c10 [ 565.068415][T14110] ? __pfx_chrdev_open+0x10/0x10 [ 565.068458][T14110] vfs_open+0x82/0x3f0 [ 565.068486][T14110] path_openat+0x1de4/0x2cb0 [ 565.068531][T14110] ? __pfx_path_openat+0x10/0x10 [ 565.068568][T14110] ? __lock_acquire+0xb8a/0x1c90 [ 565.068605][T14110] do_filp_open+0x20b/0x470 [ 565.068639][T14110] ? __pfx_do_filp_open+0x10/0x10 [ 565.068696][T14110] ? alloc_fd+0x471/0x7d0 [ 565.068736][T14110] do_sys_openat2+0x11b/0x1d0 [ 565.068762][T14110] ? __pfx_do_sys_openat2+0x10/0x10 [ 565.068802][T14110] __x64_sys_openat+0x174/0x210 [ 565.068831][T14110] ? __pfx___x64_sys_openat+0x10/0x10 [ 565.068870][T14110] do_syscall_64+0xcd/0x490 [ 565.068908][T14110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.068933][T14110] RIP: 0033:0x7f5ee918e929 [ 565.068951][T14110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.068974][T14110] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 565.068996][T14110] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 565.069011][T14110] RDX: 0000000000000042 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 565.069027][T14110] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 565.069041][T14110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.069060][T14110] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 565.069089][T14110] [ 567.636323][T14131] netlink: 'syz.0.3195': attribute type 21 has an invalid length. [ 567.696458][T14131] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3195'. [ 567.793358][T14133] FAULT_INJECTION: forcing a failure. [ 567.793358][T14133] name failslab, interval 1, probability 0, space 0, times 0 [ 567.950050][T14133] CPU: 1 UID: 0 PID: 14133 Comm: syz.2.3194 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 567.950085][T14133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 567.950099][T14133] Call Trace: [ 567.950108][T14133] [ 567.950117][T14133] dump_stack_lvl+0x16c/0x1f0 [ 567.950159][T14133] should_fail_ex+0x512/0x640 [ 567.950195][T14133] ? fs_reclaim_acquire+0xae/0x150 [ 567.950226][T14133] should_failslab+0xc2/0x120 [ 567.950250][T14133] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 567.950288][T14133] ? security_inode_alloc+0x3b/0x2b0 [ 567.950320][T14133] security_inode_alloc+0x3b/0x2b0 [ 567.950347][T14133] inode_init_always_gfp+0xce4/0x1030 [ 567.950386][T14133] alloc_inode+0x86/0x240 [ 567.950411][T14133] new_inode+0x22/0x1c0 [ 567.950434][T14133] ? trace_cap_capable+0x18d/0x200 [ 567.950460][T14133] shmem_get_inode+0x19a/0xfb0 [ 567.950490][T14133] ? __vm_enough_memory+0x184/0x3f0 [ 567.950553][T14133] __shmem_file_setup+0x279/0x330 [ 567.950588][T14133] shmem_zero_setup+0x93/0x1a0 [ 567.950627][T14133] __mmap_region+0x1ece/0x25e0 [ 567.950667][T14133] ? __pfx___mmap_region+0x10/0x10 [ 567.950716][T14133] ? rcu_is_watching+0x12/0xc0 [ 567.950748][T14133] ? rcu_is_watching+0x12/0xc0 [ 567.950773][T14133] ? trace_sched_exit_tp+0xde/0x130 [ 567.950803][T14133] ? __schedule+0x1181/0x5de0 [ 567.950838][T14133] ? __lock_acquire+0xb8a/0x1c90 [ 567.950881][T14133] ? __pfx___schedule+0x10/0x10 [ 567.950955][T14133] ? trace_cap_capable+0x18d/0x200 [ 567.950988][T14133] mmap_region+0x1ab/0x3f0 [ 567.951024][T14133] ? __get_unmapped_area+0x267/0x440 [ 567.951055][T14133] do_mmap+0xa3e/0x1210 [ 567.951092][T14133] ? __pfx_do_mmap+0x10/0x10 [ 567.951120][T14133] ? __pfx_down_write_killable+0x10/0x10 [ 567.951148][T14133] vm_mmap_pgoff+0x281/0x450 [ 567.951178][T14133] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 567.951209][T14133] ? __x64_sys_futex+0x1e0/0x4c0 [ 567.951238][T14133] ? __x64_sys_futex+0x1e9/0x4c0 [ 567.951271][T14133] ksys_mmap_pgoff+0x7d/0x5c0 [ 567.951295][T14133] ? xfd_validate_state+0x61/0x180 [ 567.951327][T14133] ? __pfx_do_writev+0x10/0x10 [ 567.951362][T14133] __x64_sys_mmap+0x125/0x190 [ 567.951400][T14133] do_syscall_64+0xcd/0x490 [ 567.951439][T14133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.951463][T14133] RIP: 0033:0x7efdbcb8e929 [ 567.951482][T14133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.951505][T14133] RSP: 002b:00007efdbd953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 567.951532][T14133] RAX: ffffffffffffffda RBX: 00007efdbcdb5fa0 RCX: 00007efdbcb8e929 [ 567.951548][T14133] RDX: 00004000000000df RSI: 0000000000000100 RDI: 0000000000000000 [ 567.951563][T14133] RBP: 00007efdbcc10b39 R08: 0000000000000401 R09: 0000000000008000 [ 567.951577][T14133] R10: 0000080000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 567.951591][T14133] R13: 0000000000000000 R14: 00007efdbcdb5fa0 R15: 00007ffd5c31b158 [ 567.951621][T14133] [ 569.001885][T14142] __vm_enough_memory: pid: 14142, comm: syz.0.3197, bytes: 4398046511104 not enough memory for the allocation [ 570.613552][T14153] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3202'. [ 572.692225][T14185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3214'. [ 573.471914][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.482859][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.525409][T14205] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3222'. [ 575.934323][T14217] FAULT_INJECTION: forcing a failure. [ 575.934323][T14217] name failslab, interval 1, probability 0, space 0, times 0 [ 576.023614][T14217] CPU: 1 UID: 0 PID: 14217 Comm: syz.1.3228 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 576.023649][T14217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 576.023666][T14217] Call Trace: [ 576.023675][T14217] [ 576.023685][T14217] dump_stack_lvl+0x16c/0x1f0 [ 576.023727][T14217] should_fail_ex+0x512/0x640 [ 576.023762][T14217] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 576.023810][T14217] should_failslab+0xc2/0x120 [ 576.023833][T14217] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 576.023871][T14217] ? mas_alloc_nodes+0x18b/0x8b0 [ 576.023906][T14217] mas_alloc_nodes+0x18b/0x8b0 [ 576.023946][T14217] mas_node_count_gfp+0x105/0x130 [ 576.023981][T14217] mas_preallocate+0x7e0/0xde0 [ 576.024010][T14217] ? __pfx_mas_preallocate+0x10/0x10 [ 576.024042][T14217] ? vma_merge_new_range+0x37f/0xa00 [ 576.024076][T14217] ? vm_area_alloc+0x1f/0x160 [ 576.024109][T14217] ? lockdep_init_map_type+0x5c/0x280 [ 576.024148][T14217] __mmap_region+0x1104/0x25e0 [ 576.024189][T14217] ? __pfx___mmap_region+0x10/0x10 [ 576.024225][T14217] ? rcu_is_watching+0x12/0xc0 [ 576.024257][T14217] ? rcu_is_watching+0x12/0xc0 [ 576.024282][T14217] ? trace_sched_exit_tp+0xde/0x130 [ 576.024312][T14217] ? __schedule+0x1181/0x5de0 [ 576.024342][T14217] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 576.024382][T14217] ? __lock_acquire+0xb8a/0x1c90 [ 576.024427][T14217] ? __pfx___schedule+0x10/0x10 [ 576.024492][T14217] ? trace_cap_capable+0x18d/0x200 [ 576.024526][T14217] mmap_region+0x1ab/0x3f0 [ 576.024568][T14217] ? __get_unmapped_area+0x267/0x440 [ 576.024599][T14217] do_mmap+0xa3e/0x1210 [ 576.024631][T14217] ? __pfx_do_mmap+0x10/0x10 [ 576.024658][T14217] ? __pfx_down_write_killable+0x10/0x10 [ 576.024687][T14217] vm_mmap_pgoff+0x281/0x450 [ 576.024716][T14217] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 576.024747][T14217] ? __x64_sys_futex+0x1e0/0x4c0 [ 576.024775][T14217] ? __x64_sys_futex+0x1e9/0x4c0 [ 576.024821][T14217] ksys_mmap_pgoff+0x7d/0x5c0 [ 576.024848][T14217] ? xfd_validate_state+0x61/0x180 [ 576.024881][T14217] ? __pfx_ksys_write+0x10/0x10 [ 576.024919][T14217] __x64_sys_mmap+0x125/0x190 [ 576.024957][T14217] do_syscall_64+0xcd/0x490 [ 576.024996][T14217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.025020][T14217] RIP: 0033:0x7fe86eb8e929 [ 576.025039][T14217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.025063][T14217] RSP: 002b:00007fe86fa53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 576.025085][T14217] RAX: ffffffffffffffda RBX: 00007fe86edb5fa0 RCX: 00007fe86eb8e929 [ 576.025101][T14217] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 576.025116][T14217] RBP: 00007fe86ec10b39 R08: 0000000000000401 R09: 0000000000008000 [ 576.025131][T14217] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 576.025145][T14217] R13: 0000000000000000 R14: 00007fe86edb5fa0 R15: 00007ffd8335f6e8 [ 576.025174][T14217] [ 576.352039][ C1] vkms_vblank_simulate: vblank timer overrun [ 577.926415][T14229] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3233'. [ 577.995083][T14229] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3233'. [ 578.580077][T14235] ================================================================== [ 578.589017][T14235] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 578.597829][T14235] Read of size 8 at addr ffff8881432a5018 by task syz.0.3236/14235 [ 578.606511][T14235] [ 578.609087][T14235] CPU: 1 UID: 0 PID: 14235 Comm: syz.0.3236 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 578.609117][T14235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 578.609132][T14235] Call Trace: [ 578.609142][T14235] [ 578.609151][T14235] dump_stack_lvl+0x116/0x1f0 [ 578.609192][T14235] print_report+0xcd/0x610 [ 578.609214][T14235] ? __virt_addr_valid+0x81/0x610 [ 578.609242][T14235] ? __phys_addr+0xe8/0x180 [ 578.609268][T14235] ? dvb_device_open+0x36a/0x3b0 [ 578.609304][T14235] kasan_report+0xe0/0x110 [ 578.609327][T14235] ? dvb_device_open+0x36a/0x3b0 [ 578.609367][T14235] ? __pfx_dvb_device_open+0x10/0x10 [ 578.609403][T14235] dvb_device_open+0x36a/0x3b0 [ 578.609441][T14235] ? __pfx_dvb_device_open+0x10/0x10 [ 578.609478][T14235] chrdev_open+0x231/0x6a0 [ 578.609514][T14235] ? __pfx_apparmor_file_open+0x10/0x10 [ 578.609545][T14235] ? __pfx_chrdev_open+0x10/0x10 [ 578.609583][T14235] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 578.609619][T14235] do_dentry_open+0x744/0x1c10 [ 578.609654][T14235] ? __pfx_chrdev_open+0x10/0x10 [ 578.609694][T14235] vfs_open+0x82/0x3f0 [ 578.609720][T14235] path_openat+0x1de4/0x2cb0 [ 578.609759][T14235] ? __pfx_path_openat+0x10/0x10 [ 578.609794][T14235] ? __lock_acquire+0xb8a/0x1c90 [ 578.609828][T14235] do_filp_open+0x20b/0x470 [ 578.609870][T14235] ? __pfx_do_filp_open+0x10/0x10 [ 578.609916][T14235] ? alloc_fd+0x471/0x7d0 [ 578.609951][T14235] do_sys_openat2+0x11b/0x1d0 [ 578.609985][T14235] ? __pfx_do_sys_openat2+0x10/0x10 [ 578.610011][T14235] ? __pfx_do_sys_openat2+0x10/0x10 [ 578.610038][T14235] ? arch_do_signal_or_restart+0x211/0x790 [ 578.610072][T14235] __x64_sys_openat+0x174/0x210 [ 578.610099][T14235] ? __pfx___x64_sys_openat+0x10/0x10 [ 578.610133][T14235] do_syscall_64+0xcd/0x490 [ 578.610170][T14235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.610195][T14235] RIP: 0033:0x7f5ee918e929 [ 578.610219][T14235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.610243][T14235] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 578.610269][T14235] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 578.610285][T14235] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 578.610301][T14235] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 578.610316][T14235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.610330][T14235] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 578.610353][T14235] [ 578.610361][T14235] [ 578.895172][T14235] Allocated by task 14125: [ 578.900030][T14235] kasan_save_stack+0x33/0x60 [ 578.905204][T14235] kasan_save_track+0x14/0x30 [ 578.910370][T14235] __kasan_kmalloc+0xaa/0xb0 [ 578.915437][T14235] __kvmalloc_node_noprof+0x27b/0x620 [ 578.921362][T14235] io_alloc_cache_init+0x33/0x170 [ 578.926910][T14235] io_uring_setup+0x680/0x2080 [ 578.932263][T14235] __x64_sys_io_uring_setup+0xc2/0x170 [ 578.938283][T14235] do_syscall_64+0xcd/0x490 [ 578.943264][T14235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.949754][T14235] [ 578.952334][T14235] Freed by task 59: [ 578.956540][T14235] kasan_save_stack+0x33/0x60 [ 578.961717][T14235] kasan_save_track+0x14/0x30 [ 578.966879][T14235] kasan_save_free_info+0x3b/0x60 [ 578.972417][T14235] __kasan_slab_free+0x51/0x70 [ 578.977694][T14235] kfree+0x2b4/0x4d0 [ 578.981993][T14235] io_alloc_cache_free+0x1eb/0x2e0 [ 578.987662][T14235] io_free_alloc_caches+0x70/0x80 [ 578.993402][T14235] io_ring_exit_work+0x815/0x1120 [ 578.998940][T14235] process_one_work+0x9cf/0x1b70 [ 579.004394][T14235] worker_thread+0x6c8/0xf10 [ 579.009464][T14235] kthread+0x3c2/0x780 [ 579.013956][T14235] ret_from_fork+0x5d7/0x6f0 [ 579.019019][T14235] ret_from_fork_asm+0x1a/0x30 [ 579.024272][T14235] [ 579.026830][T14235] The buggy address belongs to the object at ffff8881432a5000 [ 579.026830][T14235] which belongs to the cache kmalloc-256 of size 256 [ 579.042414][T14235] The buggy address is located 24 bytes inside of [ 579.042414][T14235] freed 256-byte region [ffff8881432a5000, ffff8881432a5100) [ 579.057504][T14235] [ 579.060078][T14235] The buggy address belongs to the physical page: [ 579.067136][T14235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1432a4 [ 579.076873][T14235] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 579.086226][T14235] ksm flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 579.095019][T14235] page_type: f5(slab) [ 579.099405][T14235] raw: 057ff00000000040 ffff88801b841b40 ffffea0001f2b380 0000000000000003 [ 579.108852][T14235] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 579.118300][T14235] head: 057ff00000000040 ffff88801b841b40 ffffea0001f2b380 0000000000000003 [ 579.127865][T14235] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 579.137444][T14235] head: 057ff00000000001 ffffea00050ca901 00000000ffffffff 00000000ffffffff [ 579.146992][T14235] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 579.156621][T14235] page dumped because: kasan: bad access detected [ 579.163687][T14235] page_owner tracks the page as allocated [ 579.169969][T14235] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25976272656, free_ts 0 [ 579.191665][T14235] post_alloc_hook+0x1c0/0x230 [ 579.196925][T14235] get_page_from_freelist+0x1321/0x3890 [ 579.203049][T14235] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 579.209554][T14235] alloc_pages_mpol+0x1fb/0x550 [ 579.214894][T14235] new_slab+0x23b/0x330 [ 579.219491][T14235] ___slab_alloc+0xd9c/0x1940 [ 579.224654][T14235] __slab_alloc.constprop.0+0x56/0xb0 [ 579.230579][T14235] __kmalloc_cache_noprof+0xfb/0x3e0 [ 579.236412][T14235] bus_add_driver+0x92/0x690 [ 579.241479][T14235] driver_register+0x15c/0x4b0 [ 579.246726][T14235] usb_register_driver+0x216/0x4d0 [ 579.252371][T14235] au0828_init+0xb7/0x1a0 [ 579.257162][T14235] do_one_initcall+0x120/0x6e0 [ 579.262416][T14235] kernel_init_freeable+0x5c2/0x900 [ 579.268153][T14235] kernel_init+0x1c/0x2b0 [ 579.272925][T14235] ret_from_fork+0x5d7/0x6f0 [ 579.278003][T14235] page_owner free stack trace missing [ 579.284096][T14235] [ 579.286675][T14235] Memory state around the buggy address: [ 579.292866][T14235] ffff8881432a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 579.301755][T14235] ffff8881432a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 579.310721][T14235] >ffff8881432a5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 579.319587][T14235] ^ [ 579.325110][T14235] ffff8881432a5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 579.334084][T14235] ffff8881432a5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 579.342977][T14235] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 581.063637][ T5197] ERROR: Out of memory at tomoyo_memory_ok. [ 582.085343][ T6985] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.532230][ T6985] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.749466][ T6985] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.855381][ T6985] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.160994][ T6985] bridge_slave_1: left allmulticast mode [ 583.184635][ T6985] bridge_slave_1: left promiscuous mode [ 583.191005][ T6985] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.226028][ T6985] bridge_slave_0: left allmulticast mode [ 583.232285][ T6985] bridge_slave_0: left promiscuous mode [ 583.259646][ T6985] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.283945][ T6985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 584.343532][ T6985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 584.377140][ T6985] bond0 (unregistering): Released all slaves [ 584.920947][T14235] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 584.928917][T14235] CPU: 1 UID: 0 PID: 14235 Comm: syz.0.3236 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 584.940295][T14235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 584.951371][T14235] Call Trace: [ 584.955012][T14235] [ 584.958290][T14235] dump_stack_lvl+0x3d/0x1f0 [ 584.963403][T14235] panic+0x71c/0x800 [ 584.967727][T14235] ? __pfx_panic+0x10/0x10 [ 584.972638][T14235] ? mark_held_locks+0x49/0x80 [ 584.977905][T14235] ? preempt_schedule_thunk+0x16/0x30 [ 584.983834][T14235] ? dvb_device_open+0x36a/0x3b0 [ 584.989293][T14235] ? preempt_schedule_common+0x44/0xc0 [ 584.995331][T14235] ? dvb_device_open+0x36a/0x3b0 [ 585.000815][T14235] check_panic_on_warn+0xab/0xb0 [ 585.006284][T14235] end_report+0x107/0x170 [ 585.011065][T14235] kasan_report+0xee/0x110 [ 585.015933][T14235] ? dvb_device_open+0x36a/0x3b0 [ 585.021413][T14235] ? __pfx_dvb_device_open+0x10/0x10 [ 585.027273][T14235] dvb_device_open+0x36a/0x3b0 [ 585.032552][T14235] ? __pfx_dvb_device_open+0x10/0x10 [ 585.038395][T14235] chrdev_open+0x231/0x6a0 [ 585.043284][T14235] ? __pfx_apparmor_file_open+0x10/0x10 [ 585.049404][T14235] ? __pfx_chrdev_open+0x10/0x10 [ 585.054864][T14235] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 585.062327][T14235] do_dentry_open+0x744/0x1c10 [ 585.067601][T14235] ? __pfx_chrdev_open+0x10/0x10 [ 585.073153][T14235] vfs_open+0x82/0x3f0 [ 585.077640][T14235] path_openat+0x1de4/0x2cb0 [ 585.082714][T14235] ? __pfx_path_openat+0x10/0x10 [ 585.088163][T14235] ? __lock_acquire+0xb8a/0x1c90 [ 585.093714][T14235] do_filp_open+0x20b/0x470 [ 585.098689][T14235] ? __pfx_do_filp_open+0x10/0x10 [ 585.104272][T14235] ? alloc_fd+0x471/0x7d0 [ 585.109077][T14235] do_sys_openat2+0x11b/0x1d0 [ 585.114238][T14235] ? __pfx_do_sys_openat2+0x10/0x10 [ 585.119990][T14235] ? __pfx_do_sys_openat2+0x10/0x10 [ 585.125802][T14235] ? arch_do_signal_or_restart+0x211/0x790 [ 585.132207][T14235] __x64_sys_openat+0x174/0x210 [ 585.137568][T14235] ? __pfx___x64_sys_openat+0x10/0x10 [ 585.143516][T14235] do_syscall_64+0xcd/0x490 [ 585.148784][T14235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.155277][T14235] RIP: 0033:0x7f5ee918e929 [ 585.160148][T14235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.181748][T14235] RSP: 002b:00007f5eea072038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 585.191131][T14235] RAX: ffffffffffffffda RBX: 00007f5ee93b5fa0 RCX: 00007f5ee918e929 [ 585.200059][T14235] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 585.208861][T14235] RBP: 00007f5ee9210b39 R08: 0000000000000000 R09: 0000000000000000 [ 585.217646][T14235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.226421][T14235] R13: 0000000000000000 R14: 00007f5ee93b5fa0 R15: 00007ffd1527c028 [ 585.235208][T14235] [ 585.238612][T14235] Kernel Offset: disabled [ 585.243373][T14235] Rebooting in 86400 seconds..