last executing test programs: 3m36.136917762s ago: executing program 0 (id=2848): mmap$auto(0x0, 0x40009, 0xdf, 0x7b2, 0xffffffffffffffff, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0x2b, 0x1, 0x1) socket(0x1d, 0x2, 0x2) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x800005411, 0x38) 3m35.935412142s ago: executing program 0 (id=2850): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r0, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x80800, 0x0) 3m35.06731358s ago: executing program 0 (id=2856): rseq$auto(&(0x7f0000000000)={0x400, 0x401, 0xa00, 0x6, 0x8, 0x2}, 0x8000, 0x0, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x80805, 0x0) epoll_create$auto(0x4) epoll_pwait$auto(r0, 0x0, 0x3, 0x6, 0x0, 0x8) 3m34.832175169s ago: executing program 0 (id=2857): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 3m34.33014438s ago: executing program 0 (id=2859): mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000052c4030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='%'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m31.918441918s ago: executing program 0 (id=2870): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x0, 0x7d, &(0x7f0000000040)={0xfffffffffffffffd, 0x6, 0xffffffffffffffc0, 0x800000000000006}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x7) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000200)=""/36, 0x24) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) 3m31.261902869s ago: executing program 32 (id=2870): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x0, 0x7d, &(0x7f0000000040)={0xfffffffffffffffd, 0x6, 0xffffffffffffffc0, 0x800000000000006}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x7) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000200)=""/36, 0x24) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) 4.244796234s ago: executing program 3 (id=4057): r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x6041, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket(0x10, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) bpf$auto(0x7, &(0x7f0000000000)=@query={@target_ifindex=r2, 0x80000002, 0xc6c3, 0xa24, 0x8000010002, @count=0x42, 0x0, 0x9, 0x9, 0x0, 0x3}, 0xa3) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) 4.164219604s ago: executing program 4 (id=4058): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x0, 0x2000000000009, 0x3, 0x7, 0xfffffffffffff718, 0x5, 0x7fff, 0x2000000000010006, 0x0, 0x7, 0x8, 0x0, 0x7, 0xaf, 0x9, 0x2, 0x403, 0x8001, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x3]}, 0x200, 0xfffffffb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB="0100", @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x20040001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xb, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='*'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffa474, &(0x7f00000002c0)={0x0, 0xc4}, 0x9, 0x0, 0x0, 0xa}, 0x9}, 0x2, 0x800) 4.054437659s ago: executing program 3 (id=4059): socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socketpair$auto(0x3, 0x8, 0x7, 0x0) ioctl$auto(0x1, 0x8983, 0x4) 3.819444048s ago: executing program 3 (id=4061): sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x9, 0x2, "cacd2dff11"}, @HWSIM_ATTR_MULTI_RADIO={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0xb06af94f2e030f6) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001200c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) timer_settime$auto(0x0, 0x5, 0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) 3.346542951s ago: executing program 3 (id=4066): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) 2.994803345s ago: executing program 4 (id=4067): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x280, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) 2.867079799s ago: executing program 3 (id=4068): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) unshare$auto(0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0xffd8) 2.458314105s ago: executing program 4 (id=4070): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, r0, 0x2) r1 = landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x9, 0x0) r2 = ioctl$auto_TUNGETIFF2(r1, 0x800454d2, 0x0) getsockopt$auto_SO_OOBINLINE(r2, 0x7, 0xa, 0x0, &(0x7f0000000100)=0x10000) landlock_restrict_self$auto(r0, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) shutdown$auto(0x200000003, 0x2) 2.29368317s ago: executing program 2 (id=4071): r0 = fcntl$auto(0xffffffffffffffff, 0x400, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000000c0)={"286251b36d6e198d95860f6f27964f8d0cd5d454c9946098fb3df193a80eb45e", 0xd, 0x4, 0x2, 0x6, 0x2, 0xffffffffffffffff}) fcntl$auto(r0, 0x2dd, r1) flock$auto(r0, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/oss/sndstat\x00', 0x40441, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r2, 0x127a, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) close_range$auto(0x2, 0x8, 0x0) 2.240717231s ago: executing program 1 (id=4072): mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x261c2, 0x84) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x1e60000000000000}, 0x9) 2.054581037s ago: executing program 2 (id=4073): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x3) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x10b040, 0x0) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={r1, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 1.95491476s ago: executing program 1 (id=4074): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8}) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) pipe2$auto(&(0x7f0000000040)=0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r0, 0x0, 0x6) 1.873749596s ago: executing program 4 (id=4075): mmap$auto(0x0, 0x1, 0xe1, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x8000, 0x7, 0xd, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x0, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0x0, 0x22000, 0x200, 0x0, 0x84}, 0x1fe, 0xd) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x20000804}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.790263908s ago: executing program 2 (id=4076): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) unlink$auto(&(0x7f0000000040)='./bus\x00') 1.705205399s ago: executing program 1 (id=4077): bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYBLOB="21022cbd7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) read$auto(0x3, 0x0, 0x80) 1.521558109s ago: executing program 2 (id=4078): mmap$auto(0x0, 0x4994, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/irq/3/smp_affinity_list\x00', 0x8f3b7a51b8162d21, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000280)="6171a7af14ff") 1.45233202s ago: executing program 1 (id=4079): r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) sendmsg$auto_NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x4004080) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPATH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4000004}, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) close_range$auto(0x2, 0xa, 0x0) 955.14753ms ago: executing program 4 (id=4080): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000010, 0x400, 0x9}]}) 769.386061ms ago: executing program 2 (id=4081): epoll_create$auto(0x3e) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x100) socketpair$auto(0x8, 0x7, 0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8926, 0x0) 538.104042ms ago: executing program 3 (id=4082): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x13, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0x2}, 0x1002}, 0x739618ce, 0x311) unshare$auto(0x40000080) recvfrom$auto(0x3, 0x0, 0x800000000a, 0x3, 0x0, 0xfffffffffffffffd) 346.363319ms ago: executing program 1 (id=4083): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfdef) 44.891063ms ago: executing program 1 (id=4084): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 44.462569ms ago: executing program 2 (id=4085): r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000100)='nl80211\x00', 0xbe62) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r3], 0x1ac}}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 0s ago: executing program 4 (id=4086): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0x4) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x10, 0x80002, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000004140), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) write$auto(r0, &(0x7f0000000000)='*\x00', 0xfd) kernel console output (not intermixed with test programs): db2c77c4c3 #0 PREEMPT(full) [ 487.833305][T14413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 487.833314][T14413] Call Trace: [ 487.833319][T14413] [ 487.833326][T14413] dump_stack_lvl+0x16c/0x1f0 [ 487.833352][T14413] should_fail_ex+0x512/0x640 [ 487.833373][T14413] ? fs_reclaim_acquire+0xae/0x150 [ 487.833397][T14413] should_failslab+0xc2/0x120 [ 487.833415][T14413] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 487.833432][T14413] ? security_inode_alloc+0x3b/0x2b0 [ 487.833452][T14413] security_inode_alloc+0x3b/0x2b0 [ 487.833469][T14413] inode_init_always_gfp+0xce4/0x1030 [ 487.833486][T14413] alloc_inode+0x86/0x240 [ 487.833503][T14413] path_from_stashed+0x2be/0xb00 [ 487.833517][T14413] ? do_raw_spin_lock+0x12c/0x2b0 [ 487.833539][T14413] ? __pfx_path_from_stashed+0x10/0x10 [ 487.833554][T14413] ? do_raw_spin_unlock+0x172/0x230 [ 487.833578][T14413] ns_get_path+0x5f/0x80 [ 487.833598][T14413] proc_ns_get_link+0x121/0x260 [ 487.833613][T14413] ? __pfx_proc_ns_get_link+0x10/0x10 [ 487.833626][T14413] ? __pfx___might_resched+0x10/0x10 [ 487.833644][T14413] ? __pfx_proc_ns_get_link+0x10/0x10 [ 487.833658][T14413] step_into+0x1b25/0x2270 [ 487.833682][T14413] ? __pfx_step_into+0x10/0x10 [ 487.833701][T14413] ? find_held_lock+0x2b/0x80 [ 487.833720][T14413] path_openat+0x749/0x2d40 [ 487.833741][T14413] ? __pfx_path_openat+0x10/0x10 [ 487.833770][T14413] do_filp_open+0x20b/0x470 [ 487.833785][T14413] ? __pfx_do_filp_open+0x10/0x10 [ 487.833812][T14413] ? alloc_fd+0x471/0x7d0 [ 487.833839][T14413] do_sys_openat2+0x11b/0x1d0 [ 487.833858][T14413] ? __pfx_do_sys_openat2+0x10/0x10 [ 487.833884][T14413] __x64_sys_openat+0x174/0x210 [ 487.833902][T14413] ? __pfx___x64_sys_openat+0x10/0x10 [ 487.833922][T14413] ? do_user_addr_fault+0x843/0x1370 [ 487.833942][T14413] do_syscall_64+0xcd/0x230 [ 487.833964][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.833978][T14413] RIP: 0033:0x7f466118d2d0 [ 487.833990][T14413] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 487.834004][T14413] RSP: 002b:00007f4661f8df10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 487.834018][T14413] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f466118d2d0 [ 487.834027][T14413] RDX: 0000000000000002 RSI: 00007f4661f8dfa0 RDI: 00000000ffffff9c [ 487.834035][T14413] RBP: 00007f4661f8dfa0 R08: 0000000000000000 R09: 0000000000000000 [ 487.834043][T14413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 487.834051][T14413] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 487.834069][T14413] [ 488.515064][T14418] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3194'. [ 488.647329][T14420] FAULT_INJECTION: forcing a failure. [ 488.647329][T14420] name failslab, interval 1, probability 0, space 0, times 0 [ 488.763362][T14420] CPU: 1 UID: 0 PID: 14420 Comm: syz.4.3196 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 488.763385][T14420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 488.763393][T14420] Call Trace: [ 488.763399][T14420] [ 488.763405][T14420] dump_stack_lvl+0x16c/0x1f0 [ 488.763431][T14420] should_fail_ex+0x512/0x640 [ 488.763453][T14420] ? fs_reclaim_acquire+0xae/0x150 [ 488.763476][T14420] ? ima_alloc_init_template+0x19d/0x720 [ 488.763491][T14420] should_failslab+0xc2/0x120 [ 488.763508][T14420] __kmalloc_noprof+0xd2/0x510 [ 488.763524][T14420] ? __print_lock_name+0xd1/0xe0 [ 488.763542][T14420] ima_alloc_init_template+0x19d/0x720 [ 488.763558][T14420] ? take_dentry_name_snapshot+0x319/0x7d0 [ 488.763579][T14420] ima_store_measurement+0x1eb/0x5c0 [ 488.763596][T14420] ? __pfx_ima_store_measurement+0x10/0x10 [ 488.763613][T14420] ? vfs_getxattr_alloc+0xec/0x340 [ 488.763633][T14420] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 488.763657][T14420] process_measurement+0x1ddb/0x23e0 [ 488.763685][T14420] ? __pfx_process_measurement+0x10/0x10 [ 488.763705][T14420] ? __lock_acquire+0x5ca/0x1ba0 [ 488.763730][T14420] ? init_file+0x93/0x4c0 [ 488.763747][T14420] ? alloc_empty_file+0x73/0x1e0 [ 488.763764][T14420] ? hugetlb_file_setup+0x4cd/0x620 [ 488.763782][T14420] ? ksys_mmap_pgoff+0x189/0x5c0 [ 488.763802][T14420] ? __x64_sys_mmap+0x125/0x190 [ 488.763843][T14420] ima_file_mmap+0x1b1/0x1d0 [ 488.763864][T14420] ? __pfx_ima_file_mmap+0x10/0x10 [ 488.763889][T14420] security_mmap_file+0x88c/0x990 [ 488.763910][T14420] vm_mmap_pgoff+0xec/0x450 [ 488.763932][T14420] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 488.763950][T14420] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 488.763970][T14420] ? hugetlbfs_get_inode+0x31f/0x730 [ 488.763992][T14420] ksys_mmap_pgoff+0x1c8/0x5c0 [ 488.764012][T14420] ? rcu_is_watching+0x12/0xc0 [ 488.764028][T14420] __x64_sys_mmap+0x125/0x190 [ 488.764044][T14420] do_syscall_64+0xcd/0x230 [ 488.764066][T14420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.764081][T14420] RIP: 0033:0x7f903e98e969 [ 488.764093][T14420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.764108][T14420] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 488.764122][T14420] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 488.764131][T14420] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 488.764139][T14420] RBP: 00007f903ea10ab1 R08: 0000000000000401 R09: 0000300000000000 [ 488.764147][T14420] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 488.764155][T14420] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 488.764174][T14420] [ 489.149537][T14424] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3198'. [ 489.581081][T14429] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3199'. [ 490.595995][ T30] audit: type=1804 audit(4294967610.385:25): pid=14420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.3196" name="anon_hugepage" dev="hugetlbfs" ino=82046 res=0 errno=0 [ 491.072797][T14450] FAULT_INJECTION: forcing a failure. [ 491.072797][T14450] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 491.245654][T14450] CPU: 1 UID: 0 PID: 14450 Comm: syz.1.3204 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 491.245676][T14450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 491.245685][T14450] Call Trace: [ 491.245690][T14450] [ 491.245697][T14450] dump_stack_lvl+0x16c/0x1f0 [ 491.245723][T14450] should_fail_ex+0x512/0x640 [ 491.245748][T14450] should_fail_alloc_page+0xe7/0x130 [ 491.245768][T14450] prepare_alloc_pages+0x3c2/0x610 [ 491.245789][T14450] ? rcu_is_watching+0x12/0xc0 [ 491.245806][T14450] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 491.245827][T14450] ? cgroup_rstat_updated+0x2a/0xb20 [ 491.245848][T14450] ? __lock_acquire+0x5ca/0x1ba0 [ 491.245869][T14450] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 491.245890][T14450] ? lru_gen_add_folio+0x1a4/0xef0 [ 491.245910][T14450] ? __lock_acquire+0x5ca/0x1ba0 [ 491.245929][T14450] ? __lock_acquire+0x5ca/0x1ba0 [ 491.245946][T14450] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 491.245967][T14450] ? policy_nodemask+0xea/0x4e0 [ 491.245985][T14450] alloc_pages_mpol+0x1fb/0x550 [ 491.246006][T14450] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 491.246024][T14450] ? __lock_acquire+0x5ca/0x1ba0 [ 491.246045][T14450] folio_alloc_mpol_noprof+0x36/0x2f0 [ 491.246065][T14450] vma_alloc_folio_noprof+0xed/0x1e0 [ 491.246084][T14450] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 491.246109][T14450] do_pte_missing+0x223d/0x3fb0 [ 491.246131][T14450] __handle_mm_fault+0x103d/0x2a40 [ 491.246151][T14450] ? __pfx___handle_mm_fault+0x10/0x10 [ 491.246165][T14450] ? __pte_offset_map_lock+0x155/0x2f0 [ 491.246185][T14450] ? find_held_lock+0x2b/0x80 [ 491.246198][T14450] ? find_held_lock+0x2b/0x80 [ 491.246223][T14450] handle_mm_fault+0x3fe/0xad0 [ 491.246241][T14450] __get_user_pages+0x771/0x36f0 [ 491.246267][T14450] ? __pfx_mt_find+0x10/0x10 [ 491.246281][T14450] ? __pfx___get_user_pages+0x10/0x10 [ 491.246309][T14450] populate_vma_page_range+0x278/0x3a0 [ 491.246325][T14450] ? __pfx_populate_vma_page_range+0x10/0x10 [ 491.246338][T14450] ? __pfx_find_vma_intersection+0x10/0x10 [ 491.246359][T14450] ? do_mmap+0x69c/0x11b0 [ 491.246381][T14450] __mm_populate+0x1d8/0x380 [ 491.246396][T14450] ? __pfx___mm_populate+0x10/0x10 [ 491.246411][T14450] ? up_write+0x1b2/0x520 [ 491.246441][T14450] vm_mmap_pgoff+0x362/0x450 [ 491.246463][T14450] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 491.246484][T14450] ? 0xffffffffff600000 [ 491.246498][T14450] ? __x64_sys_futex+0x1e0/0x4c0 [ 491.246513][T14450] ? __x64_sys_futex+0x1e9/0x4c0 [ 491.246531][T14450] ksys_mmap_pgoff+0x7d/0x5c0 [ 491.246551][T14450] ? rcu_is_watching+0x12/0xc0 [ 491.246566][T14450] __x64_sys_mmap+0x125/0x190 [ 491.246583][T14450] do_syscall_64+0xcd/0x230 [ 491.246604][T14450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.246619][T14450] RIP: 0033:0x7f5947d8e969 [ 491.246630][T14450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.246644][T14450] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 491.246658][T14450] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 491.246668][T14450] RDX: 000000000000000b RSI: 0000000000400008 RDI: 0000000000000000 [ 491.246676][T14450] RBP: 00007f5947e10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 491.246685][T14450] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 491.246694][T14450] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 491.246712][T14450] [ 492.353966][T14463] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3210'. [ 493.440385][T14478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3216'. [ 493.912819][T14486] net_ratelimit: 22 callbacks suppressed [ 493.912832][T14486] team0: mtu greater than device maximum [ 494.152275][T14490] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3220'. [ 494.251947][T14492] FAULT_INJECTION: forcing a failure. [ 494.251947][T14492] name failslab, interval 1, probability 0, space 0, times 0 [ 494.314942][T14492] CPU: 1 UID: 0 PID: 14492 Comm: syz.3.3221 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 494.314965][T14492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.314974][T14492] Call Trace: [ 494.314979][T14492] [ 494.314985][T14492] dump_stack_lvl+0x16c/0x1f0 [ 494.315011][T14492] should_fail_ex+0x512/0x640 [ 494.315031][T14492] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 494.315049][T14492] should_failslab+0xc2/0x120 [ 494.315067][T14492] __kmalloc_cache_noprof+0x6a/0x3e0 [ 494.315082][T14492] ? snd_seq_port_connect+0x61/0x550 [ 494.315104][T14492] snd_seq_port_connect+0x61/0x550 [ 494.315122][T14492] ? _raw_read_unlock+0x28/0x50 [ 494.315142][T14492] ? check_subscription_permission.isra.0+0xf5/0x240 [ 494.315165][T14492] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 494.315189][T14492] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 494.315217][T14492] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 494.315240][T14492] snd_seq_oss_midi_open+0x442/0x660 [ 494.315257][T14492] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 494.315278][T14492] ? rcu_is_watching+0x12/0xc0 [ 494.315292][T14492] ? trace_contention_end+0xdd/0x130 [ 494.315314][T14492] snd_seq_oss_synth_reset+0x437/0x880 [ 494.315330][T14492] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 494.315346][T14492] ? __pfx___fsnotify_parent+0x10/0x10 [ 494.315371][T14492] snd_seq_oss_reset+0x73/0x290 [ 494.315391][T14492] ? __pfx_odev_release+0x10/0x10 [ 494.315409][T14492] snd_seq_oss_release+0x7c/0x180 [ 494.315439][T14492] odev_release+0x4c/0x70 [ 494.315457][T14492] __fput+0x3ff/0xb70 [ 494.315480][T14492] task_work_run+0x150/0x240 [ 494.315502][T14492] ? __pfx_task_work_run+0x10/0x10 [ 494.315523][T14492] ? __pfx___do_sys_close_range+0x10/0x10 [ 494.315537][T14492] ? rcu_is_watching+0x12/0xc0 [ 494.315554][T14492] syscall_exit_to_user_mode+0x27b/0x2a0 [ 494.315576][T14492] do_syscall_64+0xda/0x230 [ 494.315598][T14492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.315613][T14492] RIP: 0033:0x7f466118e969 [ 494.315625][T14492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.315638][T14492] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 494.315651][T14492] RAX: 0000000000000000 RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 494.315660][T14492] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 494.315668][T14492] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 494.315675][T14492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 494.315683][T14492] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 494.315701][T14492] [ 495.350123][T14506] netlink: 'syz.2.3229': attribute type 27 has an invalid length. [ 495.405770][T14506] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3229'. [ 495.424202][T14508] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3230'. [ 495.650834][T14517] FAULT_INJECTION: forcing a failure. [ 495.650834][T14517] name failslab, interval 1, probability 0, space 0, times 0 [ 495.709967][T14517] CPU: 1 UID: 0 PID: 14517 Comm: syz.3.3232 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 495.709991][T14517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 495.709999][T14517] Call Trace: [ 495.710005][T14517] [ 495.710011][T14517] dump_stack_lvl+0x16c/0x1f0 [ 495.710043][T14517] should_fail_ex+0x512/0x640 [ 495.710064][T14517] ? fs_reclaim_acquire+0xae/0x150 [ 495.710088][T14517] should_failslab+0xc2/0x120 [ 495.710106][T14517] __kmalloc_cache_noprof+0x6a/0x3e0 [ 495.710121][T14517] ? tomoyo_write_log2+0x33d/0xc10 [ 495.710144][T14517] tomoyo_write_log2+0x33d/0xc10 [ 495.710166][T14517] tomoyo_supervisor+0x15e/0x13b0 [ 495.710184][T14517] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 495.710206][T14517] ? lockdep_hardirqs_on+0x7c/0x110 [ 495.710228][T14517] ? tomoyo_check_path_acl+0xad/0x210 [ 495.710246][T14517] ? tomoyo_check_acl+0x1f7/0x410 [ 495.710264][T14517] tomoyo_path_permission+0x270/0x3b0 [ 495.710283][T14517] tomoyo_check_open_permission+0x349/0x3c0 [ 495.710301][T14517] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 495.710337][T14517] ? do_raw_spin_lock+0x12c/0x2b0 [ 495.710363][T14517] tomoyo_file_open+0x6b/0x90 [ 495.710377][T14517] security_file_open+0x84/0x1e0 [ 495.710397][T14517] do_dentry_open+0x596/0x1c10 [ 495.710418][T14517] vfs_open+0x82/0x3f0 [ 495.710438][T14517] path_openat+0x1e5e/0x2d40 [ 495.710460][T14517] ? __pfx_path_openat+0x10/0x10 [ 495.710479][T14517] do_filp_open+0x20b/0x470 [ 495.710494][T14517] ? __pfx_do_filp_open+0x10/0x10 [ 495.710522][T14517] ? alloc_fd+0x471/0x7d0 [ 495.710548][T14517] do_sys_openat2+0x11b/0x1d0 [ 495.710565][T14517] ? __pfx_do_sys_openat2+0x10/0x10 [ 495.710584][T14517] ? find_held_lock+0x2b/0x80 [ 495.710603][T14517] __x64_sys_openat+0x174/0x210 [ 495.710621][T14517] ? __pfx___x64_sys_openat+0x10/0x10 [ 495.710641][T14517] ? rcu_is_watching+0x12/0xc0 [ 495.710660][T14517] do_syscall_64+0xcd/0x230 [ 495.710682][T14517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.710696][T14517] RIP: 0033:0x7f466118e969 [ 495.710708][T14517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.710721][T14517] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 495.710735][T14517] RAX: ffffffffffffffda RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 495.710744][T14517] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 495.710752][T14517] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 495.710761][T14517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.710768][T14517] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 495.710786][T14517] [ 497.411605][T14542] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3241'. [ 497.904715][T14553] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3245'. [ 498.184624][T14559] netlink: 'syz.4.3247': attribute type 4 has an invalid length. [ 498.233640][T14559] netlink: 314 bytes leftover after parsing attributes in process `syz.4.3247'. [ 499.017613][T14571] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3252'. [ 499.734218][T14590] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3258'. [ 501.558628][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.564996][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.604576][T14630] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 501.604576][T14630] The task syz.3.3273 (14630) triggered the difference, watch for misbehavior. [ 502.247970][T14643] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3277'. [ 502.573012][T14647] ima: policy update failed [ 502.579655][ T5835] Bluetooth: hci3: unexpected event 0x08 length: 11 > 4 [ 502.602641][ T30] audit: type=1802 audit(4294968645.399:26): pid=14647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3282" res=0 errno=0 [ 503.731422][T14672] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3288'. [ 504.589759][ T5835] Bluetooth: hci2: unexpected event 0x07 length: 440 > 255 [ 504.590258][T14690] ima: policy update failed [ 504.682749][ T30] audit: type=1802 audit(4294968647.478:27): pid=14690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3297" res=0 errno=0 [ 505.534046][T14716] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3306'. [ 505.963081][T14727] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 505.969827][T14727] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 506.354478][T14739] FAULT_INJECTION: forcing a failure. [ 506.354478][T14739] name failslab, interval 1, probability 0, space 0, times 0 [ 506.456189][T14739] CPU: 1 UID: 0 PID: 14739 Comm: syz.4.3312 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 506.456213][T14739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 506.456222][T14739] Call Trace: [ 506.456227][T14739] [ 506.456233][T14739] dump_stack_lvl+0x16c/0x1f0 [ 506.456259][T14739] should_fail_ex+0x512/0x640 [ 506.456280][T14739] ? __kmalloc_noprof+0xbf/0x510 [ 506.456298][T14739] ? lsm_blob_alloc+0x68/0x90 [ 506.456310][T14739] should_failslab+0xc2/0x120 [ 506.456329][T14739] __kmalloc_noprof+0xd2/0x510 [ 506.456349][T14739] lsm_blob_alloc+0x68/0x90 [ 506.456362][T14739] security_prepare_creds+0x30/0x270 [ 506.456383][T14739] prepare_creds+0x56f/0x7d0 [ 506.456406][T14739] __sys_setresuid+0x46d/0x1160 [ 506.456425][T14739] do_syscall_64+0xcd/0x230 [ 506.456447][T14739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.456462][T14739] RIP: 0033:0x7f903e98e969 [ 506.456473][T14739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.456486][T14739] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 506.456500][T14739] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 506.456509][T14739] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000000 [ 506.456517][T14739] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 506.456525][T14739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.456532][T14739] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 506.456550][T14739] [ 507.008175][T14749] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3313'. [ 507.392878][T14758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3320'. [ 507.459353][T14758] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3320'. [ 510.831081][ T5835] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 510.839483][ T5835] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 510.851610][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: kworker/u9:4 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 510.851652][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.851662][ T5835] Workqueue: hci0 hci_rx_work [ 510.851679][ T5835] Call Trace: [ 510.851685][ T5835] [ 510.851691][ T5835] dump_stack_lvl+0x16c/0x1f0 [ 510.851714][ T5835] sysfs_warn_dup+0x7f/0xa0 [ 510.851737][ T5835] sysfs_create_dir_ns+0x24b/0x2b0 [ 510.851758][ T5835] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 510.851784][ T5835] ? find_held_lock+0x2b/0x80 [ 510.851804][ T5835] ? do_raw_spin_unlock+0x172/0x230 [ 510.851827][ T5835] kobject_add_internal+0x2c4/0x9b0 [ 510.851845][ T5835] kobject_add+0x16e/0x240 [ 510.851859][ T5835] ? __pfx_kobject_add+0x10/0x10 [ 510.851875][ T5835] ? do_raw_spin_unlock+0x172/0x230 [ 510.851896][ T5835] ? kobject_put+0xab/0x5a0 [ 510.851922][ T5835] device_add+0x288/0x1a70 [ 510.851943][ T5835] ? __pfx_dev_set_name+0x10/0x10 [ 510.851964][ T5835] ? __pfx_device_add+0x10/0x10 [ 510.851983][ T5835] ? mgmt_send_event_skb+0x2fb/0x460 [ 510.852010][ T5835] hci_conn_add_sysfs+0x17e/0x230 [ 510.852027][ T5835] le_conn_complete_evt+0x1075/0x1d70 [ 510.852053][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 510.852074][ T5835] ? bt_warn+0xe4/0x120 [ 510.852093][ T5835] ? __pfx_bt_warn+0x10/0x10 [ 510.852117][ T5835] hci_le_conn_complete_evt+0x23c/0x370 [ 510.852142][ T5835] hci_le_meta_evt+0x2f3/0x5e0 [ 510.852156][ T5835] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 510.852181][ T5835] hci_event_packet+0x669/0x1190 [ 510.852202][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 510.852217][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 510.852240][ T5835] ? kcov_remote_start+0x3c9/0x6d0 [ 510.852259][ T5835] ? lockdep_hardirqs_on+0x7c/0x110 [ 510.852282][ T5835] hci_rx_work+0x2c5/0x16b0 [ 510.852297][ T5835] ? rcu_is_watching+0x12/0xc0 [ 510.852314][ T5835] process_one_work+0x9cf/0x1b70 [ 510.852342][ T5835] ? __pfx_process_one_work+0x10/0x10 [ 510.852369][ T5835] ? assign_work+0x1a0/0x250 [ 510.852390][ T5835] worker_thread+0x6c8/0xf10 [ 510.852416][ T5835] ? __kthread_parkme+0x19e/0x250 [ 510.852434][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 510.852455][ T5835] kthread+0x3c2/0x780 [ 510.852474][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852492][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852510][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852528][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852550][ T5835] ? rcu_is_watching+0x12/0xc0 [ 510.852564][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852583][ T5835] ret_from_fork+0x48/0x80 [ 510.852596][ T5835] ? __pfx_kthread+0x10/0x10 [ 510.852616][ T5835] ret_from_fork_asm+0x1a/0x30 [ 510.852646][ T5835] [ 510.852690][ T5835] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 511.172141][T14796] Process accounting paused [ 511.176823][ T5835] Bluetooth: hci0: failed to register connection device [ 512.813459][T14858] netlink: 'syz.2.3345': attribute type 33 has an invalid length. [ 512.867636][T14858] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3345'. [ 514.407829][ T5139] Bluetooth: hci1: unexpected subevent 0x01 length: 122 > 18 [ 514.785086][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880258d9800: rx timeout, send abort [ 514.794648][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880258da000: rx timeout, send abort [ 514.810485][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880258d9800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 514.825805][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880258da000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 514.853335][ T5181] ERROR: Out of memory at tomoyo_memory_ok. [ 515.124988][T14898] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3358'. [ 515.881543][T14905] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3360'. [ 516.182032][T14918] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3364'. [ 517.179604][T14938] netlink: 504 bytes leftover after parsing attributes in process `syz.1.3371'. [ 518.112898][T14953] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size ÏðèP÷šÐ3Yñ,P¥ªšúK [ 518.500834][T14956] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3376'. [ 522.129976][T15028] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3404'. [ 522.949961][T15045] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3412'. [ 523.119189][T15043] FAULT_INJECTION: forcing a failure. [ 523.119189][T15043] name failslab, interval 1, probability 0, space 0, times 0 [ 523.202167][T15043] CPU: 1 UID: 0 PID: 15043 Comm: syz.2.3411 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 523.202191][T15043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 523.202200][T15043] Call Trace: [ 523.202205][T15043] [ 523.202211][T15043] dump_stack_lvl+0x16c/0x1f0 [ 523.202237][T15043] should_fail_ex+0x512/0x640 [ 523.202259][T15043] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 523.202279][T15043] should_failslab+0xc2/0x120 [ 523.202297][T15043] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 523.202313][T15043] ? __pmd_alloc+0xc3/0x870 [ 523.202336][T15043] __pmd_alloc+0xc3/0x870 [ 523.202358][T15043] walk_to_pmd+0x21a/0x2a0 [ 523.202379][T15043] vm_insert_pages+0x202/0xa50 [ 523.202398][T15043] ? __pfx_vm_insert_pages+0x10/0x10 [ 523.202418][T15043] io_uring_mmap+0x3ba/0x5a0 [ 523.202435][T15043] ? __pfx_io_uring_mmap+0x10/0x10 [ 523.202449][T15043] ? vm_area_alloc+0x1f/0x160 [ 523.202467][T15043] ? lockdep_init_map_type+0x5c/0x280 [ 523.202488][T15043] __mmap_region+0x1485/0x27c0 [ 523.202506][T15043] ? __pfx___mmap_region+0x10/0x10 [ 523.202522][T15043] ? trace_sched_exit_tp+0xde/0x130 [ 523.202543][T15043] ? __lock_acquire+0xaa4/0x1ba0 [ 523.202591][T15043] ? trace_cap_capable+0x18d/0x200 [ 523.202608][T15043] ? cap_capable+0xb3/0x250 [ 523.202633][T15043] mmap_region+0x32b/0x3f0 [ 523.202654][T15043] do_mmap+0xd8e/0x11b0 [ 523.202679][T15043] ? __pfx_do_mmap+0x10/0x10 [ 523.202700][T15043] ? __pfx_down_write_killable+0x10/0x10 [ 523.202719][T15043] vm_mmap_pgoff+0x281/0x450 [ 523.202743][T15043] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 523.202766][T15043] ? __fget_files+0x20e/0x3c0 [ 523.202786][T15043] ksys_mmap_pgoff+0x32c/0x5c0 [ 523.202806][T15043] ? rcu_is_watching+0x12/0xc0 [ 523.202822][T15043] __x64_sys_mmap+0x125/0x190 [ 523.202838][T15043] do_syscall_64+0xcd/0x230 [ 523.202860][T15043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.202875][T15043] RIP: 0033:0x7f4e08f8e969 [ 523.202887][T15043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.202900][T15043] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 523.202914][T15043] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 523.202923][T15043] RDX: 0000002000000329 RSI: 0000000008004008 RDI: 0000000000000000 [ 523.202932][T15043] RBP: 00007f4e09010ab1 R08: 0000000000000003 R09: 0000000000008000 [ 523.202940][T15043] R10: 0002000000010011 R11: 0000000000000246 R12: 0000000000000000 [ 523.202949][T15043] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 523.202967][T15043] [ 523.714647][T15061] netlink: 'syz.1.3418': attribute type 21 has an invalid length. [ 523.722562][T15061] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3418'. [ 525.212899][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3427'. [ 525.274413][T15086] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3427'. [ 527.207301][T15142] FAULT_INJECTION: forcing a failure. [ 527.207301][T15142] name failslab, interval 1, probability 0, space 0, times 0 [ 527.390536][T15142] CPU: 1 UID: 0 PID: 15142 Comm: syz.1.3440 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 527.390560][T15142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 527.390568][T15142] Call Trace: [ 527.390574][T15142] [ 527.390580][T15142] dump_stack_lvl+0x16c/0x1f0 [ 527.390607][T15142] should_fail_ex+0x512/0x640 [ 527.390628][T15142] ? fs_reclaim_acquire+0xae/0x150 [ 527.390652][T15142] should_failslab+0xc2/0x120 [ 527.390670][T15142] __kmalloc_cache_noprof+0x6a/0x3e0 [ 527.390685][T15142] ? tomoyo_init_log+0x197/0x2140 [ 527.390708][T15142] tomoyo_init_log+0x197/0x2140 [ 527.390727][T15142] ? format_decode+0x1ad/0xd40 [ 527.390744][T15142] ? __pfx_format_decode+0x10/0x10 [ 527.390767][T15142] ? __pfx_tomoyo_init_log+0x10/0x10 [ 527.390791][T15142] tomoyo_write_log2+0x2f7/0xc10 [ 527.390814][T15142] tomoyo_supervisor+0x15e/0x13b0 [ 527.390832][T15142] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 527.390859][T15142] ? lockdep_hardirqs_on+0x7c/0x110 [ 527.390887][T15142] ? tomoyo_check_path_acl+0xad/0x210 [ 527.390904][T15142] ? tomoyo_check_acl+0x1f7/0x410 [ 527.390923][T15142] tomoyo_path_permission+0x270/0x3b0 [ 527.390942][T15142] tomoyo_check_open_permission+0x37b/0x3c0 [ 527.390960][T15142] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 527.390997][T15142] ? do_raw_spin_lock+0x12c/0x2b0 [ 527.391023][T15142] tomoyo_file_open+0x6b/0x90 [ 527.391038][T15142] security_file_open+0x84/0x1e0 [ 527.391058][T15142] do_dentry_open+0x596/0x1c10 [ 527.391079][T15142] vfs_open+0x82/0x3f0 [ 527.391099][T15142] path_openat+0x1e5e/0x2d40 [ 527.391121][T15142] ? __pfx_path_openat+0x10/0x10 [ 527.391140][T15142] do_filp_open+0x20b/0x470 [ 527.391154][T15142] ? __pfx_do_filp_open+0x10/0x10 [ 527.391182][T15142] ? alloc_fd+0x471/0x7d0 [ 527.391208][T15142] do_sys_openat2+0x11b/0x1d0 [ 527.391227][T15142] ? __pfx_do_sys_openat2+0x10/0x10 [ 527.391252][T15142] __x64_sys_openat+0x174/0x210 [ 527.391271][T15142] ? __pfx___x64_sys_openat+0x10/0x10 [ 527.391297][T15142] ? rcu_is_watching+0x12/0xc0 [ 527.391319][T15142] do_syscall_64+0xcd/0x230 [ 527.391342][T15142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.391357][T15142] RIP: 0033:0x7f5947d8e969 [ 527.391369][T15142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.391382][T15142] RSP: 002b:00007f5948b3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 527.391397][T15142] RAX: ffffffffffffffda RBX: 00007f5947fb6080 RCX: 00007f5947d8e969 [ 527.391406][T15142] RDX: 0000000000000400 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 527.391415][T15142] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 527.391423][T15142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 527.391431][T15142] R13: 0000000000000000 R14: 00007f5947fb6080 R15: 00007fff4a938d88 [ 527.391450][T15142] [ 527.799380][T15151] FAULT_INJECTION: forcing a failure. [ 527.799380][T15151] name failslab, interval 1, probability 0, space 0, times 0 [ 527.812461][T15151] CPU: 1 UID: 0 PID: 15151 Comm: syz.2.3443 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 527.812483][T15151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 527.812492][T15151] Call Trace: [ 527.812497][T15151] [ 527.812503][T15151] dump_stack_lvl+0x16c/0x1f0 [ 527.812528][T15151] should_fail_ex+0x512/0x640 [ 527.812549][T15151] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 527.812567][T15151] should_failslab+0xc2/0x120 [ 527.812585][T15151] __kmalloc_cache_noprof+0x6a/0x3e0 [ 527.812600][T15151] ? __asan_memset+0x23/0x50 [ 527.812613][T15151] ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 527.812639][T15151] snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 527.812665][T15151] ? rcu_is_watching+0x12/0xc0 [ 527.812679][T15151] ? trace_contention_end+0xdd/0x130 [ 527.812699][T15151] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 527.812721][T15151] ? snd_pcm_oss_sync+0x30c/0x840 [ 527.812754][T15151] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 527.812776][T15151] snd_pcm_oss_sync+0x32e/0x840 [ 527.812798][T15151] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 527.812819][T15151] snd_pcm_oss_release+0x28b/0x310 [ 527.812840][T15151] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 527.812861][T15151] __fput+0x3ff/0xb70 [ 527.812882][T15151] task_work_run+0x150/0x240 [ 527.812904][T15151] ? __pfx_task_work_run+0x10/0x10 [ 527.812924][T15151] ? __pfx___do_sys_close_range+0x10/0x10 [ 527.812938][T15151] ? rcu_is_watching+0x12/0xc0 [ 527.812955][T15151] syscall_exit_to_user_mode+0x27b/0x2a0 [ 527.812976][T15151] do_syscall_64+0xda/0x230 [ 527.812998][T15151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.813013][T15151] RIP: 0033:0x7f4e08f8e969 [ 527.813025][T15151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.813038][T15151] RSP: 002b:00007f4e09d31038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 527.813051][T15151] RAX: 0000000000000000 RBX: 00007f4e091b6080 RCX: 00007f4e08f8e969 [ 527.813060][T15151] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 527.813068][T15151] RBP: 00007f4e09010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 527.813075][T15151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 527.813083][T15151] R13: 0000000000000000 R14: 00007f4e091b6080 R15: 00007fffef7e96e8 [ 527.813102][T15151] [ 528.524007][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 529.293441][T15170] vivid-003: ================= START STATUS ================= [ 529.344979][T15170] vivid-003: Radio HW Seek Mode: Bounded [ 529.418539][T15170] vivid-003: Radio Programmable HW Seek: false [ 529.466064][T15170] vivid-003: RDS Rx I/O Mode: Block I/O [ 529.516599][T15170] vivid-003: Generate RBDS Instead of RDS: false [ 529.571393][T15170] vivid-003: RDS Reception: true [ 529.610269][T15170] vivid-003: RDS Program Type: 0 inactive [ 529.632908][T15173] mkiss: ax0: crc mode is auto. [ 529.671632][T15170] vivid-003: RDS PS Name: inactive [ 529.721209][T15170] vivid-003: RDS Radio Text: inactive [ 529.734765][T15170] vivid-003: RDS Traffic Announcement: false inactive [ 529.782514][T15170] vivid-003: RDS Traffic Program: false inactive [ 529.860013][T15170] vivid-003: RDS Music: false inactive [ 529.889706][T15170] vivid-003: ================== END STATUS ================== [ 530.687690][T15202] FAULT_INJECTION: forcing a failure. [ 530.687690][T15202] name failslab, interval 1, probability 0, space 0, times 0 [ 530.819182][T15202] CPU: 1 UID: 0 PID: 15202 Comm: syz.2.3458 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 530.819205][T15202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 530.819213][T15202] Call Trace: [ 530.819219][T15202] [ 530.819225][T15202] dump_stack_lvl+0x16c/0x1f0 [ 530.819251][T15202] should_fail_ex+0x512/0x640 [ 530.819272][T15202] ? fs_reclaim_acquire+0xae/0x150 [ 530.819296][T15202] should_failslab+0xc2/0x120 [ 530.819314][T15202] __kmalloc_cache_noprof+0x6a/0x3e0 [ 530.819329][T15202] ? tomoyo_write_log2+0x33d/0xc10 [ 530.819351][T15202] tomoyo_write_log2+0x33d/0xc10 [ 530.819378][T15202] tomoyo_supervisor+0x15e/0x13b0 [ 530.819396][T15202] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 530.819409][T15202] ? __pfx_vsnprintf+0x10/0x10 [ 530.819438][T15202] ? tomoyo_encode2+0x329/0x3e0 [ 530.819462][T15202] ? tomoyo_check_path_number_acl+0xa6/0x2f0 [ 530.819486][T15202] tomoyo_path_number_perm+0x448/0x580 [ 530.819506][T15202] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 530.819542][T15202] ? d_add+0x47a/0x780 [ 530.819559][T15202] ? do_raw_spin_unlock+0x172/0x230 [ 530.819579][T15202] ? current_check_access_path+0x33c/0x460 [ 530.819601][T15202] ? lookup_one_qstr_excl_raw.part.0+0xf9/0x160 [ 530.819619][T15202] ? lookup_dcache+0x66/0x170 [ 530.819642][T15202] tomoyo_path_mkdir+0x9b/0xe0 [ 530.819659][T15202] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 530.819678][T15202] security_path_mkdir+0x154/0x2f0 [ 530.819697][T15202] do_mkdirat+0x175/0x3e0 [ 530.819713][T15202] ? __pfx_do_mkdirat+0x10/0x10 [ 530.819729][T15202] ? getname_flags.part.0+0x1c5/0x550 [ 530.819749][T15202] __x64_sys_mkdir+0xef/0x140 [ 530.819765][T15202] do_syscall_64+0xcd/0x230 [ 530.819787][T15202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.819801][T15202] RIP: 0033:0x7f4e08f8e969 [ 530.819813][T15202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 530.819826][T15202] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 530.819839][T15202] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 530.819849][T15202] RDX: 0000000000000000 RSI: 0000000000008001 RDI: 0000000000000000 [ 530.819857][T15202] RBP: 00007f4e09010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 530.819865][T15202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.819873][T15202] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 530.819892][T15202] [ 531.193978][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.200299][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.208124][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.214433][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.222268][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.228698][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.237786][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.244103][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.686824][T15217] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3464'. [ 531.968993][ T5139] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 532.225258][T15231] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3470'. [ 532.538051][T15235] netlink: 'syz.2.3471': attribute type 15 has an invalid length. [ 532.582360][T15235] netlink: 'syz.2.3471': attribute type 16 has an invalid length. [ 532.632591][T15235] netlink: 'syz.2.3471': attribute type 17 has an invalid length. [ 532.681660][T15235] netlink: 'syz.2.3471': attribute type 19 has an invalid length. [ 532.740905][T15235] netlink: 'syz.2.3471': attribute type 27 has an invalid length. [ 532.789766][T15235] netlink: 'syz.2.3471': attribute type 28 has an invalid length. [ 532.866753][T15235] netlink: 'syz.2.3471': attribute type 29 has an invalid length. [ 532.958600][T15235] netlink: 'syz.2.3471': attribute type 30 has an invalid length. [ 533.029460][T15235] netlink: 18 bytes leftover after parsing attributes in process `syz.2.3471'. [ 535.058233][T15278] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3488'. [ 535.119095][T15278] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3488'. [ 535.201821][T15279] netlink: 170 bytes leftover after parsing attributes in process `syz.4.3488'. [ 536.643922][T15306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3500'. [ 536.713565][T15306] unsupported nlmsg_type 40 [ 537.043131][T15314] FAULT_INJECTION: forcing a failure. [ 537.043131][T15314] name failslab, interval 1, probability 0, space 0, times 0 [ 537.072008][T15297] ERROR: Out of memory at tomoyo_memory_ok. [ 537.113760][T15314] CPU: 1 UID: 0 PID: 15314 Comm: syz.2.3504 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 537.113782][T15314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 537.113791][T15314] Call Trace: [ 537.113796][T15314] [ 537.113802][T15314] dump_stack_lvl+0x16c/0x1f0 [ 537.113827][T15314] should_fail_ex+0x512/0x640 [ 537.113848][T15314] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 537.113866][T15314] should_failslab+0xc2/0x120 [ 537.113885][T15314] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 537.113901][T15314] ? do_timer_create+0x18a/0x14e0 [ 537.113923][T15314] do_timer_create+0x18a/0x14e0 [ 537.113942][T15314] ? __might_fault+0xe3/0x190 [ 537.113958][T15314] ? __pfx_do_timer_create+0x10/0x10 [ 537.113983][T15314] __x64_sys_timer_create+0x182/0x1d0 [ 537.114002][T15314] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 537.114030][T15314] do_syscall_64+0xcd/0x230 [ 537.114051][T15314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.114066][T15314] RIP: 0033:0x7f4e08f8e969 [ 537.114078][T15314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.114090][T15314] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 537.114104][T15314] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 537.114113][T15314] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 537.114121][T15314] RBP: 00007f4e09010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 537.114129][T15314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 537.114136][T15314] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 537.114154][T15314] [ 537.793529][T15328] kvm: kvm [15327]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000077) [ 537.937558][T15335] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3512'. [ 538.247099][T15339] sp0: Synchronizing with TNC [ 538.827211][T15353] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3519'. [ 541.140565][T15390] FAULT_INJECTION: forcing a failure. [ 541.140565][T15390] name fail_futex, interval 1, probability 0, space 0, times 0 [ 541.208415][T15390] CPU: 1 UID: 0 PID: 15390 Comm: syz.4.3535 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 541.208438][T15390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 541.208447][T15390] Call Trace: [ 541.208452][T15390] [ 541.208458][T15390] dump_stack_lvl+0x16c/0x1f0 [ 541.208484][T15390] should_fail_ex+0x512/0x640 [ 541.208508][T15390] get_futex_key+0x1c2/0x1000 [ 541.208526][T15390] ? __pfx_get_futex_key+0x10/0x10 [ 541.208544][T15390] ? kasan_save_track+0x14/0x30 [ 541.208560][T15390] ? __kasan_kmalloc+0xaa/0xb0 [ 541.208577][T15390] futex_lock_pi+0x27c/0x7b0 [ 541.208599][T15390] ? __pfx_futex_lock_pi+0x10/0x10 [ 541.208616][T15390] ? __pfx___futex_wait+0x10/0x10 [ 541.208647][T15390] ? futex_wait+0x120/0x380 [ 541.208667][T15390] ? __pfx_futex_wake_mark+0x10/0x10 [ 541.208687][T15390] ? __fget_files+0x204/0x3c0 [ 541.208705][T15390] do_futex+0x11a/0x350 [ 541.208721][T15390] ? __pfx_do_futex+0x10/0x10 [ 541.208735][T15390] ? fput+0x70/0xf0 [ 541.208751][T15390] ? __sys_connect+0xf1/0x170 [ 541.208769][T15390] __x64_sys_futex+0x1e0/0x4c0 [ 541.208787][T15390] ? __pfx___x64_sys_futex+0x10/0x10 [ 541.208803][T15390] ? rcu_is_watching+0x12/0xc0 [ 541.208823][T15390] do_syscall_64+0xcd/0x230 [ 541.208845][T15390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.208861][T15390] RIP: 0033:0x7f903e98e969 [ 541.208873][T15390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.208887][T15390] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 541.208900][T15390] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 541.208910][T15390] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 541.208917][T15390] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000006 [ 541.208926][T15390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.208934][T15390] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 541.208951][T15390] [ 542.878550][T15413] Process accounting resumed [ 543.080620][T15422] netlink: 'syz.2.3548': attribute type 8 has an invalid length. [ 543.140700][T15422] netlink: 'syz.2.3548': attribute type 8 has an invalid length. [ 545.466426][T15474] kvm: user requested TSC rate below hardware speed [ 546.139795][T15490] mkiss: ax0: crc mode is auto. [ 546.351260][ T5835] Bluetooth: hci0: unexpected event 0x03 length: 18 > 11 [ 548.413419][T15536] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3587'. [ 548.599061][T15539] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3590'. [ 548.638770][T15539] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3590'. [ 550.055943][T15569] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3598'. [ 551.473288][T15591] FAULT_INJECTION: forcing a failure. [ 551.473288][T15591] name failslab, interval 1, probability 0, space 0, times 0 [ 551.580020][T15591] CPU: 1 UID: 0 PID: 15591 Comm: syz.3.3608 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 551.580043][T15591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 551.580053][T15591] Call Trace: [ 551.580058][T15591] [ 551.580063][T15591] dump_stack_lvl+0x16c/0x1f0 [ 551.580090][T15591] should_fail_ex+0x512/0x640 [ 551.580111][T15591] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 551.580129][T15591] should_failslab+0xc2/0x120 [ 551.580147][T15591] __kmalloc_cache_noprof+0x6a/0x3e0 [ 551.580162][T15591] ? __do_sys_fanotify_init+0x4ca/0xb80 [ 551.580179][T15591] ? kasan_save_track+0x14/0x30 [ 551.580197][T15591] __do_sys_fanotify_init+0x4ca/0xb80 [ 551.580216][T15591] do_syscall_64+0xcd/0x230 [ 551.580237][T15591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.580252][T15591] RIP: 0033:0x7f466118e969 [ 551.580263][T15591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.580277][T15591] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 551.580290][T15591] RAX: ffffffffffffffda RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 551.580299][T15591] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000401 [ 551.580307][T15591] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 551.580315][T15591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 551.580323][T15591] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 551.580341][T15591] [ 552.617950][T15603] FAULT_INJECTION: forcing a failure. [ 552.617950][T15603] name failslab, interval 1, probability 0, space 0, times 0 [ 552.691494][T15603] CPU: 1 UID: 0 PID: 15603 Comm: syz.3.3611 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 552.691519][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 552.691528][T15603] Call Trace: [ 552.691533][T15603] [ 552.691540][T15603] dump_stack_lvl+0x16c/0x1f0 [ 552.691564][T15603] should_fail_ex+0x512/0x640 [ 552.691586][T15603] ? fs_reclaim_acquire+0xae/0x150 [ 552.691610][T15603] should_failslab+0xc2/0x120 [ 552.691628][T15603] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 552.691645][T15603] ? security_inode_alloc+0x3b/0x2b0 [ 552.691666][T15603] security_inode_alloc+0x3b/0x2b0 [ 552.691683][T15603] inode_init_always_gfp+0xce4/0x1030 [ 552.691700][T15603] alloc_inode+0x86/0x240 [ 552.691717][T15603] path_from_stashed+0x2be/0xb00 [ 552.691735][T15603] ? __pfx_path_from_stashed+0x10/0x10 [ 552.691748][T15603] ? find_held_lock+0x2b/0x80 [ 552.691763][T15603] ? alloc_fd+0x471/0x7d0 [ 552.691786][T15603] pidfs_alloc_file+0xf8/0x320 [ 552.691806][T15603] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 552.691826][T15603] ? find_get_pid+0x19b/0x310 [ 552.691847][T15603] pidfd_prepare+0xa8/0x130 [ 552.691865][T15603] __x64_sys_pidfd_open+0x105/0x1a0 [ 552.691885][T15603] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 552.691908][T15603] ? rcu_is_watching+0x12/0xc0 [ 552.691923][T15603] do_syscall_64+0xcd/0x230 [ 552.691945][T15603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.691960][T15603] RIP: 0033:0x7f466118e969 [ 552.691971][T15603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.691985][T15603] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 552.692006][T15603] RAX: ffffffffffffffda RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 552.692016][T15603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000947 [ 552.692024][T15603] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 552.692032][T15603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 552.692040][T15603] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 552.692058][T15603] [ 554.421271][T15608] ERROR: Out of memory at tomoyo_memory_ok. [ 555.119316][T15625] FAULT_INJECTION: forcing a failure. [ 555.119316][T15625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 555.200902][T15625] CPU: 1 UID: 0 PID: 15625 Comm: syz.1.3619 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 555.200925][T15625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 555.200934][T15625] Call Trace: [ 555.200939][T15625] [ 555.200945][T15625] dump_stack_lvl+0x16c/0x1f0 [ 555.200971][T15625] should_fail_ex+0x512/0x640 [ 555.200997][T15625] should_fail_alloc_page+0xe7/0x130 [ 555.201027][T15625] prepare_alloc_pages+0x3c2/0x610 [ 555.201050][T15625] ? rcu_is_watching+0x12/0xc0 [ 555.201067][T15625] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 555.201086][T15625] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 555.201108][T15625] ? __lock_acquire+0x5ca/0x1ba0 [ 555.201130][T15625] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 555.201146][T15625] ? relay_open+0x653/0xad0 [ 555.201162][T15625] ? blk_trace_setup+0xed/0x1b0 [ 555.201182][T15625] ? rcu_read_unlock+0x17/0x60 [ 555.201206][T15625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 555.201226][T15625] ? policy_nodemask+0xea/0x4e0 [ 555.201245][T15625] alloc_pages_mpol+0x1fb/0x550 [ 555.201263][T15625] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 555.201280][T15625] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 555.201300][T15625] ? trace_kmalloc+0x2b/0xd0 [ 555.201318][T15625] ? __kmalloc_noprof.cold+0x5c/0x61 [ 555.201334][T15625] ? relay_open_buf.part.0+0x194/0xb90 [ 555.201352][T15625] alloc_pages_noprof+0x131/0x390 [ 555.201370][T15625] relay_open_buf.part.0+0x262/0xb90 [ 555.201393][T15625] relay_open+0x653/0xad0 [ 555.201410][T15625] ? debugfs_create_file_full+0x41/0x60 [ 555.201433][T15625] do_blk_trace_setup+0x503/0xb50 [ 555.201457][T15625] blk_trace_setup+0xed/0x1b0 [ 555.201472][T15625] ? __pfx_blk_trace_setup+0x10/0x10 [ 555.201485][T15625] ? __pfx_snprintf+0x10/0x10 [ 555.201513][T15625] blk_trace_ioctl+0x146/0x280 [ 555.201528][T15625] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 555.201545][T15625] ? find_held_lock+0x2b/0x80 [ 555.201558][T15625] ? hook_file_ioctl_common+0x145/0x410 [ 555.201578][T15625] blkdev_ioctl+0x108/0x6d0 [ 555.201596][T15625] ? __pfx_blkdev_ioctl+0x10/0x10 [ 555.201616][T15625] ? __pfx_blkdev_ioctl+0x10/0x10 [ 555.201633][T15625] __x64_sys_ioctl+0x190/0x200 [ 555.201654][T15625] do_syscall_64+0xcd/0x230 [ 555.201675][T15625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.201690][T15625] RIP: 0033:0x7f5947d8e969 [ 555.201702][T15625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.201715][T15625] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 555.201729][T15625] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 555.201738][T15625] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 555.201746][T15625] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 555.201753][T15625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.201761][T15625] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 555.201779][T15625] [ 555.942886][T15604] Bluetooth: hci3: command 0x0406 tx timeout [ 556.049288][T15632] netlink: 346 bytes leftover after parsing attributes in process `syz.2.3622'. [ 557.182986][T15644] netlink: 'syz.1.3625': attribute type 4 has an invalid length. [ 557.190733][T15644] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3625'. [ 557.567164][T15651] FAULT_INJECTION: forcing a failure. [ 557.567164][T15651] name failslab, interval 1, probability 0, space 0, times 0 [ 557.580698][T15652] netlink: 266 bytes leftover after parsing attributes in process `syz.3.3628'. [ 557.669511][T15651] CPU: 1 UID: 0 PID: 15651 Comm: syz.1.3629 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 557.669534][T15651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 557.669543][T15651] Call Trace: [ 557.669548][T15651] [ 557.669555][T15651] dump_stack_lvl+0x16c/0x1f0 [ 557.669586][T15651] should_fail_ex+0x512/0x640 [ 557.669609][T15651] ? __kmalloc_noprof+0xbf/0x510 [ 557.669628][T15651] ? constrain_params_by_rules+0x175/0xca0 [ 557.669652][T15651] should_failslab+0xc2/0x120 [ 557.669671][T15651] __kmalloc_noprof+0xd2/0x510 [ 557.669685][T15651] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 557.669706][T15651] constrain_params_by_rules+0x175/0xca0 [ 557.669727][T15651] ? arch_stack_walk+0xa6/0x100 [ 557.669750][T15651] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 557.669771][T15651] ? stack_trace_save+0x8e/0xc0 [ 557.669786][T15651] ? __pfx_stack_trace_save+0x10/0x10 [ 557.669802][T15651] ? __kasan_slab_free+0x51/0x70 [ 557.669816][T15651] ? kfree+0x2b6/0x4d0 [ 557.669827][T15651] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 557.669854][T15651] ? snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 557.669875][T15651] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 557.669894][T15651] ? snd_pcm_oss_sync+0x32e/0x840 [ 557.669913][T15651] ? snd_pcm_oss_release+0x28b/0x310 [ 557.669933][T15651] ? __fput+0x3ff/0xb70 [ 557.669948][T15651] ? task_work_run+0x150/0x240 [ 557.669968][T15651] ? snd_interval_refine+0x2fa/0x580 [ 557.669987][T15651] snd_pcm_hw_refine+0x7de/0xad0 [ 557.670011][T15651] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 557.670044][T15651] snd_pcm_hw_param_last+0x32d/0x710 [ 557.670068][T15651] snd_pcm_hw_param_near.constprop.0+0x570/0x8e0 [ 557.670093][T15651] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 557.670114][T15651] ? __asan_memset+0x23/0x50 [ 557.670127][T15651] ? calc_src_frames.isra.0+0x187/0x1d0 [ 557.670140][T15651] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 557.670158][T15651] snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 557.670189][T15651] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 557.670212][T15651] ? snd_pcm_oss_sync+0x30c/0x840 [ 557.670244][T15651] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 557.670267][T15651] snd_pcm_oss_sync+0x32e/0x840 [ 557.670290][T15651] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 557.670310][T15651] snd_pcm_oss_release+0x28b/0x310 [ 557.670332][T15651] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 557.670352][T15651] __fput+0x3ff/0xb70 [ 557.670373][T15651] task_work_run+0x150/0x240 [ 557.670395][T15651] ? __pfx_task_work_run+0x10/0x10 [ 557.670415][T15651] ? __pfx___do_sys_close_range+0x10/0x10 [ 557.670430][T15651] ? rcu_is_watching+0x12/0xc0 [ 557.670447][T15651] syscall_exit_to_user_mode+0x27b/0x2a0 [ 557.670470][T15651] do_syscall_64+0xda/0x230 [ 557.670492][T15651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.670507][T15651] RIP: 0033:0x7f5947d8e969 [ 557.670532][T15651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.670550][T15651] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 557.670564][T15651] RAX: 0000000000000000 RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 557.670574][T15651] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 557.670587][T15651] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 557.670596][T15651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.670604][T15651] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 557.670623][T15651] [ 562.185146][T15719] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3660'. [ 562.266987][T15719] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.274324][T15719] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.032586][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.039561][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.877778][T15745] mkiss: ax0: crc mode is auto. [ 564.519084][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 5 < 18 [ 564.938772][T15773] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3681'. [ 565.419261][T15782] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3684'. [ 565.571352][T15785] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3685'. [ 566.290573][T15791] sp0: Synchronizing with TNC [ 566.506984][T15803] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3693'. [ 566.881327][T15806] FAULT_INJECTION: forcing a failure. [ 566.881327][T15806] name fail_futex, interval 1, probability 0, space 0, times 0 [ 566.953044][T15806] CPU: 1 UID: 0 PID: 15806 Comm: syz.4.3694 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 566.953068][T15806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 566.953078][T15806] Call Trace: [ 566.953083][T15806] [ 566.953089][T15806] dump_stack_lvl+0x16c/0x1f0 [ 566.953114][T15806] should_fail_ex+0x512/0x640 [ 566.953138][T15806] get_futex_key+0x49e/0x1000 [ 566.953157][T15806] ? __pfx_get_futex_key+0x10/0x10 [ 566.953178][T15806] futex_wake+0xe7/0x4e0 [ 566.953194][T15806] ? rcu_is_watching+0x12/0xc0 [ 566.953210][T15806] ? __pfx_futex_wake+0x10/0x10 [ 566.953236][T15806] do_futex+0x1e3/0x350 [ 566.953252][T15806] ? __pfx_do_futex+0x10/0x10 [ 566.953266][T15806] ? __might_fault+0xe3/0x190 [ 566.953288][T15806] mm_release+0x24e/0x300 [ 566.953305][T15806] do_exit+0x898/0x2c30 [ 566.953323][T15806] ? __pfx_try_to_wake_up+0x10/0x10 [ 566.953341][T15806] ? __pfx_do_exit+0x10/0x10 [ 566.953359][T15806] ? do_raw_spin_lock+0x12c/0x2b0 [ 566.953380][T15806] ? find_held_lock+0x2b/0x80 [ 566.953396][T15806] do_group_exit+0xd3/0x2a0 [ 566.953417][T15806] get_signal+0x2673/0x26d0 [ 566.953436][T15806] ? ktime_get_ts64+0x256/0x400 [ 566.953452][T15806] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 566.953473][T15806] ? __pfx_get_signal+0x10/0x10 [ 566.953488][T15806] ? do_futex+0x122/0x350 [ 566.953503][T15806] ? __pfx_do_futex+0x10/0x10 [ 566.953520][T15806] arch_do_signal_or_restart+0x8f/0x7a0 [ 566.953541][T15806] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 566.953565][T15806] ? rcu_is_watching+0x12/0xc0 [ 566.953582][T15806] syscall_exit_to_user_mode+0x150/0x2a0 [ 566.953603][T15806] do_syscall_64+0xda/0x230 [ 566.953624][T15806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.953639][T15806] RIP: 0033:0x7f903e98e969 [ 566.953652][T15806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.953665][T15806] RSP: 002b:00007f903f7d00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 566.953678][T15806] RAX: 0000000000000001 RBX: 00007f903ebb5fa8 RCX: 00007f903e98e969 [ 566.953687][T15806] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f903ebb5fac [ 566.953695][T15806] RBP: 00007f903ebb5fa0 R08: 00007f903f7d1000 R09: 0000000000000000 [ 566.953703][T15806] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f903ebb5fac [ 566.953712][T15806] R13: 0000000000000000 R14: 00007ffdf1300590 R15: 00007ffdf1300678 [ 566.953736][T15806] [ 568.816531][T15831] KVM: debugfs: duplicate directory 15831-4 [ 572.306641][T15887] [U] [ 572.309450][T15887] [U] [ 572.312127][T15887] [U] [ 572.385849][T15885] [U] [ 572.746969][T15895] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3725'. [ 573.107741][T15898] Process accounting paused [ 575.095061][T15957] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3746'. [ 575.160369][T15957] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3746'. [ 575.227951][T15960] netlink: 210 bytes leftover after parsing attributes in process `syz.3.3746'. [ 575.685177][T15966] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 576.011986][T15980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3755'. [ 576.082686][T15980] netlink: 13 bytes leftover after parsing attributes in process `syz.3.3755'. [ 576.155987][T15981] kvm: kvm [15976]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2 [ 576.544621][T15991] sp0: Synchronizing with TNC [ 576.589331][T15993] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3761'. [ 576.665145][T15993] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3761'. [ 577.013855][T16001] netlink: 'syz.1.3764': attribute type 4 has an invalid length. [ 577.092025][T16001] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3764'. [ 577.153157][T16005] netlink: 'syz.1.3764': attribute type 4 has an invalid length. [ 577.210685][T16005] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3764'. [ 577.248101][T16006] sp0: Synchronizing with TNC [ 578.347300][T16020] FAULT_INJECTION: forcing a failure. [ 578.347300][T16020] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 578.450500][T16020] CPU: 1 UID: 0 PID: 16020 Comm: syz.4.3771 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 578.450524][T16020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 578.450532][T16020] Call Trace: [ 578.450538][T16020] [ 578.450544][T16020] dump_stack_lvl+0x16c/0x1f0 [ 578.450570][T16020] should_fail_ex+0x512/0x640 [ 578.450593][T16020] _copy_to_user+0x32/0xd0 [ 578.450608][T16020] copy_siginfo_to_user+0x27/0xc0 [ 578.450628][T16020] x64_setup_rt_frame+0x811/0xcf0 [ 578.450653][T16020] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 578.450672][T16020] ? __task_pid_nr_ns+0x17c/0x500 [ 578.450695][T16020] arch_do_signal_or_restart+0x5b6/0x7a0 [ 578.450713][T16020] ? do_rt_tgsigqueueinfo+0xb0/0x100 [ 578.450731][T16020] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 578.450769][T16020] syscall_exit_to_user_mode+0x150/0x2a0 [ 578.450791][T16020] do_syscall_64+0xda/0x230 [ 578.450814][T16020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.450829][T16020] RIP: 0033:0x7f903e98e969 [ 578.450841][T16020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.450854][T16020] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 578.450867][T16020] RAX: 0000000000000000 RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 578.450876][T16020] RDX: 0000000000000021 RSI: 000000000000020a RDI: 0000000000000209 [ 578.450884][T16020] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 578.450892][T16020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.450899][T16020] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 578.450917][T16020] [ 578.622525][ C1] vkms_vblank_simulate: vblank timer overrun [ 580.551529][T16053] netlink: 'syz.3.3784': attribute type 32 has an invalid length. [ 580.594255][T16053] netlink: 'syz.3.3784': attribute type 33 has an invalid length. [ 580.635970][T16053] netlink: 'syz.3.3784': attribute type 35 has an invalid length. [ 580.678037][T16053] netlink: 'syz.3.3784': attribute type 37 has an invalid length. [ 580.687651][T16057] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3783'. [ 580.720342][T16053] netlink: 'syz.3.3784': attribute type 39 has an invalid length. [ 580.758700][T16053] netlink: 'syz.3.3784': attribute type 40 has an invalid length. [ 580.799966][T16053] netlink: 'syz.3.3784': attribute type 41 has an invalid length. [ 580.843304][T16053] netlink: 'syz.3.3784': attribute type 44 has an invalid length. [ 580.885066][T16053] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3784'. [ 581.105469][T16061] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3787'. [ 581.258208][T16063] mkiss: ax0: crc mode is auto. [ 581.547338][T16068] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 583.393528][T16105] netlink: 130 bytes leftover after parsing attributes in process `syz.4.3805'. [ 585.127484][T16143] ERROR: Out of memory at tomoyo_memory_ok. [ 589.380200][T16233] FAULT_INJECTION: forcing a failure. [ 589.380200][T16233] name failslab, interval 1, probability 0, space 0, times 0 [ 589.476881][T16233] CPU: 1 UID: 0 PID: 16233 Comm: syz.2.3841 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 589.476905][T16233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 589.476914][T16233] Call Trace: [ 589.476919][T16233] [ 589.476924][T16233] dump_stack_lvl+0x16c/0x1f0 [ 589.476950][T16233] should_fail_ex+0x512/0x640 [ 589.476972][T16233] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 589.476991][T16233] should_failslab+0xc2/0x120 [ 589.477010][T16233] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 589.477026][T16233] ? do_raw_read_unlock+0x44/0xe0 [ 589.477047][T16233] ? ima_d_path+0xbd/0x2a0 [ 589.477064][T16233] ima_d_path+0xbd/0x2a0 [ 589.477078][T16233] ? vfs_getxattr_alloc+0xec/0x340 [ 589.477092][T16233] ? __pfx_ima_d_path+0x10/0x10 [ 589.477110][T16233] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 589.477135][T16233] process_measurement+0x1d86/0x23e0 [ 589.477162][T16233] ? __pfx_process_measurement+0x10/0x10 [ 589.477182][T16233] ? __lock_acquire+0x5ca/0x1ba0 [ 589.477225][T16233] ? mtree_load+0x325/0xa40 [ 589.477249][T16233] ima_file_mmap+0x1b1/0x1d0 [ 589.477269][T16233] ? __pfx_ima_file_mmap+0x10/0x10 [ 589.477295][T16233] security_mmap_file+0x88c/0x990 [ 589.477316][T16233] __do_sys_remap_file_pages+0x2e2/0xac0 [ 589.477344][T16233] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 589.477365][T16233] ? __x64_sys_futex+0x1e0/0x4c0 [ 589.477383][T16233] ? xfd_validate_state+0x5d/0x180 [ 589.477398][T16233] ? rcu_is_watching+0x12/0xc0 [ 589.477417][T16233] do_syscall_64+0xcd/0x230 [ 589.477439][T16233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.477454][T16233] RIP: 0033:0x7f4e08f8e969 [ 589.477465][T16233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.477478][T16233] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 589.477491][T16233] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 589.477501][T16233] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000006a2b [ 589.477508][T16233] RBP: 00007f4e09010ab1 R08: 0000000000010000 R09: 0000000000000000 [ 589.477516][T16233] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 589.477525][T16233] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 589.477546][T16233] [ 590.336628][T16239] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3843'. [ 590.431760][T16239] : renamed from lo (while UP) [ 591.479430][T16257] FAULT_INJECTION: forcing a failure. [ 591.479430][T16257] name failslab, interval 1, probability 0, space 0, times 0 [ 591.589423][T16257] CPU: 1 UID: 0 PID: 16257 Comm: syz.4.3850 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 591.589447][T16257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.589456][T16257] Call Trace: [ 591.589461][T16257] [ 591.589467][T16257] dump_stack_lvl+0x16c/0x1f0 [ 591.589495][T16257] should_fail_ex+0x512/0x640 [ 591.589516][T16257] ? __kvmalloc_node_noprof+0x122/0x600 [ 591.589543][T16257] should_failslab+0xc2/0x120 [ 591.589562][T16257] __kvmalloc_node_noprof+0x135/0x600 [ 591.589579][T16257] ? trace_kmalloc+0x2b/0xd0 [ 591.589598][T16257] ? __kvmalloc_node_noprof+0x201/0x600 [ 591.589612][T16257] ? io_alloc_cache_init+0x33/0x170 [ 591.589631][T16257] ? io_alloc_cache_init+0x33/0x170 [ 591.589645][T16257] io_alloc_cache_init+0x33/0x170 [ 591.589661][T16257] io_rsrc_cache_init+0x40/0x50 [ 591.589682][T16257] io_uring_setup+0x68b/0x1ff0 [ 591.589703][T16257] ? __pfx_io_uring_setup+0x10/0x10 [ 591.589721][T16257] ? do_futex+0x122/0x350 [ 591.589737][T16257] ? __pfx_do_futex+0x10/0x10 [ 591.589751][T16257] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 591.589783][T16257] ? rcu_is_watching+0x12/0xc0 [ 591.589800][T16257] __x64_sys_io_uring_setup+0xc2/0x170 [ 591.589819][T16257] do_syscall_64+0xcd/0x230 [ 591.589840][T16257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.589856][T16257] RIP: 0033:0x7f903e98e969 [ 591.589868][T16257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.589881][T16257] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 591.589895][T16257] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 591.589905][T16257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 591.589912][T16257] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 591.589920][T16257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.589928][T16257] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 591.589945][T16257] [ 593.897356][T16293] FAULT_INJECTION: forcing a failure. [ 593.897356][T16293] name fail_futex, interval 1, probability 0, space 0, times 0 [ 593.986407][T16293] CPU: 1 UID: 0 PID: 16293 Comm: syz.3.3862 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 593.986430][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 593.986439][T16293] Call Trace: [ 593.986445][T16293] [ 593.986451][T16293] dump_stack_lvl+0x16c/0x1f0 [ 593.986476][T16293] should_fail_ex+0x512/0x640 [ 593.986500][T16293] get_futex_key+0x49e/0x1000 [ 593.986518][T16293] ? __pfx_get_futex_key+0x10/0x10 [ 593.986536][T16293] ? kasan_save_track+0x14/0x30 [ 593.986552][T16293] ? __kasan_kmalloc+0xaa/0xb0 [ 593.986569][T16293] futex_lock_pi+0x27c/0x7b0 [ 593.986589][T16293] ? __pfx_futex_lock_pi+0x10/0x10 [ 593.986607][T16293] ? __pfx___futex_wait+0x10/0x10 [ 593.986638][T16293] ? futex_wait+0x120/0x380 [ 593.986657][T16293] ? __pfx_futex_wake_mark+0x10/0x10 [ 593.986677][T16293] ? __fget_files+0x204/0x3c0 [ 593.986695][T16293] do_futex+0x11a/0x350 [ 593.986711][T16293] ? __pfx_do_futex+0x10/0x10 [ 593.986726][T16293] ? fput+0x70/0xf0 [ 593.986742][T16293] ? __sys_connect+0xf1/0x170 [ 593.986759][T16293] __x64_sys_futex+0x1e0/0x4c0 [ 593.986777][T16293] ? __pfx___x64_sys_futex+0x10/0x10 [ 593.986793][T16293] ? rcu_is_watching+0x12/0xc0 [ 593.986812][T16293] do_syscall_64+0xcd/0x230 [ 593.986833][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.986848][T16293] RIP: 0033:0x7f466118e969 [ 593.986860][T16293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.986874][T16293] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 593.986888][T16293] RAX: ffffffffffffffda RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 593.986898][T16293] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 593.986906][T16293] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000006 [ 593.986914][T16293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.986922][T16293] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 593.986940][T16293] [ 595.382831][T16316] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.4.3871: No space for directory leaf checksum. Please run e2fsck -D. [ 595.480931][T16316] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.4.3871: checksumming directory block 0 [ 595.610474][T16316] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3/regulatory.db failed with error -74 [ 595.712597][T16316] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.4.3871: No space for directory leaf checksum. Please run e2fsck -D. [ 595.787565][T16316] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.4.3871: checksumming directory block 0 [ 595.852836][T16316] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 595.958782][T16316] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.4.3871: No space for directory leaf checksum. Please run e2fsck -D. [ 596.023973][T16316] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.4.3871: checksumming directory block 0 [ 596.088566][T16316] platform regulatory.0: loading /lib/firmware/6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3/regulatory.db failed with error -74 [ 596.157671][T16316] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.4.3871: No space for directory leaf checksum. Please run e2fsck -D. [ 596.326165][T16324] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 596.359360][T16316] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.4.3871: checksumming directory block 0 [ 596.428386][T16324] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 596.445115][T16332] FAULT_INJECTION: forcing a failure. [ 596.445115][T16332] name fail_futex, interval 1, probability 0, space 0, times 0 [ 596.480385][T16316] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 596.522557][T16332] CPU: 1 UID: 0 PID: 16332 Comm: syz.2.3875 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 596.522580][T16332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.522588][T16332] Call Trace: [ 596.522593][T16332] [ 596.522600][T16332] dump_stack_lvl+0x16c/0x1f0 [ 596.522627][T16332] should_fail_ex+0x512/0x640 [ 596.522651][T16332] get_futex_key+0x49e/0x1000 [ 596.522670][T16332] ? __pfx_get_futex_key+0x10/0x10 [ 596.522688][T16332] ? kasan_save_track+0x14/0x30 [ 596.522704][T16332] ? __kasan_kmalloc+0xaa/0xb0 [ 596.522722][T16332] futex_lock_pi+0x27c/0x7b0 [ 596.522744][T16332] ? __pfx_futex_lock_pi+0x10/0x10 [ 596.522762][T16332] ? __pfx___futex_wait+0x10/0x10 [ 596.522793][T16332] ? futex_wait+0x120/0x380 [ 596.522814][T16332] ? __pfx_futex_wake_mark+0x10/0x10 [ 596.522834][T16332] ? __fget_files+0x204/0x3c0 [ 596.522852][T16332] do_futex+0x11a/0x350 [ 596.522868][T16332] ? __pfx_do_futex+0x10/0x10 [ 596.522883][T16332] ? fput+0x70/0xf0 [ 596.522899][T16332] ? __sys_connect+0xf1/0x170 [ 596.522917][T16332] __x64_sys_futex+0x1e0/0x4c0 [ 596.522935][T16332] ? __pfx___x64_sys_futex+0x10/0x10 [ 596.522952][T16332] ? rcu_is_watching+0x12/0xc0 [ 596.522972][T16332] do_syscall_64+0xcd/0x230 [ 596.522993][T16332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.523009][T16332] RIP: 0033:0x7f4e08f8e969 [ 596.523020][T16332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.523033][T16332] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 596.523047][T16332] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 596.523057][T16332] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 596.523065][T16332] RBP: 00007f4e09010ab1 R08: 0000000000000000 R09: 0000000000000006 [ 596.523073][T16332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.523081][T16332] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 596.523099][T16332] [ 596.527242][T16316] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 597.369224][T16316] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 597.417191][T16324] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 597.480094][T16324] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 597.503635][T16324] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 597.548831][T16324] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 597.586350][T16324] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 597.609271][T16324] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 597.640484][T16324] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 597.661319][T16324] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 597.674576][T16341] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3878'. [ 597.692937][T16324] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 597.709186][T16324] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 597.736520][T16324] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 597.756895][T16341] ipvlan1: entered promiscuous mode [ 597.787769][T16324] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 597.803686][T16341] ipvlan1: entered allmulticast mode [ 597.811004][T16324] CPU0 is offline. [ 597.831503][T16326] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 597.907192][T16341] veth0_vlan: entered allmulticast mode [ 598.079020][T16347] openvswitch: netlink: IP tunnel dst address not specified [ 598.086651][ T5835] Bluetooth: hci1: command 0x0406 tx timeout [ 598.139776][T16349] FAULT_INJECTION: forcing a failure. [ 598.139776][T16349] name failslab, interval 1, probability 0, space 0, times 0 [ 598.226751][T16349] CPU: 1 UID: 0 PID: 16349 Comm: syz.4.3882 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 598.226774][T16349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 598.226783][T16349] Call Trace: [ 598.226788][T16349] [ 598.226794][T16349] dump_stack_lvl+0x16c/0x1f0 [ 598.226820][T16349] should_fail_ex+0x512/0x640 [ 598.226841][T16349] ? __kmalloc_noprof+0xbf/0x510 [ 598.226858][T16349] ? sk_prot_alloc+0x1a8/0x2a0 [ 598.226877][T16349] should_failslab+0xc2/0x120 [ 598.226896][T16349] __kmalloc_noprof+0xd2/0x510 [ 598.226916][T16349] sk_prot_alloc+0x1a8/0x2a0 [ 598.226952][T16349] sk_alloc+0x36/0xc20 [ 598.226975][T16349] __netlink_create+0x5e/0x2c0 [ 598.226991][T16349] ? __wake_up+0x3f/0x60 [ 598.227009][T16349] netlink_create+0x39e/0x620 [ 598.227025][T16349] ? __pfx_genl_bind+0x10/0x10 [ 598.227044][T16349] ? __pfx_genl_unbind+0x10/0x10 [ 598.227062][T16349] ? __pfx_genl_release+0x10/0x10 [ 598.227083][T16349] __sock_create+0x335/0x8d0 [ 598.227108][T16349] __sys_socket+0x14d/0x260 [ 598.227121][T16349] ? __pfx___sys_socket+0x10/0x10 [ 598.227135][T16349] ? do_user_addr_fault+0x843/0x1370 [ 598.227153][T16349] __x64_sys_socket+0x72/0xb0 [ 598.227165][T16349] ? lockdep_hardirqs_on+0x7c/0x110 [ 598.227184][T16349] do_syscall_64+0xcd/0x230 [ 598.227206][T16349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.227220][T16349] RIP: 0033:0x7f903e990887 [ 598.227233][T16349] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 598.227246][T16349] RSP: 002b:00007f903f7cefa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 598.227259][T16349] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e990887 [ 598.227268][T16349] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 598.227277][T16349] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 598.227285][T16349] R10: 00002000000000c0 R11: 0000000000000286 R12: 0000000000000000 [ 598.227293][T16349] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 598.227311][T16349] [ 598.439824][ C1] vkms_vblank_simulate: vblank timer overrun [ 599.525479][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 599.545156][T16369] FAULT_INJECTION: forcing a failure. [ 599.545156][T16369] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 599.649566][T16369] CPU: 1 UID: 0 PID: 16369 Comm: syz.3.3891 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 599.649591][T16369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 599.649600][T16369] Call Trace: [ 599.649606][T16369] [ 599.649614][T16369] dump_stack_lvl+0x16c/0x1f0 [ 599.649641][T16369] should_fail_ex+0x512/0x640 [ 599.649669][T16369] should_fail_alloc_page+0xe7/0x130 [ 599.649690][T16369] prepare_alloc_pages+0x3c2/0x610 [ 599.649711][T16369] ? rcu_is_watching+0x12/0xc0 [ 599.649728][T16369] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 599.649746][T16369] ? stack_trace_save+0x8e/0xc0 [ 599.649761][T16369] ? __pfx_stack_trace_save+0x10/0x10 [ 599.649779][T16369] ? __lock_acquire+0x5ca/0x1ba0 [ 599.649800][T16369] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 599.649816][T16369] ? relay_open+0x653/0xad0 [ 599.649840][T16369] ? blk_trace_setup+0xed/0x1b0 [ 599.649860][T16369] ? rcu_read_unlock+0x17/0x60 [ 599.649883][T16369] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 599.649904][T16369] ? policy_nodemask+0xea/0x4e0 [ 599.649924][T16369] alloc_pages_mpol+0x1fb/0x550 [ 599.649943][T16369] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 599.649960][T16369] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 599.649978][T16369] ? trace_kmalloc+0x2b/0xd0 [ 599.649996][T16369] ? __kmalloc_noprof.cold+0x5c/0x61 [ 599.650012][T16369] ? relay_open_buf.part.0+0x194/0xb90 [ 599.650030][T16369] alloc_pages_noprof+0x131/0x390 [ 599.650049][T16369] relay_open_buf.part.0+0x262/0xb90 [ 599.650072][T16369] relay_open+0x653/0xad0 [ 599.650088][T16369] ? debugfs_create_file_full+0x41/0x60 [ 599.650111][T16369] do_blk_trace_setup+0x503/0xb50 [ 599.650135][T16369] blk_trace_setup+0xed/0x1b0 [ 599.650150][T16369] ? __pfx_blk_trace_setup+0x10/0x10 [ 599.650163][T16369] ? __pfx_snprintf+0x10/0x10 [ 599.650192][T16369] blk_trace_ioctl+0x146/0x280 [ 599.650207][T16369] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 599.650224][T16369] ? find_held_lock+0x2b/0x80 [ 599.650238][T16369] ? hook_file_ioctl_common+0x145/0x410 [ 599.650257][T16369] blkdev_ioctl+0x108/0x6d0 [ 599.650275][T16369] ? __pfx_blkdev_ioctl+0x10/0x10 [ 599.650295][T16369] ? __pfx_blkdev_ioctl+0x10/0x10 [ 599.650313][T16369] __x64_sys_ioctl+0x190/0x200 [ 599.650334][T16369] do_syscall_64+0xcd/0x230 [ 599.650357][T16369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.650371][T16369] RIP: 0033:0x7f466118e969 [ 599.650384][T16369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 599.650398][T16369] RSP: 002b:00007f4661f8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 599.650413][T16369] RAX: ffffffffffffffda RBX: 00007f46613b5fa0 RCX: 00007f466118e969 [ 599.650423][T16369] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 599.650432][T16369] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 599.650440][T16369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 599.650449][T16369] R13: 0000000000000000 R14: 00007f46613b5fa0 R15: 00007ffe12942a98 [ 599.650468][T16369] [ 599.952692][ C1] vkms_vblank_simulate: vblank timer overrun [ 600.397095][T15604] Bluetooth: hci3: command 0x0406 tx timeout [ 600.403599][T15604] Bluetooth: hci1: command 0x0406 tx timeout [ 600.409650][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 600.816291][T16389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78406 [ 600.953914][T16389] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 600.954006][T16389] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 600.954024][T16389] page_type: f5(slab) [ 600.954039][T16389] raw: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 600.954053][T16389] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 600.954069][T16389] head: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 600.954083][T16389] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 600.954097][T16389] head: 00fff00000000001 ffffea0001e10181 00000000ffffffff 00000000ffffffff [ 600.954111][T16389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 600.954121][T16389] page dumped because: unmovable page [ 600.954140][T16389] page_owner tracks the page as allocated [ 600.954189][T16389] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5204, tgid 5204 (udevd), ts 52215995016, free_ts 27952286790 [ 600.954218][T16389] post_alloc_hook+0x181/0x1b0 [ 600.954237][T16389] get_page_from_freelist+0x135c/0x3920 [ 600.954255][T16389] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 600.954272][T16389] alloc_pages_mpol+0x1fb/0x550 [ 600.954290][T16389] new_slab+0x244/0x340 [ 600.954304][T16389] ___slab_alloc+0xd9c/0x1940 [ 600.954317][T16389] __slab_alloc.constprop.0+0x56/0xb0 [ 600.954331][T16389] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 600.954347][T16389] __d_alloc+0x31/0xaa0 [ 600.954363][T16389] d_alloc+0x4a/0x1e0 [ 600.954377][T16389] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 600.954396][T16389] lookup_one_qstr_excl+0x3e/0x120 [ 600.954414][T16389] do_renameat2+0x5aa/0xc90 [ 600.954429][T16389] __x64_sys_rename+0x7d/0xa0 [ 600.954446][T16389] do_syscall_64+0xcd/0x230 [ 600.954467][T16389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.954482][T16389] page last free pid 1 tgid 1 stack trace: [ 600.954490][T16389] __free_frozen_pages+0x69d/0xff0 [ 600.954505][T16389] free_contig_range+0x135/0x3f0 [ 600.954519][T16389] destroy_args+0x66f/0x830 [ 600.954535][T16389] debug_vm_pgtable+0x130e/0x2d50 [ 600.954550][T16389] do_one_initcall+0x120/0x6e0 [ 600.954570][T16389] kernel_init_freeable+0x5c2/0x900 [ 600.954590][T16389] kernel_init+0x1c/0x2b0 [ 600.954605][T16389] ret_from_fork+0x48/0x80 [ 600.954619][T16389] ret_from_fork_asm+0x1a/0x30 [ 601.000036][ T5181] ERROR: Out of memory at tomoyo_memory_ok. [ 601.252499][T16391] could not allocate digest TFM handle [ 601.609697][T16382] Bluetooth: hci0: command 0x0406 tx timeout [ 601.713075][T16401] validate_nla: 3 callbacks suppressed [ 601.713090][T16401] netlink: 'syz.3.3899': attribute type 4 has an invalid length. [ 601.713102][T16401] netlink: 314 bytes leftover after parsing attributes in process `syz.3.3899'. [ 601.713114][T16401] IPv6: NLM_F_CREATE should be specified when creating new route [ 601.713197][T16401] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 601.713265][T16401] IPv6: NLM_F_CREATE should be set when creating new route [ 602.489466][T16382] Bluetooth: hci2: command 0x0406 tx timeout [ 602.489502][T16382] Bluetooth: hci1: command 0x0406 tx timeout [ 602.489536][T16382] Bluetooth: hci3: command 0x0406 tx timeout [ 603.005683][T16396] tty tty45: ldisc open failed (-12), clearing slot 44 [ 603.316978][ T5139] Bluetooth: hci1: Malformed LE Event: 0x1d [ 603.422549][T16413] Process accounting resumed [ 603.684905][ T5139] Bluetooth: hci0: command 0x0406 tx timeout [ 603.840172][T16425] erspan0: entered allmulticast mode [ 604.285135][T16431] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 604.558775][T16440] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3915'. [ 604.571395][ T5139] Bluetooth: hci3: command 0x0406 tx timeout [ 604.577496][T16382] Bluetooth: hci2: command 0x0406 tx timeout [ 605.758454][T16461] FAULT_INJECTION: forcing a failure. [ 605.758454][T16461] name failslab, interval 1, probability 0, space 0, times 0 [ 605.775876][ T5139] Bluetooth: hci0: command 0x0406 tx timeout [ 605.974198][T16461] CPU: 1 UID: 0 PID: 16461 Comm: syz.1.3921 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 605.974222][T16461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.974232][T16461] Call Trace: [ 605.974237][T16461] [ 605.974244][T16461] dump_stack_lvl+0x16c/0x1f0 [ 605.974270][T16461] should_fail_ex+0x512/0x640 [ 605.974293][T16461] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 605.974319][T16461] should_failslab+0xc2/0x120 [ 605.974339][T16461] __kmalloc_cache_noprof+0x6a/0x3e0 [ 605.974355][T16461] ? ima_calc_file_hash_tfm+0x29f/0x3d0 [ 605.974373][T16461] ima_calc_file_hash_tfm+0x29f/0x3d0 [ 605.974390][T16461] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 605.974426][T16461] ? shmem_huge_global_enabled+0x173/0x5b0 [ 605.974444][T16461] ? ima_alloc_tfm+0x21a/0x2e0 [ 605.974457][T16461] ? shmem_getattr+0x397/0x450 [ 605.974474][T16461] ima_calc_file_hash+0x1ba/0x490 [ 605.974491][T16461] ima_collect_measurement+0x897/0xa40 [ 605.974512][T16461] ? __pfx_ima_collect_measurement+0x10/0x10 [ 605.974542][T16461] ? do_raw_read_unlock+0x44/0xe0 [ 605.974568][T16461] ? vfs_getxattr_alloc+0xec/0x340 [ 605.974586][T16461] ? ima_get_hash_algo+0x27c/0x400 [ 605.974605][T16461] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 605.974629][T16461] ? process_measurement+0x11fa/0x23e0 [ 605.974650][T16461] process_measurement+0x11fa/0x23e0 [ 605.974677][T16461] ? __pfx_process_measurement+0x10/0x10 [ 605.974697][T16461] ? __lock_acquire+0x5ca/0x1ba0 [ 605.974718][T16461] ? futex_wait_queue+0x24/0x220 [ 605.974758][T16461] ? mtree_load+0x325/0xa40 [ 605.974782][T16461] ima_file_mmap+0x1b1/0x1d0 [ 605.974804][T16461] ? __pfx_ima_file_mmap+0x10/0x10 [ 605.974830][T16461] security_mmap_file+0x88c/0x990 [ 605.974851][T16461] __do_sys_remap_file_pages+0x2e2/0xac0 [ 605.974879][T16461] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 605.974901][T16461] ? __x64_sys_futex+0x1e0/0x4c0 [ 605.974919][T16461] ? xfd_validate_state+0x5d/0x180 [ 605.974935][T16461] ? rcu_is_watching+0x12/0xc0 [ 605.974954][T16461] do_syscall_64+0xcd/0x230 [ 605.974977][T16461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.974992][T16461] RIP: 0033:0x7f5947d8e969 [ 605.975004][T16461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.975019][T16461] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 605.975033][T16461] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 605.975043][T16461] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000006a2b [ 605.975051][T16461] RBP: 00007f5947e10ab1 R08: 0000000000010000 R09: 0000000000000000 [ 605.975060][T16461] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 605.975069][T16461] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 605.975087][T16461] [ 605.975199][ T30] audit: type=1800 audit(4294968748.717:28): pid=16461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3921" name="dev/zero" dev="tmpfs" ino=2527 res=0 errno=0 [ 606.857179][T16473] input: isc as /devices/virtual/input/input8 [ 606.915923][T16473] FAULT_INJECTION: forcing a failure. [ 606.915923][T16473] name failslab, interval 1, probability 0, space 0, times 0 [ 606.984885][T16473] CPU: 1 UID: 0 PID: 16473 Comm: syz.1.3933 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 606.984909][T16473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 606.984918][T16473] Call Trace: [ 606.984923][T16473] [ 606.984930][T16473] dump_stack_lvl+0x16c/0x1f0 [ 606.984955][T16473] should_fail_ex+0x512/0x640 [ 606.984976][T16473] ? __kmalloc_noprof+0xbf/0x510 [ 606.984994][T16473] ? kobj_map+0x81/0x470 [ 606.985010][T16473] should_failslab+0xc2/0x120 [ 606.985029][T16473] __kmalloc_noprof+0xd2/0x510 [ 606.985044][T16473] ? __pfx___debug_object_init+0x10/0x10 [ 606.985065][T16473] kobj_map+0x81/0x470 [ 606.985081][T16473] ? __pfx_exact_match+0x10/0x10 [ 606.985096][T16473] ? __pfx_exact_lock+0x10/0x10 [ 606.985115][T16473] cdev_add+0xa7/0x1a0 [ 606.985130][T16473] cdev_device_add+0xa6/0x1e0 [ 606.985146][T16473] evdev_connect+0x3a4/0x4c0 [ 606.985168][T16473] input_attach_handler.isra.0+0x181/0x260 [ 606.985189][T16473] input_register_device+0xa84/0x1130 [ 606.985211][T16473] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 606.985235][T16473] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 606.985255][T16473] ? find_held_lock+0x2b/0x80 [ 606.985281][T16473] ? __pfx_uinput_ioctl+0x10/0x10 [ 606.985297][T16473] __x64_sys_ioctl+0x190/0x200 [ 606.985319][T16473] do_syscall_64+0xcd/0x230 [ 606.985341][T16473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.985356][T16473] RIP: 0033:0x7f5947d8e969 [ 606.985368][T16473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.985382][T16473] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 606.985396][T16473] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 606.985405][T16473] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 606.985414][T16473] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 606.985422][T16473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.985430][T16473] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 606.985449][T16473] [ 607.891374][ T5139] Bluetooth: hci0: command 0x0406 tx timeout [ 608.350196][T16473] input: failed to attach handler evdev to device input8, error: -12 [ 608.863567][T16494] FAULT_INJECTION: forcing a failure. [ 608.863567][T16494] name failslab, interval 1, probability 0, space 0, times 0 [ 609.013984][T16494] CPU: 1 UID: 0 PID: 16494 Comm: syz.4.3932 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 609.014014][T16494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 609.014023][T16494] Call Trace: [ 609.014029][T16494] [ 609.014035][T16494] dump_stack_lvl+0x16c/0x1f0 [ 609.014061][T16494] should_fail_ex+0x512/0x640 [ 609.014082][T16494] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 609.014102][T16494] should_failslab+0xc2/0x120 [ 609.014120][T16494] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 609.014137][T16494] ? apparmor_capable+0x114/0x1d0 [ 609.014151][T16494] ? prepare_creds+0x2c/0x7d0 [ 609.014173][T16494] prepare_creds+0x2c/0x7d0 [ 609.014194][T16494] __do_sys_landlock_restrict_self+0x13e/0x910 [ 609.014218][T16494] ? rcu_is_watching+0x12/0xc0 [ 609.014234][T16494] do_syscall_64+0xcd/0x230 [ 609.014256][T16494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.014271][T16494] RIP: 0033:0x7f903e98e969 [ 609.014283][T16494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.014296][T16494] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 609.014310][T16494] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 609.014320][T16494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 609.014328][T16494] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 609.014338][T16494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.014347][T16494] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 609.014365][T16494] [ 609.554401][T16504] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.2.3938: No space for directory leaf checksum. Please run e2fsck -D. [ 609.629249][T16504] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.2.3938: checksumming directory block 0 [ 609.665858][T16504] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3/regulatory.db failed with error -74 [ 609.765630][T16504] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.2.3938: No space for directory leaf checksum. Please run e2fsck -D. [ 609.882198][T16504] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.2.3938: checksumming directory block 0 [ 609.936389][T16504] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 609.977018][T16504] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.2.3938: No space for directory leaf checksum. Please run e2fsck -D. [ 610.040190][T16504] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.2.3938: checksumming directory block 0 [ 610.095467][T16504] platform regulatory.0: loading /lib/firmware/6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3/regulatory.db failed with error -74 [ 610.271851][T16504] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #274: comm syz.2.3938: No space for directory leaf checksum. Please run e2fsck -D. [ 610.438142][T16504] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #274: comm syz.2.3938: checksumming directory block 0 [ 610.554737][T16512] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 610.602515][T16512] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 610.639089][T16504] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 610.715088][T16512] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 610.758432][T16504] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 610.802539][T16512] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 610.835757][T16512] CPU0 is offline. [ 610.861518][T16504] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 612.250449][T16546] FAULT_INJECTION: forcing a failure. [ 612.250449][T16546] name failslab, interval 1, probability 0, space 0, times 0 [ 612.319108][T16546] CPU: 1 UID: 0 PID: 16546 Comm: syz.2.3954 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 612.319131][T16546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.319141][T16546] Call Trace: [ 612.319146][T16546] [ 612.319154][T16546] dump_stack_lvl+0x16c/0x1f0 [ 612.319181][T16546] should_fail_ex+0x512/0x640 [ 612.319203][T16546] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 612.319223][T16546] should_failslab+0xc2/0x120 [ 612.319241][T16546] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 612.319258][T16546] ? __kernfs_new_node+0xd2/0x8a0 [ 612.319275][T16546] __kernfs_new_node+0xd2/0x8a0 [ 612.319291][T16546] ? __pfx___kernfs_new_node+0x10/0x10 [ 612.319310][T16546] ? find_held_lock+0x2b/0x80 [ 612.319326][T16546] ? kernfs_root+0xee/0x2a0 [ 612.319343][T16546] kernfs_new_node+0x13c/0x1e0 [ 612.319362][T16546] __kernfs_create_file+0x53/0x350 [ 612.319384][T16546] sysfs_add_file_mode_ns+0x207/0x3c0 [ 612.319410][T16546] sysfs_merge_group+0x1aa/0x340 [ 612.319426][T16546] ? __pfx_sysfs_merge_group+0x10/0x10 [ 612.319443][T16546] ? __pfx_dev_add_physical_location+0x10/0x10 [ 612.319462][T16546] ? bus_to_subsys+0x131/0x160 [ 612.319486][T16546] dpm_sysfs_add+0x237/0x280 [ 612.319505][T16546] device_add+0x9a6/0x1a70 [ 612.319527][T16546] ? __pfx_device_add+0x10/0x10 [ 612.319554][T16546] nfc_register_device+0x41/0x3c0 [ 612.319578][T16546] nci_register_device+0x7f1/0xb80 [ 612.319597][T16546] ? __pfx_nci_register_device+0x10/0x10 [ 612.319619][T16546] ? lockdep_init_map_type+0x5c/0x280 [ 612.319643][T16546] virtual_ncidev_open+0x141/0x220 [ 612.319666][T16546] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 612.319686][T16546] misc_open+0x35d/0x420 [ 612.319700][T16546] ? __pfx_misc_open+0x10/0x10 [ 612.319714][T16546] chrdev_open+0x234/0x6a0 [ 612.319737][T16546] ? __pfx_apparmor_file_open+0x10/0x10 [ 612.319759][T16546] ? __pfx_chrdev_open+0x10/0x10 [ 612.319777][T16546] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 612.319804][T16546] do_dentry_open+0x741/0x1c10 [ 612.319821][T16546] ? __pfx_chrdev_open+0x10/0x10 [ 612.319841][T16546] vfs_open+0x82/0x3f0 [ 612.319862][T16546] path_openat+0x1e5e/0x2d40 [ 612.319885][T16546] ? __pfx_path_openat+0x10/0x10 [ 612.319905][T16546] do_filp_open+0x20b/0x470 [ 612.319920][T16546] ? __pfx_do_filp_open+0x10/0x10 [ 612.319949][T16546] ? alloc_fd+0x471/0x7d0 [ 612.319976][T16546] do_sys_openat2+0x11b/0x1d0 [ 612.319995][T16546] ? __pfx_do_sys_openat2+0x10/0x10 [ 612.320021][T16546] __x64_sys_openat+0x174/0x210 [ 612.320041][T16546] ? __pfx___x64_sys_openat+0x10/0x10 [ 612.320061][T16546] ? rcu_is_watching+0x12/0xc0 [ 612.320082][T16546] do_syscall_64+0xcd/0x230 [ 612.320105][T16546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.320124][T16546] RIP: 0033:0x7f4e08f8e969 [ 612.320137][T16546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.320151][T16546] RSP: 002b:00007f4e09d52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 612.320165][T16546] RAX: ffffffffffffffda RBX: 00007f4e091b5fa0 RCX: 00007f4e08f8e969 [ 612.320174][T16546] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 612.320185][T16546] RBP: 00007f4e09010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 612.320194][T16546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.320203][T16546] R13: 0000000000000000 R14: 00007f4e091b5fa0 R15: 00007fffef7e96e8 [ 612.320223][T16546] [ 613.233731][ T5139] Bluetooth: hci1: command 0x0406 tx timeout [ 613.239930][ T5139] Bluetooth: hci0: command 0x0406 tx timeout [ 613.245915][ T5139] Bluetooth: hci2: command 0x0406 tx timeout [ 613.252363][ T5139] Bluetooth: hci3: command 0x0406 tx timeout [ 615.591555][ C1] vcan0: j1939_tp_rxtimer: 0xffff888035bc0c00: rx timeout, send abort [ 615.599968][ C1] vcan0: j1939_tp_rxtimer: 0xffff888035bc1400: rx timeout, send abort [ 615.609345][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888035bc0c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 615.623720][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888035bc1400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 615.783611][T16583] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3964'. [ 616.183965][T16590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78406 [ 616.257713][T16590] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 616.341324][T16590] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 616.563502][T16590] page_type: f5(slab) [ 616.567516][T16590] raw: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 616.602114][T16608] netlink: 346 bytes leftover after parsing attributes in process `syz.3.3971'. [ 616.698320][T16590] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 616.800927][T16594] could not allocate digest TFM handle [ 616.874132][T16590] head: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 616.997265][T16590] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 617.136639][T16590] head: 00fff00000000001 ffffea0001e10181 00000000ffffffff 00000000ffffffff [ 617.224529][T16616] input: isc as /devices/virtual/input/input9 [ 617.264523][T16616] FAULT_INJECTION: forcing a failure. [ 617.264523][T16616] name failslab, interval 1, probability 0, space 0, times 0 [ 617.330255][T16590] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 617.351334][T16616] CPU: 1 UID: 0 PID: 16616 Comm: syz.4.3983 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 617.351357][T16616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 617.351366][T16616] Call Trace: [ 617.351372][T16616] [ 617.351378][T16616] dump_stack_lvl+0x16c/0x1f0 [ 617.351404][T16616] should_fail_ex+0x512/0x640 [ 617.351425][T16616] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 617.351443][T16616] should_failslab+0xc2/0x120 [ 617.351462][T16616] __kmalloc_cache_noprof+0x6a/0x3e0 [ 617.351480][T16616] ? rcu_is_watching+0x12/0xc0 [ 617.351494][T16616] ? device_add+0xccc/0x1a70 [ 617.351516][T16616] device_add+0xccc/0x1a70 [ 617.351538][T16616] ? __pfx_device_add+0x10/0x10 [ 617.351557][T16616] ? __pfx_exact_lock+0x10/0x10 [ 617.351576][T16616] ? kobject_get+0xbb/0x150 [ 617.351599][T16616] cdev_device_add+0xc2/0x1e0 [ 617.351616][T16616] evdev_connect+0x3a4/0x4c0 [ 617.351638][T16616] input_attach_handler.isra.0+0x181/0x260 [ 617.351659][T16616] input_register_device+0xa84/0x1130 [ 617.351681][T16616] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 617.351698][T16616] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 617.351718][T16616] ? find_held_lock+0x2b/0x80 [ 617.351742][T16616] ? __pfx_uinput_ioctl+0x10/0x10 [ 617.351757][T16616] __x64_sys_ioctl+0x190/0x200 [ 617.351778][T16616] do_syscall_64+0xcd/0x230 [ 617.351801][T16616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.351817][T16616] RIP: 0033:0x7f903e98e969 [ 617.351829][T16616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.351844][T16616] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 617.351858][T16616] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 617.351869][T16616] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 617.351878][T16616] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 617.351888][T16616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.351897][T16616] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 617.351916][T16616] [ 617.612557][T16590] page dumped because: unmovable page [ 617.618023][T16590] page_owner tracks the page as allocated [ 617.623973][T16590] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5204, tgid 5204 (udevd), ts 52215995016, free_ts 27952286790 [ 617.646727][T16590] post_alloc_hook+0x181/0x1b0 [ 617.651497][T16590] get_page_from_freelist+0x135c/0x3920 [ 617.657149][T16590] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 617.663121][T16590] alloc_pages_mpol+0x1fb/0x550 [ 617.668063][T16590] new_slab+0x244/0x340 [ 617.672277][T16590] ___slab_alloc+0xd9c/0x1940 [ 617.676948][T16590] __slab_alloc.constprop.0+0x56/0xb0 [ 617.682430][T16590] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 617.688148][T16590] __d_alloc+0x31/0xaa0 [ 617.692379][T16590] d_alloc+0x4a/0x1e0 [ 617.696414][T16590] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 617.703138][T16590] lookup_one_qstr_excl+0x3e/0x120 [ 617.709018][T16590] do_renameat2+0x5aa/0xc90 [ 617.714129][T16590] __x64_sys_rename+0x7d/0xa0 [ 617.718802][T16590] do_syscall_64+0xcd/0x230 [ 617.723410][T16590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.729296][T16590] page last free pid 1 tgid 1 stack trace: [ 617.735159][T16590] __free_frozen_pages+0x69d/0xff0 [ 617.740264][T16590] free_contig_range+0x135/0x3f0 [ 617.745268][T16590] destroy_args+0x66f/0x830 [ 617.749765][T16590] debug_vm_pgtable+0x130e/0x2d50 [ 617.754824][T16590] do_one_initcall+0x120/0x6e0 [ 617.759625][T16590] kernel_init_freeable+0x5c2/0x900 [ 617.764858][T16590] kernel_init+0x1c/0x2b0 [ 617.769177][T16590] ret_from_fork+0x48/0x80 [ 617.773654][T16590] ret_from_fork_asm+0x1a/0x30 [ 618.000502][T16622] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3976'. [ 618.075801][T16622] netlink: 302 bytes leftover after parsing attributes in process `syz.2.3976'. [ 618.494860][T16632] mkiss: ax0: crc mode is auto. [ 618.646131][T16616] input: failed to attach handler evdev to device input9, error: -12 [ 618.766195][T16382] Bluetooth: hci2: unexpected subevent 0x01 length: 5 < 18 [ 622.707780][T16696] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4001'. [ 622.803279][T16700] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4001'. [ 622.920521][T16696] netlink: 210 bytes leftover after parsing attributes in process `syz.2.4001'. [ 623.278935][T16705] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4005'. [ 623.377663][T16705] IPv6: NLM_F_CREATE should be specified when creating new route [ 623.505100][T16705] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 623.512639][T16705] IPv6: NLM_F_CREATE should be set when creating new route [ 623.519904][T16705] IPv6: NLM_F_CREATE should be set when creating new route [ 623.770515][T16712] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4005'. [ 624.074753][T16721] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4009'. [ 624.500735][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.507508][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.181870][T16740] netlink: 18 bytes leftover after parsing attributes in process `syz.1.4014'. [ 625.280756][T16742] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4015'. [ 625.365920][T16742] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.373160][T16742] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.176831][T16757] FAULT_INJECTION: forcing a failure. [ 626.176831][T16757] name failslab, interval 1, probability 0, space 0, times 0 [ 626.377093][T16757] CPU: 1 UID: 0 PID: 16757 Comm: syz.3.4021 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 626.377118][T16757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 626.377128][T16757] Call Trace: [ 626.377134][T16757] [ 626.377141][T16757] dump_stack_lvl+0x16c/0x1f0 [ 626.377168][T16757] should_fail_ex+0x512/0x640 [ 626.377190][T16757] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 626.377210][T16757] should_failslab+0xc2/0x120 [ 626.377228][T16757] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 626.377245][T16757] ? acpi_ut_allocate_owner_id+0x2d6/0x3a0 [ 626.377260][T16757] ? acpi_ps_alloc_op+0xf1/0x310 [ 626.377283][T16757] acpi_ps_alloc_op+0xf1/0x310 [ 626.377303][T16757] acpi_ps_create_scope_op+0x1a/0x70 [ 626.377321][T16757] acpi_ps_execute_method+0x1b1/0xb30 [ 626.377342][T16757] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 626.377365][T16757] acpi_ns_evaluate+0x76c/0xca0 [ 626.377386][T16757] ? kasan_save_track+0x14/0x30 [ 626.377404][T16757] acpi_evaluate_object+0x1fa/0xa90 [ 626.377422][T16757] ? do_syscall_64+0xcd/0x230 [ 626.377449][T16757] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.377466][T16757] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 626.377485][T16757] ? __mutex_trylock_common+0xe9/0x250 [ 626.377509][T16757] acpi_evaluate_integer+0xdd/0x200 [ 626.377525][T16757] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 626.377549][T16757] ? __pfx_status_show+0x10/0x10 [ 626.377565][T16757] status_show+0xa0/0x120 [ 626.377582][T16757] ? __pfx_status_show+0x10/0x10 [ 626.377604][T16757] dev_attr_show+0x53/0xe0 [ 626.377625][T16757] ? __pfx_dev_attr_show+0x10/0x10 [ 626.377642][T16757] sysfs_kf_seq_show+0x213/0x3e0 [ 626.377668][T16757] seq_read_iter+0x506/0x12c0 [ 626.377698][T16757] kernfs_fop_read_iter+0x40f/0x5a0 [ 626.377716][T16757] ? rw_verify_area+0xcf/0x680 [ 626.377739][T16757] vfs_read+0x8c8/0xc70 [ 626.377757][T16757] ? __pfx___mutex_lock+0x10/0x10 [ 626.377777][T16757] ? __pfx_vfs_read+0x10/0x10 [ 626.377805][T16757] ksys_read+0x12a/0x240 [ 626.377819][T16757] ? __pfx_ksys_read+0x10/0x10 [ 626.377833][T16757] ? rcu_is_watching+0x12/0xc0 [ 626.377853][T16757] do_syscall_64+0xcd/0x230 [ 626.377876][T16757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.377891][T16757] RIP: 0033:0x7f466118e969 [ 626.377904][T16757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.377918][T16757] RSP: 002b:00007f4661f6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 626.377932][T16757] RAX: ffffffffffffffda RBX: 00007f46613b6080 RCX: 00007f466118e969 [ 626.377942][T16757] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 626.377952][T16757] RBP: 00007f4661210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 626.377961][T16757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 626.377970][T16757] R13: 0000000000000000 R14: 00007f46613b6080 R15: 00007ffe12942a98 [ 626.377991][T16757] [ 627.343550][T16764] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 628.306416][T16774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78406 [ 628.360806][T16774] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 628.551951][T16774] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 628.592743][T16777] could not allocate digest TFM handle [ 628.644764][T16774] page_type: f5(slab) [ 628.687795][T16774] raw: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 628.731494][T16774] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 628.848404][T16774] head: 00fff00000000040 ffff88801c6b8780 ffffea0001e9b600 dead000000000003 [ 628.944813][T16774] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 629.088422][T16774] head: 00fff00000000001 ffffea0001e10181 00000000ffffffff 00000000ffffffff [ 629.240006][T16774] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 629.389151][T16774] page dumped because: unmovable page [ 629.465377][T16774] page_owner tracks the page as allocated [ 629.529828][T16774] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5204, tgid 5204 (udevd), ts 52215995016, free_ts 27952286790 [ 629.653654][T16774] post_alloc_hook+0x181/0x1b0 [ 629.699317][T16774] get_page_from_freelist+0x135c/0x3920 [ 629.748302][T16774] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 629.754237][T16774] alloc_pages_mpol+0x1fb/0x550 [ 629.817813][T16774] new_slab+0x244/0x340 [ 629.821999][T16774] ___slab_alloc+0xd9c/0x1940 [ 629.878260][T16774] __slab_alloc.constprop.0+0x56/0xb0 [ 629.897039][T16774] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 629.940171][T16774] __d_alloc+0x31/0xaa0 [ 629.944363][T16774] d_alloc+0x4a/0x1e0 [ 629.978478][T16774] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 630.007959][T16774] lookup_one_qstr_excl+0x3e/0x120 [ 630.038333][T16774] do_renameat2+0x5aa/0xc90 [ 630.057378][T16774] __x64_sys_rename+0x7d/0xa0 [ 630.078457][T16774] do_syscall_64+0xcd/0x230 [ 630.094037][T16774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.128488][T16774] page last free pid 1 tgid 1 stack trace: [ 630.157157][T16774] __free_frozen_pages+0x69d/0xff0 [ 630.176822][T16774] free_contig_range+0x135/0x3f0 [ 630.199699][T16774] destroy_args+0x66f/0x830 [ 630.220643][T16774] debug_vm_pgtable+0x130e/0x2d50 [ 630.245222][T16774] do_one_initcall+0x120/0x6e0 [ 630.266801][T16774] kernel_init_freeable+0x5c2/0x900 [ 630.287922][T16774] kernel_init+0x1c/0x2b0 [ 630.308100][T16774] ret_from_fork+0x48/0x80 [ 630.325314][T16774] ret_from_fork_asm+0x1a/0x30 [ 630.417170][T16797] sp0: Synchronizing with TNC [ 632.088274][T16827] FAULT_INJECTION: forcing a failure. [ 632.088274][T16827] name failslab, interval 1, probability 0, space 0, times 0 [ 632.232316][T16827] CPU: 1 UID: 0 PID: 16827 Comm: syz.4.4043 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 632.232360][T16827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 632.232369][T16827] Call Trace: [ 632.232375][T16827] [ 632.232381][T16827] dump_stack_lvl+0x16c/0x1f0 [ 632.232407][T16827] should_fail_ex+0x512/0x640 [ 632.232429][T16827] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 632.232450][T16827] should_failslab+0xc2/0x120 [ 632.232468][T16827] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 632.232485][T16827] ? __kernfs_new_node+0xd2/0x8a0 [ 632.232503][T16827] __kernfs_new_node+0xd2/0x8a0 [ 632.232522][T16827] ? __pfx___kernfs_new_node+0x10/0x10 [ 632.232541][T16827] ? find_held_lock+0x2b/0x80 [ 632.232556][T16827] ? kernfs_root+0xee/0x2a0 [ 632.232574][T16827] kernfs_new_node+0x13c/0x1e0 [ 632.232593][T16827] __kernfs_create_file+0x53/0x350 [ 632.232614][T16827] sysfs_add_file_mode_ns+0x207/0x3c0 [ 632.232641][T16827] internal_create_group+0x578/0xf30 [ 632.232661][T16827] ? __pfx_internal_create_group+0x10/0x10 [ 632.232678][T16827] ? kernfs_create_link+0x1bd/0x240 [ 632.232701][T16827] internal_create_groups+0x9d/0x150 [ 632.232717][T16827] device_add+0xf30/0x1a70 [ 632.232739][T16827] ? __pfx_device_add+0x10/0x10 [ 632.232759][T16827] ? lockdep_init_map_type+0x5c/0x280 [ 632.232778][T16827] ? __init_waitqueue_head+0xca/0x150 [ 632.232796][T16827] netdev_register_kobject+0x182/0x3a0 [ 632.232821][T16827] register_netdevice+0x13dc/0x2270 [ 632.232844][T16827] ? __pfx_register_netdevice+0x10/0x10 [ 632.232869][T16827] internal_dev_create+0x2d3/0x520 [ 632.232886][T16827] ovs_vport_add+0x147/0x4d0 [ 632.232909][T16827] new_vport+0x16/0x1d0 [ 632.232927][T16827] ovs_dp_cmd_new+0x6ba/0xe60 [ 632.232960][T16827] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 632.232985][T16827] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 632.233010][T16827] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 632.233037][T16827] genl_family_rcv_msg_doit+0x209/0x2f0 [ 632.233060][T16827] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 632.233081][T16827] ? trace_cap_capable+0x18d/0x200 [ 632.233102][T16827] ? bpf_lsm_capable+0x9/0x10 [ 632.233117][T16827] ? security_capable+0x7e/0x260 [ 632.233133][T16827] ? ns_capable+0xd7/0x110 [ 632.233150][T16827] genl_rcv_msg+0x55c/0x800 [ 632.233173][T16827] ? __pfx_genl_rcv_msg+0x10/0x10 [ 632.233193][T16827] ? __pfx___dev_queue_xmit+0x10/0x10 [ 632.233208][T16827] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 632.233228][T16827] ? __lock_acquire+0xaa4/0x1ba0 [ 632.233250][T16827] netlink_rcv_skb+0x16d/0x440 [ 632.233269][T16827] ? __pfx_genl_rcv_msg+0x10/0x10 [ 632.233291][T16827] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 632.233319][T16827] ? __pfx_down_read+0x10/0x10 [ 632.233334][T16827] ? netlink_deliver_tap+0x1ae/0xd30 [ 632.233355][T16827] genl_rcv+0x28/0x40 [ 632.233373][T16827] netlink_unicast+0x53a/0x7f0 [ 632.233394][T16827] ? __pfx_netlink_unicast+0x10/0x10 [ 632.233411][T16827] ? __lock_acquire+0xaa4/0x1ba0 [ 632.233434][T16827] netlink_sendmsg+0x8d1/0xdd0 [ 632.233456][T16827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 632.233482][T16827] ____sys_sendmsg+0xa98/0xc70 [ 632.233503][T16827] ? copy_msghdr_from_user+0x10a/0x160 [ 632.233520][T16827] ? __pfx_____sys_sendmsg+0x10/0x10 [ 632.233546][T16827] ? try_to_wake_up+0xa2f/0x1680 [ 632.233564][T16827] ___sys_sendmsg+0x134/0x1d0 [ 632.233582][T16827] ? __pfx____sys_sendmsg+0x10/0x10 [ 632.233624][T16827] __sys_sendmsg+0x16d/0x220 [ 632.233642][T16827] ? __pfx___sys_sendmsg+0x10/0x10 [ 632.233659][T16827] ? __x64_sys_futex+0x1e0/0x4c0 [ 632.233681][T16827] ? rcu_is_watching+0x12/0xc0 [ 632.233701][T16827] do_syscall_64+0xcd/0x230 [ 632.233724][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.233739][T16827] RIP: 0033:0x7f903e98e969 [ 632.233752][T16827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.233765][T16827] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 632.233779][T16827] RAX: ffffffffffffffda RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 632.233789][T16827] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 632.233798][T16827] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 632.233806][T16827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.233815][T16827] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 632.233834][T16827] [ 632.671171][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.481092][T16830] FAULT_INJECTION: forcing a failure. [ 633.481092][T16830] name failslab, interval 1, probability 0, space 0, times 0 [ 633.541313][T16818] Process accounting paused [ 633.646486][T16830] CPU: 1 UID: 0 PID: 16830 Comm: syz.4.4045 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 633.646511][T16830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 633.646521][T16830] Call Trace: [ 633.646526][T16830] [ 633.646533][T16830] dump_stack_lvl+0x16c/0x1f0 [ 633.646559][T16830] should_fail_ex+0x512/0x640 [ 633.646581][T16830] ? __kmalloc_noprof+0xbf/0x510 [ 633.646600][T16830] ? drm_atomic_state_init+0x17b/0x320 [ 633.646620][T16830] should_failslab+0xc2/0x120 [ 633.646639][T16830] __kmalloc_noprof+0xd2/0x510 [ 633.646662][T16830] drm_atomic_state_init+0x17b/0x320 [ 633.646683][T16830] ? __kasan_kmalloc+0xaa/0xb0 [ 633.646699][T16830] drm_atomic_state_alloc+0xd3/0x120 [ 633.646720][T16830] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 633.646740][T16830] ? __pfx___might_resched+0x10/0x10 [ 633.646759][T16830] ? rcu_is_watching+0x12/0xc0 [ 633.646774][T16830] ? trace_contention_end+0xdd/0x130 [ 633.646794][T16830] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 633.646835][T16830] drm_client_modeset_commit_locked+0x14d/0x580 [ 633.646863][T16830] drm_client_modeset_commit+0x4f/0x80 [ 633.646885][T16830] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 633.646904][T16830] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 633.646928][T16830] drm_fbdev_client_restore+0x2c/0x40 [ 633.646951][T16830] drm_client_dev_restore+0x1f3/0x2a0 [ 633.646974][T16830] drm_release+0x2c4/0x360 [ 633.646993][T16830] ? __pfx_drm_release+0x10/0x10 [ 633.647009][T16830] __fput+0x3ff/0xb70 [ 633.647032][T16830] task_work_run+0x150/0x240 [ 633.647055][T16830] ? __pfx_task_work_run+0x10/0x10 [ 633.647076][T16830] ? __pfx___do_sys_close_range+0x10/0x10 [ 633.647092][T16830] ? rcu_is_watching+0x12/0xc0 [ 633.647110][T16830] syscall_exit_to_user_mode+0x27b/0x2a0 [ 633.647132][T16830] do_syscall_64+0xda/0x230 [ 633.647155][T16830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.647171][T16830] RIP: 0033:0x7f903e98e969 [ 633.647184][T16830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.647198][T16830] RSP: 002b:00007f903f7d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 633.647212][T16830] RAX: 0000000000000000 RBX: 00007f903ebb5fa0 RCX: 00007f903e98e969 [ 633.647221][T16830] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 633.647229][T16830] RBP: 00007f903ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 633.647238][T16830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.647246][T16830] R13: 0000000000000000 R14: 00007f903ebb5fa0 R15: 00007ffdf1300678 [ 633.647265][T16830] [ 633.909997][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.546786][T16858] [U] [ 636.549596][T16858] [U] [ 636.552272][T16858] [U] [ 636.554944][T16858] [U] [ 636.631601][T16858] [U] [ 636.634316][T16858] [U] [ 636.636989][T16858] [U] [ 636.639665][T16858] [U] [ 636.727143][T16858] [U] [ 636.729859][T16858] [U] [ 636.732532][T16858] [U] [ 636.735209][T16858] [U] [ 636.806094][T16858] [U] [ 636.808805][T16858] [U] [ 636.811482][T16858] [U] [ 636.814154][T16858] [U] [ 636.869995][T16858] [U] [ 636.872710][T16858] [U] [ 636.875385][T16858] [U] [ 636.878060][T16858] [U] [ 636.938428][T16858] [U] [ 636.941143][T16858] [U] [ 636.943819][T16858] [U] [ 636.946493][T16858] [U] [ 636.996477][T16858] [U] [ 636.999197][T16858] [U] [ 637.001873][T16858] [U] [ 637.004549][T16858] [U] [ 637.054193][T16858] [U] [ 637.056912][T16858] [U] [ 637.059587][T16858] [U] [ 637.196221][T16857] [U] [ 637.648048][T16874] netlink: 'syz.3.4061': attribute type 29 has an invalid length. [ 639.378917][T16382] Bluetooth: hci2: unexpected event 0x09 length: 11 > 3 [ 639.809106][T16916] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4075'. [ 640.031440][T16922] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4075'. [ 640.167843][T16920] sp0: Synchronizing with TNC [ 640.813974][T16932] sp0: Synchronizing with TNC [ 641.409795][T16943] ================================================================== [ 641.417878][T16943] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 641.425596][T16943] Read of size 8 at addr ffff8881492b0018 by task syz.1.4084/16943 [ 641.433467][T16943] [ 641.435777][T16943] CPU: 1 UID: 0 PID: 16943 Comm: syz.1.4084 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 641.435796][T16943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 641.435805][T16943] Call Trace: [ 641.435812][T16943] [ 641.435818][T16943] dump_stack_lvl+0x116/0x1f0 [ 641.435842][T16943] print_report+0xc3/0x670 [ 641.435861][T16943] ? __virt_addr_valid+0x5e/0x590 [ 641.435880][T16943] ? __phys_addr+0xc6/0x150 [ 641.435898][T16943] ? dvb_device_open+0x36a/0x3b0 [ 641.435918][T16943] kasan_report+0xe0/0x110 [ 641.435935][T16943] ? dvb_device_open+0x36a/0x3b0 [ 641.435956][T16943] ? __pfx_dvb_device_open+0x10/0x10 [ 641.435975][T16943] dvb_device_open+0x36a/0x3b0 [ 641.435995][T16943] ? __pfx_dvb_device_open+0x10/0x10 [ 641.436016][T16943] chrdev_open+0x234/0x6a0 [ 641.436031][T16943] ? __pfx_apparmor_file_open+0x10/0x10 [ 641.436050][T16943] ? __pfx_chrdev_open+0x10/0x10 [ 641.436066][T16943] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 641.436089][T16943] do_dentry_open+0x741/0x1c10 [ 641.436109][T16943] ? __pfx_chrdev_open+0x10/0x10 [ 641.436126][T16943] vfs_open+0x82/0x3f0 [ 641.436144][T16943] path_openat+0x1e5e/0x2d40 [ 641.436163][T16943] ? __pfx_path_openat+0x10/0x10 [ 641.436180][T16943] do_filp_open+0x20b/0x470 [ 641.436195][T16943] ? __pfx_do_filp_open+0x10/0x10 [ 641.436215][T16943] ? alloc_fd+0x471/0x7d0 [ 641.436238][T16943] do_sys_openat2+0x11b/0x1d0 [ 641.436256][T16943] ? __pfx_do_sys_openat2+0x10/0x10 [ 641.436277][T16943] __x64_sys_openat+0x174/0x210 [ 641.436296][T16943] ? __pfx___x64_sys_openat+0x10/0x10 [ 641.436315][T16943] ? rcu_is_watching+0x12/0xc0 [ 641.436332][T16943] do_syscall_64+0xcd/0x230 [ 641.436353][T16943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.436368][T16943] RIP: 0033:0x7f5947d8e969 [ 641.436382][T16943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.436396][T16943] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 641.436411][T16943] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 641.436421][T16943] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 641.436430][T16943] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 641.436441][T16943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 641.436450][T16943] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 641.436463][T16943] [ 641.436468][T16943] [ 641.683628][T16943] Allocated by task 1: [ 641.687679][T16943] kasan_save_stack+0x33/0x60 [ 641.692343][T16943] kasan_save_track+0x14/0x30 [ 641.697003][T16943] __kasan_kmalloc+0xaa/0xb0 [ 641.701577][T16943] dvb_register_device+0x1e4/0x2370 [ 641.706766][T16943] dvb_register_frontend+0x5a6/0x880 [ 641.712041][T16943] vidtv_bridge_probe+0x459/0xa90 [ 641.717052][T16943] platform_probe+0xff/0x1f0 [ 641.721634][T16943] really_probe+0x241/0xa90 [ 641.726122][T16943] __driver_probe_device+0x1de/0x440 [ 641.731397][T16943] driver_probe_device+0x4c/0x1b0 [ 641.736405][T16943] __driver_attach+0x283/0x580 [ 641.741157][T16943] bus_for_each_dev+0x13e/0x1d0 [ 641.745999][T16943] bus_add_driver+0x2e9/0x690 [ 641.750658][T16943] driver_register+0x15c/0x4b0 [ 641.755408][T16943] vidtv_bridge_init+0x45/0x80 [ 641.760157][T16943] do_one_initcall+0x120/0x6e0 [ 641.764910][T16943] kernel_init_freeable+0x5c2/0x900 [ 641.770100][T16943] kernel_init+0x1c/0x2b0 [ 641.774421][T16943] ret_from_fork+0x48/0x80 [ 641.778818][T16943] ret_from_fork_asm+0x1a/0x30 [ 641.783568][T16943] [ 641.785874][T16943] Freed by task 16764: [ 641.789917][T16943] kasan_save_stack+0x33/0x60 [ 641.794577][T16943] kasan_save_track+0x14/0x30 [ 641.799239][T16943] kasan_save_free_info+0x3b/0x60 [ 641.804251][T16943] __kasan_slab_free+0x51/0x70 [ 641.809000][T16943] kfree+0x2b6/0x4d0 [ 641.812874][T16943] dvb_device_put.part.0+0x60/0x90 [ 641.817974][T16943] dvb_device_open+0x2a4/0x3b0 [ 641.822727][T16943] chrdev_open+0x234/0x6a0 [ 641.827132][T16943] do_dentry_open+0x741/0x1c10 [ 641.831883][T16943] vfs_open+0x82/0x3f0 [ 641.835939][T16943] path_openat+0x1e5e/0x2d40 [ 641.840510][T16943] do_filp_open+0x20b/0x470 [ 641.844997][T16943] do_sys_openat2+0x11b/0x1d0 [ 641.849660][T16943] __x64_sys_openat+0x174/0x210 [ 641.854497][T16943] do_syscall_64+0xcd/0x230 [ 641.858992][T16943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.864867][T16943] [ 641.867172][T16943] The buggy address belongs to the object at ffff8881492b0000 [ 641.867172][T16943] which belongs to the cache kmalloc-256 of size 256 [ 641.881205][T16943] The buggy address is located 24 bytes inside of [ 641.881205][T16943] freed 256-byte region [ffff8881492b0000, ffff8881492b0100) [ 641.894896][T16943] [ 641.897204][T16943] The buggy address belongs to the physical page: [ 641.903618][T16943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881492b0000 pfn:0x1492b0 [ 641.913751][T16943] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 641.922234][T16943] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff) [ 641.930800][T16943] page_type: f5(slab) [ 641.934765][T16943] raw: 057ff00000000240 ffff88801b441b40 ffff888140400708 ffffea000518f390 [ 641.943332][T16943] raw: ffff8881492b0000 000000000010000f 00000000f5000000 0000000000000000 [ 641.951900][T16943] head: 057ff00000000240 ffff88801b441b40 ffff888140400708 ffffea000518f390 [ 641.960554][T16943] head: ffff8881492b0000 000000000010000f 00000000f5000000 0000000000000000 [ 641.969207][T16943] head: 057ff00000000001 ffffea000524ac01 00000000ffffffff 00000000ffffffff [ 641.977859][T16943] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 641.986510][T16943] page dumped because: kasan: bad access detected [ 641.992902][T16943] page_owner tracks the page as allocated [ 641.998602][T16943] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18781183955, free_ts 0 [ 642.018294][T16943] post_alloc_hook+0x181/0x1b0 [ 642.023052][T16943] get_page_from_freelist+0x135c/0x3920 [ 642.028583][T16943] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 642.034460][T16943] alloc_pages_mpol+0x1fb/0x550 [ 642.039298][T16943] new_slab+0x244/0x340 [ 642.043436][T16943] ___slab_alloc+0xd9c/0x1940 [ 642.048093][T16943] __slab_alloc.constprop.0+0x56/0xb0 [ 642.053449][T16943] __kmalloc_cache_noprof+0xfb/0x3e0 [ 642.058714][T16943] dvb_register_device+0x1e4/0x2370 [ 642.063904][T16943] dvb_register_frontend+0x5a6/0x880 [ 642.069176][T16943] vidtv_bridge_probe+0x459/0xa90 [ 642.074201][T16943] platform_probe+0xff/0x1f0 [ 642.078772][T16943] really_probe+0x241/0xa90 [ 642.083261][T16943] __driver_probe_device+0x1de/0x440 [ 642.088531][T16943] driver_probe_device+0x4c/0x1b0 [ 642.093538][T16943] __driver_attach+0x283/0x580 [ 642.098290][T16943] page_owner free stack trace missing [ 642.103634][T16943] [ 642.105938][T16943] Memory state around the buggy address: [ 642.111549][T16943] ffff8881492aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 642.119591][T16943] ffff8881492aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 642.127632][T16943] >ffff8881492b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 642.135672][T16943] ^ [ 642.140497][T16943] ffff8881492b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 642.148536][T16943] ffff8881492b0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 642.156580][T16943] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 644.143014][T16943] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 644.150232][T16943] CPU: 1 UID: 0 PID: 16943 Comm: syz.1.4084 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 644.162277][T16943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 644.172316][T16943] Call Trace: [ 644.175582][T16943] [ 644.178497][T16943] dump_stack_lvl+0x3d/0x1f0 [ 644.183082][T16943] panic+0x71c/0x800 [ 644.186971][T16943] ? __pfx_panic+0x10/0x10 [ 644.191377][T16943] ? mark_held_locks+0x49/0x80 [ 644.196132][T16943] ? preempt_schedule_thunk+0x16/0x30 [ 644.201495][T16943] ? dvb_device_open+0x36a/0x3b0 [ 644.206425][T16943] ? preempt_schedule_common+0x44/0xc0 [ 644.211899][T16943] ? dvb_device_open+0x36a/0x3b0 [ 644.216832][T16943] check_panic_on_warn+0xab/0xb0 [ 644.221763][T16943] end_report+0x107/0x170 [ 644.226081][T16943] kasan_report+0xee/0x110 [ 644.230486][T16943] ? dvb_device_open+0x36a/0x3b0 [ 644.235414][T16943] ? __pfx_dvb_device_open+0x10/0x10 [ 644.240690][T16943] dvb_device_open+0x36a/0x3b0 [ 644.245444][T16943] ? __pfx_dvb_device_open+0x10/0x10 [ 644.250718][T16943] chrdev_open+0x234/0x6a0 [ 644.255120][T16943] ? __pfx_apparmor_file_open+0x10/0x10 [ 644.260652][T16943] ? __pfx_chrdev_open+0x10/0x10 [ 644.265578][T16943] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 644.272330][T16943] do_dentry_open+0x741/0x1c10 [ 644.277078][T16943] ? __pfx_chrdev_open+0x10/0x10 [ 644.282001][T16943] vfs_open+0x82/0x3f0 [ 644.286058][T16943] path_openat+0x1e5e/0x2d40 [ 644.290637][T16943] ? __pfx_path_openat+0x10/0x10 [ 644.295557][T16943] do_filp_open+0x20b/0x470 [ 644.300043][T16943] ? __pfx_do_filp_open+0x10/0x10 [ 644.305058][T16943] ? alloc_fd+0x471/0x7d0 [ 644.309382][T16943] do_sys_openat2+0x11b/0x1d0 [ 644.314048][T16943] ? __pfx_do_sys_openat2+0x10/0x10 [ 644.319238][T16943] __x64_sys_openat+0x174/0x210 [ 644.324081][T16943] ? __pfx___x64_sys_openat+0x10/0x10 [ 644.329441][T16943] ? rcu_is_watching+0x12/0xc0 [ 644.334192][T16943] do_syscall_64+0xcd/0x230 [ 644.338686][T16943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.344564][T16943] RIP: 0033:0x7f5947d8e969 [ 644.348964][T16943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.368560][T16943] RSP: 002b:00007f5948b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 644.376959][T16943] RAX: ffffffffffffffda RBX: 00007f5947fb5fa0 RCX: 00007f5947d8e969 [ 644.384917][T16943] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 644.392896][T16943] RBP: 00007f5947e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 644.400859][T16943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 644.408812][T16943] R13: 0000000000000000 R14: 00007f5947fb5fa0 R15: 00007fff4a938d88 [ 644.416772][T16943] [ 644.419836][T16943] Kernel Offset: disabled [ 644.424153][T16943] Rebooting in 86400 seconds..