last executing test programs: 3m50.50916434s ago: executing program 1 (id=3499): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) 3m47.137590386s ago: executing program 1 (id=3508): socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd14/sched/write1_fifo_list\x00', 0x189e42, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c000980"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m46.744829499s ago: executing program 1 (id=3513): sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x8880) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x58, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon8\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r0, 0x0, 0x2f) ioctl$auto_MON_IOCG_STATS(r0, 0x80089203, 0x0) chmod$auto(0x0, 0xf4ba) close_range$auto(0x2, 0xa, 0x0) 3m46.266641344s ago: executing program 1 (id=3518): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 3m45.80464866s ago: executing program 1 (id=3520): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/usbip-vudc.0/usbip_sockfd\x00', 0x103841, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x2, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x0, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) epoll_pwait$auto(0xffffffffffffffff, 0x0, 0x0, 0x3, &(0x7f0000000180), 0x8) write$auto(r0, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb\x00\x00\x00\x00\x00\x00\x00\x00v\x920x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r2, r1, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) 3m45.125073324s ago: executing program 32 (id=3521): mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) r1 = socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x20000054) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bond\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r2, r1, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) 2m33.287759938s ago: executing program 2 (id=4011): sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c080}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) close_range$auto(0x2, 0x8, 0x0) 2m32.977981833s ago: executing program 2 (id=4013): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x3, 0x6) lstat$auto(&(0x7f0000000000)='./file1\x00', 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}}, 0x20044000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x103, 0x300) 2m32.707033641s ago: executing program 2 (id=4016): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x2ff, 0x400, 0x2}]}) 2m32.323463133s ago: executing program 2 (id=4017): statmount$auto(0x0, 0x0, 0x10, 0xd) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x2, 0x0) unshare$auto(0x40000080) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x8208ae63, 0x38) 2m31.536938914s ago: executing program 2 (id=4021): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 2m30.933535882s ago: executing program 2 (id=4024): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) 2m15.649444306s ago: executing program 33 (id=4024): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) 6.734684406s ago: executing program 0 (id=4932): open(0x0, 0xd02, 0xc3) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) gettid() syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4) 6.507152932s ago: executing program 4 (id=4935): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) socket(0xa, 0x1, 0x100) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x21, 0x3, 0x9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 5.351918838s ago: executing program 0 (id=4939): socket(0x15, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r0) 5.280401994s ago: executing program 4 (id=4940): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_percent\x00', 0x6c0002, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) clone$auto(0x6, 0x2, 0x0, 0x0, 0xff) 5.13425212s ago: executing program 0 (id=4941): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000940)={'hsr0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x60, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_IFINDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.037501609s ago: executing program 5 (id=4942): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000007, 0x0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, 0x0) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) 4.851428444s ago: executing program 0 (id=4944): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60642, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x10000009b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x400100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x39b8) 3.864977949s ago: executing program 5 (id=4945): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0482, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) pipe$auto(&(0x7f0000000280)=r0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0xbb7f, 0x6]}, 0x0) 3.633981892s ago: executing program 4 (id=4947): close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) socket(0x10, 0x2, 0xf) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0xc00, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 3.605072709s ago: executing program 5 (id=4948): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xb, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x3624239c, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.440774267s ago: executing program 5 (id=4950): mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) r0 = gettid() openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) tkill$auto(r0, 0x7) 3.159925204s ago: executing program 5 (id=4952): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c9180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(0xffffffffffffffff, 0x0, 0x40) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) fcntl$auto(0x8000000000000001, 0x26, 0x8) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) close_range$auto(0x2, 0x8, 0x0) 2.756474931s ago: executing program 4 (id=4953): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x13, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0x2}, 0x1002}, 0x739618ce, 0x311) unshare$auto(0x40000080) recvfrom$auto(0x3, 0x0, 0x800000000a, 0x3, 0x0, 0xfffffffffffffffd) 2.27328872s ago: executing program 3 (id=4955): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) socket(0x2a, 0x2, 0x6) socket(0xa, 0x801, 0x84) getsockopt$auto(0x6, 0x84, 0x22, 0x0, 0x0) 1.974446927s ago: executing program 5 (id=4956): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_percent\x00', 0x6c0002, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) clone$auto(0x6, 0x2, 0x0, 0x0, 0xff) 1.63115243s ago: executing program 4 (id=4957): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) ioctl$auto(0x3, 0xc0303e03, r0) 1.250474943s ago: executing program 3 (id=4958): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) accept$auto(0x3, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.050911008s ago: executing program 3 (id=4959): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/arch_status\x00', 0x200, 0x0) socket(0x2, 0x802, 0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) 867.292249ms ago: executing program 3 (id=4960): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) semctl$auto(0x100, 0xfffffffffffffffa, 0x3, 0x8) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x20002, 0x0) ioctl$auto(r1, 0x560a, r2) 387.907279ms ago: executing program 4 (id=4961): openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x80, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x200007, 0x19) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) unshare$auto(0x40000080) read$auto(0x3, 0x0, 0x80) ioctl$auto_TUNGETIFF(r0, 0x800454d2, 0x0) 271.331143ms ago: executing program 3 (id=4962): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/numa_balancing\x00', 0x2002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/icmp\x00', 0xc0880, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x40, 0x0) pread64$auto(r0, 0x0, 0x1ffffffffffe, 0x8) 197.039665ms ago: executing program 0 (id=4963): socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0) ioctl$auto_UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, &(0x7f0000000440)=0x1) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x2, 0x0, 0xc) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) 100.91195ms ago: executing program 3 (id=4964): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(0x3, 0x0, 0x1f40) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0xc00000, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mlockall$auto(0x7) 0s ago: executing program 0 (id=4965): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x6d, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008801}, 0x24000802) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf251bee05ba000000000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 1.105672][T13223] do_syscall_64+0xcd/0x230 [ 421.105718][T13223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.105746][T13223] RIP: 0033:0x7fc20238e969 [ 421.105769][T13223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.105795][T13223] RSP: 002b:00007fc203201038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 421.105823][T13223] RAX: ffffffffffffffda RBX: 00007fc2025b5fa0 RCX: 00007fc20238e969 [ 421.105842][T13223] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 421.105858][T13223] RBP: 00007fc202410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 421.105875][T13223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.105892][T13223] R13: 0000000000000000 R14: 00007fc2025b5fa0 R15: 00007ffd3d8290e8 [ 421.105931][T13223] [ 421.637582][T13234] netlink: 86 bytes leftover after parsing attributes in process `syz.0.2853'. [ 421.868596][T13239] netlink: 'syz.1.2854': attribute type 16 has an invalid length. [ 421.924881][T13239] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2854'. [ 424.463767][T13293] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2875'. [ 425.656710][T13325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2888'. [ 425.670992][T13325] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2888'. [ 425.681856][T13325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2888'. [ 425.888354][T13331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2891'. [ 425.943155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 425.953299][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 426.347368][ T5842] Bluetooth: hci2: unexpected event 0x05 length: 440 > 4 [ 426.553663][T13347] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2898'. [ 427.430112][T13375] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2911'. [ 427.509865][T13377] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2912'. [ 428.057451][T13399] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2922'. [ 428.321883][T13404] FAULT_INJECTION: forcing a failure. [ 428.321883][T13404] name failslab, interval 1, probability 0, space 0, times 0 [ 428.337533][T13404] CPU: 1 UID: 0 PID: 13404 Comm: syz.1.2924 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 428.337576][T13404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 428.337593][T13404] Call Trace: [ 428.337602][T13404] [ 428.337614][T13404] dump_stack_lvl+0x16c/0x1f0 [ 428.337663][T13404] should_fail_ex+0x512/0x640 [ 428.337707][T13404] ? __kvmalloc_node_noprof+0x122/0x600 [ 428.337744][T13404] should_failslab+0xc2/0x120 [ 428.337782][T13404] __kvmalloc_node_noprof+0x135/0x600 [ 428.337814][T13404] ? lockdep_init_map_type+0x5c/0x280 [ 428.337855][T13404] ? __v4l2_subdev_state_alloc+0x1a7/0x400 [ 428.337897][T13404] ? __v4l2_subdev_state_alloc+0x1a7/0x400 [ 428.337929][T13404] __v4l2_subdev_state_alloc+0x1a7/0x400 [ 428.337965][T13404] subdev_open+0xa6/0x560 [ 428.337998][T13404] v4l2_open+0x222/0x490 [ 428.338038][T13404] ? __pfx_v4l2_open+0x10/0x10 [ 428.338072][T13404] chrdev_open+0x234/0x6a0 [ 428.338101][T13404] ? __pfx_apparmor_file_open+0x10/0x10 [ 428.338137][T13404] ? __pfx_chrdev_open+0x10/0x10 [ 428.338173][T13404] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 428.338235][T13404] do_dentry_open+0x741/0x1c10 [ 428.338268][T13404] ? __pfx_chrdev_open+0x10/0x10 [ 428.338309][T13404] vfs_open+0x82/0x3f0 [ 428.338353][T13404] path_openat+0x1e5e/0x2d40 [ 428.338399][T13404] ? __pfx_path_openat+0x10/0x10 [ 428.338439][T13404] do_filp_open+0x20b/0x470 [ 428.338467][T13404] ? __pfx_do_filp_open+0x10/0x10 [ 428.338526][T13404] ? alloc_fd+0x471/0x7d0 [ 428.338584][T13404] do_sys_openat2+0x11b/0x1d0 [ 428.338624][T13404] ? __pfx_do_sys_openat2+0x10/0x10 [ 428.338681][T13404] __x64_sys_openat+0x174/0x210 [ 428.338720][T13404] ? __pfx___x64_sys_openat+0x10/0x10 [ 428.338762][T13404] ? rcu_is_watching+0x12/0xc0 [ 428.338803][T13404] do_syscall_64+0xcd/0x230 [ 428.338851][T13404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.338881][T13404] RIP: 0033:0x7fc20238e969 [ 428.338906][T13404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.338934][T13404] RSP: 002b:00007fc203201038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.338962][T13404] RAX: ffffffffffffffda RBX: 00007fc2025b5fa0 RCX: 00007fc20238e969 [ 428.338982][T13404] RDX: 0000000000080000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 428.339000][T13404] RBP: 00007fc202410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 428.339017][T13404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.339034][T13404] R13: 0000000000000000 R14: 00007fc2025b5fa0 R15: 00007ffd3d8290e8 [ 428.339073][T13404] [ 428.710231][T13409] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2925'. [ 429.847773][T13440] __nla_validate_parse: 2 callbacks suppressed [ 429.847801][T13440] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2938'. [ 429.897102][T13440] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2938'. [ 431.466426][T13478] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2950'. [ 432.719585][T13504] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2960'. [ 432.919498][T13507] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2961'. [ 432.932455][T13507] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2961'. [ 433.016160][T13510] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 433.305758][T13517] netlink: 'syz.1.2964': attribute type 27 has an invalid length. [ 433.356052][T13517] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2964'. [ 434.965247][T13543] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2975'. [ 437.765550][T13605] FAULT_INJECTION: forcing a failure. [ 437.765550][T13605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 437.804429][T13605] CPU: 1 UID: 0 PID: 13605 Comm: syz.2.2995 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 437.804476][T13605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 437.804494][T13605] Call Trace: [ 437.804505][T13605] [ 437.804518][T13605] dump_stack_lvl+0x16c/0x1f0 [ 437.804568][T13605] should_fail_ex+0x512/0x640 [ 437.804621][T13605] should_fail_alloc_page+0xe7/0x130 [ 437.804664][T13605] prepare_alloc_pages+0x3c2/0x610 [ 437.804714][T13605] ? rcu_is_watching+0x12/0xc0 [ 437.804748][T13605] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 437.804793][T13605] ? cgroup_rstat_updated+0x2a/0xb20 [ 437.804851][T13605] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 437.804894][T13605] ? __asan_memcpy+0x3c/0x60 [ 437.804930][T13605] ? __pfx_interleave_nid+0x10/0x10 [ 437.804975][T13605] ? __lock_acquire+0x5ca/0x1ba0 [ 437.805042][T13605] ? policy_nodemask+0xea/0x4e0 [ 437.805084][T13605] alloc_pages_mpol+0x1fb/0x550 [ 437.805123][T13605] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 437.805163][T13605] ? __lock_acquire+0x5ca/0x1ba0 [ 437.805209][T13605] folio_alloc_mpol_noprof+0x36/0x2f0 [ 437.805256][T13605] vma_alloc_folio_noprof+0xed/0x1e0 [ 437.805297][T13605] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 437.805345][T13605] do_pte_missing+0x223d/0x3fb0 [ 437.805399][T13605] __handle_mm_fault+0x103d/0x2a40 [ 437.805444][T13605] ? __pfx___handle_mm_fault+0x10/0x10 [ 437.805474][T13605] ? __pte_offset_map_lock+0x155/0x2f0 [ 437.805520][T13605] ? find_held_lock+0x2b/0x80 [ 437.805549][T13605] ? find_held_lock+0x2b/0x80 [ 437.805608][T13605] handle_mm_fault+0x3fe/0xad0 [ 437.805650][T13605] __get_user_pages+0x771/0x36f0 [ 437.805711][T13605] ? __pfx_mt_find+0x10/0x10 [ 437.805741][T13605] ? __pfx___get_user_pages+0x10/0x10 [ 437.805804][T13605] populate_vma_page_range+0x278/0x3a0 [ 437.805837][T13605] ? __pfx_populate_vma_page_range+0x10/0x10 [ 437.805866][T13605] ? __pfx_find_vma_intersection+0x10/0x10 [ 437.805915][T13605] ? do_mmap+0x69c/0x11b0 [ 437.805966][T13605] __mm_populate+0x1d8/0x380 [ 437.805998][T13605] ? __pfx___mm_populate+0x10/0x10 [ 437.806031][T13605] ? up_write+0x1b2/0x520 [ 437.806079][T13605] vm_mmap_pgoff+0x362/0x450 [ 437.806127][T13605] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 437.806173][T13605] ? do_set_mempolicy+0x220/0x480 [ 437.806216][T13605] ? __x64_sys_futex+0x1e0/0x4c0 [ 437.806248][T13605] ? __x64_sys_futex+0x1e9/0x4c0 [ 437.806288][T13605] ksys_mmap_pgoff+0x7d/0x5c0 [ 437.806331][T13605] ? rcu_is_watching+0x12/0xc0 [ 437.806371][T13605] __x64_sys_mmap+0x125/0x190 [ 437.806406][T13605] do_syscall_64+0xcd/0x230 [ 437.806452][T13605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.806483][T13605] RIP: 0033:0x7f3440d8e969 [ 437.806510][T13605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.806540][T13605] RSP: 002b:00007f3441cb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 437.806569][T13605] RAX: ffffffffffffffda RBX: 00007f3440fb5fa0 RCX: 00007f3440d8e969 [ 437.806587][T13605] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 437.806604][T13605] RBP: 00007f3440e10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 437.806620][T13605] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 437.806635][T13605] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 437.806674][T13605] [ 439.124411][T13623] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3002'. [ 439.174946][T13621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3000'. [ 439.819758][T13637] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3007'. [ 440.025210][T13642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3009'. [ 440.037880][T13642] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3009'. [ 441.422263][T13677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3024'. [ 441.643624][ T5842] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 441.643671][ T5842] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 441.668211][ T5842] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 441.668290][ T5842] Bluetooth: hci0: Malformed LE Event: 0x0d [ 442.108815][T13685] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3028'. [ 442.292633][T13666] kexec: Could not allocate control_code_buffer [ 444.316262][T13745] netlink: 'syz.2.3050': attribute type 4 has an invalid length. [ 445.826180][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.834168][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.783608][T13833] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3092'. [ 452.170075][ T975] smpboot: CPU 0 is now offline [ 452.774030][T13953] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3129'. [ 453.235453][T13963] netlink: 'syz.0.3133': attribute type 21 has an invalid length. [ 453.262657][T13963] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3133'. [ 453.294244][T13965] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3134'. [ 455.369786][T14002] Invalid ELF header magic: != ELF [ 456.165196][T14018] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3152'. [ 456.423643][T14022] netlink: 'syz.2.3153': attribute type 19 has an invalid length. [ 456.445321][T14023] netlink: 'syz.1.3154': attribute type 27 has an invalid length. [ 456.473877][T14023] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3154'. [ 456.494446][T14022] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3153'. [ 456.822178][T14030] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3157'. [ 457.566350][T14046] netlink: 'syz.1.3162': attribute type 28 has an invalid length. [ 457.605400][T14046] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3162'. [ 460.118676][T14098] netlink: 'syz.2.3184': attribute type 28 has an invalid length. [ 460.170039][T14103] netlink: 'syz.2.3184': attribute type 28 has an invalid length. [ 460.214318][T14098] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3184'. [ 460.292944][T14103] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3184'. [ 462.730922][T14145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3202'. [ 463.798677][T14153] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3205'. [ 465.131773][T14187] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3215'. [ 465.784431][T14201] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3220'. [ 468.820818][ T5842] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 470.439250][T14306] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3249'. [ 471.116412][T14326] sctp: [Deprecated]: syz.3.3256 (pid 14326) Use of struct sctp_assoc_value in delayed_ack socket option. [ 471.116412][T14326] Use struct sctp_sack_info instead [ 472.223616][T14357] Invalid ELF header magic: != ELF [ 473.176047][T14388] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3283'. [ 473.297350][T14382] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3280'. [ 473.356555][T14382] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3280'. [ 473.464598][T14395] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3285'. [ 474.189920][T14412] sock: sock_timestamping_bind_phc: sock not bind to device [ 474.440298][T14422] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3299'. [ 474.651430][T14427] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3301'. [ 474.741693][T14429] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3302'. [ 474.860662][T14433] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3304'. [ 475.231146][T14444] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3309'. [ 475.281937][T14444] bridge0: port 3(vlan1) entered disabled state [ 475.483500][T14444] vlan1 (unregistering): left allmulticast mode [ 475.506393][T14444] vlan1 (unregistering): left promiscuous mode [ 475.529326][T14444] bridge0: port 3(vlan1) entered disabled state [ 475.567047][ T5842] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 477.530645][T14494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3327'. [ 479.220881][T14533] __nla_validate_parse: 3 callbacks suppressed [ 479.220897][T14533] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3343'. [ 479.891466][T14556] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 479.891466][T14556] The task syz.1.3353 (14556) triggered the difference, watch for misbehavior. [ 480.153540][T14567] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 480.369654][T14571] netlink: 30 bytes leftover after parsing attributes in process `syz.2.3359'. [ 480.716830][T14573] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3360'. [ 480.747655][T14583] FAULT_INJECTION: forcing a failure. [ 480.747655][T14583] name failslab, interval 1, probability 0, space 0, times 0 [ 480.794504][T14585] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3365'. [ 480.809220][T14583] CPU: 1 UID: 0 PID: 14583 Comm: syz.2.3364 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 480.809249][T14583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 480.809259][T14583] Call Trace: [ 480.809266][T14583] [ 480.809272][T14583] dump_stack_lvl+0x16c/0x1f0 [ 480.809304][T14583] should_fail_ex+0x512/0x640 [ 480.809329][T14583] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 480.809352][T14583] should_failslab+0xc2/0x120 [ 480.809374][T14583] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 480.809392][T14583] ? __pfx___might_resched+0x10/0x10 [ 480.809411][T14583] ? __anon_vma_prepare+0x344/0x5e0 [ 480.809434][T14583] __anon_vma_prepare+0x344/0x5e0 [ 480.809455][T14583] __vmf_anon_prepare+0x11c/0x240 [ 480.809481][T14583] do_pte_missing+0x1194/0x3fb0 [ 480.809499][T14583] ? find_held_lock+0x2b/0x80 [ 480.809516][T14583] ? __handle_mm_fault+0x1010/0x2a40 [ 480.809537][T14583] __handle_mm_fault+0x103d/0x2a40 [ 480.809560][T14583] ? __pfx___handle_mm_fault+0x10/0x10 [ 480.809577][T14583] ? __pte_offset_map_lock+0x155/0x2f0 [ 480.809600][T14583] ? find_held_lock+0x2b/0x80 [ 480.809615][T14583] ? find_held_lock+0x2b/0x80 [ 480.809644][T14583] handle_mm_fault+0x3fe/0xad0 [ 480.809665][T14583] __get_user_pages+0x771/0x36f0 [ 480.809697][T14583] ? __pfx_mt_find+0x10/0x10 [ 480.809713][T14583] ? __pfx___get_user_pages+0x10/0x10 [ 480.809747][T14583] populate_vma_page_range+0x278/0x3a0 [ 480.809772][T14583] ? __pfx_populate_vma_page_range+0x10/0x10 [ 480.809788][T14583] ? __pfx_find_vma_intersection+0x10/0x10 [ 480.809814][T14583] ? do_mmap+0x69c/0x11b0 [ 480.809840][T14583] __mm_populate+0x1d8/0x380 [ 480.809857][T14583] ? __pfx___mm_populate+0x10/0x10 [ 480.809875][T14583] ? up_write+0x1b2/0x520 [ 480.809901][T14583] vm_mmap_pgoff+0x362/0x450 [ 480.809929][T14583] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 480.809953][T14583] ? __pfx_alarmtimer_nsleep_wakeup+0x10/0x10 [ 480.809976][T14583] ? __x64_sys_futex+0x1e0/0x4c0 [ 480.809993][T14583] ? __x64_sys_futex+0x1e9/0x4c0 [ 480.810014][T14583] ksys_mmap_pgoff+0x7d/0x5c0 [ 480.810038][T14583] ? rcu_is_watching+0x12/0xc0 [ 480.810057][T14583] __x64_sys_mmap+0x125/0x190 [ 480.810076][T14583] do_syscall_64+0xcd/0x230 [ 480.810102][T14583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.810118][T14583] RIP: 0033:0x7f3440d8e969 [ 480.810133][T14583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.810149][T14583] RSP: 002b:00007f3441cb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 480.810166][T14583] RAX: ffffffffffffffda RBX: 00007f3440fb5fa0 RCX: 00007f3440d8e969 [ 480.810177][T14583] RDX: 0000000400000072 RSI: 0000000000000009 RDI: 0000000000000000 [ 480.810187][T14583] RBP: 00007f3440e10ab1 R08: 0000001000000002 R09: 0000000000008000 [ 480.810197][T14583] R10: 0000000000008b72 R11: 0000000000000246 R12: 0000000000000000 [ 480.810206][T14583] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 480.810228][T14583] [ 481.471067][T14596] netlink: 266 bytes leftover after parsing attributes in process `syz.0.3369'. [ 481.480508][T14596] IPv6: NLM_F_CREATE should be specified when creating new route [ 481.651182][T14602] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3372'. [ 481.845775][T14608] FAULT_INJECTION: forcing a failure. [ 481.845775][T14608] name failslab, interval 1, probability 0, space 0, times 0 [ 481.860810][ T5140] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 481.892420][T14608] CPU: 1 UID: 0 PID: 14608 Comm: syz.1.3373 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 481.892447][T14608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 481.892458][T14608] Call Trace: [ 481.892464][T14608] [ 481.892471][T14608] dump_stack_lvl+0x16c/0x1f0 [ 481.892501][T14608] should_fail_ex+0x512/0x640 [ 481.892526][T14608] ? __kmalloc_noprof+0xbf/0x510 [ 481.892547][T14608] ? lsm_blob_alloc+0x68/0x90 [ 481.892561][T14608] should_failslab+0xc2/0x120 [ 481.892582][T14608] __kmalloc_noprof+0xd2/0x510 [ 481.892606][T14608] lsm_blob_alloc+0x68/0x90 [ 481.892622][T14608] security_sk_alloc+0x30/0x270 [ 481.892642][T14608] sk_prot_alloc+0xfb/0x2a0 [ 481.892669][T14608] sk_alloc+0x36/0xc20 [ 481.892688][T14608] inet_create+0x3a1/0x1090 [ 481.892713][T14608] ? inet_create+0x93/0x1090 [ 481.892752][T14608] __sock_create+0x335/0x8d0 [ 481.892782][T14608] __sys_socket+0x14d/0x260 [ 481.892798][T14608] ? __pfx___sys_socket+0x10/0x10 [ 481.892814][T14608] ? rcu_is_watching+0x12/0xc0 [ 481.892835][T14608] __x64_sys_socket+0x72/0xb0 [ 481.892849][T14608] ? lockdep_hardirqs_on+0x7c/0x110 [ 481.892873][T14608] do_syscall_64+0xcd/0x230 [ 481.892900][T14608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.892917][T14608] RIP: 0033:0x7fc20238e969 [ 481.892932][T14608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.892947][T14608] RSP: 002b:00007fc203201038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 481.892964][T14608] RAX: ffffffffffffffda RBX: 00007fc2025b5fa0 RCX: 00007fc20238e969 [ 481.892974][T14608] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 481.892984][T14608] RBP: 00007fc202410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 481.892993][T14608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.893003][T14608] R13: 0000000000000000 R14: 00007fc2025b5fa0 R15: 00007ffd3d8290e8 [ 481.893023][T14608] [ 482.223795][T14613] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3375'. [ 482.876191][T14627] dlm: Unknown command passed to DLM device : 0 [ 482.876191][T14627] [ 483.188285][T14642] TCP: TCP_TX_DELAY enabled [ 483.207946][T14644] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3388'. [ 483.726500][ T5842] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 484.366990][T14675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'. [ 484.413571][ T5842] Bluetooth: hci3: unexpected event 0x06 length: 440 > 3 [ 484.445119][T14679] netlink: 314 bytes leftover after parsing attributes in process `syz.0.3403'. [ 484.704418][T14675] bridge0: port 3(vlan1) entered disabled state [ 484.870213][T14675] vlan1 (unregistering): left allmulticast mode [ 484.926440][T14675] vlan1 (unregistering): left promiscuous mode [ 484.997901][T14675] bridge0: port 3(vlan1) entered disabled state [ 485.446017][ T30] audit: type=1326 audit(4294967434.660:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14696 comm="syz.0.3411" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f7ab8e969 code=0x0 [ 486.165416][T14714] netlink: 'syz.1.3417': attribute type 17 has an invalid length. [ 486.204339][T14714] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3417'. [ 486.768599][T14722] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3419'. [ 486.852555][T14725] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3421'. [ 487.099456][T14733] netlink: 350 bytes leftover after parsing attributes in process `syz.3.3425'. [ 489.882656][T14797] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3450'. [ 489.984320][ T5842] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 489.992513][ T5842] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 490.142362][T14805] netlink: 'syz.2.3453': attribute type 4 has an invalid length. [ 490.171435][T14805] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3453'. [ 491.035903][T14822] netlink: 346 bytes leftover after parsing attributes in process `syz.0.3460'. [ 491.161277][T14824] FAULT_INJECTION: forcing a failure. [ 491.161277][T14824] name failslab, interval 1, probability 0, space 0, times 0 [ 491.279262][T14824] CPU: 1 UID: 0 PID: 14824 Comm: syz.1.3461 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 491.279291][T14824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 491.279302][T14824] Call Trace: [ 491.279308][T14824] [ 491.279315][T14824] dump_stack_lvl+0x16c/0x1f0 [ 491.279345][T14824] should_fail_ex+0x512/0x640 [ 491.279371][T14824] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 491.279390][T14824] should_failslab+0xc2/0x120 [ 491.279412][T14824] __kmalloc_cache_noprof+0x6a/0x3e0 [ 491.279429][T14824] ? percpu_ref_init+0xec/0x410 [ 491.279451][T14824] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 491.279477][T14824] percpu_ref_init+0xec/0x410 [ 491.279501][T14824] io_uring_setup+0x453/0x1ff0 [ 491.279527][T14824] ? __pfx_io_uring_setup+0x10/0x10 [ 491.279548][T14824] ? do_futex+0x122/0x350 [ 491.279567][T14824] ? __pfx_do_futex+0x10/0x10 [ 491.279585][T14824] ? fd_install+0x225/0x750 [ 491.279611][T14824] ? rcu_is_watching+0x12/0xc0 [ 491.279641][T14824] __x64_sys_io_uring_setup+0xc2/0x170 [ 491.279664][T14824] do_syscall_64+0xcd/0x230 [ 491.279689][T14824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.279707][T14824] RIP: 0033:0x7fc20238e969 [ 491.279722][T14824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.279738][T14824] RSP: 002b:00007fc203201038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 491.279756][T14824] RAX: ffffffffffffffda RBX: 00007fc2025b5fa0 RCX: 00007fc20238e969 [ 491.279767][T14824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 491.279777][T14824] RBP: 00007fc202410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 491.279787][T14824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 491.279798][T14824] R13: 0000000000000000 R14: 00007fc2025b5fa0 R15: 00007ffd3d8290e8 [ 491.279818][T14824] [ 492.320679][T14847] netlink: 'syz.2.3470': attribute type 27 has an invalid length. [ 492.371089][T14847] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3470'. [ 494.000971][T14891] nbd: socks must be embedded in a SOCK_ITEM attr [ 494.020710][T14891] block nbd3: shutting down sockets [ 494.490366][T14901] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3491'. [ 494.712999][T14914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3495'. [ 496.204371][T14941] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3503'. [ 496.730985][T14945] netlink: 'syz.2.3505': attribute type 1 has an invalid length. [ 499.107177][T14956] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3508'. [ 500.576761][T14950] kexec: Could not allocate control_code_buffer [ 501.496496][T14993] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3526'. [ 501.699912][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 501.716992][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 501.725370][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 501.737231][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 501.745163][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 502.106749][T15005] netlink: 138 bytes leftover after parsing attributes in process `syz.2.3530'. [ 502.366958][T14996] chnl_net:caif_netlink_parms(): no params data found [ 502.606090][T14996] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.633343][T14996] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.659039][T14996] bridge_slave_0: entered allmulticast mode [ 502.688859][T14996] bridge_slave_0: entered promiscuous mode [ 502.717582][T14996] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.743172][T14996] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.763370][T14996] bridge_slave_1: entered allmulticast mode [ 502.783246][T14996] bridge_slave_1: entered promiscuous mode [ 502.878230][T14996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 502.902048][T14996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.985975][T14996] team0: Port device team_slave_0 added [ 503.007982][T14996] team0: Port device team_slave_1 added [ 503.092580][T14996] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.121987][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.218881][T14996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.266771][T14996] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.295405][T14996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.392406][T14996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 503.561376][T14996] hsr_slave_0: entered promiscuous mode [ 503.584840][T14996] hsr_slave_1: entered promiscuous mode [ 503.611579][T14996] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 503.646758][T14996] Cannot create hsr debugfs directory [ 503.824729][ T5140] Bluetooth: hci0: command tx timeout [ 504.211425][T14996] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 504.256568][T14996] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 504.328337][T14996] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 504.389407][T14996] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 504.426207][T15050] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3546'. [ 504.689407][T14996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 504.792296][T14996] 8021q: adding VLAN 0 to HW filter on device team0 [ 504.832924][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.840542][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 504.914023][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.921268][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 505.649030][T14996] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 505.909196][ T5140] Bluetooth: hci0: command tx timeout [ 506.556394][T14996] veth0_vlan: entered promiscuous mode [ 506.594561][T14996] veth1_vlan: entered promiscuous mode [ 506.735989][T14996] veth0_macvtap: entered promiscuous mode [ 506.777850][T14996] veth1_macvtap: entered promiscuous mode [ 506.870768][T14996] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 506.930831][T14996] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 506.989116][T14996] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.040599][T14996] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.078775][T14996] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.126635][T14996] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.271147][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.277753][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.511393][ T3457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.567745][ T3457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.650640][ T3457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.694426][ T3457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.986848][ T5140] Bluetooth: hci0: command tx timeout [ 508.037900][T15119] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3522'. [ 508.078380][T15119] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3522'. [ 508.430799][ T5140] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 509.627394][T15143] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3575'. [ 510.070854][ T5140] Bluetooth: hci0: command tx timeout [ 510.522032][T15158] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3580'. [ 511.216583][T15165] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3583'. [ 511.501867][T15172] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3587'. [ 511.568034][T15172] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3587'. [ 511.600256][T15175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3588'. [ 511.625348][T15176] netlink: 102 bytes leftover after parsing attributes in process `syz.4.3587'. [ 511.650554][T15175] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3588'. [ 512.966784][T15204] : renamed from gre0 (while UP) [ 513.147280][T15206] FAULT_INJECTION: forcing a failure. [ 513.147280][T15206] name failslab, interval 1, probability 0, space 0, times 0 [ 513.201871][T15206] CPU: 1 UID: 0 PID: 15206 Comm: syz.2.3599 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 513.201899][T15206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 513.201909][T15206] Call Trace: [ 513.201915][T15206] [ 513.201922][T15206] dump_stack_lvl+0x16c/0x1f0 [ 513.201952][T15206] should_fail_ex+0x512/0x640 [ 513.201979][T15206] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 513.202003][T15206] should_failslab+0xc2/0x120 [ 513.202025][T15206] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 513.202047][T15206] ? snd_timer_instance_new+0x65/0x2e0 [ 513.202075][T15206] kstrdup+0x53/0x100 [ 513.202097][T15206] snd_timer_instance_new+0x65/0x2e0 [ 513.202121][T15206] snd_seq_timer_open+0x1cc/0x5e0 [ 513.202142][T15206] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 513.202163][T15206] ? find_held_lock+0x2b/0x80 [ 513.202183][T15206] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 513.202206][T15206] ? lockdep_hardirqs_on+0x7c/0x110 [ 513.202229][T15206] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 513.202258][T15206] queue_use+0xe3/0x250 [ 513.202273][T15206] snd_seq_queue_alloc+0x2e5/0x550 [ 513.202293][T15206] snd_seq_ioctl_create_queue+0xa9/0x380 [ 513.202316][T15206] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 513.202343][T15206] alloc_seq_queue+0xda/0x180 [ 513.202375][T15206] ? __pfx_alloc_seq_queue+0x10/0x10 [ 513.202420][T15206] ? mark_held_locks+0x49/0x80 [ 513.202443][T15206] ? _raw_spin_unlock_irq+0x23/0x50 [ 513.202466][T15206] snd_seq_oss_open+0x38c/0xa20 [ 513.202494][T15206] odev_open+0x6f/0x90 [ 513.202514][T15206] ? __pfx_odev_open+0x10/0x10 [ 513.202535][T15206] soundcore_open+0x409/0x580 [ 513.202560][T15206] ? __pfx_soundcore_open+0x10/0x10 [ 513.202582][T15206] chrdev_open+0x234/0x6a0 [ 513.202600][T15206] ? __pfx_apparmor_file_open+0x10/0x10 [ 513.202623][T15206] ? __pfx_chrdev_open+0x10/0x10 [ 513.202643][T15206] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 513.202673][T15206] do_dentry_open+0x741/0x1c10 [ 513.202692][T15206] ? __pfx_chrdev_open+0x10/0x10 [ 513.202714][T15206] vfs_open+0x82/0x3f0 [ 513.202739][T15206] path_openat+0x1e5e/0x2d40 [ 513.202769][T15206] ? __pfx_path_openat+0x10/0x10 [ 513.202792][T15206] do_filp_open+0x20b/0x470 [ 513.202810][T15206] ? __pfx_do_filp_open+0x10/0x10 [ 513.202843][T15206] ? alloc_fd+0x471/0x7d0 [ 513.202876][T15206] do_sys_openat2+0x11b/0x1d0 [ 513.202898][T15206] ? __pfx_do_sys_openat2+0x10/0x10 [ 513.202930][T15206] __x64_sys_openat+0x174/0x210 [ 513.202953][T15206] ? __pfx___x64_sys_openat+0x10/0x10 [ 513.202977][T15206] ? rcu_is_watching+0x12/0xc0 [ 513.203000][T15206] do_syscall_64+0xcd/0x230 [ 513.203027][T15206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.203044][T15206] RIP: 0033:0x7f3440d8e969 [ 513.203058][T15206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.203075][T15206] RSP: 002b:00007f3441cb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 513.203092][T15206] RAX: ffffffffffffffda RBX: 00007f3440fb5fa0 RCX: 00007f3440d8e969 [ 513.203102][T15206] RDX: 0000000000000080 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 513.203113][T15206] RBP: 00007f3440e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 513.203122][T15206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.203132][T15206] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 513.203154][T15206] [ 514.628560][T15245] __nla_validate_parse: 5 callbacks suppressed [ 514.628577][T15245] netlink: 350 bytes leftover after parsing attributes in process `syz.2.3623'. [ 516.280808][T15248] kexec: Could not allocate control_code_buffer [ 516.649793][T15280] netlink: 'syz.4.3627': attribute type 19 has an invalid length. [ 516.659361][T15281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3628'. [ 516.680285][T15280] netlink: 114 bytes leftover after parsing attributes in process `syz.4.3627'. [ 517.262835][T15293] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3632'. [ 517.636462][T15298] netlink: 'syz.2.3635': attribute type 5 has an invalid length. [ 517.673900][T15298] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3635'. [ 518.184109][T15308] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3637'. [ 518.424021][T15313] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3640'. [ 519.390556][T15300] kexec: Could not allocate control_code_buffer [ 519.572917][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3650'. [ 521.066299][T15365] FAULT_INJECTION: forcing a failure. [ 521.066299][T15365] name failslab, interval 1, probability 0, space 0, times 0 [ 521.137905][T15365] CPU: 1 UID: 0 PID: 15365 Comm: syz.4.3659 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 521.137934][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 521.137945][T15365] Call Trace: [ 521.137951][T15365] [ 521.137959][T15365] dump_stack_lvl+0x16c/0x1f0 [ 521.137989][T15365] should_fail_ex+0x512/0x640 [ 521.138014][T15365] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 521.138037][T15365] should_failslab+0xc2/0x120 [ 521.138059][T15365] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 521.138078][T15365] ? security_file_alloc+0x34/0x2b0 [ 521.138105][T15365] security_file_alloc+0x34/0x2b0 [ 521.138128][T15365] init_file+0x93/0x4c0 [ 521.138149][T15365] alloc_empty_file+0x73/0x1e0 [ 521.138172][T15365] path_openat+0xe0/0x2d40 [ 521.138187][T15365] ? __x64_sys_openat+0x174/0x210 [ 521.138208][T15365] ? do_syscall_64+0xcd/0x230 [ 521.138231][T15365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.138255][T15365] ? __pfx_path_openat+0x10/0x10 [ 521.138278][T15365] do_filp_open+0x20b/0x470 [ 521.138294][T15365] ? __pfx_do_filp_open+0x10/0x10 [ 521.138326][T15365] ? alloc_fd+0x471/0x7d0 [ 521.138357][T15365] do_sys_openat2+0x11b/0x1d0 [ 521.138379][T15365] ? __pfx_do_sys_openat2+0x10/0x10 [ 521.138402][T15365] ? find_held_lock+0x2b/0x80 [ 521.138425][T15365] __x64_sys_openat+0x174/0x210 [ 521.138447][T15365] ? __pfx___x64_sys_openat+0x10/0x10 [ 521.138471][T15365] ? rcu_is_watching+0x12/0xc0 [ 521.138493][T15365] do_syscall_64+0xcd/0x230 [ 521.138518][T15365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.138535][T15365] RIP: 0033:0x7fa5e058e969 [ 521.138550][T15365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.138566][T15365] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 521.138582][T15365] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 521.138593][T15365] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 521.138603][T15365] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 521.138613][T15365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 521.138622][T15365] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 521.138643][T15365] [ 522.927545][T15387] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3667'. [ 523.019134][T15387] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3667'. [ 523.031052][T15391] netlink: 302 bytes leftover after parsing attributes in process `syz.4.3669'. [ 523.908639][T15405] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3676'. [ 525.502862][T15429] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3684'. [ 526.997347][T15463] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3694'. [ 527.489344][T15471] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3695'. [ 529.734907][T15518] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3711'. [ 530.070217][T15522] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3713'. [ 531.114286][T15552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 531.293103][T15555] netlink: 222 bytes leftover after parsing attributes in process `syz.0.3728'. [ 531.360562][T15555] netlink: 222 bytes leftover after parsing attributes in process `syz.0.3728'. [ 531.445268][T15557] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3727'. [ 531.462222][T15559] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3730'. [ 531.513344][T15557] IPv6: Can't replace route, no match found [ 533.294611][T15596] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3741'. [ 534.731677][T15623] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3751'. [ 535.416029][T15633] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3755'. [ 535.741320][T15643] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3759'. [ 535.916640][T15647] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3760'. [ 537.795275][T15683] FAULT_INJECTION: forcing a failure. [ 537.795275][T15683] name failslab, interval 1, probability 0, space 0, times 0 [ 537.879032][T15683] CPU: 1 UID: 0 PID: 15683 Comm: syz.2.3773 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 537.879060][T15683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 537.879070][T15683] Call Trace: [ 537.879077][T15683] [ 537.879084][T15683] dump_stack_lvl+0x16c/0x1f0 [ 537.879115][T15683] should_fail_ex+0x512/0x640 [ 537.879143][T15683] ? fs_reclaim_acquire+0xae/0x150 [ 537.879171][T15683] should_failslab+0xc2/0x120 [ 537.879192][T15683] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 537.879213][T15683] ? security_inode_alloc+0x3b/0x2b0 [ 537.879237][T15683] security_inode_alloc+0x3b/0x2b0 [ 537.879258][T15683] inode_init_always_gfp+0xce4/0x1030 [ 537.879289][T15683] alloc_inode+0x86/0x240 [ 537.879310][T15683] path_from_stashed+0x2be/0xb00 [ 537.879328][T15683] ? do_raw_spin_lock+0x12c/0x2b0 [ 537.879355][T15683] ? __pfx_path_from_stashed+0x10/0x10 [ 537.879374][T15683] ? do_raw_spin_unlock+0x172/0x230 [ 537.879403][T15683] ns_get_path+0x5f/0x80 [ 537.879429][T15683] proc_ns_get_link+0x121/0x260 [ 537.879446][T15683] ? __pfx_proc_ns_get_link+0x10/0x10 [ 537.879462][T15683] ? __pfx___might_resched+0x10/0x10 [ 537.879484][T15683] ? __pfx_proc_ns_get_link+0x10/0x10 [ 537.879499][T15683] step_into+0x1b25/0x2270 [ 537.879529][T15683] ? __pfx_step_into+0x10/0x10 [ 537.879552][T15683] ? find_held_lock+0x2b/0x80 [ 537.879575][T15683] path_openat+0x749/0x2d40 [ 537.879599][T15683] ? __pfx_path_openat+0x10/0x10 [ 537.879622][T15683] do_filp_open+0x20b/0x470 [ 537.879639][T15683] ? __pfx_do_filp_open+0x10/0x10 [ 537.879670][T15683] ? alloc_fd+0x471/0x7d0 [ 537.879702][T15683] do_sys_openat2+0x11b/0x1d0 [ 537.879724][T15683] ? __pfx_do_sys_openat2+0x10/0x10 [ 537.879755][T15683] __x64_sys_openat+0x174/0x210 [ 537.879777][T15683] ? __pfx___x64_sys_openat+0x10/0x10 [ 537.879801][T15683] ? do_user_addr_fault+0x843/0x1370 [ 537.879824][T15683] do_syscall_64+0xcd/0x230 [ 537.879850][T15683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.879868][T15683] RIP: 0033:0x7f3440d8d2d0 [ 537.879883][T15683] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 537.879899][T15683] RSP: 002b:00007f3441cb3f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 537.879915][T15683] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3440d8d2d0 [ 537.879926][T15683] RDX: 0000000000000002 RSI: 00007f3441cb3fa0 RDI: 00000000ffffff9c [ 537.879936][T15683] RBP: 00007f3441cb3fa0 R08: 0000000000000000 R09: 0000000000000000 [ 537.879946][T15683] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 537.879956][T15683] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 537.879976][T15683] [ 539.655119][T15718] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3787'. [ 540.419647][T15736] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3794'. [ 541.288185][T15759] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3802'. [ 541.869241][T15776] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3809'. [ 541.907859][T15777] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3808'. [ 544.193366][T15824] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3828'. [ 544.320520][T15827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3828'. [ 544.345817][T15829] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3830'. [ 544.612052][T15833] netlink: 29 bytes leftover after parsing attributes in process `syz.4.3841'. [ 544.975065][T15845] netlink: 'syz.3.3836': attribute type 1 has an invalid length. [ 545.021559][T15845] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3836'. [ 545.125325][T15850] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3838'. [ 545.266806][T15852] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3839'. [ 546.297270][T15870] netlink: 'syz.0.3846': attribute type 20 has an invalid length. [ 546.305442][T15870] __nla_validate_parse: 1 callbacks suppressed [ 546.305455][T15870] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3846'. [ 546.527402][T15870] IPv6: NLM_F_CREATE should be specified when creating new route [ 548.219398][T15898] netlink: zone id is out of range [ 548.224610][T15898] netlink: zone id is out of range [ 548.249690][T15894] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3854'. [ 548.270027][T15898] netlink: zone id is out of range [ 548.300733][T15898] netlink: zone id is out of range [ 548.305893][T15898] netlink: zone id is out of range [ 548.338084][T15898] netlink: zone id is out of range [ 548.355112][T15898] netlink: zone id is out of range [ 548.385816][T15898] netlink: zone id is out of range [ 548.409046][T15898] netlink: zone id is out of range [ 548.441450][T15898] netlink: zone id is out of range [ 548.781705][T15904] netlink: 'syz.0.3864': attribute type 21 has an invalid length. [ 548.853575][T15904] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3864'. [ 548.904131][T15908] input: f as /devices/virtual/input/input7 [ 549.265880][T15881] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 549.301381][T15916] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3860'. [ 549.360190][T15916] IPv6: NLM_F_CREATE should be specified when creating new route [ 549.418884][T15916] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 549.426433][T15916] IPv6: NLM_F_CREATE should be set when creating new route [ 549.433790][T15916] IPv6: NLM_F_CREATE should be set when creating new route [ 551.494537][T15950] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3872'. [ 551.539726][T15950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 552.360220][ T30] audit: type=1800 audit(4294968524.541:16): pid=15968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3881" name="ram7" dev="tmpfs" ino=1451 res=0 errno=0 [ 552.392838][T15967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3880'. [ 552.472632][T15969] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3880'. [ 552.556528][T15971] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3882'. [ 552.577783][T15969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3880'. [ 552.776387][T15973] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3883'. [ 553.585876][T15995] sctp: [Deprecated]: syz.3.3895 (pid 15995) Use of struct sctp_assoc_value in delayed_ack socket option. [ 553.585876][T15995] Use struct sctp_sack_info instead [ 554.087444][T16007] netlink: 266 bytes leftover after parsing attributes in process `syz.3.3899'. [ 554.331155][T16010] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3900'. [ 554.499870][T16014] netlink: 'syz.3.3902': attribute type 4 has an invalid length. [ 554.527456][T16014] netlink: 314 bytes leftover after parsing attributes in process `syz.3.3902'. [ 556.406482][T16048] FAULT_INJECTION: forcing a failure. [ 556.406482][T16048] name failslab, interval 1, probability 0, space 0, times 0 [ 556.489660][T16048] CPU: 1 UID: 0 PID: 16048 Comm: syz.2.3914 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 556.489689][T16048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 556.489699][T16048] Call Trace: [ 556.489706][T16048] [ 556.489713][T16048] dump_stack_lvl+0x16c/0x1f0 [ 556.489743][T16048] should_fail_ex+0x512/0x640 [ 556.489767][T16048] ? fs_reclaim_acquire+0xae/0x150 [ 556.489795][T16048] should_failslab+0xc2/0x120 [ 556.489817][T16048] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 556.489836][T16048] ? security_inode_alloc+0x3b/0x2b0 [ 556.489860][T16048] security_inode_alloc+0x3b/0x2b0 [ 556.489881][T16048] inode_init_always_gfp+0xce4/0x1030 [ 556.489902][T16048] alloc_inode+0x86/0x240 [ 556.489923][T16048] alloc_anon_inode+0x28/0x3e0 [ 556.489940][T16048] ioctx_alloc+0x4ad/0x2060 [ 556.489973][T16048] ? find_held_lock+0x2b/0x80 [ 556.489990][T16048] ? __pfx_ioctx_alloc+0x10/0x10 [ 556.490012][T16048] ? __might_fault+0x13b/0x190 [ 556.490039][T16048] __x64_sys_io_setup+0xc9/0x210 [ 556.490067][T16048] do_syscall_64+0xcd/0x230 [ 556.490093][T16048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.490110][T16048] RIP: 0033:0x7f3440d8e969 [ 556.490125][T16048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.490141][T16048] RSP: 002b:00007f3441cb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 556.490158][T16048] RAX: ffffffffffffffda RBX: 00007f3440fb5fa0 RCX: 00007f3440d8e969 [ 556.490168][T16048] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 556.490178][T16048] RBP: 00007f3440e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 556.490188][T16048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.490197][T16048] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 556.490218][T16048] [ 556.979231][T16052] FAULT_INJECTION: forcing a failure. [ 556.979231][T16052] name failslab, interval 1, probability 0, space 0, times 0 [ 557.078903][T16052] CPU: 1 UID: 0 PID: 16052 Comm: syz.4.3917 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 557.078932][T16052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 557.078942][T16052] Call Trace: [ 557.078948][T16052] [ 557.078955][T16052] dump_stack_lvl+0x16c/0x1f0 [ 557.078986][T16052] should_fail_ex+0x512/0x640 [ 557.079011][T16052] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 557.079031][T16052] should_failslab+0xc2/0x120 [ 557.079053][T16052] __kmalloc_cache_noprof+0x6a/0x3e0 [ 557.079070][T16052] ? snd_seq_port_connect+0x61/0x550 [ 557.079097][T16052] snd_seq_port_connect+0x61/0x550 [ 557.079125][T16052] ? _raw_read_unlock+0x28/0x50 [ 557.079147][T16052] ? check_subscription_permission.isra.0+0xf5/0x240 [ 557.079174][T16052] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 557.079201][T16052] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 557.079236][T16052] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 557.079263][T16052] snd_seq_oss_midi_open+0x442/0x660 [ 557.079282][T16052] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 557.079306][T16052] ? rcu_is_watching+0x12/0xc0 [ 557.079324][T16052] ? trace_contention_end+0xdd/0x130 [ 557.079350][T16052] snd_seq_oss_synth_reset+0x437/0x880 [ 557.079369][T16052] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 557.079388][T16052] ? __pfx___fsnotify_parent+0x10/0x10 [ 557.079417][T16052] snd_seq_oss_reset+0x73/0x290 [ 557.079442][T16052] ? __pfx_odev_release+0x10/0x10 [ 557.079463][T16052] snd_seq_oss_release+0x7c/0x180 [ 557.079487][T16052] odev_release+0x4c/0x70 [ 557.079508][T16052] __fput+0x3ff/0xb70 [ 557.079534][T16052] task_work_run+0x150/0x240 [ 557.079560][T16052] ? __pfx_task_work_run+0x10/0x10 [ 557.079585][T16052] ? __pfx___do_sys_close_range+0x10/0x10 [ 557.079601][T16052] ? rcu_is_watching+0x12/0xc0 [ 557.079621][T16052] syscall_exit_to_user_mode+0x27b/0x2a0 [ 557.079646][T16052] do_syscall_64+0xda/0x230 [ 557.079672][T16052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.079690][T16052] RIP: 0033:0x7fa5e058e969 [ 557.079705][T16052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.079721][T16052] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 557.079737][T16052] RAX: 0000000000000000 RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 557.079748][T16052] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 557.079757][T16052] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 557.079766][T16052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.079776][T16052] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 557.079797][T16052] [ 557.783987][T16056] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3918'. [ 557.914274][T16060] dlm: Unknown command passed to DLM device : 0 [ 557.914274][T16060] [ 558.231019][T16068] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3922'. [ 558.376783][T16071] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3923'. [ 559.844947][T16099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3933'. [ 559.937216][T16104] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3933'. [ 560.277535][T16113] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3938'. [ 561.804435][T16137] netlink: 202 bytes leftover after parsing attributes in process `syz.2.3947'. [ 561.982462][T16141] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3949'. [ 562.447561][T16150] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3953'. [ 563.235689][T16165] netlink: 290 bytes leftover after parsing attributes in process `syz.0.3958'. [ 563.611679][T16171] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3960'. [ 565.888000][T16197] vivid-003: ================= START STATUS ================= [ 565.980196][T16197] vivid-003: Radio HW Seek Mode: Bounded [ 566.047015][T16197] vivid-003: Radio Programmable HW Seek: false [ 566.129223][T16197] vivid-003: RDS Rx I/O Mode: Block I/O [ 566.205755][T16197] vivid-003: Generate RBDS Instead of RDS: false [ 566.233274][T16197] vivid-003: RDS Reception: true [ 566.277144][T16197] vivid-003: RDS Program Type: 0 inactive [ 566.339028][T16197] vivid-003: RDS PS Name: inactive [ 566.393520][T16197] vivid-003: RDS Radio Text: inactive [ 566.444978][T16197] vivid-003: RDS Traffic Announcement: false inactive [ 566.519747][T16197] vivid-003: RDS Traffic Program: false inactive [ 566.586923][T16197] vivid-003: RDS Music: false inactive [ 566.647353][T16197] vivid-003: ================== END STATUS ================== [ 567.029616][T16212] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3976'. [ 568.758633][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.764971][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.807460][T16243] FAULT_INJECTION: forcing a failure. [ 568.807460][T16243] name failslab, interval 1, probability 0, space 0, times 0 [ 568.887134][T16243] CPU: 1 UID: 0 PID: 16243 Comm: syz.2.3988 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 568.887161][T16243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 568.887171][T16243] Call Trace: [ 568.887178][T16243] [ 568.887185][T16243] dump_stack_lvl+0x16c/0x1f0 [ 568.887214][T16243] should_fail_ex+0x512/0x640 [ 568.887239][T16243] ? fs_reclaim_acquire+0xae/0x150 [ 568.887267][T16243] should_failslab+0xc2/0x120 [ 568.887288][T16243] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 568.887308][T16243] ? security_inode_alloc+0x3b/0x2b0 [ 568.887331][T16243] security_inode_alloc+0x3b/0x2b0 [ 568.887352][T16243] inode_init_always_gfp+0xce4/0x1030 [ 568.887372][T16243] alloc_inode+0x86/0x240 [ 568.887393][T16243] path_from_stashed+0x2be/0xb00 [ 568.887410][T16243] ? do_raw_spin_lock+0x12c/0x2b0 [ 568.887437][T16243] ? __pfx_path_from_stashed+0x10/0x10 [ 568.887455][T16243] ? do_raw_spin_unlock+0x172/0x230 [ 568.887483][T16243] ns_get_path+0x5f/0x80 [ 568.887508][T16243] proc_ns_get_link+0x121/0x260 [ 568.887524][T16243] ? __pfx_proc_ns_get_link+0x10/0x10 [ 568.887540][T16243] ? __pfx___might_resched+0x10/0x10 [ 568.887562][T16243] ? __pfx_proc_ns_get_link+0x10/0x10 [ 568.887577][T16243] step_into+0x1b25/0x2270 [ 568.887606][T16243] ? __pfx_step_into+0x10/0x10 [ 568.887630][T16243] ? find_held_lock+0x2b/0x80 [ 568.887653][T16243] path_openat+0x749/0x2d40 [ 568.887676][T16243] ? __pfx_path_openat+0x10/0x10 [ 568.887699][T16243] do_filp_open+0x20b/0x470 [ 568.887716][T16243] ? __pfx_do_filp_open+0x10/0x10 [ 568.887746][T16243] ? alloc_fd+0x471/0x7d0 [ 568.887777][T16243] do_sys_openat2+0x11b/0x1d0 [ 568.887800][T16243] ? __pfx_do_sys_openat2+0x10/0x10 [ 568.887830][T16243] __x64_sys_openat+0x174/0x210 [ 568.887852][T16243] ? __pfx___x64_sys_openat+0x10/0x10 [ 568.887876][T16243] ? rcu_is_watching+0x12/0xc0 [ 568.887898][T16243] do_syscall_64+0xcd/0x230 [ 568.887924][T16243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.887942][T16243] RIP: 0033:0x7f3440d8d2d0 [ 568.887956][T16243] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 568.887972][T16243] RSP: 002b:00007f3441cb3f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 568.887989][T16243] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3440d8d2d0 [ 568.887999][T16243] RDX: 0000000000000002 RSI: 00007f3441cb3fa0 RDI: 00000000ffffff9c [ 568.888016][T16243] RBP: 00007f3441cb3fa0 R08: 0000000000000000 R09: 0000000000000000 [ 568.888026][T16243] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 568.888036][T16243] R13: 0000000000000000 R14: 00007f3440fb5fa0 R15: 00007ffd683a59a8 [ 568.888056][T16243] [ 569.168497][ C1] vkms_vblank_simulate: vblank timer overrun [ 570.519719][T16248] Falling back ldisc for ptm0. [ 571.131335][T16268] netlink: 'syz.0.3997': attribute type 4 has an invalid length. [ 571.259609][T16268] netlink: 314 bytes leftover after parsing attributes in process `syz.0.3997'. [ 571.675892][T16280] sp0: Synchronizing with TNC [ 572.387716][T16295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4008'. [ 572.435681][T16295] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4008'. [ 572.661254][T16297] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4010'. [ 573.189435][T16307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4013'. [ 573.234274][T16307] unsupported nlmsg_type 40 [ 573.495672][T16311] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4015'. [ 574.369212][T16326] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4019'. [ 574.492754][T16327] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4019'. [ 576.832604][T16353] netlink: 346 bytes leftover after parsing attributes in process `syz.0.4028'. [ 577.135762][T16355] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4029'. [ 578.178929][T16368] netlink: 346 bytes leftover after parsing attributes in process `syz.4.4034'. [ 578.426226][T16374] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4037'. [ 578.484655][T16374] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4037'. [ 578.713527][T16379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4039'. [ 578.768510][T16379] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4039'. [ 580.874860][T16405] netlink: 'syz.3.4050': attribute type 4 has an invalid length. [ 580.914330][T16405] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4050'. [ 583.474956][T16447] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4063'. [ 583.869455][T16452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4065'. [ 583.910401][T16452] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4065'. [ 585.299537][T16471] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4073'. [ 585.997037][T16484] netlink: 'syz.3.4078': attribute type 4 has an invalid length. [ 586.032280][T16484] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4078'. [ 586.069500][T16485] netlink: 'syz.3.4078': attribute type 4 has an invalid length. [ 586.100328][T16485] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4078'. [ 587.214123][T16508] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4088'. [ 587.974041][T16517] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4092'. [ 588.022641][T16517] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.030103][T16517] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.525029][T16549] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4104'. [ 591.538080][T16582] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 591.552864][T16582] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 591.562395][T16582] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 591.571449][T16582] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 591.581062][T16582] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 592.292999][T16580] chnl_net:caif_netlink_parms(): no params data found [ 592.474219][T16580] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.490264][T16580] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.513168][T16580] bridge_slave_0: entered allmulticast mode [ 592.530091][T16580] bridge_slave_0: entered promiscuous mode [ 592.548453][T16580] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.570152][T16580] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.591725][T16580] bridge_slave_1: entered allmulticast mode [ 592.605680][T16580] bridge_slave_1: entered promiscuous mode [ 592.687521][T16580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 592.714057][T16580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 592.811399][T16580] team0: Port device team_slave_0 added [ 592.833824][T16580] team0: Port device team_slave_1 added [ 592.935145][T16580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 592.968629][T16580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.067543][T16580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 593.111823][T16580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 593.141090][T16580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.269314][T16580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 593.636374][T16582] Bluetooth: hci1: command tx timeout [ 593.733945][T16580] hsr_slave_0: entered promiscuous mode [ 593.763051][T16580] hsr_slave_1: entered promiscuous mode [ 593.810667][T16580] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 593.843019][T16580] Cannot create hsr debugfs directory [ 594.620226][T16580] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 594.669082][T16580] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 594.776083][T16580] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 594.881975][T16580] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 595.219202][T16580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 595.316124][T16580] 8021q: adding VLAN 0 to HW filter on device team0 [ 595.395686][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.404075][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.463262][T16582] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 595.493015][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.500473][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 595.711894][ T5140] Bluetooth: hci1: command tx timeout [ 596.692990][T16580] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 597.775558][T16580] veth0_vlan: entered promiscuous mode [ 597.791872][ T5140] Bluetooth: hci1: command tx timeout [ 597.834980][T16580] veth1_vlan: entered promiscuous mode [ 597.939234][T16580] veth0_macvtap: entered promiscuous mode [ 597.980424][T16580] veth1_macvtap: entered promiscuous mode [ 598.069678][T16580] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 598.144191][T16580] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 598.207317][T16580] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.256588][T16580] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.298914][T16580] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.329227][T16580] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.796672][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.866446][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.999700][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.055831][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.415260][T16708] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4110'. [ 599.714542][T16708] bond0: (slave bond_slave_1): Releasing backup interface [ 599.872733][ T5140] Bluetooth: hci1: command tx timeout [ 602.404960][T16775] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4178'. [ 602.484465][T16778] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4178'. [ 602.704449][T16782] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 604.163218][ T5140] Bluetooth: hci2: unexpected event 0xff length: 440 > 260 [ 605.356690][T16840] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4205'. [ 607.203278][ C1] vcan0: j1939_tp_rxtimer: 0xffff888034c54800: rx timeout, send abort [ 607.213573][ C1] vcan0: j1939_tp_rxtimer: 0xffff888034c54000: rx timeout, send abort [ 607.225367][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034c54800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 607.241064][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034c54000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 607.528632][T16886] FAULT_INJECTION: forcing a failure. [ 607.528632][T16886] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 607.668051][T16886] CPU: 1 UID: 0 PID: 16886 Comm: syz.4.4225 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 607.668081][T16886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 607.668091][T16886] Call Trace: [ 607.668097][T16886] [ 607.668105][T16886] dump_stack_lvl+0x16c/0x1f0 [ 607.668135][T16886] should_fail_ex+0x512/0x640 [ 607.668165][T16886] should_fail_alloc_page+0xe7/0x130 [ 607.668189][T16886] prepare_alloc_pages+0x3c2/0x610 [ 607.668214][T16886] ? rcu_is_watching+0x12/0xc0 [ 607.668233][T16886] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 607.668255][T16886] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 607.668283][T16886] ? __lock_acquire+0x5ca/0x1ba0 [ 607.668308][T16886] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 607.668327][T16886] ? relay_open+0x653/0xad0 [ 607.668344][T16886] ? blk_trace_setup+0xed/0x1b0 [ 607.668367][T16886] ? rcu_read_unlock+0x17/0x60 [ 607.668392][T16886] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 607.668416][T16886] ? policy_nodemask+0xea/0x4e0 [ 607.668438][T16886] alloc_pages_mpol+0x1fb/0x550 [ 607.668460][T16886] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 607.668479][T16886] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 607.668502][T16886] ? trace_kmalloc+0x2b/0xd0 [ 607.668523][T16886] ? __kmalloc_noprof.cold+0x5c/0x61 [ 607.668543][T16886] ? relay_open_buf.part.0+0x194/0xb90 [ 607.668564][T16886] alloc_pages_noprof+0x131/0x390 [ 607.668585][T16886] relay_open_buf.part.0+0x262/0xb90 [ 607.668613][T16886] relay_open+0x653/0xad0 [ 607.668632][T16886] ? debugfs_create_file_full+0x41/0x60 [ 607.668663][T16886] do_blk_trace_setup+0x503/0xb50 [ 607.668692][T16886] blk_trace_setup+0xed/0x1b0 [ 607.668720][T16886] ? __pfx_blk_trace_setup+0x10/0x10 [ 607.668736][T16886] ? __pfx_snprintf+0x10/0x10 [ 607.668771][T16886] blk_trace_ioctl+0x146/0x280 [ 607.668788][T16886] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 607.668809][T16886] ? find_held_lock+0x2b/0x80 [ 607.668825][T16886] ? hook_file_ioctl_common+0x145/0x410 [ 607.668849][T16886] blkdev_ioctl+0x108/0x6d0 [ 607.668871][T16886] ? __pfx_blkdev_ioctl+0x10/0x10 [ 607.668895][T16886] ? __pfx_blkdev_ioctl+0x10/0x10 [ 607.668916][T16886] __x64_sys_ioctl+0x190/0x200 [ 607.668941][T16886] do_syscall_64+0xcd/0x230 [ 607.668967][T16886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.668984][T16886] RIP: 0033:0x7fa5e058e969 [ 607.668998][T16886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.669014][T16886] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 607.669031][T16886] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 607.669042][T16886] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 607.669051][T16886] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 607.669061][T16886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 607.669071][T16886] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 607.669098][T16886] [ 608.358063][T16892] netlink: 130 bytes leftover after parsing attributes in process `syz.0.4228'. [ 611.040471][T16935] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4247'. [ 612.649642][ T5140] Bluetooth: hci3: unexpected subevent 0x01 length: 5 < 18 [ 615.031815][T17027] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4287'. [ 615.043857][T17028] FAULT_INJECTION: forcing a failure. [ 615.043857][T17028] name fail_futex, interval 1, probability 0, space 0, times 1 [ 615.087520][T17028] CPU: 1 UID: 0 PID: 17028 Comm: syz.4.4285 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 615.087548][T17028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 615.087558][T17028] Call Trace: [ 615.087564][T17028] [ 615.087571][T17028] dump_stack_lvl+0x16c/0x1f0 [ 615.087601][T17028] should_fail_ex+0x512/0x640 [ 615.087637][T17028] get_futex_key+0x49e/0x1000 [ 615.087658][T17028] ? __pfx_get_futex_key+0x10/0x10 [ 615.087676][T17028] ? find_held_lock+0x2b/0x80 [ 615.087692][T17028] ? __might_fault+0xe3/0x190 [ 615.087711][T17028] ? __might_fault+0xe3/0x190 [ 615.087728][T17028] ? __might_fault+0x13b/0x190 [ 615.087752][T17028] futex_wake+0xe7/0x4e0 [ 615.087776][T17028] ? __pfx_futex_wake+0x10/0x10 [ 615.087800][T17028] ? read_tsc+0x9/0x20 [ 615.087821][T17028] ? ktime_get_ts64+0x256/0x400 [ 615.087840][T17028] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 615.087866][T17028] do_futex+0x1e3/0x350 [ 615.087885][T17028] ? __pfx_do_futex+0x10/0x10 [ 615.087909][T17028] __x64_sys_futex+0x1e0/0x4c0 [ 615.087930][T17028] ? __pfx___x64_sys_futex+0x10/0x10 [ 615.087950][T17028] ? rcu_is_watching+0x12/0xc0 [ 615.087972][T17028] do_syscall_64+0xcd/0x230 [ 615.087998][T17028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.088015][T17028] RIP: 0033:0x7fa5e058e969 [ 615.088029][T17028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.088045][T17028] RSP: 002b:00007fa5de3f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 615.088062][T17028] RAX: ffffffffffffffda RBX: 00007fa5e07b6088 RCX: 00007fa5e058e969 [ 615.088073][T17028] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa5e07b608c [ 615.088083][T17028] RBP: 00007fa5e07b6080 R08: 00007fa5e1324000 R09: 0000000000000000 [ 615.088093][T17028] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fa5e07b608c [ 615.088102][T17028] R13: 0000000000000000 R14: 00007fffdd160300 R15: 00007fffdd1603e8 [ 615.088123][T17028] [ 615.558273][ T5140] Bluetooth: hci0: unexpected event 0x03 length: 18 > 11 [ 616.634994][T17054] mkiss: ax0: crc mode is auto. [ 619.056385][T17097] mkiss: ax0: crc mode is auto. [ 622.615193][T17168] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4339'. [ 627.167643][T16582] Bluetooth: hci0: command 0x0406 tx timeout [ 627.690908][T17288] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4389'. [ 628.745588][T17315] netlink: 'syz.5.4402': attribute type 8 has an invalid length. [ 628.811385][T17315] netlink: 'syz.5.4402': attribute type 8 has an invalid length. [ 630.216617][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.223275][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.634661][ T5140] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 632.660508][T17385] netlink: 'syz.3.4435': attribute type 8 has an invalid length. [ 632.720803][T17385] netlink: 'syz.3.4435': attribute type 8 has an invalid length. [ 635.281780][T16582] Bluetooth: hci0: unexpected subevent 0x01 length: 5 < 18 [ 635.812720][T16582] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 636.828619][T17453] FAULT_INJECTION: forcing a failure. [ 636.828619][T17453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 636.909451][T17453] CPU: 1 UID: 0 PID: 17453 Comm: syz.5.4450 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 636.909479][T17453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 636.909490][T17453] Call Trace: [ 636.909496][T17453] [ 636.909503][T17453] dump_stack_lvl+0x16c/0x1f0 [ 636.909533][T17453] should_fail_ex+0x512/0x640 [ 636.909562][T17453] _copy_to_user+0x32/0xd0 [ 636.909582][T17453] put_timespec64+0xb5/0x120 [ 636.909602][T17453] ? __pfx_put_timespec64+0x10/0x10 [ 636.909621][T17453] ? lockdep_hardirqs_on+0x7c/0x110 [ 636.909645][T17453] ? read_tsc+0x9/0x20 [ 636.909665][T17453] ? ktime_get_ts64+0x256/0x400 [ 636.909685][T17453] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 636.909719][T17453] poll_select_finish+0x557/0x6b0 [ 636.909747][T17453] ? __pfx_poll_select_finish+0x10/0x10 [ 636.909773][T17453] ? lockdep_hardirqs_on+0x7c/0x110 [ 636.909796][T17453] ? _raw_spin_unlock_irq+0x2e/0x50 [ 636.909828][T17453] __x64_sys_ppoll+0x266/0x2d0 [ 636.909846][T17453] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 636.909865][T17453] ? rcu_is_watching+0x12/0xc0 [ 636.909887][T17453] do_syscall_64+0xcd/0x230 [ 636.909914][T17453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.909931][T17453] RIP: 0033:0x7fb82378e969 [ 636.909946][T17453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.909963][T17453] RSP: 002b:00007fb8215f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 636.909981][T17453] RAX: ffffffffffffffda RBX: 00007fb8239b5fa0 RCX: 00007fb82378e969 [ 636.909992][T17453] RDX: 0000200000000080 RSI: 0000000080000001 RDI: 0000000000000000 [ 636.910003][T17453] RBP: 00007fb823810ab1 R08: 0000000000000008 R09: 0000000000000000 [ 636.910013][T17453] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 636.910023][T17453] R13: 0000000000000000 R14: 00007fb8239b5fa0 R15: 00007ffe249a3238 [ 636.910044][T17453] [ 637.270357][T17464] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4454'. [ 638.540635][T17492] FAULT_INJECTION: forcing a failure. [ 638.540635][T17492] name failslab, interval 1, probability 0, space 0, times 0 [ 638.620479][T17492] CPU: 1 UID: 0 PID: 17492 Comm: syz.4.4462 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 638.620506][T17492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 638.620517][T17492] Call Trace: [ 638.620524][T17492] [ 638.620531][T17492] dump_stack_lvl+0x16c/0x1f0 [ 638.620560][T17492] should_fail_ex+0x512/0x640 [ 638.620585][T17492] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 638.620608][T17492] should_failslab+0xc2/0x120 [ 638.620631][T17492] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 638.620649][T17492] ? do_raw_read_unlock+0x44/0xe0 [ 638.620676][T17492] ? ima_d_path+0xbd/0x2a0 [ 638.620696][T17492] ima_d_path+0xbd/0x2a0 [ 638.620712][T17492] ? vfs_getxattr_alloc+0xec/0x340 [ 638.620729][T17492] ? __pfx_ima_d_path+0x10/0x10 [ 638.620750][T17492] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 638.620780][T17492] process_measurement+0x1d86/0x23e0 [ 638.620813][T17492] ? __pfx_process_measurement+0x10/0x10 [ 638.620837][T17492] ? __lock_acquire+0x5ca/0x1ba0 [ 638.620861][T17492] ? __resched_curr+0x30a/0x3a0 [ 638.620902][T17492] ? mtree_load+0x325/0xa40 [ 638.620930][T17492] ima_file_mmap+0x1b1/0x1d0 [ 638.620955][T17492] ? __pfx_ima_file_mmap+0x10/0x10 [ 638.620989][T17492] security_mmap_file+0x88c/0x990 [ 638.621013][T17492] __do_sys_remap_file_pages+0x2e2/0xac0 [ 638.621047][T17492] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 638.621072][T17492] ? __x64_sys_futex+0x1e0/0x4c0 [ 638.621094][T17492] ? xfd_validate_state+0x5d/0x180 [ 638.621112][T17492] ? rcu_is_watching+0x12/0xc0 [ 638.621134][T17492] do_syscall_64+0xcd/0x230 [ 638.621161][T17492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.621178][T17492] RIP: 0033:0x7fa5e058e969 [ 638.621192][T17492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.621209][T17492] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 638.621225][T17492] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 638.621236][T17492] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000006a2b [ 638.621245][T17492] RBP: 00007fa5e0610ab1 R08: 0000000000010000 R09: 0000000000000000 [ 638.621255][T17492] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 638.621265][T17492] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 638.621286][T17492] [ 638.883635][T17498] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4463'. [ 643.226850][T17610] FAULT_INJECTION: forcing a failure. [ 643.226850][T17610] name failslab, interval 1, probability 0, space 0, times 0 [ 643.312162][T17610] CPU: 1 UID: 0 PID: 17610 Comm: syz.4.4499 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 643.312191][T17610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.312201][T17610] Call Trace: [ 643.312208][T17610] [ 643.312214][T17610] dump_stack_lvl+0x16c/0x1f0 [ 643.312244][T17610] should_fail_ex+0x512/0x640 [ 643.312269][T17610] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 643.312295][T17610] should_failslab+0xc2/0x120 [ 643.312317][T17610] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 643.312339][T17610] ? kasprintf+0xc7/0x100 [ 643.312358][T17610] kvasprintf+0xbc/0x160 [ 643.312375][T17610] ? __pfx_kvasprintf+0x10/0x10 [ 643.312407][T17610] kasprintf+0xc7/0x100 [ 643.312423][T17610] ? __pfx_kasprintf+0x10/0x10 [ 643.312440][T17610] ? __is_module_percpu_address+0x1e0/0x440 [ 643.312469][T17610] alloc_workqueue+0x114/0x200 [ 643.312491][T17610] ? __pfx_alloc_workqueue+0x10/0x10 [ 643.312515][T17610] ? rcu_is_watching+0x12/0xc0 [ 643.312532][T17610] ? __kmalloc_noprof+0x242/0x510 [ 643.312554][T17610] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 643.312583][T17610] ieee80211_register_hw+0x1e92/0x4140 [ 643.312606][T17610] ? __debug_object_init+0x281/0x3d0 [ 643.312627][T17610] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 643.312649][T17610] ? find_held_lock+0x2b/0x80 [ 643.312666][T17610] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 643.312689][T17610] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 643.312709][T17610] ? __hrtimer_setup+0x176/0x280 [ 643.312736][T17610] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 643.312776][T17610] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 643.312810][T17610] hwsim_new_radio_nl+0xb51/0x12c0 [ 643.312838][T17610] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 643.312871][T17610] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 643.312898][T17610] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 643.312929][T17610] genl_family_rcv_msg_doit+0x209/0x2f0 [ 643.312956][T17610] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 643.312981][T17610] ? trace_cap_capable+0x18d/0x200 [ 643.313005][T17610] ? bpf_lsm_capable+0x9/0x10 [ 643.313022][T17610] ? security_capable+0x7e/0x260 [ 643.313041][T17610] ? ns_capable+0xd7/0x110 [ 643.313060][T17610] genl_rcv_msg+0x55c/0x800 [ 643.313088][T17610] ? __pfx_genl_rcv_msg+0x10/0x10 [ 643.313111][T17610] ? __pfx___dev_queue_xmit+0x10/0x10 [ 643.313128][T17610] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 643.313156][T17610] ? __lock_acquire+0xaa4/0x1ba0 [ 643.313182][T17610] netlink_rcv_skb+0x16d/0x440 [ 643.313204][T17610] ? __pfx_genl_rcv_msg+0x10/0x10 [ 643.313230][T17610] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 643.313264][T17610] ? __pfx_down_read+0x10/0x10 [ 643.313281][T17610] ? netlink_deliver_tap+0x1ae/0xd30 [ 643.313306][T17610] genl_rcv+0x28/0x40 [ 643.313327][T17610] netlink_unicast+0x53a/0x7f0 [ 643.313352][T17610] ? __pfx_netlink_unicast+0x10/0x10 [ 643.313373][T17610] ? __lock_acquire+0xaa4/0x1ba0 [ 643.313408][T17610] netlink_sendmsg+0x8d1/0xdd0 [ 643.313435][T17610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 643.313466][T17610] ____sys_sendmsg+0xa98/0xc70 [ 643.313493][T17610] ? copy_msghdr_from_user+0x10a/0x160 [ 643.313514][T17610] ? __pfx_____sys_sendmsg+0x10/0x10 [ 643.313551][T17610] ___sys_sendmsg+0x134/0x1d0 [ 643.313574][T17610] ? __pfx____sys_sendmsg+0x10/0x10 [ 643.313625][T17610] __sys_sendmsg+0x16d/0x220 [ 643.313646][T17610] ? __pfx___sys_sendmsg+0x10/0x10 [ 643.313666][T17610] ? native_tss_update_io_bitmap+0x3ca/0x720 [ 643.313691][T17610] ? rcu_is_watching+0x12/0xc0 [ 643.313714][T17610] do_syscall_64+0xcd/0x230 [ 643.313741][T17610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.313759][T17610] RIP: 0033:0x7fa5e058e969 [ 643.313773][T17610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.313789][T17610] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 643.313806][T17610] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 643.313817][T17610] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 643.313827][T17610] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 643.313836][T17610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.313846][T17610] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 643.313868][T17610] [ 644.244540][T17623] net_ratelimit: 23 callbacks suppressed [ 644.244556][T17623] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 644.257056][T17623] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 644.738778][T17636] ima: policy update failed [ 644.768090][ T30] audit: type=1802 audit(4294968616.885:17): pid=17636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.4509" res=0 errno=0 [ 644.788223][ T5140] Bluetooth: hci0: unexpected event 0x07 length: 440 > 255 [ 646.267669][T17667] netlink: 'syz.5.4519': attribute type 32 has an invalid length. [ 646.318001][T17667] netlink: 'syz.5.4519': attribute type 33 has an invalid length. [ 646.389636][T17667] netlink: 'syz.5.4519': attribute type 35 has an invalid length. [ 646.469675][T17667] netlink: 'syz.5.4519': attribute type 37 has an invalid length. [ 646.515798][T17667] netlink: 'syz.5.4519': attribute type 39 has an invalid length. [ 646.558499][T17667] netlink: 'syz.5.4519': attribute type 40 has an invalid length. [ 646.606805][T17667] netlink: 'syz.5.4519': attribute type 41 has an invalid length. [ 646.668697][T17667] netlink: 'syz.5.4519': attribute type 44 has an invalid length. [ 646.713556][T17667] netlink: 'syz.5.4519': attribute type 46 has an invalid length. [ 646.766426][T17667] netlink: 'syz.5.4519': attribute type 47 has an invalid length. [ 646.820419][T17667] netlink: 2 bytes leftover after parsing attributes in process `syz.5.4519'. [ 649.322753][T17719] kvm_intel: kvm [17718]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x2 [ 649.427381][T17716] syz.3.4536 (17716) used greatest stack depth: 19912 bytes left [ 650.612361][ T5140] Bluetooth: hci3: unexpected event 0xff length: 440 > 260 [ 650.915180][T17747] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4547'. [ 651.007033][T17748] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4547'. [ 651.053893][T17747] netlink: 170 bytes leftover after parsing attributes in process `syz.3.4547'. [ 651.596278][T17732] kexec: Could not allocate control_code_buffer [ 657.720716][T17839] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4583'. [ 658.584009][T17857] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4592'. [ 658.684972][T17857] : renamed from lo [ 658.694448][T17835] kexec: Could not allocate control_code_buffer [ 659.312467][ T5140] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 659.320682][ T5140] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 659.331120][ T5140] CPU: 1 UID: 0 PID: 5140 Comm: kworker/u9:1 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 659.331146][ T5140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.331158][ T5140] Workqueue: hci0 hci_rx_work [ 659.331181][ T5140] Call Trace: [ 659.331187][ T5140] [ 659.331194][ T5140] dump_stack_lvl+0x16c/0x1f0 [ 659.331268][ T5140] sysfs_warn_dup+0x7f/0xa0 [ 659.331296][ T5140] sysfs_create_dir_ns+0x24b/0x2b0 [ 659.331322][ T5140] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 659.331354][ T5140] ? find_held_lock+0x2b/0x80 [ 659.331375][ T5140] ? do_raw_spin_unlock+0x172/0x230 [ 659.331402][ T5140] kobject_add_internal+0x2c4/0x9b0 [ 659.331422][ T5140] kobject_add+0x16e/0x240 [ 659.331438][ T5140] ? __pfx_kobject_add+0x10/0x10 [ 659.331456][ T5140] ? do_raw_spin_unlock+0x172/0x230 [ 659.331481][ T5140] ? kobject_put+0xab/0x5a0 [ 659.331513][ T5140] device_add+0x288/0x1a70 [ 659.331538][ T5140] ? __pfx_dev_set_name+0x10/0x10 [ 659.331563][ T5140] ? __pfx_device_add+0x10/0x10 [ 659.331587][ T5140] ? mgmt_send_event_skb+0x2fb/0x460 [ 659.331618][ T5140] hci_conn_add_sysfs+0x17e/0x230 [ 659.331638][ T5140] le_conn_complete_evt+0x1075/0x1d70 [ 659.331669][ T5140] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 659.331799][ T5140] ? bt_warn+0xe4/0x120 [ 659.331873][ T5140] ? __pfx_bt_warn+0x10/0x10 [ 659.331956][ T5140] hci_le_conn_complete_evt+0x23c/0x370 [ 659.332062][ T5140] hci_le_meta_evt+0x2f3/0x5e0 [ 659.332127][ T5140] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 659.332202][ T5140] hci_event_packet+0x669/0x1190 [ 659.332275][ T5140] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 659.332312][ T5140] ? __pfx_hci_event_packet+0x10/0x10 [ 659.332384][ T5140] ? kcov_remote_start+0x3c9/0x6d0 [ 659.332438][ T5140] ? lockdep_hardirqs_on+0x7c/0x110 [ 659.332502][ T5140] hci_rx_work+0x2c5/0x16b0 [ 659.332541][ T5140] ? rcu_is_watching+0x12/0xc0 [ 659.332585][ T5140] process_one_work+0x9cf/0x1b70 [ 659.332671][ T5140] ? __pfx_process_one_work+0x10/0x10 [ 659.332744][ T5140] ? assign_work+0x1a0/0x250 [ 659.332804][ T5140] worker_thread+0x6c8/0xf10 [ 659.332897][ T5140] ? __kthread_parkme+0x19e/0x250 [ 659.332958][ T5140] ? __pfx_worker_thread+0x10/0x10 [ 659.333039][ T5140] kthread+0x3c2/0x780 [ 659.333111][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333178][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333335][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333410][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333474][ T5140] ? rcu_is_watching+0x12/0xc0 [ 659.333513][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333584][ T5140] ret_from_fork+0x48/0x80 [ 659.333624][ T5140] ? __pfx_kthread+0x10/0x10 [ 659.333684][ T5140] ret_from_fork_asm+0x1a/0x30 [ 659.333764][ T5140] [ 659.885134][ T5140] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 659.901973][ T5140] Bluetooth: hci0: failed to register connection device [ 660.425550][T17881] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4600'. [ 661.441879][T17902] FAULT_INJECTION: forcing a failure. [ 661.441879][T17902] name failslab, interval 1, probability 0, space 0, times 0 [ 661.501961][T17902] CPU: 1 UID: 0 PID: 17902 Comm: syz.4.4616 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 661.501990][T17902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 661.502000][T17902] Call Trace: [ 661.502006][T17902] [ 661.502013][T17902] dump_stack_lvl+0x16c/0x1f0 [ 661.502043][T17902] should_fail_ex+0x512/0x640 [ 661.502068][T17902] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 661.502092][T17902] should_failslab+0xc2/0x120 [ 661.502114][T17902] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 661.502133][T17902] ? do_timer_create+0x18a/0x14e0 [ 661.502160][T17902] do_timer_create+0x18a/0x14e0 [ 661.502183][T17902] ? __might_fault+0xe3/0x190 [ 661.502203][T17902] ? __pfx_do_timer_create+0x10/0x10 [ 661.502232][T17902] __x64_sys_timer_create+0x182/0x1d0 [ 661.502255][T17902] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 661.502288][T17902] do_syscall_64+0xcd/0x230 [ 661.502314][T17902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.502331][T17902] RIP: 0033:0x7fa5e058e969 [ 661.502345][T17902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.502361][T17902] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 661.502378][T17902] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 661.502396][T17902] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 661.502405][T17902] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 661.502415][T17902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.502425][T17902] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 661.502445][T17902] [ 661.907840][ T5140] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 663.595982][T17932] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4617'. [ 663.628781][T17932] ipvlan1: entered promiscuous mode [ 663.666455][T17932] ipvlan1: entered allmulticast mode [ 663.693995][T17932] veth0_vlan: entered allmulticast mode [ 664.344488][T17949] kvm: user requested TSC rate below hardware speed [ 665.273627][T17971] netlink: 'syz.5.4633': attribute type 4 has an invalid length. [ 665.319562][T17971] netlink: 314 bytes leftover after parsing attributes in process `syz.5.4633'. [ 665.825053][T17977] netlink: 'syz.3.4636': attribute type 21 has an invalid length. [ 665.875767][T17977] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4636'. [ 665.967556][T17984] FAULT_INJECTION: forcing a failure. [ 665.967556][T17984] name failslab, interval 1, probability 0, space 0, times 0 [ 666.145115][T17984] CPU: 1 UID: 0 PID: 17984 Comm: syz.4.4638 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 666.145143][T17984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 666.145153][T17984] Call Trace: [ 666.145159][T17984] [ 666.145166][T17984] dump_stack_lvl+0x16c/0x1f0 [ 666.145195][T17984] should_fail_ex+0x512/0x640 [ 666.145226][T17984] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 666.145246][T17984] should_failslab+0xc2/0x120 [ 666.145267][T17984] __kmalloc_cache_noprof+0x6a/0x3e0 [ 666.145284][T17984] ? rfkill_fop_open+0x56/0x750 [ 666.145308][T17984] ? __pfx_rfkill_fop_open+0x10/0x10 [ 666.145326][T17984] rfkill_fop_open+0x56/0x750 [ 666.145344][T17984] ? kobject_get_unless_zero+0x156/0x1e0 [ 666.145373][T17984] ? __pfx_rfkill_fop_open+0x10/0x10 [ 666.145393][T17984] misc_open+0x35d/0x420 [ 666.145417][T17984] ? __pfx_misc_open+0x10/0x10 [ 666.145432][T17984] chrdev_open+0x234/0x6a0 [ 666.145450][T17984] ? __pfx_apparmor_file_open+0x10/0x10 [ 666.145473][T17984] ? __pfx_chrdev_open+0x10/0x10 [ 666.145494][T17984] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 666.145524][T17984] do_dentry_open+0x741/0x1c10 [ 666.145543][T17984] ? __pfx_chrdev_open+0x10/0x10 [ 666.145567][T17984] vfs_open+0x82/0x3f0 [ 666.145592][T17984] path_openat+0x1e5e/0x2d40 [ 666.145619][T17984] ? __pfx_path_openat+0x10/0x10 [ 666.145642][T17984] do_filp_open+0x20b/0x470 [ 666.145659][T17984] ? __pfx_do_filp_open+0x10/0x10 [ 666.145693][T17984] ? alloc_fd+0x471/0x7d0 [ 666.145725][T17984] do_sys_openat2+0x11b/0x1d0 [ 666.145748][T17984] ? __pfx_do_sys_openat2+0x10/0x10 [ 666.145779][T17984] __x64_sys_openat+0x174/0x210 [ 666.145802][T17984] ? __pfx___x64_sys_openat+0x10/0x10 [ 666.145825][T17984] ? rcu_is_watching+0x12/0xc0 [ 666.145849][T17984] do_syscall_64+0xcd/0x230 [ 666.145875][T17984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.145892][T17984] RIP: 0033:0x7fa5e058e969 [ 666.145906][T17984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.145922][T17984] RSP: 002b:00007fa5de3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 666.145939][T17984] RAX: ffffffffffffffda RBX: 00007fa5e07b6080 RCX: 00007fa5e058e969 [ 666.145950][T17984] RDX: 0000000000000400 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 666.145960][T17984] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 666.145969][T17984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.145979][T17984] R13: 0000000000000000 R14: 00007fa5e07b6080 R15: 00007fffdd1603e8 [ 666.146001][T17984] [ 668.394650][T18021] FAULT_INJECTION: forcing a failure. [ 668.394650][T18021] name failslab, interval 1, probability 0, space 0, times 0 [ 668.530368][T18021] CPU: 1 UID: 0 PID: 18021 Comm: syz.4.4650 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 668.530397][T18021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.530408][T18021] Call Trace: [ 668.530414][T18021] [ 668.530422][T18021] dump_stack_lvl+0x16c/0x1f0 [ 668.530453][T18021] should_fail_ex+0x512/0x640 [ 668.530478][T18021] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 668.530502][T18021] should_failslab+0xc2/0x120 [ 668.530523][T18021] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 668.530544][T18021] ? __pmd_alloc+0xc3/0x870 [ 668.530571][T18021] __pmd_alloc+0xc3/0x870 [ 668.530599][T18021] walk_to_pmd+0x21a/0x2a0 [ 668.530626][T18021] vm_insert_pages+0x202/0xa50 [ 668.530649][T18021] ? __pfx_vm_insert_pages+0x10/0x10 [ 668.530672][T18021] io_uring_mmap+0x3ba/0x5a0 [ 668.530700][T18021] ? __pfx_io_uring_mmap+0x10/0x10 [ 668.530717][T18021] ? vm_area_alloc+0x1f/0x160 [ 668.530738][T18021] ? lockdep_init_map_type+0x5c/0x280 [ 668.530764][T18021] __mmap_region+0x1485/0x27c0 [ 668.530787][T18021] ? __pfx___mmap_region+0x10/0x10 [ 668.530806][T18021] ? trace_sched_exit_tp+0xde/0x130 [ 668.530831][T18021] ? __lock_acquire+0xaa4/0x1ba0 [ 668.530890][T18021] ? trace_cap_capable+0x18d/0x200 [ 668.530910][T18021] ? cap_capable+0xb3/0x250 [ 668.530931][T18021] mmap_region+0x32b/0x3f0 [ 668.530955][T18021] do_mmap+0xd8e/0x11b0 [ 668.530984][T18021] ? __pfx_do_mmap+0x10/0x10 [ 668.531008][T18021] ? __pfx_down_write_killable+0x10/0x10 [ 668.531029][T18021] vm_mmap_pgoff+0x281/0x450 [ 668.531057][T18021] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 668.531086][T18021] ? __fget_files+0x20e/0x3c0 [ 668.531106][T18021] ksys_mmap_pgoff+0x32c/0x5c0 [ 668.531137][T18021] ? rcu_is_watching+0x12/0xc0 [ 668.531155][T18021] __x64_sys_mmap+0x125/0x190 [ 668.531175][T18021] do_syscall_64+0xcd/0x230 [ 668.531202][T18021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.531220][T18021] RIP: 0033:0x7fa5e058e969 [ 668.531237][T18021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.531253][T18021] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 668.531270][T18021] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 668.531282][T18021] RDX: 0000002000000329 RSI: 0000000008004008 RDI: 0000000000000000 [ 668.531292][T18021] RBP: 00007fa5e0610ab1 R08: 0000000000000003 R09: 0000000000008000 [ 668.531302][T18021] R10: 0002000000010011 R11: 0000000000000246 R12: 0000000000000000 [ 668.531312][T18021] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 668.531333][T18021] [ 668.907690][T18039] netlink: 'syz.4.4667': attribute type 16 has an invalid length. [ 668.915611][T18039] netlink: 50 bytes leftover after parsing attributes in process `syz.4.4667'. [ 669.473421][T18046] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4661'. [ 670.349092][T18063] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4665'. [ 670.379771][T18065] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4668'. [ 670.453766][T18065] netlink: 'syz.5.4668': attribute type 1 has an invalid length. [ 670.505937][T18065] netlink: 'syz.5.4668': attribute type 2 has an invalid length. [ 670.572918][T18065] netlink: 'syz.5.4668': attribute type 7 has an invalid length. [ 670.625933][T18065] netlink: 214 bytes leftover after parsing attributes in process `syz.5.4668'. [ 671.330086][T18076] sp0: Synchronizing with TNC [ 671.842555][T16582] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 671.850750][T16582] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 671.864702][T16582] CPU: 1 UID: 0 PID: 16582 Comm: kworker/u9:0 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 671.864730][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.864741][T16582] Workqueue: hci2 hci_rx_work [ 671.864763][T16582] Call Trace: [ 671.864769][T16582] [ 671.864776][T16582] dump_stack_lvl+0x16c/0x1f0 [ 671.864803][T16582] sysfs_warn_dup+0x7f/0xa0 [ 671.864829][T16582] sysfs_create_dir_ns+0x24b/0x2b0 [ 671.864855][T16582] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 671.864879][T16582] ? find_held_lock+0x2b/0x80 [ 671.864900][T16582] ? do_raw_spin_unlock+0x172/0x230 [ 671.864927][T16582] kobject_add_internal+0x2c4/0x9b0 [ 671.864948][T16582] kobject_add+0x16e/0x240 [ 671.864965][T16582] ? __pfx_kobject_add+0x10/0x10 [ 671.864983][T16582] ? do_raw_spin_unlock+0x172/0x230 [ 671.865008][T16582] ? kobject_put+0xab/0x5a0 [ 671.865039][T16582] device_add+0x288/0x1a70 [ 671.865071][T16582] ? __pfx_dev_set_name+0x10/0x10 [ 671.865097][T16582] ? __pfx_device_add+0x10/0x10 [ 671.865120][T16582] ? mgmt_send_event_skb+0x2fb/0x460 [ 671.865156][T16582] hci_conn_add_sysfs+0x17e/0x230 [ 671.865176][T16582] le_conn_complete_evt+0x1075/0x1d70 [ 671.865208][T16582] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 671.865233][T16582] ? bt_warn+0xe4/0x120 [ 671.865256][T16582] ? __pfx_bt_warn+0x10/0x10 [ 671.865286][T16582] hci_le_conn_complete_evt+0x23c/0x370 [ 671.865318][T16582] hci_le_meta_evt+0x2f3/0x5e0 [ 671.865335][T16582] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 671.865365][T16582] hci_event_packet+0x669/0x1190 [ 671.865390][T16582] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 671.865415][T16582] ? __pfx_hci_event_packet+0x10/0x10 [ 671.865442][T16582] ? kcov_remote_start+0x3c9/0x6d0 [ 671.865465][T16582] ? lockdep_hardirqs_on+0x7c/0x110 [ 671.865493][T16582] hci_rx_work+0x2c5/0x16b0 [ 671.865528][T16582] ? rcu_is_watching+0x12/0xc0 [ 671.865549][T16582] process_one_work+0x9cf/0x1b70 [ 671.865585][T16582] ? __pfx_process_one_work+0x10/0x10 [ 671.865618][T16582] ? assign_work+0x1a0/0x250 [ 671.865644][T16582] worker_thread+0x6c8/0xf10 [ 671.865677][T16582] ? __kthread_parkme+0x19e/0x250 [ 671.865699][T16582] ? __pfx_worker_thread+0x10/0x10 [ 671.865725][T16582] kthread+0x3c2/0x780 [ 671.865749][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865771][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865793][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865815][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865836][T16582] ? rcu_is_watching+0x12/0xc0 [ 671.865852][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865876][T16582] ret_from_fork+0x48/0x80 [ 671.865891][T16582] ? __pfx_kthread+0x10/0x10 [ 671.865914][T16582] ret_from_fork_asm+0x1a/0x30 [ 671.865948][T16582] [ 671.865970][T16582] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 672.194939][T16582] Bluetooth: hci2: failed to register connection device [ 673.255632][T18112] netlink: 'syz.3.4685': attribute type 29 has an invalid length. [ 673.612658][T18120] netlink: 346 bytes leftover after parsing attributes in process `syz.0.4697'. [ 674.273595][T18131] syz.4.4692 (18131): /proc/18127/oom_adj is deprecated, please use /proc/18127/oom_score_adj instead. [ 674.973407][T16582] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 674.981577][T16582] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 674.994241][T16582] CPU: 1 UID: 0 PID: 16582 Comm: kworker/u9:0 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 674.994273][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 674.994285][T16582] Workqueue: hci3 hci_rx_work [ 674.994312][T16582] Call Trace: [ 674.994318][T16582] [ 674.994326][T16582] dump_stack_lvl+0x16c/0x1f0 [ 674.994353][T16582] sysfs_warn_dup+0x7f/0xa0 [ 674.994379][T16582] sysfs_create_dir_ns+0x24b/0x2b0 [ 674.994405][T16582] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 674.994431][T16582] ? find_held_lock+0x2b/0x80 [ 674.994452][T16582] ? do_raw_spin_unlock+0x172/0x230 [ 674.994479][T16582] kobject_add_internal+0x2c4/0x9b0 [ 674.994499][T16582] kobject_add+0x16e/0x240 [ 674.994515][T16582] ? __pfx_kobject_add+0x10/0x10 [ 674.994533][T16582] ? do_raw_spin_unlock+0x172/0x230 [ 674.994558][T16582] ? kobject_put+0xab/0x5a0 [ 674.994590][T16582] device_add+0x288/0x1a70 [ 674.994615][T16582] ? __pfx_dev_set_name+0x10/0x10 [ 674.994640][T16582] ? __pfx_device_add+0x10/0x10 [ 674.994663][T16582] ? mgmt_send_event_skb+0x2fb/0x460 [ 674.994695][T16582] hci_conn_add_sysfs+0x17e/0x230 [ 674.994715][T16582] le_conn_complete_evt+0x1075/0x1d70 [ 674.994747][T16582] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 674.994772][T16582] ? bt_warn+0xe4/0x120 [ 674.994795][T16582] ? __pfx_bt_warn+0x10/0x10 [ 674.994824][T16582] hci_le_conn_complete_evt+0x23c/0x370 [ 674.994855][T16582] hci_le_meta_evt+0x2f3/0x5e0 [ 674.994872][T16582] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 674.994901][T16582] hci_event_packet+0x669/0x1190 [ 674.994927][T16582] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 674.994953][T16582] ? __pfx_hci_event_packet+0x10/0x10 [ 674.994981][T16582] ? kcov_remote_start+0x3c9/0x6d0 [ 674.995003][T16582] ? lockdep_hardirqs_on+0x7c/0x110 [ 674.995032][T16582] hci_rx_work+0x2c5/0x16b0 [ 674.995053][T16582] ? rcu_is_watching+0x12/0xc0 [ 674.995075][T16582] process_one_work+0x9cf/0x1b70 [ 674.995109][T16582] ? __pfx_process_one_work+0x10/0x10 [ 674.995141][T16582] ? assign_work+0x1a0/0x250 [ 674.995167][T16582] worker_thread+0x6c8/0xf10 [ 674.995199][T16582] ? __kthread_parkme+0x19e/0x250 [ 674.995221][T16582] ? __pfx_worker_thread+0x10/0x10 [ 674.995246][T16582] kthread+0x3c2/0x780 [ 674.995269][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995297][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995319][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995341][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995364][T16582] ? rcu_is_watching+0x12/0xc0 [ 674.995380][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995404][T16582] ret_from_fork+0x48/0x80 [ 674.995419][T16582] ? __pfx_kthread+0x10/0x10 [ 674.995443][T16582] ret_from_fork_asm+0x1a/0x30 [ 674.995477][T16582] [ 674.995499][T16582] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 675.325862][T16582] Bluetooth: hci3: failed to register connection device [ 676.896310][T18174] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4707'. [ 676.908449][T18176] ima: policy update failed [ 676.934949][ T30] audit: type=1802 audit(4294968649.059:18): pid=18176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.4708" res=0 errno=0 [ 676.961387][T18176] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4708'. [ 677.037592][T18178] FAULT_INJECTION: forcing a failure. [ 677.037592][T18178] name failslab, interval 1, probability 0, space 0, times 0 [ 677.110411][T18178] CPU: 1 UID: 0 PID: 18178 Comm: syz.5.4709 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 677.110439][T18178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 677.110449][T18178] Call Trace: [ 677.110455][T18178] [ 677.110463][T18178] dump_stack_lvl+0x16c/0x1f0 [ 677.110494][T18178] should_fail_ex+0x512/0x640 [ 677.110519][T18178] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 677.110541][T18178] should_failslab+0xc2/0x120 [ 677.110563][T18178] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 677.110582][T18178] ? apparmor_capable+0x114/0x1d0 [ 677.110599][T18178] ? prepare_creds+0x2c/0x7d0 [ 677.110626][T18178] prepare_creds+0x2c/0x7d0 [ 677.110651][T18178] __do_sys_landlock_restrict_self+0x13e/0x910 [ 677.110678][T18178] ? rcu_is_watching+0x12/0xc0 [ 677.110697][T18178] do_syscall_64+0xcd/0x230 [ 677.110722][T18178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.110739][T18178] RIP: 0033:0x7fb82378e969 [ 677.110752][T18178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.110768][T18178] RSP: 002b:00007fb8215f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 677.110784][T18178] RAX: ffffffffffffffda RBX: 00007fb8239b5fa0 RCX: 00007fb82378e969 [ 677.110795][T18178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 677.110805][T18178] RBP: 00007fb823810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 677.110815][T18178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 677.110824][T18178] R13: 0000000000000000 R14: 00007fb8239b5fa0 R15: 00007ffe249a3238 [ 677.110845][T18178] [ 678.286278][T18194] netlink: 18 bytes leftover after parsing attributes in process `syz.0.4715'. [ 679.154532][T18216] netlink: 206 bytes leftover after parsing attributes in process `syz.5.4723'. [ 681.610832][T18264] FAULT_INJECTION: forcing a failure. [ 681.610832][T18264] name failslab, interval 1, probability 0, space 0, times 0 [ 681.843688][T18264] CPU: 1 UID: 0 PID: 18264 Comm: syz.4.4737 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 681.843717][T18264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 681.843728][T18264] Call Trace: [ 681.843735][T18264] [ 681.843742][T18264] dump_stack_lvl+0x16c/0x1f0 [ 681.843772][T18264] should_fail_ex+0x512/0x640 [ 681.843796][T18264] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 681.843817][T18264] should_failslab+0xc2/0x120 [ 681.843839][T18264] __kmalloc_cache_noprof+0x6a/0x3e0 [ 681.843855][T18264] ? lockdep_init_map_type+0x5c/0x280 [ 681.843878][T18264] ? nci_hci_allocate+0x45/0x330 [ 681.843907][T18264] nci_hci_allocate+0x45/0x330 [ 681.843933][T18264] nci_allocate_device+0x26f/0x430 [ 681.843956][T18264] virtual_ncidev_open+0x6f/0x220 [ 681.843984][T18264] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 681.844009][T18264] misc_open+0x35d/0x420 [ 681.844025][T18264] ? __pfx_misc_open+0x10/0x10 [ 681.844040][T18264] chrdev_open+0x234/0x6a0 [ 681.844067][T18264] ? __pfx_apparmor_file_open+0x10/0x10 [ 681.844091][T18264] ? __pfx_chrdev_open+0x10/0x10 [ 681.844111][T18264] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 681.844142][T18264] do_dentry_open+0x741/0x1c10 [ 681.844161][T18264] ? __pfx_chrdev_open+0x10/0x10 [ 681.844184][T18264] vfs_open+0x82/0x3f0 [ 681.844210][T18264] path_openat+0x1e5e/0x2d40 [ 681.844236][T18264] ? __pfx_path_openat+0x10/0x10 [ 681.844259][T18264] do_filp_open+0x20b/0x470 [ 681.844277][T18264] ? __pfx_do_filp_open+0x10/0x10 [ 681.844311][T18264] ? alloc_fd+0x471/0x7d0 [ 681.844342][T18264] do_sys_openat2+0x11b/0x1d0 [ 681.844365][T18264] ? __pfx_do_sys_openat2+0x10/0x10 [ 681.844395][T18264] __x64_sys_openat+0x174/0x210 [ 681.844418][T18264] ? __pfx___x64_sys_openat+0x10/0x10 [ 681.844442][T18264] ? rcu_is_watching+0x12/0xc0 [ 681.844464][T18264] do_syscall_64+0xcd/0x230 [ 681.844490][T18264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.844507][T18264] RIP: 0033:0x7fa5e058e969 [ 681.844523][T18264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.844539][T18264] RSP: 002b:00007fa5de3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 681.844555][T18264] RAX: ffffffffffffffda RBX: 00007fa5e07b6080 RCX: 00007fa5e058e969 [ 681.844566][T18264] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 681.844576][T18264] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 681.844586][T18264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.844596][T18264] R13: 0000000000000000 R14: 00007fa5e07b6080 R15: 00007fffdd1603e8 [ 681.844617][T18264] [ 683.061766][T18280] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4745'. [ 683.199716][T18280] netlink: 294 bytes leftover after parsing attributes in process `syz.5.4745'. [ 691.141573][T18408] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4791'. [ 691.312268][T18411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4793'. [ 691.335520][T18408] netlink: 294 bytes leftover after parsing attributes in process `syz.5.4791'. [ 691.684348][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.690880][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.367355][T18433] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4802'. [ 696.229087][T18504] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4825'. [ 696.451825][T18508] netlink: 306 bytes leftover after parsing attributes in process `syz.0.4827'. [ 696.493991][T18508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4827'. [ 696.577717][T18508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4827'. [ 704.713725][T18642] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 705.553145][T18654] mkiss: ax0: crc mode is auto. [ 705.751704][T18658] netlink: 'syz.3.4877': attribute type 4 has an invalid length. [ 705.792071][T18658] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4877'. [ 706.130735][T18644] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 712.057549][T18719] random: crng reseeded on system resumption [ 714.251325][T16582] Bluetooth: hci1: command 0x0406 tx timeout [ 715.102565][T18784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4920'. [ 715.146378][T18784] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4920'. [ 715.534600][T18794] FAULT_INJECTION: forcing a failure. [ 715.534600][T18794] name failslab, interval 1, probability 0, space 0, times 0 [ 715.684098][T18794] CPU: 1 UID: 0 PID: 18794 Comm: syz.5.4923 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 715.684132][T18794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 715.684147][T18794] Call Trace: [ 715.684154][T18794] [ 715.684162][T18794] dump_stack_lvl+0x16c/0x1f0 [ 715.684193][T18794] should_fail_ex+0x512/0x640 [ 715.684217][T18794] ? __kmalloc_noprof+0xbf/0x510 [ 715.684239][T18794] ? drm_atomic_state_init+0x17b/0x320 [ 715.684263][T18794] should_failslab+0xc2/0x120 [ 715.684285][T18794] __kmalloc_noprof+0xd2/0x510 [ 715.684308][T18794] drm_atomic_state_init+0x17b/0x320 [ 715.684333][T18794] ? __kasan_kmalloc+0xaa/0xb0 [ 715.684351][T18794] drm_atomic_state_alloc+0xd3/0x120 [ 715.684376][T18794] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 715.684399][T18794] ? __pfx___might_resched+0x10/0x10 [ 715.684419][T18794] ? rcu_is_watching+0x12/0xc0 [ 715.684436][T18794] ? trace_contention_end+0xdd/0x130 [ 715.684459][T18794] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 715.684506][T18794] drm_client_modeset_commit_locked+0x14d/0x580 [ 715.684532][T18794] drm_client_modeset_commit+0x4f/0x80 [ 715.684557][T18794] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 715.684582][T18794] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 715.684608][T18794] drm_fbdev_client_restore+0x2c/0x40 [ 715.684633][T18794] drm_client_dev_restore+0x1f3/0x2a0 [ 715.684659][T18794] drm_release+0x2c4/0x360 [ 715.684681][T18794] ? __pfx_drm_release+0x10/0x10 [ 715.684699][T18794] __fput+0x3ff/0xb70 [ 715.684726][T18794] task_work_run+0x150/0x240 [ 715.684762][T18794] ? __pfx_task_work_run+0x10/0x10 [ 715.684793][T18794] ? __pfx___do_sys_close_range+0x10/0x10 [ 715.684810][T18794] ? rcu_is_watching+0x12/0xc0 [ 715.684831][T18794] syscall_exit_to_user_mode+0x27b/0x2a0 [ 715.684859][T18794] do_syscall_64+0xda/0x230 [ 715.684886][T18794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.684903][T18794] RIP: 0033:0x7fb82378e969 [ 715.684919][T18794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.684935][T18794] RSP: 002b:00007fb8215f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 715.684951][T18794] RAX: 0000000000000000 RBX: 00007fb8239b5fa0 RCX: 00007fb82378e969 [ 715.684962][T18794] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 715.684971][T18794] RBP: 00007fb823810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 715.684981][T18794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.684990][T18794] R13: 0000000000000000 R14: 00007fb8239b5fa0 R15: 00007ffe249a3238 [ 715.685012][T18794] [ 717.510379][T18814] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 717.694499][T18813] FAULT_INJECTION: forcing a failure. [ 717.694499][T18813] name failslab, interval 1, probability 0, space 0, times 0 [ 717.841697][T18813] CPU: 1 UID: 0 PID: 18813 Comm: syz.4.4927 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 717.841725][T18813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 717.841735][T18813] Call Trace: [ 717.841741][T18813] [ 717.841748][T18813] dump_stack_lvl+0x16c/0x1f0 [ 717.841778][T18813] should_fail_ex+0x512/0x640 [ 717.841803][T18813] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 717.841828][T18813] should_failslab+0xc2/0x120 [ 717.841849][T18813] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 717.841871][T18813] ? __pfx___register_sysctl_table+0x10/0x10 [ 717.841892][T18813] ? sysctl_route_net_init+0x42/0x2c0 [ 717.841917][T18813] ? __pfx_sysctl_route_net_init+0x10/0x10 [ 717.841941][T18813] kmemdup_noprof+0x29/0x60 [ 717.841963][T18813] sysctl_route_net_init+0x42/0x2c0 [ 717.841987][T18813] ? __pfx_sysctl_route_net_init+0x10/0x10 [ 717.842017][T18813] ops_init+0x1df/0x5f0 [ 717.842041][T18813] setup_net+0x21e/0x850 [ 717.842065][T18813] ? __pfx_setup_net+0x10/0x10 [ 717.842084][T18813] ? lockdep_init_map_type+0x5c/0x280 [ 717.842108][T18813] ? __pfx_down_read_killable+0x10/0x10 [ 717.842128][T18813] ? debug_mutex_init+0x37/0x70 [ 717.842147][T18813] copy_net_ns+0x2a6/0x5f0 [ 717.842174][T18813] create_new_namespaces+0x3ea/0xad0 [ 717.842199][T18813] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 717.842220][T18813] ksys_unshare+0x45b/0xa40 [ 717.842243][T18813] ? __pfx_ksys_unshare+0x10/0x10 [ 717.842264][T18813] ? xfd_validate_state+0x5d/0x180 [ 717.842282][T18813] ? rcu_is_watching+0x12/0xc0 [ 717.842303][T18813] __x64_sys_unshare+0x31/0x40 [ 717.842325][T18813] do_syscall_64+0xcd/0x230 [ 717.842350][T18813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.842367][T18813] RIP: 0033:0x7fa5e058e969 [ 717.842382][T18813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.842398][T18813] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 717.842415][T18813] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 717.842425][T18813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 717.842435][T18813] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 717.842445][T18813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 717.842454][T18813] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 717.842475][T18813] [ 719.311366][T18815] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 719.670979][T18834] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4934'. [ 719.717644][T18836] FAULT_INJECTION: forcing a failure. [ 719.717644][T18836] name failslab, interval 1, probability 0, space 0, times 0 [ 719.799421][T18836] CPU: 1 UID: 0 PID: 18836 Comm: syz.4.4935 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 719.799450][T18836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 719.799461][T18836] Call Trace: [ 719.799466][T18836] [ 719.799473][T18836] dump_stack_lvl+0x16c/0x1f0 [ 719.799503][T18836] should_fail_ex+0x512/0x640 [ 719.799528][T18836] ? __kmalloc_noprof+0xbf/0x510 [ 719.799550][T18836] ? lsm_blob_alloc+0x68/0x90 [ 719.799565][T18836] should_failslab+0xc2/0x120 [ 719.799587][T18836] __kmalloc_noprof+0xd2/0x510 [ 719.799626][T18836] lsm_blob_alloc+0x68/0x90 [ 719.799643][T18836] security_sk_alloc+0x30/0x270 [ 719.799663][T18836] sk_prot_alloc+0xfb/0x2a0 [ 719.799691][T18836] sk_alloc+0x36/0xc20 [ 719.799711][T18836] inet6_create+0x381/0x1300 [ 719.799732][T18836] ? inet6_create+0x7f/0x1300 [ 719.799753][T18836] __sock_create+0x335/0x8d0 [ 719.799782][T18836] smc_create_clcsk+0x37/0xd0 [ 719.799802][T18836] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 719.799829][T18836] inet6_create+0xb2d/0x1300 [ 719.799848][T18836] ? inet6_create+0x7f/0x1300 [ 719.799868][T18836] __sock_create+0x335/0x8d0 [ 719.799896][T18836] __sys_socket+0x14d/0x260 [ 719.799911][T18836] ? __pfx___sys_socket+0x10/0x10 [ 719.799927][T18836] ? rcu_is_watching+0x12/0xc0 [ 719.799948][T18836] __x64_sys_socket+0x72/0xb0 [ 719.799962][T18836] ? lockdep_hardirqs_on+0x7c/0x110 [ 719.799985][T18836] do_syscall_64+0xcd/0x230 [ 719.800019][T18836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.800036][T18836] RIP: 0033:0x7fa5e058e969 [ 719.800050][T18836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.800066][T18836] RSP: 002b:00007fa5e1323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 719.800083][T18836] RAX: ffffffffffffffda RBX: 00007fa5e07b5fa0 RCX: 00007fa5e058e969 [ 719.800095][T18836] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 000000000000000a [ 719.800105][T18836] RBP: 00007fa5e0610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 719.800116][T18836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.800125][T18836] R13: 0000000000000000 R14: 00007fa5e07b5fa0 R15: 00007fffdd1603e8 [ 719.800146][T18836] [ 721.242033][T18855] input: isc as /devices/virtual/input/input12 [ 721.286262][T18855] FAULT_INJECTION: forcing a failure. [ 721.286262][T18855] name failslab, interval 1, probability 0, space 0, times 0 [ 721.368142][T18855] CPU: 1 UID: 0 PID: 18855 Comm: syz.5.4942 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 721.368170][T18855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 721.368181][T18855] Call Trace: [ 721.368189][T18855] [ 721.368197][T18855] dump_stack_lvl+0x16c/0x1f0 [ 721.368226][T18855] should_fail_ex+0x512/0x640 [ 721.368251][T18855] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 721.368274][T18855] should_failslab+0xc2/0x120 [ 721.368296][T18855] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 721.368316][T18855] ? __kernfs_new_node+0xd2/0x8a0 [ 721.368336][T18855] __kernfs_new_node+0xd2/0x8a0 [ 721.368355][T18855] ? __pfx___kernfs_new_node+0x10/0x10 [ 721.368376][T18855] ? find_held_lock+0x2b/0x80 [ 721.368394][T18855] ? kernfs_root+0xee/0x2a0 [ 721.368415][T18855] kernfs_new_node+0x13c/0x1e0 [ 721.368437][T18855] __kernfs_create_file+0x53/0x350 [ 721.368462][T18855] sysfs_add_file_mode_ns+0x207/0x3c0 [ 721.368493][T18855] sysfs_merge_group+0x1aa/0x340 [ 721.368511][T18855] ? __pfx_sysfs_merge_group+0x10/0x10 [ 721.368531][T18855] ? __pfx_dev_add_physical_location+0x10/0x10 [ 721.368553][T18855] ? bus_to_subsys+0x131/0x160 [ 721.368581][T18855] dpm_sysfs_add+0x237/0x280 [ 721.368604][T18855] device_add+0x9a6/0x1a70 [ 721.368629][T18855] ? __pfx_device_add+0x10/0x10 [ 721.368651][T18855] ? __pfx_exact_lock+0x10/0x10 [ 721.368680][T18855] ? kobject_get+0xbb/0x150 [ 721.368707][T18855] cdev_device_add+0xc2/0x1e0 [ 721.368727][T18855] evdev_connect+0x3a4/0x4c0 [ 721.368753][T18855] input_attach_handler.isra.0+0x181/0x260 [ 721.368779][T18855] input_register_device+0xa84/0x1130 [ 721.368805][T18855] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 721.368826][T18855] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 721.368856][T18855] ? find_held_lock+0x2b/0x80 [ 721.368884][T18855] ? __pfx_uinput_ioctl+0x10/0x10 [ 721.368900][T18855] __x64_sys_ioctl+0x190/0x200 [ 721.368925][T18855] do_syscall_64+0xcd/0x230 [ 721.368952][T18855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.368969][T18855] RIP: 0033:0x7fb82378e969 [ 721.368983][T18855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.369000][T18855] RSP: 002b:00007fb8215f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 721.369017][T18855] RAX: ffffffffffffffda RBX: 00007fb8239b5fa0 RCX: 00007fb82378e969 [ 721.369027][T18855] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 721.369037][T18855] RBP: 00007fb823810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 721.369046][T18855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.369056][T18855] R13: 0000000000000000 R14: 00007fb8239b5fa0 R15: 00007ffe249a3238 [ 721.369077][T18855] [ 722.013081][T18855] input: failed to attach handler evdev to device input12, error: -12 [ 726.170530][T18925] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4965'. [ 726.227382][T18925] [ 726.229759][T18925] ============================= [ 726.234633][T18925] WARNING: suspicious RCU usage [ 726.239613][T18925] 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted [ 726.247166][T18925] ----------------------------- [ 726.252184][T18925] net/mpls/af_mpls.c:84 suspicious rcu_dereference_check() usage! [ 726.261889][T18925] [ 726.261889][T18925] other info that might help us debug this: [ 726.261889][T18925] [ 726.273437][T18925] [ 726.273437][T18925] rcu_scheduler_active = 2, debug_locks = 1 [ 726.281641][T18925] 1 lock held by syz.0.4965/18925: [ 726.287034][T18925] #0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 726.296765][T18925] [ 726.296765][T18925] stack backtrace: [ 726.302728][T18925] CPU: 1 UID: 0 PID: 18925 Comm: syz.0.4965 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 726.302753][T18925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.302763][T18925] Call Trace: [ 726.302771][T18925] [ 726.302778][T18925] dump_stack_lvl+0x16c/0x1f0 [ 726.302808][T18925] lockdep_rcu_suspicious+0x166/0x260 [ 726.302833][T18925] mpls_route_input_rcu+0x1d4/0x200 [ 726.302859][T18925] mpls_getroute+0x621/0x1ea0 [ 726.302888][T18925] ? __lock_acquire+0xaa4/0x1ba0 [ 726.302909][T18925] ? __pfx_mpls_getroute+0x10/0x10 [ 726.302957][T18925] ? rcu_is_watching+0x12/0xc0 [ 726.302994][T18925] ? __pfx_mpls_getroute+0x10/0x10 [ 726.303020][T18925] rtnetlink_rcv_msg+0x3c9/0xe90 [ 726.303045][T18925] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 726.303076][T18925] netlink_rcv_skb+0x16d/0x440 [ 726.303099][T18925] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 726.303122][T18925] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 726.303154][T18925] ? netlink_deliver_tap+0x1ae/0xd30 [ 726.303179][T18925] netlink_unicast+0x53a/0x7f0 [ 726.303203][T18925] ? __pfx_netlink_unicast+0x10/0x10 [ 726.303224][T18925] ? __lock_acquire+0xaa4/0x1ba0 [ 726.303250][T18925] netlink_sendmsg+0x8d1/0xdd0 [ 726.303276][T18925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 726.303306][T18925] ____sys_sendmsg+0xa98/0xc70 [ 726.303332][T18925] ? copy_msghdr_from_user+0x10a/0x160 [ 726.303352][T18925] ? __pfx_____sys_sendmsg+0x10/0x10 [ 726.303380][T18925] ? kfree+0x252/0x4d0 [ 726.303394][T18925] ? schedule+0x2d7/0x3a0 [ 726.303420][T18925] ___sys_sendmsg+0x134/0x1d0 [ 726.303444][T18925] ? __pfx____sys_sendmsg+0x10/0x10 [ 726.303483][T18925] ? __pfx___might_resched+0x10/0x10 [ 726.303506][T18925] __sys_sendmmsg+0x200/0x420 [ 726.303529][T18925] ? __pfx___sys_sendmmsg+0x10/0x10 [ 726.303555][T18925] ? __pfx_do_futex+0x10/0x10 [ 726.303583][T18925] ? xfd_validate_state+0x5d/0x180 [ 726.303602][T18925] ? rcu_is_watching+0x12/0xc0 [ 726.303621][T18925] __x64_sys_sendmmsg+0x9c/0x100 [ 726.303641][T18925] ? lockdep_hardirqs_on+0x7c/0x110 [ 726.303665][T18925] do_syscall_64+0xcd/0x230 [ 726.303700][T18925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.303718][T18925] RIP: 0033:0x7f6f7ab8e969 [ 726.303734][T18925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.303751][T18925] RSP: 002b:00007f6f7b913038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 726.303769][T18925] RAX: ffffffffffffffda RBX: 00007f6f7adb5fa0 RCX: 00007f6f7ab8e969 [ 726.303779][T18925] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 726.303789][T18925] RBP: 00007f6f7ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 726.303799][T18925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.303809][T18925] R13: 0000000000000000 R14: 00007f6f7adb5fa0 R15: 00007fff5aa93ed8 [ 726.303829][T18925] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 727.166028][T18925] [ 727.168452][T18925] ============================= [ 727.173313][T18925] WARNING: suspicious RCU usage [ 727.179586][T18925] 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted [ 727.187988][T18925] ----------------------------- [ 727.192866][T18925] net/mpls/af_mpls.c:85 suspicious rcu_dereference_check() usage! [ 727.200763][T18925] [ 727.200763][T18925] other info that might help us debug this: [ 727.200763][T18925] [ 727.211405][T18925] [ 727.211405][T18925] rcu_scheduler_active = 2, debug_locks = 1 [ 727.220020][T18925] 1 lock held by syz.0.4965/18925: [ 727.225145][T18925] #0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 727.234933][T18925] [ 727.234933][T18925] stack backtrace: [ 727.241042][T18925] CPU: 1 UID: 0 PID: 18925 Comm: syz.0.4965 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 727.241068][T18925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 727.241078][T18925] Call Trace: [ 727.241085][T18925] [ 727.241093][T18925] dump_stack_lvl+0x16c/0x1f0 [ 727.241122][T18925] lockdep_rcu_suspicious+0x166/0x260 [ 727.241148][T18925] mpls_route_input_rcu+0x153/0x200 [ 727.241174][T18925] mpls_getroute+0x621/0x1ea0 [ 727.241202][T18925] ? __lock_acquire+0xaa4/0x1ba0 [ 727.241224][T18925] ? __pfx_mpls_getroute+0x10/0x10 [ 727.241261][T18925] ? rcu_is_watching+0x12/0xc0 [ 727.241299][T18925] ? __pfx_mpls_getroute+0x10/0x10 [ 727.241325][T18925] rtnetlink_rcv_msg+0x3c9/0xe90 [ 727.241349][T18925] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 727.241381][T18925] netlink_rcv_skb+0x16d/0x440 [ 727.241404][T18925] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 727.241426][T18925] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 727.241459][T18925] ? netlink_deliver_tap+0x1ae/0xd30 [ 727.241483][T18925] netlink_unicast+0x53a/0x7f0 [ 727.241508][T18925] ? __pfx_netlink_unicast+0x10/0x10 [ 727.241528][T18925] ? __lock_acquire+0xaa4/0x1ba0 [ 727.241554][T18925] netlink_sendmsg+0x8d1/0xdd0 [ 727.241579][T18925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 727.241611][T18925] ____sys_sendmsg+0xa98/0xc70 [ 727.241637][T18925] ? copy_msghdr_from_user+0x10a/0x160 [ 727.241656][T18925] ? __pfx_____sys_sendmsg+0x10/0x10 [ 727.241684][T18925] ? kfree+0x252/0x4d0 [ 727.241697][T18925] ? schedule+0x2d7/0x3a0 [ 727.241723][T18925] ___sys_sendmsg+0x134/0x1d0 [ 727.241744][T18925] ? __pfx____sys_sendmsg+0x10/0x10 [ 727.241782][T18925] ? __pfx___might_resched+0x10/0x10 [ 727.241805][T18925] __sys_sendmmsg+0x200/0x420 [ 727.241828][T18925] ? __pfx___sys_sendmmsg+0x10/0x10 [ 727.241854][T18925] ? __pfx_do_futex+0x10/0x10 [ 727.241882][T18925] ? xfd_validate_state+0x5d/0x180 [ 727.241900][T18925] ? rcu_is_watching+0x12/0xc0 [ 727.241919][T18925] __x64_sys_sendmmsg+0x9c/0x100 [ 727.241947][T18925] ? lockdep_hardirqs_on+0x7c/0x110 [ 727.241969][T18925] do_syscall_64+0xcd/0x230 [ 727.241996][T18925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.242013][T18925] RIP: 0033:0x7f6f7ab8e969 [ 727.242029][T18925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.242046][T18925] RSP: 002b:00007f6f7b913038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 727.242062][T18925] RAX: ffffffffffffffda RBX: 00007f6f7adb5fa0 RCX: 00007f6f7ab8e969 [ 727.242073][T18925] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 727.242083][T18925] RBP: 00007f6f7ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 727.242092][T18925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.242102][T18925] R13: 0000000000000000 R14: 00007f6f7adb5fa0 R15: 00007fff5aa93ed8 [ 727.242122][T18925] [ 730.814945][T16261] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.981231][T16261] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.263942][T16261] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.420572][T16261] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.680446][T16261] bridge_slave_1: left allmulticast mode [ 731.709686][T16261] bridge_slave_1: left promiscuous mode [ 731.716726][T16261] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.778097][T16261] bridge_slave_0: left allmulticast mode [ 731.813541][T16261] bridge_slave_0: left promiscuous mode [ 731.830492][T16261] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.806364][T16261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 732.823765][T16261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 732.835017][T16261] bond0 (unregistering): Released all slaves [ 733.217590][T16261] hsr_slave_0: left promiscuous mode [ 733.253328][T16261] hsr_slave_1: left promiscuous mode [ 733.269850][T16261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.277929][T16261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.310859][T16261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.318294][T16261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.388572][T16261] veth1_macvtap: left promiscuous mode [ 733.409314][T16261] veth0_macvtap: left promiscuous mode [ 733.416037][T16261] veth0_vlan: left promiscuous mode [ 734.100144][T16261] team0 (unregistering): Port device team_slave_1 removed [ 734.148294][T16261] team0 (unregistering): Port device team_slave_0 removed [ 735.068437][T16261] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.342754][T16261] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.529584][T16261] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.672544][T16261] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.004901][T16261] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.096404][T16261] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.175840][T16261] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0