last executing test programs: 26.574798728s ago: executing program 3 (id=620): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x20342, 0x0) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x8000000000000000, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r1, 0x0, 0x1, 0x0, 0x1e) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0xb, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb3, 0x0, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r2, 0x5522, 0xf15) ioctl$auto(r0, 0x5, r1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/015/001\x00', 0x7d5800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) socket(0xa, 0x5, 0x94) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) read$auto(r0, 0x0, 0x3) 19.036572032s ago: executing program 3 (id=629): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x10b000, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) msgrcv$auto(0x0, 0x0, 0x3, 0x1, 0xf1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) read$auto_proc_page_owner_threshold_(r3, &(0x7f0000000180)=""/165, 0xa5) symlink$auto(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0\x00') creat$auto(&(0x7f0000000680)='./file0\x00', 0x3) utime$auto(&(0x7f0000000000)='./file0\x00', 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 10.017136082s ago: executing program 3 (id=646): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) msgrcv$auto(0x0, 0x0, 0x3, 0x1, 0xf1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) read$auto_proc_page_owner_threshold_(r3, &(0x7f0000000180)=""/165, 0xa5) symlink$auto(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0\x00') creat$auto(&(0x7f0000000680)='./file0\x00', 0x3) utime$auto(&(0x7f0000000000)='./file0\x00', 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 5.35644137s ago: executing program 0 (id=659): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x8a100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/38, 0x26) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) socket(0xa, 0x1, 0x100) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x200000000007ff, 0x400) socket(0x1a, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000340)="feecc4fcf9b67b8cd1d3b8fa15064e15e7d72c736e2153c7dc04b4d79821af6511d5fb6e7316e007d8322be54f3c26cb54c4f32cce426edc96c124c5be2e46567b646ae069d7a3b3d058f3703db5177887f85bdf3e008cdd3f6cbbca5c3282bc3309ce7b9a02cfc1821f2dc3b60591bb83d4ca6efa8d85f28d4c3c5840a0cd8732c9fd9d0daeaa4cabd5ced26e4b4bfb3ca95c56f403dd6bf89b28c2c2d8", 0x9e) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x40000000, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) 5.27350969s ago: executing program 3 (id=661): mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/ipvlan1/delay_first_probe_time\x00', 0x61cd40, 0x0) mmap$auto(0x0, 0x1020009, 0x4000000000df, 0xeb1, r0, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0x13c, 0x0, 0x0, 0xd}, 0x5af}, 0x40, 0x100) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x3c, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xfff, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020026bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000006000700060000000800040003000000e381799cd4cc536362c7e4e13365c025d8c297dbb67e3195b4ae08403df668c68da85af452038e3acc18540c1038f8057d18aecb9ab5762352e08efcf6298559bf08baffd9d171349bec5731e849a2a65423222b0e2ec7fb0926c10fabff693840b1b28fa0f6003be7c9af062eab2a5c6a862725b8859a3dc8fdb42b5f40468c783e"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ppoll$auto(&(0x7f0000000040)={r2, 0x3, 0xb}, 0x200, &(0x7f0000000080)={0x101, 0x210}, 0x0, 0x8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x200, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x400, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x29, 0x48, 0x0, 0x20) 4.331947419s ago: executing program 2 (id=665): r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0) listen$auto(r0, 0x611e) (async) poll$auto(0x0, 0x6, 0x8) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(0x0, 0x7ffd, 0x12) (async) pwrite64$auto(0xffffffffffffffff, 0x0, 0x6, 0x8) mmap$auto(0x0, 0x1ff, 0xe5, 0x200000810, r1, 0x8000) (async) madvise$auto(0x0, 0x200007, 0x19) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000002c0)=ANY=[], 0x1c}}, 0x44041) (async) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r3, 0x300, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80004}, 0xc0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) read$auto(0x3, 0x0, 0x80) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x20009, 0x1ff, 0xeb1, 0x401, 0x8000) (async) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r5, 0x560a, 0x7) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) io_uring_enter$auto(r4, 0x2, 0x768, 0x20, &(0x7f0000000100)="73aa213cb38614273e2bf31ebc0b690764f9871897620d8013e8df72181eeab216693af1ef06609226d205c402ecec272079635056984e7a8821a2866b000baad83480c087c8", 0x0) r6 = socket(0x11, 0x80003, 0x300) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES64=r2, @ANYRESDEC], 0x7c}, 0x1, 0x0, 0x0, 0x4004091}, 0x40850) io_uring_enter$auto(r4, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) (async) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) 3.99634829s ago: executing program 0 (id=666): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x44, 0x0) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x700000000000000, 0x8002, 0x2) 3.732680669s ago: executing program 3 (id=667): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="05000800", @ANYRES16=r1, @ANYBLOB="e5b726bd7000fcdbdd251900000018000180140002006d6163767461703000000000000000"], 0x2c}}, 0x4048800) r2 = socket(0x10, 0x2, 0xc) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/numa_zonelist_order\x00', 0x202, 0x0) sendfile$auto(r2, r3, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x45, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/devices\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd13/queue/rotational\x00', 0x10b142, 0x0) sendfile$auto(r6, r6, 0x0, 0x2f2) getdents$auto(r4, &(0x7f0000000040)={0x4, 0x8000000000000000, 0x9, "3450353c6ab91d1d79818a2cf5def7be6b7b7b4d95e09b6c41274caafd23e049964c92029f4234d423a55cc58571eccba4b9719a44ed4ba1ba050431496a35641086c7211ee0e5d11e46461633b76f82404dd061832109a7ee3b53445c2a66e3aacc5baf44701da6fe9b4301114af4dbbf834f294118bedccf0e615ee0047a93fb097ceb655d898e7e71398f6e7a8aa212701e90d44ead2fffeb931e8ca9250118920f1b852ae84a2956d71806cc294d43e1c0eac9cdb64a20ade16c6afed3e2a16a13f11b7a53dd077cf29d40707225ae80e9a0e6e369c0b36e921cee26c5beb946593e2ff9dd108a0107a02e790d0b3f500bce453c5202623f058a4c36bdf89007278b4ec80fbb5398e03d433ff4408641ef8fb5dbeeab389e6bcac891cc322e5e636d8b3a1741448bbdb552260951766a70881fa4c45fba903beb7b8d34c9908b07398cc43ab676a4b1cec5e42b8fd8840bc9bb28bd95736d7b1f30c7f8e7ffd4b098347456452e9396a544b5fd8da020490616954bcb718a66a4c2c2957d2a4dfc065850e4469a750aec1dd11c4eb2e02854ddb31da887e1da8db430cfb7b4b298a2ab04d653802f2b888ba21e9d024b6c34bd4f194677e8e3bf95562ef2070ecf793c79a42208cca69e6fbd400214f97285e639071c7d023f619056c64789660993d1452934e30881d166efa5dee20c6a046cad2ac6020d3e5d8037a10a28483f884d964ce7bde8632ab8f10582f7e471e788391b30446139a9746c6c156c4a111088bf4ebeed528e76f60bb06b3b0afcbc3879333c68c23c728f0b1f02aff6cf0842e77002893659fcdabe18e867633e46af1eff879967f7b343ebb95fdf0ec07682d9463717fe9970fe288664627b214679cfe0986d7a3d94c925ff93d93223e9484b696e71ce4feb16af8e3a379be740f4a3f29e4c9ea7545653362cd479024634c3853ceecdf80d4523b30f0484141cc3b4acc58ed37387b3f286c86a5dfab0a5daf617e1baeaf50a8a32ee7557381092fa5573306a2a87a3ea513b0c91e4d7e36fc8858db691addc1af8d8b8a7f6dde27f75281f77270d7b8bf0bd71f227f02f55f8531cda254529aa85e5ece832095604e06d959e55cd298bd3a6ed0bd68c62dc1623ad36fe791ae7921a9555eaf8f3f180012d7f6f7d9cbcc969b195482bb5158abe3e6f636aeb9d175e53bac5154595e9d2418ec1a53297b6a9f08fef8c0fbfd952207aa43af2382b3fa1cf9d765171857ed682c96101cb5ab4c2c5e8ad80901024232a2f90bad27676fe4abb428d0caa24ffacb9cb794a781fc53ed573052e5a6842fe6d6d3981e20fb1df43bd6ef259f8a969ec29d53e0bb2e4b41d48901afada582579b83db08027e8b4631145f0a667a2475eacb8a0085c3b725e90617641f0e93b564858c038031c34e6c28b01184f67684445deabd2ad8b504aa2e1b8d2f5574a00b3af9929f208dd26e440489b6f3c0099bb9c589d8df3bb626f82fa27e9393b3dc48b698ee89f5f90bdc669f89325ec988fcfe12e1b819ee9bc3d1c25640aae51d56c419bab751c9ab5d8dfdb8ccc7dcde3a28da73fa7924313ac917ca7bba5b87997371aae8e617677c62bf01db4592319a75f4d9789b2df2635a03072d065f8bf6db23696bfbe812127b4cd79e7609cbf9bd9d5256dce52fe29fd0f335b59a894899232e0830385849205b6f3d03ab1b058f2e0c21d7156c696b42a70f743daeb515ca26d2e06fb961870b2675496b943dd3d44595a0b9dac5caf5f1735f233755c46da40f822b3523354158d8e908fad9b8eec0c7d1f7b1b86103d071c5f76896991bbd732a06d0e578e7d61c9cbd2b3a63661934f038eccbf36607c2926f5a445ce4613e52bccf469d86d585363c2e1afdda59b7a8436742c8eef864ab69a74a9c8b9e7c3787bcb3cb24444db32bbcc605cfe0d9d9d0dc90ad033f866f1c2f78e27729428da9c99188cfe11451072e1056ade07b964eed853dc4f9d54b2d33e003979e2ed74aad317b6a15df13fe2947c361ce82b08ea3736b1730be94aca885cb33828e032e4989313d051c21cfedb2c403b236f729095446b57d66d7575a3e884328191bbe8a8371c3301f2c0a4dbb7ac11653316b37b272995d6918426741553b442a3154e2ab906d35ec4efbeacbfd466a07fcd96b8818dbc578bfbfec92e7e9d9eecc1dce90edf09e67109894cc77443a08c4fe8fd285168d68642840f63265d4a47b314d4bd659e02c488d3ae444e2b818543bb2e6baac85693aaac1ba1e7e1c2cf6046c27545dd57ee8efc78207c7545380e1a5d840ea79c8fdce56b65894f07eac4814d12a5406ff800ac5e4f2cb565508a491e943f76384d83d5fe4b94537d664a21b4424c70748aed42a21f2f55fa81d731e7ef3d1aac0c43144fd617e29105c6bdc317123e3f89b62e6d1504f2dfbb2445902a0fba8bf67a96961246eec984e6ea56c034890c30918e1c02351cbc3471e11d48688e0367eb7f118eee42d024b538da30f4a27c362e43c24deb792111f6137728c83a2eb76c84473ff2b5e9a3045228bd37818c923cac56bb0f40bb0f4287739e394f00294bf5daa869e271a687e6016ddab9bd6c4085624da77fb756e45f70831c7dd4f5f7fe2ff51e8e23a33996ef82803857e7235748a98ef35ee14a7bcdd3b24cf9b765176509dc53a7e5a51c71eb02707068618f8ba2c61c9f0a7990418372226996eea4f22d953f9a911d7fb3f70197c99c0f6484dbf12fcd029dbe4e4232d2ba2b2561eb6bd9161973fda26d9a3482f6dec70f74acd524802f128fc7944a0ba5314badbc9488981ab957be5d1d2921009c695c9b00f04ea82e72be3d330fd2debf03d08f567c180a30de44f9d4eac680434a80fb48aad66ed80eec6f8ca4008bc601b7a07586135a53f68ea78af91afc4bb648b0887a15245b349a9694150eef0208e094dbee91d277f7ebbf8fd13a42c1ce27ac87bacf15885a030d2a02b14b4192b49bb601ea23cda40f1876577a41c3b3a4bd045bbf0ef13af2177d3fd8c353e5ec86c6472ce020be348aacdd99be0340b1deda4d7cdff7cea245c353d8f7b3ed71f2b2ff1163521e4d4da72175e6f26a9ce9415817c5dd4c4beb5ebf582a74482b056bbcb3fe2e496034941f89c149279d8168e01e4f278d5a277c42d111d2c33374fdfbdc0f44b060a26cd4ba04a5deaafde849eee9a50376529d93616e837168a830546eb4f35027018aa3845ccb01a5efbeab779ae162c63337ee96d2c3579956132a3cdc3495d10381cae48941f46ecda46766ce7e9986b8b745841177e14c5bf677449a0b458a5acb1d213e809025e3caf7aac543591533271ed5a12d40e0b69ac98af3cbc1343301cc7fe87a855402862f22fc19e11b37e1b18632ae48fbe3b0b94563124463b04ffecc6b00ff3ba79507033c23a731d3c3fbddc30af81b5a48bcbf2266ddcf10207c104438394fbe9a32b76748b28fd16a24f56bdef09a9108d07bbbfe743cce6b96173f4ecb90d4945f1b9449aa1633e7e1194126618da75ebb8804f444ff4629ecb33a73614fd53b1a9ae788d5f1e3158e3e51f24ad0d79228e47f0625b66d53345dfd7ee8f643995f227052b19f69335c5eb0822cec10c9d5c5ea9784cf6168bae4749ad2cc452b38aa6befc45c654e8d6f15d5efb003563d8220263cf7a4e2d845217bd47d4d4b441f730dc983bd6a9dfbe041501f7b5fe301dba48753ea1dee9e18ebad3c286071376302b730c0d8025845e93125ca899a8a76f2a888a630fcaed1e8f6f8845ec5dea097addbf7c55deece73e194179627d97a340e67c1a5fd3d9f9132a4a21417d2487d69ebf913d1c752d7ecd406c08455850b57ca0628e566b91f82ae9eedc7de6df5f08cb90d445a6a243a51571cc03f3b527e34c210809f1c81d73f68f4da9b80d29789c29a01e46628e45302d54c7eed06d62398058b7530bc8f33112faaedc1cc5210142dab5fd145a9ee61004c5e50b9b2e63389bd1da8d71fae55f1e824ec78f1ab4ba33accb638cd47ca410847ef1c4f66c93a099115f380ec994d442628239c8f94374347c893e47cada2baf912c334cb0e61effac6e2e740de27d77de33d6abb8ad8b3c06170850450539c4d6bf8d4bbb28bbc8b9a3958ffc931ef68081078613febb50e25b23551effba25fe9e62207a614e79c6e5e98c45f0e40ec1cd34a418fdf7a9f6bdf72e83e6b9f0b9d09b19decc692b941d72cef5b35e2816f66278facb7af1714011a665e58322af1b158a1dbb8d9af5a6a60e2e75e20fc62e38451f7bdee44a9159d318824b4fd015da2a8a93faa461ca077a2ee348cb4c69f95a78ebdfaf6532156203be1ab65ec3609207baa45ebad9cd67e82c11be1a7fbcfe5cd14a3fe430965c70c107aec19317738d43857743f1888a282e5dbefd0c50e337b58785b8360c4587fc131c32c4dd90ae2c99440c5b18927150cc42b4cc4629eff6ac09f7cf3cff809b3ecc114670ccb2345bd285b343dcb3088fe083d2f553a0a3ffbd26189ea5b5506b40f8f45071c431831d789f930839d331a156cb36ae0724410c8ddbf7e132442101b91a427345e7d7e938b191c9b48b0a3020e55397275ee1ed8a373fcf678f5c0597317efcec0a86580000bf99ec42437d3c19e8d506638a6a8223bfe77780e389a30704a46f6f4fb8dd5dbb93f469ff7fc7a6b489bbc7b06fd1d09747d62738912c01e6a9bd07323b415d5d0f50e03c0195adcc2c22ec005af0fe8ee2e9b42015734252f92f64eb3c0801b48cdbce7abfabfb1bb3ad2d61dbe9d236c8a77cf63c8f5a6e9a63807cea9171294d68829aff3907f5dee388e2965866f9feb28616a15e5ffaa9528bd8868779ca224eaf1d8d93a0613586f5d117361287b080c38d0ed248c961f7414d011c6e17684a9992ddd332bd49c54865ff96a6d76dd25582d2dd9a17f7841623ed7aac5ff5c3bfbbff359fb5fb10c123edf04101e6ceee5fe0ffbe211ecfe327ab911fb72c628685ec869ec782eba76b68b33365de89a678420bae3a633654ed51506ba005e86b8fb556e7ab2da257194676d48c4f8abe5ab95062c0935624f3548d449f8cfb345f4f878e8ae16537f8b38b5303b2f4d402db1cbb37d9d7b086f5f1a70cad68cbb3f633ab977264fe4925dd51d4cd0f270e4ad576159657a7c1c395e15c55abf04842a688b4e776433fd21cb6d33d0b7338e9b29999fd9987d79d7025dee21ac43431210b4e578a9cbbccc71dc63af3464def10ab13ee791c6d2508ceacbfeede828a0b332c01278ec6f54718a39f545da5d5a2a0d36b765e8c725abf3958beae9837af23c3f7ee30101baca79be091027bdd35b65c782f6c93b991441dc4ef5eded3b3e511d1b2cf904db43fc57c7cddc78ed0e7109bc47eb4d408464b9fb1cb57cf1d425c418777517b2d585ce25a096d48cf995af1157a4051f8089e30ca84fe7b9ea409e7e248127d8bbd14071c5739f671067b66ebfb8008b43afcf00538413ef4f5803e4d622b0919b19e743e4c55670d485ff6e1b4b7168398f5d9270e96d5f19a0fd15e0807a3a43d29328cd48164449d2271fea87e813f79b6241d3784de978eb5cce999e2d89bff18b8964ae9a77383f47dbc65d8b3ce7b9aa1f96e05e9da3c6ec10beae846f74f87443cd50b01e479cd9f919469687670660c11ff5ceeed988fb6e468f4e4e944adfbded55ff68799cd1673b6c6978566c9da8fae801f7da6ebe37e0083d9cc28f4ae887c5db12c8d5719130fd0acabcb9800161fab9ab19"}, 0x60) sendfile$auto(r5, r5, 0x0, 0x1) 3.584468088s ago: executing program 0 (id=668): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) adjtimex$auto(&(0x7f0000000000)={0x4, 0x0, 0xcbe9, 0xffff, 0xa, 0x80000000, 0xd37f, 0x0, 0xffff, 0xc, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x10002, 0x2, 0x4, 0x0, 0xfffffffdfffffffa, 0x1, 0x0, 0x9, 0x7, 0xffffffff}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 3.068281244s ago: executing program 2 (id=670): r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x180) openat2$auto(r0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x3, 0x80000000, 0x2}, 0x5) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29a42, 0x0) mmap$auto(0x2000, 0x80009, 0x62, 0x8000000008011, r1, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x280000, 0x0) r2 = prctl$auto(0x35, 0x2, 0x0, 0x0, 0x0) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x18000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) getsockopt$auto_SO_SNDTIMEO_OLD(r2, 0x9, 0x15, &(0x7f0000000040)=',*:\x00', &(0x7f0000000080)=0x401) r4 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR64(r4, 0xc0884123, &(0x7f00000021c0)={0xa000, 0x0, @status={0xd, 0x0, {}, 0x0, {}, {0x3, 0xf}, 0x2, 0x0, {0x800000000000b5, 0x5}}, @reserved="f35874c92112449e7fd4fef7e9c5395063bf2b6e655dab345919d402376165b4c9e339e25ae88cc065d57566caddb3756a0726743683be0d7d86660a25738d9f"}) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) 3.019187336s ago: executing program 3 (id=671): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) adjtimex$auto(&(0x7f0000000000)={0x4, 0x0, 0xcbe9, 0xffff, 0xa, 0x80000000, 0xd37f, 0x0, 0xffff, 0xc, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x10002, 0x2, 0x4, 0x0, 0xfffffffdfffffffa, 0x1, 0x0, 0x9, 0x7, 0xffffffff}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) 2.84997678s ago: executing program 2 (id=673): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readlink$auto(0x0, 0x0, 0x7) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r0 = set_tid_address$auto(0x0) r1 = syz_open_procfs$namespace(r0, &(0x7f0000000080)) getdents$auto(r1, 0x0, 0x3f1) (async) getdents$auto(r1, 0x0, 0xa2b0) sched_rr_get_interval$auto(r0, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/ip_vti0/accept_source_route\x00', 0x414083, 0x0) r2 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps\x00', 0x800, 0x0) read$auto_proc_pid_smaps_operations_internal(r2, &(0x7f0000000100)=""/121, 0x79) lseek$auto(0x3, 0x8, 0x3) 2.752329226s ago: executing program 0 (id=674): fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) ioctl$auto_MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000180)={&(0x7f0000000080)={0xfffffffffffffffb, 0x21, 0x5, 0x6, 0x6, 0x0, 0x5, 0x4, 0x4603, 0x80, 0x7fffffff, 0x9, 0xa, @setup="db76ad3f899c4ede", 0x7, 0x9, 0x8001, 0xcf7}, &(0x7f0000000440)="4de5b0b3d14abecf852efb3300d9e323fa4aeb24cb2be678e2abdd642fbda83814b3fa778d250049361b1d78c2d255308bcf7c87d59c63bcf84a4558cb383c5376ed58d9809c93fc12827b412ee9767d124de760bce03c3fb8ceb99731db37ce3aa7bc19558be1b5fa3331d9cd1225555efe791224438da163255405c9702b50f59644122001aa5dc1bf04334c523ea456eb83df82b3bde2791d4232864cba00e83a0f8d43c1a4f679c1d45a6dbb800da65ecdef70b140fd97657a83b073d588451c7da659005a583816f621034b9ed86d8e8c61c72d797cb8ffd22f45be4c9fc075e496195741c3b821c764bede561080", 0x8001}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82400, 0x0) ioctl$auto_SG_SCSI_RESET(r1, 0x2284, 0x0) epoll_create$auto(0x4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x17f, 0x7, 0xd, 0x5, 0x948b, 0x3, 0x15f4da0a, 0x0, 0x3, 0x62, 0x80000004, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) ioctl$auto(r2, 0x6, 0xffffffffffffffff) ioctl$auto(0x20000000000003, 0x8946, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x753, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) r3 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0x40000b}, 0xfff}, 0x5, 0x311) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/drvctl\x00', 0x20681, 0x0) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000001c0)={{@inferred=0x0, 0x1, 0x40008, 0x7, "aab8e80600080043529f895cf5e8ec8f46cbb766439daa41e1aa00000000001200000000070a00"}, 0x6, 0x8, 0x7, @raw=0x1, @enumerated={0x4, 0xffff, "3a451db75512bd3527fc812ba5063f658f3a83495f2f7e8b4b84d579e75c002e35796b745e9f1f32cbfbdc296577c42c2257f3cdba1288075707bcc50e018166", 0x9e, 0x5}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r5, 0xc0405519, &(0x7f00000000c0)={@inferred=r6, 0x7, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)="f4", 0x1) prctl$auto(0x35, 0x0, 0x4000000008, 0x0, 0x0) add_key$auto(&(0x7f0000000040)='\xfe\xff$\x9aS8\x93\xa0\xde\xf3#y\xf9;\xe2B~j\x13\xa8\x83b\xc6hSP\xba', &(0x7f0000000000), 0x0, 0x7aef, 0x30) 2.642683987s ago: executing program 1 (id=675): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x8a100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/38, 0x26) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) socket(0xa, 0x1, 0x100) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x200000000007ff, 0x400) socket(0x1a, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000340)="feecc4fcf9b67b8cd1d3b8fa15064e15e7d72c736e2153c7dc04b4d79821af6511d5fb6e7316e007d8322be54f3c26cb54c4f32cce426edc96c124c5be2e46567b646ae069d7a3b3d058f3703db5177887f85bdf3e008cdd3f6cbbca5c3282bc3309ce7b9a02cfc1821f2dc3b60591bb83d4ca6efa8d85f28d4c3c5840a0cd8732c9fd9d0daeaa4cabd5ced26e4b4bfb3ca95c56f403dd6bf89b28c2c2d8", 0x9e) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x8dffffff, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) 2.328289953s ago: executing program 2 (id=676): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) r1 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a712, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x28000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) sendfile$auto(r2, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0xe9, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40040, 0x0) readv$auto(r3, &(0x7f0000000140)={&(0x7f0000000080), 0x7}, 0x4) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x8) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.528308611s ago: executing program 0 (id=677): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x8a100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/38, 0x26) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) socket(0xa, 0x1, 0x100) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x200000000007ff, 0x400) socket(0x1a, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000340)="feecc4fcf9b67b8cd1d3b8fa15064e15e7d72c736e2153c7dc04b4d79821af6511d5fb6e7316e007d8322be54f3c26cb54c4f32cce426edc96c124c5be2e46567b646ae069d7a3b3d058f3703db5177887f85bdf3e008cdd3f6cbbca5c3282bc3309ce7b9a02cfc1821f2dc3b60591bb83d4ca6efa8d85f28d4c3c5840a0cd8732c9fd9d0daeaa4cabd5ced26e4b4bfb3ca95c56f403dd6bf89b28c2c2d8", 0x9e) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x8401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) 1.484119045s ago: executing program 1 (id=678): mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0xa, 0x4) r0 = ioctl$auto_NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r4, 0x4018bc13, 0x0) ioctl$auto(0x3, 0x4b34, 0x3) clock_gettime$auto(0x1, 0x0) sendmmsg$auto(r3, 0x0, 0x2, 0xfc4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x13, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0x2}, 0x1002}, 0x739618ce, 0x311) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x5) poll$auto(&(0x7f0000000100)={r1, 0x3, 0x1}, 0x40, 0x4) signalfd4$auto(r5, &(0x7f0000000180)={0x400}, 0x7f, 0x5740) close_range$auto(0x2, 0x8, 0x0) 1.295473638s ago: executing program 1 (id=679): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@HWSIM_ATTR_REG_HINT_ALPHA2={0x5, 0xb, '.'}]}, 0x1c}, 0x1, 0xff070000}, 0x4044820) 1.018253106s ago: executing program 1 (id=680): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="05000800", @ANYRES16=r1, @ANYBLOB="e5b726bd7000fcdbdd251900000018000180140002006d6163767461703000000000000000"], 0x2c}}, 0x4048800) r2 = socket(0x10, 0x2, 0xc) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/numa_zonelist_order\x00', 0x202, 0x0) sendfile$auto(r2, r3, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x45, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/devices\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd13/queue/rotational\x00', 0x10b142, 0x0) sendfile$auto(r6, r6, 0x0, 0x2f2) getdents$auto(r4, &(0x7f0000000040)={0x4, 0x8000000000000000, 0x9, "3450353c6ab91d1d79818a2cf5def7be6b7b7b4d95e09b6c41274caafd23e049964c92029f4234d423a55cc58571eccba4b9719a44ed4ba1ba050431496a35641086c7211ee0e5d11e46461633b76f82404dd061832109a7ee3b53445c2a66e3aacc5baf44701da6fe9b4301114af4dbbf834f294118bedccf0e615ee0047a93fb097ceb655d898e7e71398f6e7a8aa212701e90d44ead2fffeb931e8ca9250118920f1b852ae84a2956d71806cc294d43e1c0eac9cdb64a20ade16c6afed3e2a16a13f11b7a53dd077cf29d40707225ae80e9a0e6e369c0b36e921cee26c5beb946593e2ff9dd108a0107a02e790d0b3f500bce453c5202623f058a4c36bdf89007278b4ec80fbb5398e03d433ff4408641ef8fb5dbeeab389e6bcac891cc322e5e636d8b3a1741448bbdb552260951766a70881fa4c45fba903beb7b8d34c9908b07398cc43ab676a4b1cec5e42b8fd8840bc9bb28bd95736d7b1f30c7f8e7ffd4b098347456452e9396a544b5fd8da020490616954bcb718a66a4c2c2957d2a4dfc065850e4469a750aec1dd11c4eb2e02854ddb31da887e1da8db430cfb7b4b298a2ab04d653802f2b888ba21e9d024b6c34bd4f194677e8e3bf95562ef2070ecf793c79a42208cca69e6fbd400214f97285e639071c7d023f619056c64789660993d1452934e30881d166efa5dee20c6a046cad2ac6020d3e5d8037a10a28483f884d964ce7bde8632ab8f10582f7e471e788391b30446139a9746c6c156c4a111088bf4ebeed528e76f60bb06b3b0afcbc3879333c68c23c728f0b1f02aff6cf0842e77002893659fcdabe18e867633e46af1eff879967f7b343ebb95fdf0ec07682d9463717fe9970fe288664627b214679cfe0986d7a3d94c925ff93d93223e9484b696e71ce4feb16af8e3a379be740f4a3f29e4c9ea7545653362cd479024634c3853ceecdf80d4523b30f0484141cc3b4acc58ed37387b3f286c86a5dfab0a5daf617e1baeaf50a8a32ee7557381092fa5573306a2a87a3ea513b0c91e4d7e36fc8858db691addc1af8d8b8a7f6dde27f75281f77270d7b8bf0bd71f227f02f55f8531cda254529aa85e5ece832095604e06d959e55cd298bd3a6ed0bd68c62dc1623ad36fe791ae7921a9555eaf8f3f180012d7f6f7d9cbcc969b195482bb5158abe3e6f636aeb9d175e53bac5154595e9d2418ec1a53297b6a9f08fef8c0fbfd952207aa43af2382b3fa1cf9d765171857ed682c96101cb5ab4c2c5e8ad80901024232a2f90bad27676fe4abb428d0caa24ffacb9cb794a781fc53ed573052e5a6842fe6d6d3981e20fb1df43bd6ef259f8a969ec29d53e0bb2e4b41d48901afada582579b83db08027e8b4631145f0a667a2475eacb8a0085c3b725e90617641f0e93b564858c038031c34e6c28b01184f67684445deabd2ad8b504aa2e1b8d2f5574a00b3af9929f208dd26e440489b6f3c0099bb9c589d8df3bb626f82fa27e9393b3dc48b698ee89f5f90bdc669f89325ec988fcfe12e1b819ee9bc3d1c25640aae51d56c419bab751c9ab5d8dfdb8ccc7dcde3a28da73fa7924313ac917ca7bba5b87997371aae8e617677c62bf01db4592319a75f4d9789b2df2635a03072d065f8bf6db23696bfbe812127b4cd79e7609cbf9bd9d5256dce52fe29fd0f335b59a894899232e0830385849205b6f3d03ab1b058f2e0c21d7156c696b42a70f743daeb515ca26d2e06fb961870b2675496b943dd3d44595a0b9dac5caf5f1735f233755c46da40f822b3523354158d8e908fad9b8eec0c7d1f7b1b86103d071c5f76896991bbd732a06d0e578e7d61c9cbd2b3a63661934f038eccbf36607c2926f5a445ce4613e52bccf469d86d585363c2e1afdda59b7a8436742c8eef864ab69a74a9c8b9e7c3787bcb3cb24444db32bbcc605cfe0d9d9d0dc90ad033f866f1c2f78e27729428da9c99188cfe11451072e1056ade07b964eed853dc4f9d54b2d33e003979e2ed74aad317b6a15df13fe2947c361ce82b08ea3736b1730be94aca885cb33828e032e4989313d051c21cfedb2c403b236f729095446b57d66d7575a3e884328191bbe8a8371c3301f2c0a4dbb7ac11653316b37b272995d6918426741553b442a3154e2ab906d35ec4efbeacbfd466a07fcd96b8818dbc578bfbfec92e7e9d9eecc1dce90edf09e67109894cc77443a08c4fe8fd285168d68642840f63265d4a47b314d4bd659e02c488d3ae444e2b818543bb2e6baac85693aaac1ba1e7e1c2cf6046c27545dd57ee8efc78207c7545380e1a5d840ea79c8fdce56b65894f07eac4814d12a5406ff800ac5e4f2cb565508a491e943f76384d83d5fe4b94537d664a21b4424c70748aed42a21f2f55fa81d731e7ef3d1aac0c43144fd617e29105c6bdc317123e3f89b62e6d1504f2dfbb2445902a0fba8bf67a96961246eec984e6ea56c034890c30918e1c02351cbc3471e11d48688e0367eb7f118eee42d024b538da30f4a27c362e43c24deb792111f6137728c83a2eb76c84473ff2b5e9a3045228bd37818c923cac56bb0f40bb0f4287739e394f00294bf5daa869e271a687e6016ddab9bd6c4085624da77fb756e45f70831c7dd4f5f7fe2ff51e8e23a33996ef82803857e7235748a98ef35ee14a7bcdd3b24cf9b765176509dc53a7e5a51c71eb02707068618f8ba2c61c9f0a7990418372226996eea4f22d953f9a911d7fb3f70197c99c0f6484dbf12fcd029dbe4e4232d2ba2b2561eb6bd9161973fda26d9a3482f6dec70f74acd524802f128fc7944a0ba5314badbc9488981ab957be5d1d2921009c695c9b00f04ea82e72be3d330fd2debf03d08f567c180a30de44f9d4eac680434a80fb48aad66ed80eec6f8ca4008bc601b7a07586135a53f68ea78af91afc4bb648b0887a15245b349a9694150eef0208e094dbee91d277f7ebbf8fd13a42c1ce27ac87bacf15885a030d2a02b14b4192b49bb601ea23cda40f1876577a41c3b3a4bd045bbf0ef13af2177d3fd8c353e5ec86c6472ce020be348aacdd99be0340b1deda4d7cdff7cea245c353d8f7b3ed71f2b2ff1163521e4d4da72175e6f26a9ce9415817c5dd4c4beb5ebf582a74482b056bbcb3fe2e496034941f89c149279d8168e01e4f278d5a277c42d111d2c33374fdfbdc0f44b060a26cd4ba04a5deaafde849eee9a50376529d93616e837168a830546eb4f35027018aa3845ccb01a5efbeab779ae162c63337ee96d2c3579956132a3cdc3495d10381cae48941f46ecda46766ce7e9986b8b745841177e14c5bf677449a0b458a5acb1d213e809025e3caf7aac543591533271ed5a12d40e0b69ac98af3cbc1343301cc7fe87a855402862f22fc19e11b37e1b18632ae48fbe3b0b94563124463b04ffecc6b00ff3ba79507033c23a731d3c3fbddc30af81b5a48bcbf2266ddcf10207c104438394fbe9a32b76748b28fd16a24f56bdef09a9108d07bbbfe743cce6b96173f4ecb90d4945f1b9449aa1633e7e1194126618da75ebb8804f444ff4629ecb33a73614fd53b1a9ae788d5f1e3158e3e51f24ad0d79228e47f0625b66d53345dfd7ee8f643995f227052b19f69335c5eb0822cec10c9d5c5ea9784cf6168bae4749ad2cc452b38aa6befc45c654e8d6f15d5efb003563d8220263cf7a4e2d845217bd47d4d4b441f730dc983bd6a9dfbe041501f7b5fe301dba48753ea1dee9e18ebad3c286071376302b730c0d8025845e93125ca899a8a76f2a888a630fcaed1e8f6f8845ec5dea097addbf7c55deece73e194179627d97a340e67c1a5fd3d9f9132a4a21417d2487d69ebf913d1c752d7ecd406c08455850b57ca0628e566b91f82ae9eedc7de6df5f08cb90d445a6a243a51571cc03f3b527e34c210809f1c81d73f68f4da9b80d29789c29a01e46628e45302d54c7eed06d62398058b7530bc8f33112faaedc1cc5210142dab5fd145a9ee61004c5e50b9b2e63389bd1da8d71fae55f1e824ec78f1ab4ba33accb638cd47ca410847ef1c4f66c93a099115f380ec994d442628239c8f94374347c893e47cada2baf912c334cb0e61effac6e2e740de27d77de33d6abb8ad8b3c06170850450539c4d6bf8d4bbb28bbc8b9a3958ffc931ef68081078613febb50e25b23551effba25fe9e62207a614e79c6e5e98c45f0e40ec1cd34a418fdf7a9f6bdf72e83e6b9f0b9d09b19decc692b941d72cef5b35e2816f66278facb7af1714011a665e58322af1b158a1dbb8d9af5a6a60e2e75e20fc62e38451f7bdee44a9159d318824b4fd015da2a8a93faa461ca077a2ee348cb4c69f95a78ebdfaf6532156203be1ab65ec3609207baa45ebad9cd67e82c11be1a7fbcfe5cd14a3fe430965c70c107aec19317738d43857743f1888a282e5dbefd0c50e337b58785b8360c4587fc131c32c4dd90ae2c99440c5b18927150cc42b4cc4629eff6ac09f7cf3cff809b3ecc114670ccb2345bd285b343dcb3088fe083d2f553a0a3ffbd26189ea5b5506b40f8f45071c431831d789f930839d331a156cb36ae0724410c8ddbf7e132442101b91a427345e7d7e938b191c9b48b0a3020e55397275ee1ed8a373fcf678f5c0597317efcec0a86580000bf99ec42437d3c19e8d506638a6a8223bfe77780e389a30704a46f6f4fb8dd5dbb93f469ff7fc7a6b489bbc7b06fd1d09747d62738912c01e6a9bd07323b415d5d0f50e03c0195adcc2c22ec005af0fe8ee2e9b42015734252f92f64eb3c0801b48cdbce7abfabfb1bb3ad2d61dbe9d236c8a77cf63c8f5a6e9a63807cea9171294d68829aff3907f5dee388e2965866f9feb28616a15e5ffaa9528bd8868779ca224eaf1d8d93a0613586f5d117361287b080c38d0ed248c961f7414d011c6e17684a9992ddd332bd49c54865ff96a6d76dd25582d2dd9a17f7841623ed7aac5ff5c3bfbbff359fb5fb10c123edf04101e6ceee5fe0ffbe211ecfe327ab911fb72c628685ec869ec782eba76b68b33365de89a678420bae3a633654ed51506ba005e86b8fb556e7ab2da257194676d48c4f8abe5ab95062c0935624f3548d449f8cfb345f4f878e8ae16537f8b38b5303b2f4d402db1cbb37d9d7b086f5f1a70cad68cbb3f633ab977264fe4925dd51d4cd0f270e4ad576159657a7c1c395e15c55abf04842a688b4e776433fd21cb6d33d0b7338e9b29999fd9987d79d7025dee21ac43431210b4e578a9cbbccc71dc63af3464def10ab13ee791c6d2508ceacbfeede828a0b332c01278ec6f54718a39f545da5d5a2a0d36b765e8c725abf3958beae9837af23c3f7ee30101baca79be091027bdd35b65c782f6c93b991441dc4ef5eded3b3e511d1b2cf904db43fc57c7cddc78ed0e7109bc47eb4d408464b9fb1cb57cf1d425c418777517b2d585ce25a096d48cf995af1157a4051f8089e30ca84fe7b9ea409e7e248127d8bbd14071c5739f671067b66ebfb8008b43afcf00538413ef4f5803e4d622b0919b19e743e4c55670d485ff6e1b4b7168398f5d9270e96d5f19a0fd15e0807a3a43d29328cd48164449d2271fea87e813f79b6241d3784de978eb5cce999e2d89bff18b8964ae9a77383f47dbc65d8b3ce7b9aa1f96e05e9da3c6ec10beae846f74f87443cd50b01e479cd9f919469687670660c11ff5ceeed988fb6e468f4e4e944adfbded55ff68799cd1673b6c6978566c9da8fae801f7da6ebe37e0083d9cc28f4ae887c5db12c8d5719130fd0acabcb9800161fab9ab19"}, 0x60) sendfile$auto(r5, r5, 0x0, 0x1) 647.242777ms ago: executing program 1 (id=681): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x5, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x7ff, 0x1a7b8f0a, 0x76c5, 0x8, 0x100000000}}) r0 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) 384.853848ms ago: executing program 0 (id=682): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) adjtimex$auto(&(0x7f0000000000)={0x4, 0x0, 0xcbe9, 0xffff, 0xa, 0x80000000, 0xd37f, 0x0, 0xffff, 0xc, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x10002, 0x2, 0x4, 0x0, 0xfffffffdfffffffa, 0x1, 0x0, 0x9, 0x7, 0xffffffff}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 206.912048ms ago: executing program 1 (id=683): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, 0x0, 0xe) 125.540118ms ago: executing program 2 (id=684): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x177) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x240000, 0x0) dup2$auto(r2, r1) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r0}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@bpf_attr_0={0x5, 0x0, 0xfb03, 0x9, 0x4, 0xffffffffffffffff, 0x9, "7defc51120dfc9202e5ea7421ce62c93", 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2, 0x7ff}, 0xc) 0s ago: executing program 2 (id=685): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000001040)='/dev/cec9\x00', 0x10000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x7fff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000300)='./file0\x00', 0x961343, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981082, 0x0) mmap$auto(0x0, 0x2000a, 0x4, 0xeb2, 0x401, 0x8008) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES2(r1, 0x4008af25, &(0x7f0000000080)=0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/kernel/notes\x00', 0x101700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/4096, 0x1000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) setgroups$auto(0xe32, 0x0) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xcc, 0xfffffffffffffffc, 0x3c) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) kernel console output (not intermixed with test programs): 7424][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.344474][ T5917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.359726][ T5917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.383002][ T5924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.426856][ T5924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.564809][ T5946] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 347.582286][ T5924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.606115][ T5924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.691112][ T5889] Bluetooth: hci3: command tx timeout [ 347.766841][ T5889] Bluetooth: hci1: command tx timeout [ 347.772331][ T5877] Bluetooth: hci2: command tx timeout [ 347.779064][ T51] Bluetooth: hci0: command tx timeout [ 347.966978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 348.037360][ T5955] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 348.058398][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 348.125193][ T5955] FAULT_INJECTION: forcing a failure. [ 348.125193][ T5955] name failslab, interval 1, probability 0, space 0, times 1 [ 348.152195][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: syz.2.3 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 348.152229][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 348.152249][ T5955] Call Trace: [ 348.152260][ T5955] [ 348.152273][ T5955] dump_stack_lvl+0x16c/0x1f0 [ 348.152327][ T5955] should_fail_ex+0x512/0x640 [ 348.152357][ T5955] ? __kmalloc_noprof+0xbf/0x510 [ 348.152400][ T5955] ? ima_write_template_field_data+0x5d/0x1f0 [ 348.152442][ T5955] should_failslab+0xc2/0x120 [ 348.152469][ T5955] __kmalloc_noprof+0xd2/0x510 [ 348.152509][ T5955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.152543][ T5955] ima_write_template_field_data+0x5d/0x1f0 [ 348.152592][ T5955] ima_eventdigest_init_common+0x154/0x430 [ 348.152637][ T5955] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 348.152722][ T5955] ? rcu_is_watching+0x12/0xc0 [ 348.152751][ T5955] ? trace_kmalloc+0x2b/0xd0 [ 348.152779][ T5955] ? __kmalloc_noprof+0x242/0x510 [ 348.152831][ T5955] ima_alloc_init_template+0x3a0/0x720 [ 348.152873][ T5955] ? __pfx_d_absolute_path+0x10/0x10 [ 348.152906][ T5955] ima_store_measurement+0x1eb/0x5c0 [ 348.152948][ T5955] ? __pfx_ima_store_measurement+0x10/0x10 [ 348.152987][ T5955] ? ima_d_path+0x12b/0x2a0 [ 348.153033][ T5955] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 348.153080][ T5955] process_measurement+0x1ddb/0x23e0 [ 348.153128][ T5955] ? __pfx_process_measurement+0x10/0x10 [ 348.153181][ T5955] ? kasan_quarantine_put+0x10a/0x240 [ 348.153271][ T5955] ima_bprm_check+0xe7/0x210 [ 348.153305][ T5955] ? __pfx_ima_bprm_check+0x10/0x10 [ 348.153348][ T5955] security_bprm_check+0xa5/0x1e0 [ 348.153388][ T5955] bprm_execve+0x810/0x1650 [ 348.153435][ T5955] ? __pfx_bprm_execve+0x10/0x10 [ 348.153472][ T5955] ? copy_string_kernel+0x444/0x510 [ 348.153521][ T5955] do_execveat_common.isra.0+0x4a5/0x610 [ 348.153591][ T5955] __x64_sys_execve+0x8e/0xb0 [ 348.153636][ T5955] do_syscall_64+0xcd/0x490 [ 348.153670][ T5955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.153701][ T5955] RIP: 0033:0x7f1f0898e929 [ 348.153731][ T5955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.153759][ T5955] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 348.153790][ T5955] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 348.153810][ T5955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 348.153828][ T5955] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 348.153845][ T5955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 348.153862][ T5955] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 348.153902][ T5955] [ 348.430156][ T30] audit: type=1804 audit(1749056250.670:2): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.3" name="/newroot/0/file0" dev="tmpfs" ino=18 res=0 errno=0 [ 348.756995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 348.927375][ T5966] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10'. [ 348.948856][ T5966] vcan0: entered promiscuous mode [ 348.962660][ T5966] Zero length message leads to an empty skb [ 349.026955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 349.069576][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 349.552271][ T5974] zswap: compressor not available [ 349.776607][ T5877] Bluetooth: hci3: command tx timeout [ 349.787821][ T5985] FAULT_INJECTION: forcing a failure. [ 349.787821][ T5985] name failslab, interval 1, probability 0, space 0, times 0 [ 349.828994][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: syz.2.14 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 349.829029][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 349.829046][ T5985] Call Trace: [ 349.829054][ T5985] [ 349.829064][ T5985] dump_stack_lvl+0x16c/0x1f0 [ 349.829115][ T5985] should_fail_ex+0x512/0x640 [ 349.829146][ T5985] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 349.829188][ T5985] should_failslab+0xc2/0x120 [ 349.829222][ T5985] __kmalloc_cache_noprof+0x6a/0x3e0 [ 349.829261][ T5985] ? alloc_info_private+0xc4/0x1b0 [ 349.829301][ T5985] alloc_info_private+0xc4/0x1b0 [ 349.829336][ T5985] snd_info_text_entry_open+0xae/0x2a0 [ 349.829371][ T5985] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 349.829403][ T5985] ? trace_kmem_cache_alloc+0x28/0xc0 [ 349.829432][ T5985] ? __pfx_apparmor_file_open+0x10/0x10 [ 349.829477][ T5985] ? proc_reg_open+0x21d/0x610 [ 349.829517][ T5985] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 349.829551][ T5985] proc_reg_open+0x286/0x610 [ 349.829594][ T5985] do_dentry_open+0x741/0x1c10 [ 349.829635][ T5985] ? __pfx_proc_reg_open+0x10/0x10 [ 349.829683][ T5985] vfs_open+0x82/0x3f0 [ 349.829716][ T5985] path_openat+0x1de4/0x2cb0 [ 349.829787][ T5985] ? __pfx_path_openat+0x10/0x10 [ 349.829833][ T5985] ? __lock_acquire+0xb8a/0x1c90 [ 349.829877][ T5985] do_filp_open+0x20b/0x470 [ 349.829920][ T5985] ? __pfx_do_filp_open+0x10/0x10 [ 349.829991][ T5985] ? alloc_fd+0x471/0x7d0 [ 349.830042][ T5985] do_sys_openat2+0x11b/0x1d0 [ 349.830075][ T5985] ? __pfx_do_sys_openat2+0x10/0x10 [ 349.830124][ T5985] __x64_sys_openat+0x174/0x210 [ 349.830160][ T5985] ? __pfx___x64_sys_openat+0x10/0x10 [ 349.830216][ T5985] do_syscall_64+0xcd/0x490 [ 349.830247][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.830277][ T5985] RIP: 0033:0x7f1f0898e929 [ 349.830299][ T5985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.830326][ T5985] RSP: 002b:00007f1f097ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 349.830353][ T5985] RAX: ffffffffffffffda RBX: 00007f1f08bb6080 RCX: 00007f1f0898e929 [ 349.830372][ T5985] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 349.830390][ T5985] RBP: 00007f1f08a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 349.830424][ T5985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.830442][ T5985] R13: 0000000000000000 R14: 00007f1f08bb6080 R15: 00007ffcb7264068 [ 349.830482][ T5985] [ 350.202818][ T5877] Bluetooth: hci2: command tx timeout [ 350.216636][ T5877] Bluetooth: hci1: command tx timeout [ 350.222530][ T5877] Bluetooth: hci0: command tx timeout [ 350.562878][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17'. [ 350.667429][ T5994] zswap: compressor not available [ 350.872135][ T5990] random: crng reseeded on system resumption [ 350.902070][ T5990] FAULT_INJECTION: forcing a failure. [ 350.902070][ T5990] name failslab, interval 1, probability 0, space 0, times 0 [ 350.921636][ T5990] CPU: 1 UID: 0 PID: 5990 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 350.921673][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.921689][ T5990] Call Trace: [ 350.921698][ T5990] [ 350.921708][ T5990] dump_stack_lvl+0x16c/0x1f0 [ 350.921759][ T5990] should_fail_ex+0x512/0x640 [ 350.921790][ T5990] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 350.921833][ T5990] should_failslab+0xc2/0x120 [ 350.921862][ T5990] __kmalloc_cache_noprof+0x6a/0x3e0 [ 350.921910][ T5990] ? create_basic_memory_bitmaps+0xeb/0x320 [ 350.921948][ T5990] create_basic_memory_bitmaps+0xeb/0x320 [ 350.921986][ T5990] snapshot_open+0x235/0x2b0 [ 350.922019][ T5990] ? __pfx_snapshot_open+0x10/0x10 [ 350.922053][ T5990] misc_open+0x35d/0x420 [ 350.922098][ T5990] ? __pfx_misc_open+0x10/0x10 [ 350.922140][ T5990] chrdev_open+0x234/0x6a0 [ 350.922167][ T5990] ? __pfx_chrdev_open+0x10/0x10 [ 350.922196][ T5990] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 350.922241][ T5990] do_dentry_open+0x741/0x1c10 [ 350.922284][ T5990] ? __pfx_chrdev_open+0x10/0x10 [ 350.922317][ T5990] vfs_open+0x82/0x3f0 [ 350.922353][ T5990] path_openat+0x1de4/0x2cb0 [ 350.922407][ T5990] ? __pfx_path_openat+0x10/0x10 [ 350.922450][ T5990] ? __lock_acquire+0xb8a/0x1c90 [ 350.922490][ T5990] do_filp_open+0x20b/0x470 [ 350.922532][ T5990] ? __pfx_do_filp_open+0x10/0x10 [ 350.922607][ T5990] ? alloc_fd+0x471/0x7d0 [ 350.922655][ T5990] do_sys_openat2+0x11b/0x1d0 [ 350.922686][ T5990] ? __pfx_do_sys_openat2+0x10/0x10 [ 350.922732][ T5990] __x64_sys_openat+0x174/0x210 [ 350.922766][ T5990] ? __pfx___x64_sys_openat+0x10/0x10 [ 350.922814][ T5990] do_syscall_64+0xcd/0x490 [ 350.922844][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.922877][ T5990] RIP: 0033:0x7facaef8e929 [ 350.922900][ T5990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.922927][ T5990] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 350.922953][ T5990] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 350.922971][ T5990] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 350.922988][ T5990] RBP: 00007facaf010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 350.923004][ T5990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.923020][ T5990] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 350.923055][ T5990] [ 351.501329][ T6001] netlink: 'syz.1.18': attribute type 33 has an invalid length. [ 351.512643][ T6001] netlink: 322 bytes leftover after parsing attributes in process `syz.1.18'. [ 351.830957][ T6001] syz.1.18 (6001) used greatest stack depth: 17976 bytes left [ 352.097374][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 352.623719][ T6024] ubi0: attaching mtd0 [ 352.643302][ T6024] ubi0: scanning is finished [ 352.652671][ T6024] ubi0: empty MTD device detected [ 352.997463][ T6024] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 353.258425][ T6030] block nbd7: not configured, cannot reconfigure [ 353.316961][ T6024] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 353.324229][ T6024] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 353.331972][ T6024] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 353.340111][ T6024] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 353.356682][ T6024] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 353.364747][ T6024] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3519776677 [ 353.380475][ T6035] mmap: syz.3.23 (6035) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 353.466933][ T6024] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 353.527128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 353.547402][ T6031] ubi0: background thread "ubi_bgt0d" started, PID 6031 [ 354.598023][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 354.717354][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 355.783512][ T6058] random: crng reseeded on system resumption [ 355.796308][ T6058] FAULT_INJECTION: forcing a failure. [ 355.796308][ T6058] name failslab, interval 1, probability 0, space 0, times 0 [ 355.810917][ T6058] CPU: 0 UID: 0 PID: 6058 Comm: syz.1.28 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 355.810958][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.810976][ T6058] Call Trace: [ 355.810987][ T6058] [ 355.810998][ T6058] dump_stack_lvl+0x16c/0x1f0 [ 355.811055][ T6058] should_fail_ex+0x512/0x640 [ 355.811085][ T6058] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 355.811126][ T6058] should_failslab+0xc2/0x120 [ 355.811153][ T6058] __kmalloc_cache_noprof+0x6a/0x3e0 [ 355.811190][ T6058] ? memory_bm_create+0x154/0x810 [ 355.811222][ T6058] memory_bm_create+0x154/0x810 [ 355.811261][ T6058] create_basic_memory_bitmaps+0x10b/0x320 [ 355.811296][ T6058] snapshot_open+0x235/0x2b0 [ 355.811327][ T6058] ? __pfx_snapshot_open+0x10/0x10 [ 355.811360][ T6058] misc_open+0x35d/0x420 [ 355.811402][ T6058] ? __pfx_misc_open+0x10/0x10 [ 355.811443][ T6058] chrdev_open+0x234/0x6a0 [ 355.811465][ T6058] ? __pfx_apparmor_file_open+0x10/0x10 [ 355.811509][ T6058] ? __pfx_chrdev_open+0x10/0x10 [ 355.811548][ T6058] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 355.811602][ T6058] do_dentry_open+0x741/0x1c10 [ 355.811638][ T6058] ? __pfx_chrdev_open+0x10/0x10 [ 355.811665][ T6058] vfs_open+0x82/0x3f0 [ 355.811694][ T6058] path_openat+0x1de4/0x2cb0 [ 355.811738][ T6058] ? __pfx_path_openat+0x10/0x10 [ 355.811774][ T6058] ? __lock_acquire+0xb8a/0x1c90 [ 355.811808][ T6058] do_filp_open+0x20b/0x470 [ 355.811851][ T6058] ? __pfx_do_filp_open+0x10/0x10 [ 355.811908][ T6058] ? alloc_fd+0x471/0x7d0 [ 355.811950][ T6058] do_sys_openat2+0x11b/0x1d0 [ 355.811978][ T6058] ? __pfx_do_sys_openat2+0x10/0x10 [ 355.812016][ T6058] __x64_sys_openat+0x174/0x210 [ 355.812044][ T6058] ? __pfx___x64_sys_openat+0x10/0x10 [ 355.812084][ T6058] do_syscall_64+0xcd/0x490 [ 355.812108][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.812131][ T6058] RIP: 0033:0x7f9ab4b8e929 [ 355.812150][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.812171][ T6058] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 355.812193][ T6058] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 355.812207][ T6058] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 355.812222][ T6058] RBP: 00007f9ab4c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 355.812236][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.812249][ T6058] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 355.812279][ T6058] [ 356.340206][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 356.902313][ T6080] netlink: 212 bytes leftover after parsing attributes in process `syz.1.33'. [ 360.113622][ T6120] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 364.682426][ T6189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.61'. [ 365.066229][ T6187] zswap: compressor not available [ 367.760026][ T6217] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 367.900528][ T6241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'. [ 367.994856][ T6239] zswap: compressor not available [ 368.791297][ T6262] ======================================================= [ 368.791297][ T6262] WARNING: The mand mount option has been deprecated and [ 368.791297][ T6262] and is ignored by this kernel. Remove the mand [ 368.791297][ T6262] option from the mount to silence this warning. [ 368.791297][ T6262] ======================================================= [ 370.485649][ T6265] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 372.973012][ T6318] netlink: 48 bytes leftover after parsing attributes in process `syz.0.94'. [ 373.890563][ T6322] zswap: compressor not available [ 374.308816][ T6337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.98'. [ 374.319502][ T6337] ipvlan1: entered allmulticast mode [ 374.325149][ T6337] veth0_vlan: entered allmulticast mode [ 374.372258][ T6338] netlink: 338 bytes leftover after parsing attributes in process `syz.0.98'. [ 374.386183][ T6337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.98'. [ 374.949735][ T6349] syz.3.102(6349): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 375.673955][ T6367] FAULT_INJECTION: forcing a failure. [ 375.673955][ T6367] name failslab, interval 1, probability 0, space 0, times 0 [ 375.721668][ T6367] CPU: 0 UID: 0 PID: 6367 Comm: syz.1.105 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 375.721696][ T6367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.721708][ T6367] Call Trace: [ 375.721715][ T6367] [ 375.721722][ T6367] dump_stack_lvl+0x16c/0x1f0 [ 375.721758][ T6367] should_fail_ex+0x512/0x640 [ 375.721780][ T6367] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 375.721813][ T6367] should_failslab+0xc2/0x120 [ 375.721833][ T6367] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 375.721863][ T6367] ? __d_alloc+0x31/0xaa0 [ 375.721884][ T6367] __d_alloc+0x31/0xaa0 [ 375.721899][ T6367] ? do_raw_spin_lock+0x12c/0x2b0 [ 375.721931][ T6367] d_alloc+0x4a/0x1e0 [ 375.721949][ T6367] d_alloc_name+0x83/0xb0 [ 375.721966][ T6367] ? __pfx_d_alloc_name+0x10/0x10 [ 375.721989][ T6367] simple_fill_super+0x2eb/0x720 [ 375.722020][ T6367] ? __pfx_nfsd_fill_super+0x10/0x10 [ 375.722043][ T6367] nfsd_fill_super+0x90/0x530 [ 375.722063][ T6367] ? __pfx_set_anon_super_fc+0x10/0x10 [ 375.722090][ T6367] ? __pfx_nfsd_fill_super+0x10/0x10 [ 375.722111][ T6367] get_tree_keyed+0x10e/0x1d0 [ 375.722140][ T6367] vfs_get_tree+0x8b/0x340 [ 375.722163][ T6367] path_mount+0x14d4/0x1f70 [ 375.722196][ T6367] ? kmem_cache_free+0x2d1/0x4d0 [ 375.722223][ T6367] ? __pfx_path_mount+0x10/0x10 [ 375.722257][ T6367] ? putname+0x154/0x1a0 [ 375.722284][ T6367] __x64_sys_mount+0x28d/0x310 [ 375.722303][ T6367] ? __pfx___x64_sys_mount+0x10/0x10 [ 375.722328][ T6367] do_syscall_64+0xcd/0x490 [ 375.722349][ T6367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.722369][ T6367] RIP: 0033:0x7f9ab4b8e929 [ 375.722383][ T6367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.722401][ T6367] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 375.722419][ T6367] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 375.722432][ T6367] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 375.722444][ T6367] RBP: 00007f9ab5911090 R08: 0000000000000000 R09: 0000000000000000 [ 375.722456][ T6367] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 375.722467][ T6367] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 375.722492][ T6367] [ 376.997903][ T6377] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 377.341785][ T6386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.112'. [ 377.372479][ T6386] netlink: 338 bytes leftover after parsing attributes in process `syz.0.112'. [ 377.385401][ T6386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.112'. [ 378.896666][ T6408] binder: 6407:6408 ioctl c0306201 0 returned -14 [ 381.971329][ T6450] zswap: compressor not available [ 382.598676][ T6465] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 382.768172][ T6468] FAULT_INJECTION: forcing a failure. [ 382.768172][ T6468] name failslab, interval 1, probability 0, space 0, times 0 [ 382.815559][ T6468] CPU: 0 UID: 0 PID: 6468 Comm: syz.2.136 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 382.815595][ T6468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.815610][ T6468] Call Trace: [ 382.815618][ T6468] [ 382.815628][ T6468] dump_stack_lvl+0x16c/0x1f0 [ 382.815677][ T6468] should_fail_ex+0x512/0x640 [ 382.815707][ T6468] ? fs_reclaim_acquire+0xae/0x150 [ 382.815749][ T6468] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 382.815777][ T6468] should_failslab+0xc2/0x120 [ 382.815804][ T6468] __kmalloc_noprof+0xd2/0x510 [ 382.815853][ T6468] tomoyo_realpath_from_path+0xc2/0x6e0 [ 382.815884][ T6468] ? tomoyo_profile+0x47/0x60 [ 382.815919][ T6468] tomoyo_path_number_perm+0x245/0x580 [ 382.815960][ T6468] ? tomoyo_path_number_perm+0x237/0x580 [ 382.816003][ T6468] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 382.816046][ T6468] ? find_held_lock+0x2b/0x80 [ 382.816102][ T6468] ? find_held_lock+0x2b/0x80 [ 382.816127][ T6468] ? hook_file_ioctl_common+0x145/0x410 [ 382.816174][ T6468] ? __fget_files+0x20e/0x3c0 [ 382.816219][ T6468] security_file_ioctl+0x9b/0x240 [ 382.816262][ T6468] __x64_sys_ioctl+0xb7/0x210 [ 382.816298][ T6468] do_syscall_64+0xcd/0x490 [ 382.816325][ T6468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.816367][ T6468] RIP: 0033:0x7f1f0898e929 [ 382.816387][ T6468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.816410][ T6468] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 382.816450][ T6468] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 382.816465][ T6468] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 382.816480][ T6468] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 382.816494][ T6468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.816508][ T6468] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 382.816542][ T6468] [ 382.816554][ T6468] ERROR: Out of memory at tomoyo_realpath_from_path. [ 383.616291][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.626925][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.556777][ T6499] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 386.150972][ T6509] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 386.247421][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.148'. [ 386.486491][ T6521] netlink: 28 bytes leftover after parsing attributes in process `syz.2.150'. [ 386.633521][ T6521] team0: Port device team_slave_0 removed [ 387.272154][ T6534] netlink: 28 bytes leftover after parsing attributes in process `syz.2.153'. [ 387.338197][ T6534] vcan0: entered promiscuous mode [ 387.645795][ T6543] FAULT_INJECTION: forcing a failure. [ 387.645795][ T6543] name failslab, interval 1, probability 0, space 0, times 0 [ 387.699862][ T6543] CPU: 1 UID: 0 PID: 6543 Comm: syz.1.155 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 387.699899][ T6543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.699914][ T6543] Call Trace: [ 387.699923][ T6543] [ 387.699933][ T6543] dump_stack_lvl+0x16c/0x1f0 [ 387.699981][ T6543] should_fail_ex+0x512/0x640 [ 387.700011][ T6543] ? fs_reclaim_acquire+0xae/0x150 [ 387.700048][ T6543] ? tomoyo_encode2+0x100/0x3e0 [ 387.700073][ T6543] should_failslab+0xc2/0x120 [ 387.700100][ T6543] __kmalloc_noprof+0xd2/0x510 [ 387.700149][ T6543] ? d_absolute_path+0x136/0x1a0 [ 387.700184][ T6543] tomoyo_encode2+0x100/0x3e0 [ 387.700216][ T6543] tomoyo_encode+0x29/0x50 [ 387.700242][ T6543] tomoyo_realpath_from_path+0x18f/0x6e0 [ 387.700282][ T6543] tomoyo_path_number_perm+0x245/0x580 [ 387.700321][ T6543] ? tomoyo_path_number_perm+0x237/0x580 [ 387.700370][ T6543] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 387.700435][ T6543] ? find_held_lock+0x2b/0x80 [ 387.700505][ T6543] ? find_held_lock+0x2b/0x80 [ 387.700536][ T6543] ? hook_file_ioctl_common+0x145/0x410 [ 387.700590][ T6543] ? __fget_files+0x20e/0x3c0 [ 387.700643][ T6543] security_file_ioctl+0x9b/0x240 [ 387.700708][ T6543] __x64_sys_ioctl+0xb7/0x210 [ 387.700749][ T6543] do_syscall_64+0xcd/0x490 [ 387.700782][ T6543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.700812][ T6543] RIP: 0033:0x7f9ab4b8e929 [ 387.700836][ T6543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.700865][ T6543] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 387.700893][ T6543] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 387.700912][ T6543] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 387.700929][ T6543] RBP: 00007f9ab5911090 R08: 0000000000000000 R09: 0000000000000000 [ 387.700947][ T6543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.700964][ T6543] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 387.701004][ T6543] [ 387.701030][ T6543] ERROR: Out of memory at tomoyo_realpath_from_path. [ 388.832380][ T6560] MTRR 1 not used [ 388.994220][ T6560] FAULT_INJECTION: forcing a failure. [ 388.994220][ T6560] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 389.075699][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz.2.160 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 389.075736][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 389.075752][ T6560] Call Trace: [ 389.075760][ T6560] [ 389.075768][ T6560] dump_stack_lvl+0x16c/0x1f0 [ 389.075810][ T6560] should_fail_ex+0x512/0x640 [ 389.075840][ T6560] _copy_from_user+0x2e/0xd0 [ 389.075887][ T6560] snd_pcm_oss_write2+0x1c2/0x410 [ 389.075937][ T6560] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 389.075967][ T6560] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 389.076013][ T6560] snd_pcm_oss_write+0x711/0xa10 [ 389.076050][ T6560] ? security_file_permission+0x71/0x210 [ 389.076096][ T6560] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 389.076128][ T6560] vfs_write+0x2a0/0x1150 [ 389.076171][ T6560] ? __pfx_vfs_write+0x10/0x10 [ 389.076204][ T6560] ? find_held_lock+0x2b/0x80 [ 389.076229][ T6560] ? __fget_files+0x204/0x3c0 [ 389.076276][ T6560] ? __fget_files+0x20e/0x3c0 [ 389.076318][ T6560] ksys_write+0x12a/0x250 [ 389.076354][ T6560] ? __pfx_ksys_write+0x10/0x10 [ 389.076399][ T6560] do_syscall_64+0xcd/0x490 [ 389.076424][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.076449][ T6560] RIP: 0033:0x7f1f0898e929 [ 389.076467][ T6560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.076489][ T6560] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 389.076512][ T6560] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 389.076528][ T6560] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 389.076546][ T6560] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 389.076563][ T6560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 389.076579][ T6560] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 389.076615][ T6560] [ 389.550437][ T6570] FAULT_INJECTION: forcing a failure. [ 389.550437][ T6570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 389.573795][ T6570] CPU: 0 UID: 0 PID: 6570 Comm: syz.0.162 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 389.573831][ T6570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 389.573846][ T6570] Call Trace: [ 389.573855][ T6570] [ 389.573865][ T6570] dump_stack_lvl+0x16c/0x1f0 [ 389.573914][ T6570] should_fail_ex+0x512/0x640 [ 389.573957][ T6570] _copy_from_user+0x2e/0xd0 [ 389.573991][ T6570] ____sys_sendmsg+0x607/0xc70 [ 389.574031][ T6570] ? __pfx_____sys_sendmsg+0x10/0x10 [ 389.574071][ T6570] ? __pfx__kstrtoull+0x10/0x10 [ 389.574120][ T6570] ___sys_sendmsg+0x134/0x1d0 [ 389.574149][ T6570] ? __pfx____sys_sendmsg+0x10/0x10 [ 389.574193][ T6570] ? find_held_lock+0x2b/0x80 [ 389.574243][ T6570] __sys_sendmmsg+0x200/0x420 [ 389.574274][ T6570] ? __pfx___sys_sendmmsg+0x10/0x10 [ 389.574313][ T6570] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 389.574355][ T6570] ? fput+0x70/0xf0 [ 389.574382][ T6570] ? ksys_write+0x1ac/0x250 [ 389.574419][ T6570] ? __pfx_ksys_write+0x10/0x10 [ 389.574464][ T6570] __x64_sys_sendmmsg+0x9c/0x100 [ 389.574489][ T6570] ? lockdep_hardirqs_on+0x7c/0x110 [ 389.574531][ T6570] do_syscall_64+0xcd/0x490 [ 389.574559][ T6570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.574586][ T6570] RIP: 0033:0x7facaef8e929 [ 389.574607][ T6570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.574632][ T6570] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 389.574657][ T6570] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 389.574674][ T6570] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 389.574690][ T6570] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 389.574706][ T6570] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 389.574722][ T6570] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 389.574756][ T6570] [ 391.615476][ T6595] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 392.498235][ T6626] FAULT_INJECTION: forcing a failure. [ 392.498235][ T6626] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 392.527558][ T6626] CPU: 0 UID: 0 PID: 6626 Comm: syz.3.179 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 392.527599][ T6626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.527616][ T6626] Call Trace: [ 392.527625][ T6626] [ 392.527636][ T6626] dump_stack_lvl+0x16c/0x1f0 [ 392.527691][ T6626] should_fail_ex+0x512/0x640 [ 392.527728][ T6626] should_fail_alloc_page+0xe7/0x130 [ 392.527760][ T6626] prepare_alloc_pages+0x3c2/0x610 [ 392.527801][ T6626] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 392.527855][ T6626] ? kasan_save_stack+0x42/0x60 [ 392.527895][ T6626] ? kasan_save_stack+0x33/0x60 [ 392.527935][ T6626] ? kasan_save_track+0x14/0x30 [ 392.527976][ T6626] ? __kasan_slab_alloc+0x89/0x90 [ 392.528008][ T6626] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 392.528050][ T6626] ? security_inode_alloc+0x3b/0x2b0 [ 392.528089][ T6626] ? inode_init_always_gfp+0xce4/0x1030 [ 392.528127][ T6626] ? alloc_inode+0x86/0x240 [ 392.528154][ T6626] ? sock_alloc+0x40/0x280 [ 392.528182][ T6626] ? __sock_create+0xc1/0x8d0 [ 392.528218][ T6626] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 392.528262][ T6626] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.528325][ T6626] ? sk_prot_alloc+0x1a8/0x2a0 [ 392.528356][ T6626] __alloc_pages_noprof+0xb/0x1b0 [ 392.528400][ T6626] ___kmalloc_large_node+0x84/0x1e0 [ 392.528433][ T6626] ? __lock_acquire+0x622/0x1c90 [ 392.528474][ T6626] ? sk_prot_alloc+0x1a8/0x2a0 [ 392.528506][ T6626] __kmalloc_large_node_noprof+0x1c/0x70 [ 392.528543][ T6626] __kmalloc_noprof.cold+0xc/0x61 [ 392.528594][ T6626] sk_prot_alloc+0x1a8/0x2a0 [ 392.528632][ T6626] sk_alloc+0x36/0xc20 [ 392.528677][ T6626] can_create+0x1e5/0x600 [ 392.528713][ T6626] __sock_create+0x335/0x8d0 [ 392.528757][ T6626] __sys_socket+0x14d/0x260 [ 392.528796][ T6626] ? __pfx___sys_socket+0x10/0x10 [ 392.528832][ T6626] ? xfd_validate_state+0x61/0x180 [ 392.528867][ T6626] ? __pfx_ksys_write+0x10/0x10 [ 392.528918][ T6626] __x64_sys_socket+0x72/0xb0 [ 392.528953][ T6626] ? lockdep_hardirqs_on+0x7c/0x110 [ 392.529004][ T6626] do_syscall_64+0xcd/0x490 [ 392.529035][ T6626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.529064][ T6626] RIP: 0033:0x7f5a45f8e929 [ 392.529087][ T6626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.529112][ T6626] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 392.529139][ T6626] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 392.529158][ T6626] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 392.529175][ T6626] RBP: 00007f5a46010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 392.529192][ T6626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.529208][ T6626] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 392.529243][ T6626] [ 393.681994][ T6641] FAULT_INJECTION: forcing a failure. [ 393.681994][ T6641] name failslab, interval 1, probability 0, space 0, times 0 [ 393.747120][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.3.182 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 393.747158][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 393.747173][ T6641] Call Trace: [ 393.747182][ T6641] [ 393.747192][ T6641] dump_stack_lvl+0x16c/0x1f0 [ 393.747240][ T6641] should_fail_ex+0x512/0x640 [ 393.747269][ T6641] ? fs_reclaim_acquire+0xae/0x150 [ 393.747302][ T6641] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 393.747328][ T6641] should_failslab+0xc2/0x120 [ 393.747363][ T6641] __kmalloc_noprof+0xd2/0x510 [ 393.747407][ T6641] tomoyo_realpath_from_path+0xc2/0x6e0 [ 393.747435][ T6641] ? tomoyo_profile+0x47/0x60 [ 393.747465][ T6641] tomoyo_path_number_perm+0x245/0x580 [ 393.747500][ T6641] ? tomoyo_path_number_perm+0x237/0x580 [ 393.747539][ T6641] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 393.747577][ T6641] ? find_held_lock+0x2b/0x80 [ 393.747626][ T6641] ? find_held_lock+0x2b/0x80 [ 393.747665][ T6641] ? hook_file_ioctl_common+0x145/0x410 [ 393.747706][ T6641] ? __fget_files+0x20e/0x3c0 [ 393.747746][ T6641] security_file_ioctl+0x9b/0x240 [ 393.747787][ T6641] __x64_sys_ioctl+0xb7/0x210 [ 393.747819][ T6641] do_syscall_64+0xcd/0x490 [ 393.747846][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.747870][ T6641] RIP: 0033:0x7f5a45f8e929 [ 393.747890][ T6641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.747914][ T6641] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 393.747937][ T6641] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 393.747952][ T6641] RDX: 00002000000000c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 393.747966][ T6641] RBP: 00007f5a46d9e090 R08: 0000000000000000 R09: 0000000000000000 [ 393.747980][ T6641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.747994][ T6641] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 393.748025][ T6641] [ 393.748036][ T6641] ERROR: Out of memory at tomoyo_realpath_from_path. [ 394.026831][ T6641] binder: 6640:6641 ioctl c0306201 2000000000c0 returned -14 [ 394.280997][ T6649] binder: 6647:6649 ioctl c0306201 2000000000c0 returned -14 [ 394.398588][ T6608] kexec: Could not allocate control_code_buffer [ 394.505685][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.584399][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.610449][ T6663] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.620680][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.652158][ T6654] Console: switching to colour VGA+ 80x25 [ 394.725603][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.803446][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.822929][ T6666] FAULT_INJECTION: forcing a failure. [ 394.822929][ T6666] name failslab, interval 1, probability 0, space 0, times 0 [ 394.872952][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.885510][ T6666] CPU: 1 UID: 0 PID: 6666 Comm: syz.2.189 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 394.885545][ T6666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 394.885561][ T6666] Call Trace: [ 394.885569][ T6666] [ 394.885579][ T6666] dump_stack_lvl+0x16c/0x1f0 [ 394.885628][ T6666] should_fail_ex+0x512/0x640 [ 394.885657][ T6666] ? fs_reclaim_acquire+0xae/0x150 [ 394.885694][ T6666] should_failslab+0xc2/0x120 [ 394.885721][ T6666] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 394.885765][ T6666] ? security_inode_alloc+0x3b/0x2b0 [ 394.885809][ T6666] security_inode_alloc+0x3b/0x2b0 [ 394.885858][ T6666] inode_init_always_gfp+0xce4/0x1030 [ 394.885904][ T6666] alloc_inode+0x86/0x240 [ 394.885933][ T6666] new_inode+0x22/0x1c0 [ 394.885966][ T6666] simple_fill_super+0x306/0x720 [ 394.886010][ T6666] ? __pfx_nfsd_fill_super+0x10/0x10 [ 394.886043][ T6666] nfsd_fill_super+0x90/0x530 [ 394.886072][ T6666] ? __pfx_set_anon_super_fc+0x10/0x10 [ 394.886108][ T6666] ? __pfx_nfsd_fill_super+0x10/0x10 [ 394.886138][ T6666] get_tree_keyed+0x10e/0x1d0 [ 394.886178][ T6666] vfs_get_tree+0x8b/0x340 [ 394.886211][ T6666] path_mount+0x14d4/0x1f70 [ 394.886257][ T6666] ? kmem_cache_free+0x2d1/0x4d0 [ 394.886296][ T6666] ? __pfx_path_mount+0x10/0x10 [ 394.886345][ T6666] ? putname+0x154/0x1a0 [ 394.886377][ T6666] __x64_sys_mount+0x28d/0x310 [ 394.886404][ T6666] ? __pfx___x64_sys_mount+0x10/0x10 [ 394.886440][ T6666] do_syscall_64+0xcd/0x490 [ 394.886469][ T6666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.886496][ T6666] RIP: 0033:0x7f1f0898e929 [ 394.886517][ T6666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.886547][ T6666] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 394.886571][ T6666] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 394.886588][ T6666] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 394.886604][ T6666] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 394.886619][ T6666] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 394.886633][ T6666] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 394.886667][ T6666] [ 394.950393][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 394.975943][ T6668] FAULT_INJECTION: forcing a failure. [ 394.975943][ T6668] name failslab, interval 1, probability 0, space 0, times 0 [ 395.009475][ T6660] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 395.014028][ T6668] CPU: 1 UID: 0 PID: 6668 Comm: syz.3.188 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 395.014061][ T6668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 395.014075][ T6668] Call Trace: [ 395.014086][ T6668] [ 395.014097][ T6668] dump_stack_lvl+0x16c/0x1f0 [ 395.014157][ T6668] should_fail_ex+0x512/0x640 [ 395.014198][ T6668] should_failslab+0xc2/0x120 [ 395.014231][ T6668] __kmalloc_cache_noprof+0x6a/0x3e0 [ 395.014272][ T6668] ? __pfx___might_resched+0x10/0x10 [ 395.014304][ T6668] ? bdi_split_work_to_wbs+0x2bd/0xf90 [ 395.014343][ T6668] bdi_split_work_to_wbs+0x2bd/0xf90 [ 395.014385][ T6668] ? __pfx_bdi_split_work_to_wbs+0x10/0x10 [ 395.014428][ T6668] ? __pfx_down_write+0x10/0x10 [ 395.014472][ T6668] sync_inodes_sb+0x1ae/0xa70 [ 395.014509][ T6668] ? __pfx_sync_inodes_sb+0x10/0x10 [ 395.014556][ T6668] ? get_nr_dirty_inodes+0x170/0x1e0 [ 395.014599][ T6668] sync_filesystem+0x177/0x290 [ 395.014643][ T6668] ? __pfx_fs_bdev_sync+0x10/0x10 [ 395.014683][ T6668] fs_bdev_sync+0x2c/0x40 [ 395.014722][ T6668] blkdev_common_ioctl+0x1745/0x2480 [ 395.014769][ T6668] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 395.014823][ T6668] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 395.014873][ T6668] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 395.014922][ T6668] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 395.014987][ T6668] ? find_held_lock+0x2b/0x80 [ 395.015023][ T6668] blkdev_ioctl+0x1cb/0x6d0 [ 395.015070][ T6668] ? __pfx_blkdev_ioctl+0x10/0x10 [ 395.015123][ T6668] ? __pfx_blkdev_ioctl+0x10/0x10 [ 395.015171][ T6668] __x64_sys_ioctl+0x18b/0x210 [ 395.015211][ T6668] do_syscall_64+0xcd/0x490 [ 395.015245][ T6668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.015274][ T6668] RIP: 0033:0x7f5a45f8e929 [ 395.015298][ T6668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.015326][ T6668] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 395.015354][ T6668] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 395.015374][ T6668] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 395.015391][ T6668] RBP: 00007f5a46d9e090 R08: 0000000000000000 R09: 0000000000000000 [ 395.015409][ T6668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 395.015443][ T6668] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 395.015483][ T6668] [ 395.568412][ T6678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.191'. [ 395.598952][ T6678] ipvlan1: entered allmulticast mode [ 395.613738][ T6678] veth0_vlan: entered allmulticast mode [ 395.665917][ T6680] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 395.680592][ T6678] netlink: 338 bytes leftover after parsing attributes in process `syz.3.191'. [ 395.693088][ T6678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.191'. [ 399.649830][ T6729] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 402.114973][ T6750] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 402.407584][ T6765] FAULT_INJECTION: forcing a failure. [ 402.407584][ T6765] name failslab, interval 1, probability 0, space 0, times 0 [ 402.445624][ T6765] CPU: 0 UID: 0 PID: 6765 Comm: syz.1.209 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 402.445659][ T6765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 402.445675][ T6765] Call Trace: [ 402.445683][ T6765] [ 402.445693][ T6765] dump_stack_lvl+0x16c/0x1f0 [ 402.445742][ T6765] should_fail_ex+0x512/0x640 [ 402.445772][ T6765] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 402.445820][ T6765] should_failslab+0xc2/0x120 [ 402.445847][ T6765] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 402.445889][ T6765] ? _raw_spin_unlock+0x28/0x50 [ 402.445927][ T6765] ? alloc_inode+0xc3/0x240 [ 402.445961][ T6765] alloc_inode+0xc3/0x240 [ 402.445990][ T6765] new_inode+0x22/0x1c0 [ 402.446031][ T6765] simple_fill_super+0x306/0x720 [ 402.446075][ T6765] ? __pfx_nfsd_fill_super+0x10/0x10 [ 402.446107][ T6765] nfsd_fill_super+0x90/0x530 [ 402.446136][ T6765] ? __pfx_set_anon_super_fc+0x10/0x10 [ 402.446175][ T6765] ? __pfx_nfsd_fill_super+0x10/0x10 [ 402.446204][ T6765] get_tree_keyed+0x10e/0x1d0 [ 402.446246][ T6765] vfs_get_tree+0x8b/0x340 [ 402.446279][ T6765] path_mount+0x14d4/0x1f70 [ 402.446324][ T6765] ? kmem_cache_free+0x2d1/0x4d0 [ 402.446363][ T6765] ? __pfx_path_mount+0x10/0x10 [ 402.446411][ T6765] ? putname+0x154/0x1a0 [ 402.446442][ T6765] __x64_sys_mount+0x28d/0x310 [ 402.446467][ T6765] ? __pfx___x64_sys_mount+0x10/0x10 [ 402.446503][ T6765] do_syscall_64+0xcd/0x490 [ 402.446532][ T6765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.446564][ T6765] RIP: 0033:0x7f9ab4b8e929 [ 402.446585][ T6765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.446610][ T6765] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 402.446634][ T6765] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 402.446650][ T6765] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 402.446665][ T6765] RBP: 00007f9ab5911090 R08: 0000000000000000 R09: 0000000000000000 [ 402.446681][ T6765] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 402.446696][ T6765] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 402.446729][ T6765] [ 402.667186][ C0] vkms_vblank_simulate: vblank timer overrun [ 403.577008][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.216'. [ 403.586231][ T6788] ipvlan1: entered allmulticast mode [ 403.619823][ T6788] veth0_vlan: entered allmulticast mode [ 403.683602][ T6789] netlink: 338 bytes leftover after parsing attributes in process `syz.2.216'. [ 403.697387][ T6789] netlink: 28 bytes leftover after parsing attributes in process `syz.2.216'. [ 404.077328][ T6794] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 404.226091][ T6791] kAFS: No cell specified [ 404.477455][ T6805] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 404.851884][ T6817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.225'. [ 404.890961][ T6821] FAULT_INJECTION: forcing a failure. [ 404.890961][ T6821] name failslab, interval 1, probability 0, space 0, times 0 [ 404.936693][ T6821] CPU: 0 UID: 0 PID: 6821 Comm: syz.2.226 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 404.936729][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.936744][ T6821] Call Trace: [ 404.936752][ T6821] [ 404.936763][ T6821] dump_stack_lvl+0x16c/0x1f0 [ 404.936812][ T6821] should_fail_ex+0x512/0x640 [ 404.936843][ T6821] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 404.936883][ T6821] should_failslab+0xc2/0x120 [ 404.936910][ T6821] __kmalloc_cache_noprof+0x6a/0x3e0 [ 404.936946][ T6821] ? binder_get_thread+0x1eb/0x8c0 [ 404.936976][ T6821] ? binder_get_thread+0x225/0x8c0 [ 404.937011][ T6821] binder_get_thread+0x225/0x8c0 [ 404.937043][ T6821] ? rcu_is_watching+0x12/0xc0 [ 404.937082][ T6821] binder_ioctl+0x20f/0x7300 [ 404.937123][ T6821] ? tomoyo_path_number_perm+0x295/0x580 [ 404.937173][ T6821] ? tomoyo_path_number_perm+0x18d/0x580 [ 404.937216][ T6821] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 404.937257][ T6821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 404.937302][ T6821] ? __pfx_binder_ioctl+0x10/0x10 [ 404.937336][ T6821] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 404.937394][ T6821] ? find_held_lock+0x2b/0x80 [ 404.937420][ T6821] ? hook_file_ioctl_common+0x145/0x410 [ 404.937467][ T6821] ? __fget_files+0x20e/0x3c0 [ 404.937510][ T6821] ? __pfx_binder_ioctl+0x10/0x10 [ 404.937546][ T6821] __x64_sys_ioctl+0x18b/0x210 [ 404.937582][ T6821] do_syscall_64+0xcd/0x490 [ 404.937610][ T6821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.937637][ T6821] RIP: 0033:0x7f1f0898e929 [ 404.937658][ T6821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.937683][ T6821] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 404.937708][ T6821] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 404.937726][ T6821] RDX: 00002000000000c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 404.937742][ T6821] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 404.937758][ T6821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.937773][ T6821] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 404.937806][ T6821] [ 404.937904][ T6821] binder: 6820:6821 ioctl c0306201 2000000000c0 returned -12 [ 405.210007][ T6813] zswap: compressor not available [ 405.876433][ T6839] netlink: 28 bytes leftover after parsing attributes in process `syz.0.230'. [ 405.927510][ T6839] netlink: 338 bytes leftover after parsing attributes in process `syz.0.230'. [ 405.977686][ T6839] netlink: 28 bytes leftover after parsing attributes in process `syz.0.230'. [ 407.308267][ T6857] binder: 6856:6857 ioctl c0306201 2000000000c0 returned -14 [ 407.497170][ T6864] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 408.957771][ T6888] FAULT_INJECTION: forcing a failure. [ 408.957771][ T6888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.971735][ T6888] CPU: 0 UID: 0 PID: 6888 Comm: syz.1.245 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 408.971769][ T6888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.971785][ T6888] Call Trace: [ 408.971793][ T6888] [ 408.971803][ T6888] dump_stack_lvl+0x16c/0x1f0 [ 408.971853][ T6888] should_fail_ex+0x512/0x640 [ 408.971890][ T6888] _copy_from_user+0x2e/0xd0 [ 408.971924][ T6888] do_pages_stat+0x239/0x820 [ 408.971965][ T6888] ? __pfx_do_pages_stat+0x10/0x10 [ 408.972029][ T6888] ? __lock_acquire+0xb8a/0x1c90 [ 408.972091][ T6888] ? do_raw_spin_unlock+0x172/0x230 [ 408.972139][ T6888] kernel_move_pages+0xfd4/0x13b0 [ 408.972184][ T6888] ? __pfx_kernel_move_pages+0x10/0x10 [ 408.972216][ T6888] ? __fget_files+0x20e/0x3c0 [ 408.972261][ T6888] ? fput+0x70/0xf0 [ 408.972287][ T6888] ? ksys_write+0x1ac/0x250 [ 408.972326][ T6888] ? __pfx_ksys_write+0x10/0x10 [ 408.972370][ T6888] __x64_sys_move_pages+0xe0/0x1c0 [ 408.972401][ T6888] ? do_syscall_64+0x91/0x490 [ 408.972427][ T6888] ? lockdep_hardirqs_on+0x7c/0x110 [ 408.972469][ T6888] do_syscall_64+0xcd/0x490 [ 408.972498][ T6888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.972533][ T6888] RIP: 0033:0x7f9ab4b8e929 [ 408.972554][ T6888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.972579][ T6888] RSP: 002b:00007f9ab2993038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 408.972604][ T6888] RAX: ffffffffffffffda RBX: 00007f9ab4db6320 RCX: 00007f9ab4b8e929 [ 408.972621][ T6888] RDX: 0000000000000000 RSI: 0000000000000f54 RDI: 0000000000000001 [ 408.972636][ T6888] RBP: 00007f9ab2993090 R08: 0000000000000000 R09: 8000000000000000 [ 408.972652][ T6888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.972667][ T6888] R13: 0000000000000000 R14: 00007f9ab4db6320 R15: 00007ffef5e32628 [ 408.972701][ T6888] [ 409.200573][ T6850] kexec: Could not allocate control_code_buffer [ 410.289060][ T6896] ima: policy update failed [ 410.303833][ T30] audit: type=1802 audit(6044023608.811:3): pid=6896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.247" res=0 errno=0 [ 411.754384][ T30] audit: type=1800 audit(6044023610.271:4): pid=6938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.257" name="dbroot" dev="configfs" ino=11120 res=0 errno=0 [ 411.794535][ T6939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.256'. [ 411.855388][ T6939] netlink: 338 bytes leftover after parsing attributes in process `syz.3.256'. [ 411.881274][ T6940] FAULT_INJECTION: forcing a failure. [ 411.881274][ T6940] name failslab, interval 1, probability 0, space 0, times 0 [ 411.910997][ T6939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.256'. [ 411.963039][ T6940] CPU: 1 UID: 0 PID: 6940 Comm: syz.0.257 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 411.963083][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 411.963100][ T6940] Call Trace: [ 411.963110][ T6940] [ 411.963121][ T6940] dump_stack_lvl+0x16c/0x1f0 [ 411.963178][ T6940] should_fail_ex+0x512/0x640 [ 411.963224][ T6940] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 411.963278][ T6940] should_failslab+0xc2/0x120 [ 411.963318][ T6940] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 411.963367][ T6940] ? find_held_lock+0x2b/0x80 [ 411.963395][ T6940] ? fib_rules_register+0x30/0x500 [ 411.963428][ T6940] ? __pfx_ipmr_net_init+0x10/0x10 [ 411.963466][ T6940] kmemdup_noprof+0x29/0x60 [ 411.963511][ T6940] fib_rules_register+0x30/0x500 [ 411.963539][ T6940] ? fib_notifier_ops_register+0x123/0x270 [ 411.963572][ T6940] ? __pfx_ipmr_net_init+0x10/0x10 [ 411.963607][ T6940] ipmr_net_init+0xb8/0x4e0 [ 411.963643][ T6940] ? __pfx_ipmr_net_init+0x10/0x10 [ 411.963677][ T6940] ops_init+0x1df/0x5f0 [ 411.963712][ T6940] setup_net+0x1ff/0x510 [ 411.963741][ T6940] ? lockdep_init_map_type+0x5c/0x280 [ 411.963781][ T6940] ? __pfx_setup_net+0x10/0x10 [ 411.963815][ T6940] ? debug_mutex_init+0x37/0x70 [ 411.963847][ T6940] copy_net_ns+0x2a6/0x5f0 [ 411.963885][ T6940] create_new_namespaces+0x3ea/0xa90 [ 411.963924][ T6940] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 411.963959][ T6940] ksys_unshare+0x45b/0xa40 [ 411.963998][ T6940] ? __pfx_ksys_unshare+0x10/0x10 [ 411.964037][ T6940] ? xfd_validate_state+0x61/0x180 [ 411.964085][ T6940] __x64_sys_unshare+0x31/0x40 [ 411.964123][ T6940] do_syscall_64+0xcd/0x490 [ 411.964154][ T6940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.964182][ T6940] RIP: 0033:0x7facaef8e929 [ 411.964204][ T6940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.964231][ T6940] RSP: 002b:00007facafec0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 411.964258][ T6940] RAX: ffffffffffffffda RBX: 00007facaf1b6080 RCX: 00007facaef8e929 [ 411.964303][ T6940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 411.964322][ T6940] RBP: 00007facaf010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 411.964354][ T6940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.964371][ T6940] R13: 0000000000000000 R14: 00007facaf1b6080 R15: 00007ffe7b05b1f8 [ 411.964428][ T6940] [ 412.247412][ T6944] netlink: 28 bytes leftover after parsing attributes in process `syz.2.258'. [ 412.492194][ T6938] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 412.501237][ T6938] db_root: cannot open: /dev/audio1 [ 412.807857][ T6953] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1871260627.3703424640.3686080538), cmd(5) [ 413.598820][ T6965] FAULT_INJECTION: forcing a failure. [ 413.598820][ T6965] name failslab, interval 1, probability 0, space 0, times 0 [ 413.636792][ T6965] CPU: 1 UID: 0 PID: 6965 Comm: syz.0.263 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 413.636828][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.636843][ T6965] Call Trace: [ 413.636852][ T6965] [ 413.636862][ T6965] dump_stack_lvl+0x16c/0x1f0 [ 413.636910][ T6965] should_fail_ex+0x512/0x640 [ 413.636939][ T6965] ? fs_reclaim_acquire+0xae/0x150 [ 413.636974][ T6965] should_failslab+0xc2/0x120 [ 413.637000][ T6965] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 413.637041][ T6965] ? security_inode_alloc+0x3b/0x2b0 [ 413.637085][ T6965] security_inode_alloc+0x3b/0x2b0 [ 413.637124][ T6965] inode_init_always_gfp+0xce4/0x1030 [ 413.637167][ T6965] alloc_inode+0x86/0x240 [ 413.637195][ T6965] new_inode+0x22/0x1c0 [ 413.637227][ T6965] simple_fill_super+0x306/0x720 [ 413.637269][ T6965] ? __pfx_nfsd_fill_super+0x10/0x10 [ 413.637299][ T6965] nfsd_fill_super+0x90/0x530 [ 413.637327][ T6965] ? __pfx_set_anon_super_fc+0x10/0x10 [ 413.637363][ T6965] ? __pfx_nfsd_fill_super+0x10/0x10 [ 413.637392][ T6965] get_tree_keyed+0x10e/0x1d0 [ 413.637437][ T6965] vfs_get_tree+0x8b/0x340 [ 413.637465][ T6965] path_mount+0x14d4/0x1f70 [ 413.637505][ T6965] ? kmem_cache_free+0x2d1/0x4d0 [ 413.637539][ T6965] ? __pfx_path_mount+0x10/0x10 [ 413.637582][ T6965] ? putname+0x154/0x1a0 [ 413.637612][ T6965] __x64_sys_mount+0x28d/0x310 [ 413.637637][ T6965] ? __pfx___x64_sys_mount+0x10/0x10 [ 413.637672][ T6965] do_syscall_64+0xcd/0x490 [ 413.637701][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.637727][ T6965] RIP: 0033:0x7facaef8e929 [ 413.637748][ T6965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.637771][ T6965] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 413.637796][ T6965] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 413.637812][ T6965] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 413.637828][ T6965] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 413.637842][ T6965] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 413.637856][ T6965] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 413.637890][ T6965] [ 414.466378][ T30] audit: type=1800 audit(6044023612.981:5): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.255" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 415.681778][ T6992] netlink: 28 bytes leftover after parsing attributes in process `syz.3.269'. [ 415.751175][ T6994] netlink: 338 bytes leftover after parsing attributes in process `syz.3.269'. [ 415.764512][ T6994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.269'. [ 416.100018][ T7000] FAULT_INJECTION: forcing a failure. [ 416.100018][ T7000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.136918][ T7000] CPU: 0 UID: 0 PID: 7000 Comm: syz.2.271 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 416.136953][ T7000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 416.136965][ T7000] Call Trace: [ 416.136972][ T7000] [ 416.136980][ T7000] dump_stack_lvl+0x16c/0x1f0 [ 416.137017][ T7000] should_fail_ex+0x512/0x640 [ 416.137056][ T7000] _copy_from_user+0x2e/0xd0 [ 416.137081][ T7000] copy_msghdr_from_user+0x98/0x160 [ 416.137101][ T7000] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 416.137123][ T7000] ? kfree+0x24f/0x4d0 [ 416.137147][ T7000] ? __pfx__kstrtoull+0x10/0x10 [ 416.137181][ T7000] ___sys_sendmsg+0xfe/0x1d0 [ 416.137200][ T7000] ? __pfx____sys_sendmsg+0x10/0x10 [ 416.137241][ T7000] ? __pfx___might_resched+0x10/0x10 [ 416.137267][ T7000] __sys_sendmmsg+0x200/0x420 [ 416.137294][ T7000] ? __pfx___sys_sendmmsg+0x10/0x10 [ 416.137322][ T7000] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 416.137370][ T7000] ? fput+0x70/0xf0 [ 416.137391][ T7000] ? ksys_write+0x1ac/0x250 [ 416.137421][ T7000] ? __pfx_ksys_write+0x10/0x10 [ 416.137456][ T7000] __x64_sys_sendmmsg+0x9c/0x100 [ 416.137475][ T7000] ? lockdep_hardirqs_on+0x7c/0x110 [ 416.137508][ T7000] do_syscall_64+0xcd/0x490 [ 416.137530][ T7000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.137552][ T7000] RIP: 0033:0x7f1f0898e929 [ 416.137568][ T7000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.137586][ T7000] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 416.137605][ T7000] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 416.137618][ T7000] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 416.137630][ T7000] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 416.137642][ T7000] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 416.137653][ T7000] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 416.137678][ T7000] [ 416.924640][ T7007] FAULT_INJECTION: forcing a failure. [ 416.924640][ T7007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.956915][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz.3.275 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 416.956970][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 416.956986][ T7007] Call Trace: [ 416.956995][ T7007] [ 416.957019][ T7007] dump_stack_lvl+0x16c/0x1f0 [ 416.957067][ T7007] should_fail_ex+0x512/0x640 [ 416.957102][ T7007] _copy_to_user+0x32/0xd0 [ 416.957139][ T7007] binder_ioctl+0x2754/0x7300 [ 416.957212][ T7007] ? tomoyo_path_number_perm+0x18d/0x580 [ 416.957261][ T7007] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 416.957305][ T7007] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 416.957351][ T7007] ? __pfx_binder_ioctl+0x10/0x10 [ 416.957388][ T7007] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 416.957451][ T7007] ? hook_file_ioctl_common+0x145/0x410 [ 416.957501][ T7007] ? __fget_files+0x20e/0x3c0 [ 416.957547][ T7007] ? __pfx_binder_ioctl+0x10/0x10 [ 416.957585][ T7007] __x64_sys_ioctl+0x18b/0x210 [ 416.957634][ T7007] do_syscall_64+0xcd/0x490 [ 416.957663][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.957690][ T7007] RIP: 0033:0x7f5a45f8e929 [ 416.957711][ T7007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.957737][ T7007] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 416.957762][ T7007] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 416.957779][ T7007] RDX: 00002000000000c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 416.957795][ T7007] RBP: 00007f5a46d9e090 R08: 0000000000000000 R09: 0000000000000000 [ 416.957810][ T7007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.957825][ T7007] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 416.957858][ T7007] [ 416.957869][ T7007] binder: 7006:7007 ioctl c0306201 2000000000c0 returned -14 [ 417.040236][ T7010] netlink: 28 bytes leftover after parsing attributes in process `syz.0.274'. [ 417.482314][ T7019] FAULT_INJECTION: forcing a failure. [ 417.482314][ T7019] name failslab, interval 1, probability 0, space 0, times 0 [ 417.507428][ T7019] CPU: 0 UID: 0 PID: 7019 Comm: syz.0.278 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 417.507464][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 417.507480][ T7019] Call Trace: [ 417.507489][ T7019] [ 417.507499][ T7019] dump_stack_lvl+0x16c/0x1f0 [ 417.507548][ T7019] should_fail_ex+0x512/0x640 [ 417.507578][ T7019] ? fs_reclaim_acquire+0xae/0x150 [ 417.507613][ T7019] should_failslab+0xc2/0x120 [ 417.507640][ T7019] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 417.507683][ T7019] ? security_inode_alloc+0x3b/0x2b0 [ 417.507726][ T7019] security_inode_alloc+0x3b/0x2b0 [ 417.507766][ T7019] inode_init_always_gfp+0xce4/0x1030 [ 417.507812][ T7019] alloc_inode+0x86/0x240 [ 417.507842][ T7019] new_inode+0x22/0x1c0 [ 417.507873][ T7019] simple_fill_super+0x306/0x720 [ 417.507918][ T7019] ? __pfx_nfsd_fill_super+0x10/0x10 [ 417.507951][ T7019] nfsd_fill_super+0x90/0x530 [ 417.507979][ T7019] ? __pfx_set_anon_super_fc+0x10/0x10 [ 417.508016][ T7019] ? __pfx_nfsd_fill_super+0x10/0x10 [ 417.508046][ T7019] get_tree_keyed+0x10e/0x1d0 [ 417.508085][ T7019] vfs_get_tree+0x8b/0x340 [ 417.508117][ T7019] path_mount+0x14d4/0x1f70 [ 417.508165][ T7019] ? kmem_cache_free+0x2d1/0x4d0 [ 417.508199][ T7019] ? __pfx_path_mount+0x10/0x10 [ 417.508247][ T7019] ? putname+0x154/0x1a0 [ 417.508279][ T7019] __x64_sys_mount+0x28d/0x310 [ 417.508304][ T7019] ? __pfx___x64_sys_mount+0x10/0x10 [ 417.508329][ T7019] ? getname_flags.part.0+0x1c5/0x550 [ 417.508367][ T7019] do_syscall_64+0xcd/0x490 [ 417.508397][ T7019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.508423][ T7019] RIP: 0033:0x7facaef8e929 [ 417.508444][ T7019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.508468][ T7019] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 417.508493][ T7019] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 417.508510][ T7019] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 417.508526][ T7019] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 417.508541][ T7019] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 417.508556][ T7019] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 417.508591][ T7019] [ 418.031653][ T7025] warning: `syz.0.282' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 419.627844][ T7056] FAULT_INJECTION: forcing a failure. [ 419.627844][ T7056] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.655836][ T7056] CPU: 0 UID: 0 PID: 7056 Comm: syz.3.288 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 419.655871][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 419.655885][ T7056] Call Trace: [ 419.655893][ T7056] [ 419.655903][ T7056] dump_stack_lvl+0x16c/0x1f0 [ 419.655952][ T7056] should_fail_ex+0x512/0x640 [ 419.655997][ T7056] _copy_from_user+0x2e/0xd0 [ 419.656032][ T7056] do_pages_stat+0x239/0x820 [ 419.656074][ T7056] ? __pfx_do_pages_stat+0x10/0x10 [ 419.656106][ T7056] ? __lock_acquire+0xb8a/0x1c90 [ 419.656169][ T7056] ? do_raw_spin_unlock+0x172/0x230 [ 419.656217][ T7056] kernel_move_pages+0xfd4/0x13b0 [ 419.656263][ T7056] ? __pfx_kernel_move_pages+0x10/0x10 [ 419.656297][ T7056] ? __fget_files+0x20e/0x3c0 [ 419.656342][ T7056] ? fput+0x70/0xf0 [ 419.656369][ T7056] ? ksys_write+0x1ac/0x250 [ 419.656409][ T7056] ? __pfx_ksys_write+0x10/0x10 [ 419.656453][ T7056] __x64_sys_move_pages+0xe0/0x1c0 [ 419.656484][ T7056] ? do_syscall_64+0x91/0x490 [ 419.656508][ T7056] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.656554][ T7056] do_syscall_64+0xcd/0x490 [ 419.656581][ T7056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.656607][ T7056] RIP: 0033:0x7f5a45f8e929 [ 419.656628][ T7056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.656653][ T7056] RSP: 002b:00007f5a46d1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 419.656678][ T7056] RAX: ffffffffffffffda RBX: 00007f5a461b6320 RCX: 00007f5a45f8e929 [ 419.656695][ T7056] RDX: 0000000000000000 RSI: 0000000000000f54 RDI: 0000000000000001 [ 419.656710][ T7056] RBP: 00007f5a46d1a090 R08: 0000000000000000 R09: 8000000000000000 [ 419.656726][ T7056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.656741][ T7056] R13: 0000000000000000 R14: 00007f5a461b6320 R15: 00007fffb280de08 [ 419.656775][ T7056] [ 424.707515][ T7141] binder: 7139:7141 ioctl c0306201 2000000000c0 returned -14 [ 424.760544][ T7141] netlink: zone id is out of range [ 424.765743][ T7141] netlink: zone id is out of range [ 424.771884][ T7141] netlink: zone id is out of range [ 424.777195][ T7141] netlink: zone id is out of range [ 424.783442][ T7141] netlink: zone id is out of range [ 424.791139][ T7141] netlink: get zone limit has 4 unknown bytes [ 425.584910][ T7158] MTRR 1 not used [ 425.594154][ T7158] FAULT_INJECTION: forcing a failure. [ 425.594154][ T7158] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.626689][ T7158] CPU: 1 UID: 0 PID: 7158 Comm: syz.1.314 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 425.626723][ T7158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 425.626738][ T7158] Call Trace: [ 425.626746][ T7158] [ 425.626756][ T7158] dump_stack_lvl+0x16c/0x1f0 [ 425.626804][ T7158] should_fail_ex+0x512/0x640 [ 425.626836][ T7158] _copy_from_user+0x2e/0xd0 [ 425.626867][ T7158] snd_pcm_oss_write2+0x1c2/0x410 [ 425.626902][ T7158] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 425.626932][ T7158] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 425.626978][ T7158] snd_pcm_oss_write+0x711/0xa10 [ 425.627013][ T7158] ? security_file_permission+0x71/0x210 [ 425.627059][ T7158] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 425.627091][ T7158] vfs_write+0x2a0/0x1150 [ 425.627133][ T7158] ? __pfx_vfs_write+0x10/0x10 [ 425.627166][ T7158] ? find_held_lock+0x2b/0x80 [ 425.627191][ T7158] ? __fget_files+0x204/0x3c0 [ 425.627229][ T7158] ? __fget_files+0x20e/0x3c0 [ 425.627273][ T7158] ksys_write+0x12a/0x250 [ 425.627308][ T7158] ? __pfx_ksys_write+0x10/0x10 [ 425.627353][ T7158] do_syscall_64+0xcd/0x490 [ 425.627378][ T7158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.627402][ T7158] RIP: 0033:0x7f9ab4b8e929 [ 425.627421][ T7158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.627443][ T7158] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 425.627465][ T7158] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 425.627480][ T7158] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 425.627500][ T7158] RBP: 00007f9ab5911090 R08: 0000000000000000 R09: 0000000000000000 [ 425.627514][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 425.627528][ T7158] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 425.627558][ T7158] [ 425.828720][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.784209][ T7177] netlink: 28 bytes leftover after parsing attributes in process `syz.0.318'. [ 429.455987][ T7200] netlink: 28 bytes leftover after parsing attributes in process `syz.0.324'. [ 429.465405][ T7200] bridge_slave_1: left allmulticast mode [ 429.477079][ T7200] bridge_slave_1: left promiscuous mode [ 429.494359][ T7200] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.563905][ T7200] bridge_slave_0: left allmulticast mode [ 429.574426][ T7200] bridge_slave_0: left promiscuous mode [ 429.827926][ T7200] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.496374][ T7270] bridge0: port 3(vlan1) entered blocking state [ 432.518019][ T7270] bridge0: port 3(vlan1) entered disabled state [ 432.527201][ T7270] vlan1: entered allmulticast mode [ 432.545756][ T7270] veth0_vlan: entered allmulticast mode [ 432.570821][ T7270] vlan1: entered promiscuous mode [ 432.581270][ T7270] bridge0: port 3(vlan1) entered blocking state [ 432.587804][ T7270] bridge0: port 3(vlan1) entered forwarding state [ 432.777331][ T7275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 433.606262][ T7293] netlink: 28 bytes leftover after parsing attributes in process `syz.2.348'. [ 433.762008][ T7297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 433.978888][ T7294] zswap: compressor not available [ 434.548862][ T7321] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 435.346945][ T7332] binder: 7330:7332 unknown command 668977 [ 435.394538][ T7332] binder: 7330:7332 ioctl c0306201 2000000000c0 returned -22 [ 436.327740][ T7333] ima: policy update failed [ 436.346875][ T30] audit: type=1802 audit(6044023634.851:6): pid=7333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.357" res=0 errno=0 [ 438.286726][ T7377] FAULT_INJECTION: forcing a failure. [ 438.286726][ T7377] name failslab, interval 1, probability 0, space 0, times 0 [ 438.317039][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.2.367 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 438.317074][ T7377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 438.317089][ T7377] Call Trace: [ 438.317098][ T7377] [ 438.317108][ T7377] dump_stack_lvl+0x16c/0x1f0 [ 438.317152][ T7377] should_fail_ex+0x512/0x640 [ 438.317178][ T7377] ? fs_reclaim_acquire+0xae/0x150 [ 438.317209][ T7377] should_failslab+0xc2/0x120 [ 438.317231][ T7377] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 438.317269][ T7377] ? security_inode_alloc+0x3b/0x2b0 [ 438.317313][ T7377] security_inode_alloc+0x3b/0x2b0 [ 438.317347][ T7377] inode_init_always_gfp+0xce4/0x1030 [ 438.317385][ T7377] alloc_inode+0x86/0x240 [ 438.317414][ T7377] new_inode+0x22/0x1c0 [ 438.317441][ T7377] simple_fill_super+0x306/0x720 [ 438.317477][ T7377] ? __pfx_nfsd_fill_super+0x10/0x10 [ 438.317504][ T7377] nfsd_fill_super+0x90/0x530 [ 438.317527][ T7377] ? __pfx_set_anon_super_fc+0x10/0x10 [ 438.317561][ T7377] ? __pfx_nfsd_fill_super+0x10/0x10 [ 438.317586][ T7377] get_tree_keyed+0x10e/0x1d0 [ 438.317620][ T7377] vfs_get_tree+0x8b/0x340 [ 438.317647][ T7377] path_mount+0x14d4/0x1f70 [ 438.317685][ T7377] ? kmem_cache_free+0x2d1/0x4d0 [ 438.317719][ T7377] ? __pfx_path_mount+0x10/0x10 [ 438.317759][ T7377] ? putname+0x154/0x1a0 [ 438.317785][ T7377] __x64_sys_mount+0x28d/0x310 [ 438.317806][ T7377] ? __pfx___x64_sys_mount+0x10/0x10 [ 438.317835][ T7377] do_syscall_64+0xcd/0x490 [ 438.317859][ T7377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.317882][ T7377] RIP: 0033:0x7f1f0898e929 [ 438.317899][ T7377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.317920][ T7377] RSP: 002b:00007f1f097cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 438.317941][ T7377] RAX: ffffffffffffffda RBX: 00007f1f08bb5fa0 RCX: 00007f1f0898e929 [ 438.317955][ T7377] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 438.317969][ T7377] RBP: 00007f1f097cd090 R08: 0000000000000000 R09: 0000000000000000 [ 438.317982][ T7377] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 438.317995][ T7377] R13: 0000000000000000 R14: 00007f1f08bb5fa0 R15: 00007ffcb7264068 [ 438.318022][ T7377] [ 439.014939][ T7399] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 440.144598][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.378'. [ 440.373489][ T7425] zswap: compressor not available [ 440.536686][ T7434] MTRR 1 not used [ 440.560351][ T7434] FAULT_INJECTION: forcing a failure. [ 440.560351][ T7434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.604761][ T7434] CPU: 0 UID: 0 PID: 7434 Comm: syz.0.380 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 440.604795][ T7434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 440.604810][ T7434] Call Trace: [ 440.604818][ T7434] [ 440.604828][ T7434] dump_stack_lvl+0x16c/0x1f0 [ 440.604876][ T7434] should_fail_ex+0x512/0x640 [ 440.604911][ T7434] _copy_from_user+0x2e/0xd0 [ 440.604947][ T7434] snd_pcm_oss_write2+0x1c2/0x410 [ 440.604983][ T7434] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 440.605016][ T7434] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 440.605065][ T7434] snd_pcm_oss_write+0x711/0xa10 [ 440.605104][ T7434] ? security_file_permission+0x71/0x210 [ 440.605155][ T7434] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 440.605188][ T7434] vfs_write+0x2a0/0x1150 [ 440.605243][ T7434] ? __pfx_vfs_write+0x10/0x10 [ 440.605280][ T7434] ? find_held_lock+0x2b/0x80 [ 440.605309][ T7434] ? __fget_files+0x204/0x3c0 [ 440.605353][ T7434] ? __fget_files+0x20e/0x3c0 [ 440.605399][ T7434] ksys_write+0x12a/0x250 [ 440.605439][ T7434] ? __pfx_ksys_write+0x10/0x10 [ 440.605478][ T7434] do_syscall_64+0xcd/0x490 [ 440.605500][ T7434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.605520][ T7434] RIP: 0033:0x7facaef8e929 [ 440.605535][ T7434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.605554][ T7434] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 440.605572][ T7434] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 440.605585][ T7434] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 440.605597][ T7434] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 440.605608][ T7434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 440.605620][ T7434] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 440.605644][ T7434] [ 441.177140][ T7435] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 443.615924][ T7479] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 443.750946][ T7479] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 444.165231][ T7472] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 444.721552][ T7501] netlink: 28 bytes leftover after parsing attributes in process `syz.3.395'. [ 444.752875][ T7501] vcan0: entered promiscuous mode [ 444.760202][ T7501] FAULT_INJECTION: forcing a failure. [ 444.760202][ T7501] name failslab, interval 1, probability 0, space 0, times 0 [ 444.773235][ T7501] CPU: 0 UID: 0 PID: 7501 Comm: syz.3.395 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 444.773269][ T7501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 444.773283][ T7501] Call Trace: [ 444.773291][ T7501] [ 444.773301][ T7501] dump_stack_lvl+0x16c/0x1f0 [ 444.773349][ T7501] should_fail_ex+0x512/0x640 [ 444.773384][ T7501] should_failslab+0xc2/0x120 [ 444.773411][ T7501] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 444.773454][ T7501] ? __alloc_skb+0x2b2/0x380 [ 444.773501][ T7501] __alloc_skb+0x2b2/0x380 [ 444.773544][ T7501] ? __pfx___alloc_skb+0x10/0x10 [ 444.773592][ T7501] ? if_nlmsg_size+0x475/0xaf0 [ 444.773625][ T7501] rtmsg_ifinfo_build_skb+0x81/0x280 [ 444.773664][ T7501] rtmsg_ifinfo+0x9f/0x1a0 [ 444.773703][ T7501] __dev_notify_flags+0x24c/0x2e0 [ 444.773747][ T7501] ? __pfx___dev_notify_flags+0x10/0x10 [ 444.773788][ T7501] ? __dev_change_flags+0x3d5/0x720 [ 444.773817][ T7501] ? __pfx___dev_change_flags+0x10/0x10 [ 444.773845][ T7501] ? __pfx___schedule+0x10/0x10 [ 444.773885][ T7501] ? __pfx_validate_linkmsg+0x10/0x10 [ 444.773917][ T7501] netif_change_flags+0x108/0x160 [ 444.773947][ T7501] do_setlink.constprop.0+0xb53/0x4380 [ 444.773987][ T7501] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 444.774019][ T7501] ? __wake_up_klogd.part.0+0x99/0xf0 [ 444.774066][ T7501] ? __lock_acquire+0xb8a/0x1c90 [ 444.774121][ T7501] ? __mutex_trylock_common+0xe9/0x250 [ 444.774160][ T7501] ? __pfx___mutex_trylock_common+0x10/0x10 [ 444.774200][ T7501] ? __pfx___might_resched+0x10/0x10 [ 444.774231][ T7501] ? rcu_is_watching+0x12/0xc0 [ 444.774259][ T7501] ? trace_contention_end+0xdd/0x130 [ 444.774298][ T7501] ? __mutex_lock+0x1ca/0xb90 [ 444.774324][ T7501] ? rcu_is_watching+0x12/0xc0 [ 444.774351][ T7501] ? rtnl_newlink+0x600/0x2000 [ 444.774375][ T7501] ? trace_cap_capable+0x18d/0x200 [ 444.774411][ T7501] ? __pfx___mutex_lock+0x10/0x10 [ 444.774437][ T7501] ? apparmor_capable+0x114/0x1d0 [ 444.774485][ T7501] ? netlink_ns_capable+0xfa/0x130 [ 444.774518][ T7501] rtnl_newlink+0x1446/0x2000 [ 444.774559][ T7501] ? __pfx_rtnl_newlink+0x10/0x10 [ 444.774584][ T7501] ? kasan_quarantine_put+0x10a/0x240 [ 444.774624][ T7501] ? lockdep_hardirqs_on+0x7c/0x110 [ 444.774671][ T7501] ? kmem_cache_free+0x2d1/0x4d0 [ 444.774710][ T7501] ? kfree_skbmem+0x1a4/0x1f0 [ 444.774756][ T7501] ? __lock_acquire+0x622/0x1c90 [ 444.774795][ T7501] ? rcu_is_watching+0x12/0xc0 [ 444.774821][ T7501] ? trace_cap_capable+0x18d/0x200 [ 444.774866][ T7501] ? find_held_lock+0x2b/0x80 [ 444.774891][ T7501] ? __pfx_rtnl_newlink+0x10/0x10 [ 444.774918][ T7501] ? __pfx_rtnl_newlink+0x10/0x10 [ 444.774943][ T7501] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 444.774973][ T7501] ? __pfx_rtnl_newlink+0x10/0x10 [ 444.775002][ T7501] rtnetlink_rcv_msg+0x95e/0xe90 [ 444.775035][ T7501] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 444.775080][ T7501] ? ref_tracker_free+0x37c/0x830 [ 444.775116][ T7501] netlink_rcv_skb+0x155/0x420 [ 444.775149][ T7501] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 444.775180][ T7501] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 444.775226][ T7501] ? netlink_deliver_tap+0x1ae/0xd30 [ 444.775263][ T7501] netlink_unicast+0x53d/0x7f0 [ 444.775300][ T7501] ? __pfx_netlink_unicast+0x10/0x10 [ 444.775343][ T7501] netlink_sendmsg+0x8d1/0xdd0 [ 444.775382][ T7501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.775429][ T7501] ____sys_sendmsg+0xa95/0xc70 [ 444.775466][ T7501] ? copy_msghdr_from_user+0x10a/0x160 [ 444.775492][ T7501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.775533][ T7501] ? kfree+0x24f/0x4d0 [ 444.775564][ T7501] ? __pfx__kstrtoull+0x10/0x10 [ 444.775613][ T7501] ___sys_sendmsg+0x134/0x1d0 [ 444.775641][ T7501] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.775702][ T7501] ? __pfx___might_resched+0x10/0x10 [ 444.775737][ T7501] __sys_sendmmsg+0x200/0x420 [ 444.775768][ T7501] ? __pfx___sys_sendmmsg+0x10/0x10 [ 444.775808][ T7501] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 444.775852][ T7501] ? fput+0x70/0xf0 [ 444.775878][ T7501] ? ksys_write+0x1ac/0x250 [ 444.775918][ T7501] ? __pfx_ksys_write+0x10/0x10 [ 444.775964][ T7501] __x64_sys_sendmmsg+0x9c/0x100 [ 444.775990][ T7501] ? lockdep_hardirqs_on+0x7c/0x110 [ 444.776032][ T7501] do_syscall_64+0xcd/0x490 [ 444.776061][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.776093][ T7501] RIP: 0033:0x7f5a45f8e929 [ 444.776115][ T7501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.776139][ T7501] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 444.776164][ T7501] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 444.776181][ T7501] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 444.776197][ T7501] RBP: 00007f5a46d9e090 R08: 0000000000000000 R09: 0000000000000000 [ 444.776212][ T7501] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 444.776227][ T7501] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 444.776262][ T7501] [ 444.832331][ T7504] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 445.055387][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.289541][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.356713][ T7507] netlink: 13 bytes leftover after parsing attributes in process `syz.3.398'. [ 445.356989][ T7508] netlink: 13 bytes leftover after parsing attributes in process `syz.3.398'. [ 445.841812][ T7518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.400'. [ 446.204891][ T7516] zswap: compressor not available [ 446.391456][ T7531] MTRR 1 not used [ 446.403103][ T7531] FAULT_INJECTION: forcing a failure. [ 446.403103][ T7531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 446.662598][ T7531] CPU: 0 UID: 0 PID: 7531 Comm: syz.3.405 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 446.662647][ T7531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 446.662662][ T7531] Call Trace: [ 446.662670][ T7531] [ 446.662690][ T7531] dump_stack_lvl+0x16c/0x1f0 [ 446.662739][ T7531] should_fail_ex+0x512/0x640 [ 446.662775][ T7531] _copy_from_user+0x2e/0xd0 [ 446.662810][ T7531] snd_pcm_oss_write2+0x1c2/0x410 [ 446.662849][ T7531] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 446.662886][ T7531] ? snd_pcm_oss_write+0x47e/0xa10 [ 446.662927][ T7531] snd_pcm_oss_write+0x711/0xa10 [ 446.662966][ T7531] ? security_file_permission+0x71/0x210 [ 446.663016][ T7531] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 446.663051][ T7531] vfs_write+0x2a0/0x1150 [ 446.663118][ T7531] ? __pfx_vfs_write+0x10/0x10 [ 446.663155][ T7531] ? find_held_lock+0x2b/0x80 [ 446.663182][ T7531] ? __fget_files+0x204/0x3c0 [ 446.663227][ T7531] ? __fget_files+0x20e/0x3c0 [ 446.663277][ T7531] ksys_write+0x12a/0x250 [ 446.663319][ T7531] ? __pfx_ksys_write+0x10/0x10 [ 446.663371][ T7531] do_syscall_64+0xcd/0x490 [ 446.663402][ T7531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.663431][ T7531] RIP: 0033:0x7f5a45f8e929 [ 446.663453][ T7531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.663479][ T7531] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 446.663505][ T7531] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 446.663523][ T7531] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 446.663539][ T7531] RBP: 00007f5a46d9e090 R08: 0000000000000000 R09: 0000000000000000 [ 446.663555][ T7531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 446.663570][ T7531] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 446.663604][ T7531] [ 447.575489][ T7532] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 447.708602][ T7533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.403'. [ 447.841495][ T7551] binder: 7550:7551 unknown command 28 [ 447.848697][ T7551] binder: 7550:7551 ioctl c0306201 2000000000c0 returned -22 [ 451.259579][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.419'. [ 451.605639][ T7583] netlink: 28 bytes leftover after parsing attributes in process `syz.1.416'. [ 451.646973][ T7583] vlan1: left allmulticast mode [ 451.669274][ T7583] veth0_vlan: left allmulticast mode [ 451.703078][ T7583] vlan1: left promiscuous mode [ 451.728165][ T7583] bridge0: port 3(vlan1) entered disabled state [ 451.788787][ T7609] syz.0.424 uses obsolete (PF_INET,SOCK_PACKET) [ 451.796236][ T7583] bridge_slave_1: left allmulticast mode [ 451.801120][ T7609] binder: 7608:7609 ioctl c0306201 2000000000c0 returned -14 [ 451.811552][ T7583] bridge_slave_1: left promiscuous mode [ 451.827907][ T7609] FAULT_INJECTION: forcing a failure. [ 451.827907][ T7609] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 451.829569][ T7583] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.863899][ T7609] CPU: 0 UID: 0 PID: 7609 Comm: syz.0.424 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 451.863942][ T7609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.863958][ T7609] Call Trace: [ 451.863968][ T7609] [ 451.863978][ T7609] dump_stack_lvl+0x16c/0x1f0 [ 451.864030][ T7609] should_fail_ex+0x512/0x640 [ 451.864067][ T7609] should_fail_alloc_page+0xe7/0x130 [ 451.864099][ T7609] prepare_alloc_pages+0x3c2/0x610 [ 451.864133][ T7609] ? rcu_is_watching+0x12/0xc0 [ 451.864165][ T7609] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 451.864214][ T7609] ? __lock_acquire+0xb8a/0x1c90 [ 451.864264][ T7609] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 451.864319][ T7609] ? do_raw_spin_lock+0x12c/0x2b0 [ 451.864364][ T7609] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 451.864408][ T7609] ? find_held_lock+0x2b/0x80 [ 451.864446][ T7609] ? __lock_acquire+0xb8a/0x1c90 [ 451.864481][ T7609] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 451.864526][ T7609] ? policy_nodemask+0xea/0x4e0 [ 451.864557][ T7609] alloc_pages_mpol+0x1fb/0x550 [ 451.864587][ T7609] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 451.864625][ T7609] folio_alloc_mpol_noprof+0x36/0x2f0 [ 451.864661][ T7609] shmem_alloc_folio+0x135/0x160 [ 451.864698][ T7609] shmem_alloc_and_add_folio+0x499/0xc20 [ 451.864748][ T7609] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 451.864793][ T7609] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 451.864841][ T7609] shmem_get_folio_gfp+0x67f/0x1600 [ 451.864891][ T7609] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 451.864935][ T7609] ? __lock_acquire+0x622/0x1c90 [ 451.864977][ T7609] shmem_fault+0x1fe/0xa30 [ 451.865019][ T7609] ? __pfx_shmem_fault+0x10/0x10 [ 451.865068][ T7609] ? __lock_acquire+0xb8a/0x1c90 [ 451.865113][ T7609] __do_fault+0x10a/0x490 [ 451.865157][ T7609] ? __pfx_filemap_map_pages+0x10/0x10 [ 451.865202][ T7609] __handle_mm_fault+0x374c/0x5490 [ 451.865251][ T7609] ? __pfx___handle_mm_fault+0x10/0x10 [ 451.865301][ T7609] ? __pte_offset_map_lock+0x174/0x310 [ 451.865332][ T7609] ? find_held_lock+0x2b/0x80 [ 451.865357][ T7609] ? find_held_lock+0x2b/0x80 [ 451.865394][ T7609] ? follow_page_pte+0x3af/0x14c0 [ 451.865436][ T7609] handle_mm_fault+0x589/0xd10 [ 451.865483][ T7609] __get_user_pages+0x589/0x3b80 [ 451.865532][ T7609] ? __pfx___get_user_pages+0x10/0x10 [ 451.865565][ T7609] ? __pfx_down_read_killable+0x10/0x10 [ 451.865598][ T7609] ? __lock_acquire+0xb8a/0x1c90 [ 451.865641][ T7609] faultin_page_range+0x249/0x980 [ 451.865684][ T7609] madvise_do_behavior+0x268/0x3f0 [ 451.865719][ T7609] ? __pfx_madvise_do_behavior+0x10/0x10 [ 451.865773][ T7609] do_madvise+0x161/0x230 [ 451.865805][ T7609] ? __pfx_do_madvise+0x10/0x10 [ 451.865854][ T7609] ? xfd_validate_state+0x61/0x180 [ 451.865888][ T7609] ? __pfx_do_writev+0x10/0x10 [ 451.865931][ T7609] __x64_sys_madvise+0xa9/0x110 [ 451.865961][ T7609] ? lockdep_hardirqs_on+0x7c/0x110 [ 451.866005][ T7609] do_syscall_64+0xcd/0x490 [ 451.866034][ T7609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.866063][ T7609] RIP: 0033:0x7facaef8e929 [ 451.866085][ T7609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.866111][ T7609] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 451.866137][ T7609] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 451.866155][ T7609] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 451.866171][ T7609] RBP: 00007facaf010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 451.866188][ T7609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.866204][ T7609] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 451.866241][ T7609] [ 452.290310][ T7583] bridge_slave_0: left allmulticast mode [ 452.301788][ T7583] bridge_slave_0: left promiscuous mode [ 452.312581][ T7583] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.866494][ T7623] FAULT_INJECTION: forcing a failure. [ 452.866494][ T7623] name failslab, interval 1, probability 0, space 0, times 0 [ 452.915691][ T7623] CPU: 0 UID: 0 PID: 7623 Comm: syz.1.428 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 452.915726][ T7623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 452.915742][ T7623] Call Trace: [ 452.915750][ T7623] [ 452.915761][ T7623] dump_stack_lvl+0x16c/0x1f0 [ 452.915808][ T7623] should_fail_ex+0x512/0x640 [ 452.915837][ T7623] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 452.915882][ T7623] should_failslab+0xc2/0x120 [ 452.915908][ T7623] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 452.915948][ T7623] ? _raw_spin_unlock+0x28/0x50 [ 452.915986][ T7623] ? alloc_inode+0xc3/0x240 [ 452.916019][ T7623] alloc_inode+0xc3/0x240 [ 452.916046][ T7623] new_inode+0x22/0x1c0 [ 452.916078][ T7623] simple_fill_super+0x306/0x720 [ 452.916119][ T7623] ? __pfx_nfsd_fill_super+0x10/0x10 [ 452.916149][ T7623] nfsd_fill_super+0x90/0x530 [ 452.916177][ T7623] ? __pfx_set_anon_super_fc+0x10/0x10 [ 452.916221][ T7623] ? __pfx_nfsd_fill_super+0x10/0x10 [ 452.916250][ T7623] get_tree_keyed+0x10e/0x1d0 [ 452.916290][ T7623] vfs_get_tree+0x8b/0x340 [ 452.916321][ T7623] path_mount+0x14d4/0x1f70 [ 452.916365][ T7623] ? kmem_cache_free+0x2d1/0x4d0 [ 452.916403][ T7623] ? __pfx_path_mount+0x10/0x10 [ 452.916450][ T7623] ? putname+0x154/0x1a0 [ 452.916480][ T7623] __x64_sys_mount+0x28d/0x310 [ 452.916504][ T7623] ? __pfx___x64_sys_mount+0x10/0x10 [ 452.916542][ T7623] do_syscall_64+0xcd/0x490 [ 452.916570][ T7623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.916595][ T7623] RIP: 0033:0x7f9ab4b8e929 [ 452.916615][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.916639][ T7623] RSP: 002b:00007f9ab5911038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 452.916663][ T7623] RAX: ffffffffffffffda RBX: 00007f9ab4db5fa0 RCX: 00007f9ab4b8e929 [ 452.916680][ T7623] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 452.916696][ T7623] RBP: 00007f9ab5911090 R08: 0000000000000000 R09: 0000000000000000 [ 452.916711][ T7623] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 452.916726][ T7623] R13: 0000000000000000 R14: 00007f9ab4db5fa0 R15: 00007ffef5e32628 [ 452.916760][ T7623] [ 454.207204][ T7646] netlink: 28 bytes leftover after parsing attributes in process `syz.0.433'. [ 454.236702][ T7646] FAULT_INJECTION: forcing a failure. [ 454.236702][ T7646] name failslab, interval 1, probability 0, space 0, times 0 [ 454.276849][ T7646] CPU: 0 UID: 0 PID: 7646 Comm: syz.0.433 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 454.276904][ T7646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 454.276921][ T7646] Call Trace: [ 454.276932][ T7646] [ 454.276943][ T7646] dump_stack_lvl+0x16c/0x1f0 [ 454.276998][ T7646] should_fail_ex+0x512/0x640 [ 454.277039][ T7646] should_failslab+0xc2/0x120 [ 454.277072][ T7646] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 454.277121][ T7646] ? skb_clone+0x190/0x3f0 [ 454.277167][ T7646] skb_clone+0x190/0x3f0 [ 454.277201][ T7646] netlink_deliver_tap+0xabd/0xd30 [ 454.277245][ T7646] netlink_unicast+0x6b2/0x7f0 [ 454.277289][ T7646] ? __pfx_netlink_unicast+0x10/0x10 [ 454.277339][ T7646] netlink_ack+0x696/0xb80 [ 454.277389][ T7646] netlink_rcv_skb+0x332/0x420 [ 454.277426][ T7646] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 454.277464][ T7646] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 454.277517][ T7646] ? netlink_deliver_tap+0x1ae/0xd30 [ 454.277571][ T7646] netlink_unicast+0x53d/0x7f0 [ 454.277611][ T7646] ? __pfx_netlink_unicast+0x10/0x10 [ 454.277657][ T7646] netlink_sendmsg+0x8d1/0xdd0 [ 454.277700][ T7646] ? __pfx_netlink_sendmsg+0x10/0x10 [ 454.277751][ T7646] ____sys_sendmsg+0xa95/0xc70 [ 454.277802][ T7646] ? copy_msghdr_from_user+0x10a/0x160 [ 454.277831][ T7646] ? __pfx_____sys_sendmsg+0x10/0x10 [ 454.277875][ T7646] ? kfree+0x24f/0x4d0 [ 454.277909][ T7646] ? __pfx__kstrtoull+0x10/0x10 [ 454.277962][ T7646] ___sys_sendmsg+0x134/0x1d0 [ 454.277993][ T7646] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.278059][ T7646] ? __pfx___might_resched+0x10/0x10 [ 454.278099][ T7646] __sys_sendmmsg+0x200/0x420 [ 454.278133][ T7646] ? __pfx___sys_sendmmsg+0x10/0x10 [ 454.278200][ T7646] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 454.278243][ T7646] ? fput+0x70/0xf0 [ 454.278267][ T7646] ? ksys_write+0x1ac/0x250 [ 454.278295][ T7646] ? __pfx_ksys_write+0x10/0x10 [ 454.278328][ T7646] __x64_sys_sendmmsg+0x9c/0x100 [ 454.278347][ T7646] ? lockdep_hardirqs_on+0x7c/0x110 [ 454.278378][ T7646] do_syscall_64+0xcd/0x490 [ 454.278399][ T7646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.278419][ T7646] RIP: 0033:0x7facaef8e929 [ 454.278433][ T7646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.278451][ T7646] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 454.278469][ T7646] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 454.278481][ T7646] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 454.278492][ T7646] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 454.278503][ T7646] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 454.278514][ T7646] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 454.278538][ T7646] [ 454.803046][ T7635] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 458.926004][ T7719] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 460.500588][ T7738] FAULT_INJECTION: forcing a failure. [ 460.500588][ T7738] name failslab, interval 1, probability 0, space 0, times 0 [ 460.619688][ T7738] CPU: 0 UID: 0 PID: 7738 Comm: syz.0.456 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 460.619727][ T7738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 460.619743][ T7738] Call Trace: [ 460.619753][ T7738] [ 460.619764][ T7738] dump_stack_lvl+0x16c/0x1f0 [ 460.619816][ T7738] should_fail_ex+0x512/0x640 [ 460.619849][ T7738] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 460.619918][ T7738] should_failslab+0xc2/0x120 [ 460.619946][ T7738] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 460.619990][ T7738] ? __d_alloc+0x31/0xaa0 [ 460.620018][ T7738] __d_alloc+0x31/0xaa0 [ 460.620039][ T7738] ? do_raw_spin_lock+0x12c/0x2b0 [ 460.620085][ T7738] d_alloc+0x4a/0x1e0 [ 460.620111][ T7738] d_alloc_name+0x83/0xb0 [ 460.620136][ T7738] ? __pfx_d_alloc_name+0x10/0x10 [ 460.620170][ T7738] simple_fill_super+0x2eb/0x720 [ 460.620214][ T7738] ? __pfx_nfsd_fill_super+0x10/0x10 [ 460.620244][ T7738] nfsd_fill_super+0x90/0x530 [ 460.620272][ T7738] ? __pfx_set_anon_super_fc+0x10/0x10 [ 460.620309][ T7738] ? __pfx_nfsd_fill_super+0x10/0x10 [ 460.620339][ T7738] get_tree_keyed+0x10e/0x1d0 [ 460.620381][ T7738] vfs_get_tree+0x8b/0x340 [ 460.620414][ T7738] path_mount+0x14d4/0x1f70 [ 460.620478][ T7738] ? kmem_cache_free+0x2d1/0x4d0 [ 460.620522][ T7738] ? __pfx_path_mount+0x10/0x10 [ 460.620577][ T7738] ? putname+0x154/0x1a0 [ 460.620618][ T7738] __x64_sys_mount+0x28d/0x310 [ 460.620648][ T7738] ? __pfx___x64_sys_mount+0x10/0x10 [ 460.620690][ T7738] do_syscall_64+0xcd/0x490 [ 460.620724][ T7738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.620756][ T7738] RIP: 0033:0x7facaef8e929 [ 460.620780][ T7738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.620809][ T7738] RSP: 002b:00007facafee1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 460.620838][ T7738] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8e929 [ 460.620858][ T7738] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 460.620883][ T7738] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 460.620901][ T7738] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 460.620920][ T7738] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 460.620961][ T7738] [ 460.855636][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.352826][ T7748] netlink: 330 bytes leftover after parsing attributes in process `syz.3.458'. [ 461.367215][ T7748] mac80211_hwsim hwsim4 ›: renamed from wlan0 (while UP) [ 461.803960][ T7733] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 462.530698][ T7756] zswap: compressor not available [ 464.422827][ T7803] netlink: 28 bytes leftover after parsing attributes in process `syz.2.473'. [ 464.431947][ T7803] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.533341][ T7803] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.549124][ T7804] netlink: 28 bytes leftover after parsing attributes in process `syz.0.474'. [ 464.702190][ T7804] FAULT_INJECTION: forcing a failure. [ 464.702190][ T7804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 464.735949][ T7804] CPU: 1 UID: 0 PID: 7804 Comm: syz.0.474 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 464.735988][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.736004][ T7804] Call Trace: [ 464.736013][ T7804] [ 464.736023][ T7804] dump_stack_lvl+0x16c/0x1f0 [ 464.736072][ T7804] should_fail_ex+0x512/0x640 [ 464.736109][ T7804] _copy_to_user+0x32/0xd0 [ 464.736145][ T7804] simple_read_from_buffer+0xcb/0x170 [ 464.736185][ T7804] proc_fail_nth_read+0x197/0x270 [ 464.736219][ T7804] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 464.736255][ T7804] ? rw_verify_area+0xcf/0x680 [ 464.736289][ T7804] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 464.736322][ T7804] vfs_read+0x1e1/0xc60 [ 464.736366][ T7804] ? __pfx___mutex_lock+0x10/0x10 [ 464.736399][ T7804] ? __pfx_vfs_read+0x10/0x10 [ 464.736448][ T7804] ? __fget_files+0x20e/0x3c0 [ 464.736497][ T7804] ksys_read+0x12a/0x250 [ 464.736535][ T7804] ? __pfx_ksys_read+0x10/0x10 [ 464.736585][ T7804] do_syscall_64+0xcd/0x490 [ 464.736615][ T7804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.736641][ T7804] RIP: 0033:0x7facaef8d33c [ 464.736663][ T7804] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 464.736688][ T7804] RSP: 002b:00007facafee1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 464.736712][ T7804] RAX: ffffffffffffffda RBX: 00007facaf1b5fa0 RCX: 00007facaef8d33c [ 464.736729][ T7804] RDX: 000000000000000f RSI: 00007facafee10a0 RDI: 0000000000000005 [ 464.736745][ T7804] RBP: 00007facafee1090 R08: 0000000000000000 R09: 0000000000000000 [ 464.736760][ T7804] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 464.736775][ T7804] R13: 0000000000000000 R14: 00007facaf1b5fa0 R15: 00007ffe7b05b1f8 [ 464.736810][ T7804] [ 465.161919][ T7812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'. [ 466.091266][ T7826] ubi: mtd0 is already attached to ubi0 [ 467.607350][ T5888] Bluetooth: hci3: command 0x0406 tx timeout [ 467.608156][ T5885] Bluetooth: hci2: command 0x0406 tx timeout [ 467.616774][ T5888] Bluetooth: hci0: command 0x0406 tx timeout [ 467.621014][ T5885] Bluetooth: hci1: command 0x0406 tx timeout [ 469.017312][ T30] audit: type=1326 audit(4294967327.220:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7867 comm="syz.0.493" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7facaef8e929 code=0x0 [ 469.533524][ T7888] netlink: 342 bytes leftover after parsing attributes in process `syz.3.495'. [ 469.579034][ T7888] netlink: 'syz.3.495': attribute type 2 has an invalid length. [ 469.629351][ T7888] netlink: 'syz.3.495': attribute type 3 has an invalid length. [ 469.639166][ T7888] netlink: 98 bytes leftover after parsing attributes in process `syz.3.495'. [ 472.337260][ T7973] Invalid ELF header magic: != ELF [ 473.619704][ T8056] random: crng reseeded on system resumption [ 474.648316][ T8084] netlink: 4 bytes leftover after parsing attributes in process `syz.2.511'. [ 475.033886][ T8077] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 476.506703][ T8184] mkiss: ax0: crc mode is auto. [ 477.076094][ T8250] capability: warning: `syz.2.524' uses 32-bit capabilities (legacy support in use) [ 477.135581][ T8257] Unable to find swap-space signature [ 477.484022][ T8266] netlink: 338 bytes leftover after parsing attributes in process `syz.2.527'. [ 477.688923][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.529'. [ 478.174566][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.2.536'. [ 479.441944][ T8358] netlink: 4 bytes leftover after parsing attributes in process `syz.2.543'. [ 481.113607][ T8412] program syz.3.548 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 481.123575][ T8412] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 481.666764][ T5980] Process accounting resumed [ 483.020152][ T8447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.559'. [ 483.029176][ T8447] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 483.039568][ T8447] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 483.067866][ T8447] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 483.098122][ T8447] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.112738][ T8540] .SR: entered promiscuous mode [ 485.195123][ T8540] netlink: 'syz.2.569': attribute type 2 has an invalid length. [ 485.765744][ T8492] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 486.689122][ T8599] binder: 8598:8599 ioctl c0306201 2000000000c0 returned -14 [ 486.711512][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.578'. [ 487.925017][ T8654] kAFS: Invalid Command on /proc/fs/afs/cells file [ 488.529964][ T8687] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 489.802022][ T8661] cgroup: fork rejected by pids controller in /syz2 [ 497.557399][ T8924] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.913681][ T8924] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.106878][ T8952] sctp: [Deprecated]: syz.1.608 (pid 8952) Use of struct sctp_assoc_value in delayed_ack socket option. [ 498.106878][ T8952] Use struct sctp_sack_info instead [ 498.374513][ T8924] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.747621][ T5877] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 498.758165][ T5877] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 498.766774][ T5877] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 498.775163][ T5877] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 498.786661][ T5877] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 498.989725][ T8924] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.162601][ T8958] chnl_net:caif_netlink_parms(): no params data found [ 500.498971][ T8924] bridge_slave_1: left allmulticast mode [ 500.506302][ T8924] bridge_slave_1: left promiscuous mode [ 500.513504][ T8924] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.886652][ T5877] Bluetooth: hci4: command tx timeout [ 500.909067][ T8924] bridge_slave_0: left allmulticast mode [ 500.915223][ T8924] bridge_slave_0: left promiscuous mode [ 500.930107][ T8924] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.110623][ T9146] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.617' sets config #32769 [ 502.333663][ T8924] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.366053][ T8924] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.377920][ T8924] bond0 (unregistering): Released all slaves [ 502.476562][ T8924] .SR: left promiscuous mode [ 502.942626][ T8958] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.981720][ T5877] Bluetooth: hci4: command tx timeout [ 503.035091][ T9196] FAULT_INJECTION: forcing a failure. [ 503.035091][ T9196] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 503.065264][ T8958] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.072629][ T8958] bridge_slave_0: entered allmulticast mode [ 503.094198][ T8958] bridge_slave_0: entered promiscuous mode [ 503.128151][ T9196] CPU: 0 UID: 0 PID: 9196 Comm: syz.3.619 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 503.128187][ T9196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 503.128201][ T9196] Call Trace: [ 503.128209][ T9196] [ 503.128219][ T9196] dump_stack_lvl+0x16c/0x1f0 [ 503.128265][ T9196] should_fail_ex+0x512/0x640 [ 503.128297][ T9196] should_fail_alloc_page+0xe7/0x130 [ 503.128324][ T9196] prepare_alloc_pages+0x3c2/0x610 [ 503.128360][ T9196] ? rcu_is_watching+0x12/0xc0 [ 503.128387][ T9196] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 503.128429][ T9196] ? mark_held_locks+0x49/0x80 [ 503.128462][ T9196] ? finish_task_switch.isra.0+0x221/0xc10 [ 503.128486][ T9196] ? lockdep_hardirqs_on+0x7c/0x110 [ 503.128533][ T9196] ? finish_task_switch.isra.0+0x221/0xc10 [ 503.128582][ T9196] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 503.128616][ T9196] ? __lock_acquire+0x622/0x1c90 [ 503.128655][ T9196] ? __lock_acquire+0x622/0x1c90 [ 503.128691][ T9196] ? __lock_acquire+0x622/0x1c90 [ 503.128720][ T9196] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 503.128756][ T9196] ? policy_nodemask+0xea/0x4e0 [ 503.128780][ T9196] alloc_pages_mpol+0x1fb/0x550 [ 503.128803][ T9196] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 503.128832][ T9196] folio_alloc_mpol_noprof+0x36/0x2f0 [ 503.128861][ T9196] vma_alloc_folio_noprof+0xed/0x1e0 [ 503.128886][ T9196] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 503.128911][ T9196] ? find_held_lock+0x2b/0x80 [ 503.128932][ T9196] ? __handle_mm_fault+0x1092/0x5490 [ 503.128966][ T9196] __handle_mm_fault+0x2f21/0x5490 [ 503.129003][ T9196] ? __pfx___handle_mm_fault+0x10/0x10 [ 503.129051][ T9196] ? __pte_offset_map_lock+0x174/0x310 [ 503.129077][ T9196] ? find_held_lock+0x2b/0x80 [ 503.129098][ T9196] ? find_held_lock+0x2b/0x80 [ 503.129127][ T9196] ? follow_page_pte+0x3af/0x14c0 [ 503.129160][ T9196] handle_mm_fault+0x589/0xd10 [ 503.129196][ T9196] __get_user_pages+0x589/0x3b80 [ 503.129251][ T9196] ? __pfx_mt_find+0x10/0x10 [ 503.129276][ T9196] ? __pfx___get_user_pages+0x10/0x10 [ 503.129315][ T9196] populate_vma_page_range+0x278/0x3a0 [ 503.129347][ T9196] ? __pfx_populate_vma_page_range+0x10/0x10 [ 503.129376][ T9196] ? __pfx_find_vma_intersection+0x10/0x10 [ 503.129406][ T9196] ? do_mmap+0x69c/0x1210 [ 503.129437][ T9196] __mm_populate+0x1d8/0x380 [ 503.129468][ T9196] ? __pfx___mm_populate+0x10/0x10 [ 503.129499][ T9196] ? up_write+0x1b2/0x520 [ 503.129536][ T9196] vm_mmap_pgoff+0x362/0x450 [ 503.129565][ T9196] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 503.129592][ T9196] ? rcu_is_watching+0x12/0xc0 [ 503.129624][ T9196] ksys_mmap_pgoff+0x7d/0x5c0 [ 503.129650][ T9196] ? xfd_validate_state+0x61/0x180 [ 503.129692][ T9196] __x64_sys_mmap+0x125/0x190 [ 503.129729][ T9196] do_syscall_64+0xcd/0x490 [ 503.129754][ T9196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.129778][ T9196] RIP: 0033:0x7f5a45f8e929 [ 503.129797][ T9196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.129820][ T9196] RSP: 002b:00007f5a46d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 503.129855][ T9196] RAX: ffffffffffffffda RBX: 00007f5a461b5fa0 RCX: 00007f5a45f8e929 [ 503.129869][ T9196] RDX: 00000000000000df RSI: 0000000000400007 RDI: 0000000000000000 [ 503.129883][ T9196] RBP: 00007f5a46010ab1 R08: 0000000000000002 R09: 0000000000008000 [ 503.129897][ T9196] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 503.129911][ T9196] R13: 0000000000000000 R14: 00007f5a461b5fa0 R15: 00007fffb280de08 [ 503.129939][ T9196] [ 503.485368][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.005881][ T8958] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.036859][ T8958] bridge0: port 2(bridge_slave_1) entered disabled state [ 504.044103][ T8958] bridge_slave_1: entered allmulticast mode [ 504.080757][ T8958] bridge_slave_1: entered promiscuous mode [ 504.311513][ T9210] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 504.344668][ T9210] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 504.567494][ T9210] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 504.617453][ T9210] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 504.791594][ T9210] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 504.804116][ T9210] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 504.926890][ T9210] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 504.944848][ T9210] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 504.952219][ T8958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 504.990668][ T9210] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 505.060213][ T8958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.476229][ T8958] team0: Port device team_slave_0 added [ 505.530655][ T8958] team0: Port device team_slave_1 added [ 505.588846][ T9353] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 505.797640][ T8958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.804652][ T8958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.904673][ T8958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.020826][ T8958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.040245][ T8958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.176269][ T8958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.341568][ T5877] Bluetooth: hci2: command 0x0406 tx timeout [ 506.494391][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.508754][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.657989][ T5877] Bluetooth: hci1: command 0x0406 tx timeout [ 506.807001][ T5877] Bluetooth: hci3: command 0x0406 tx timeout [ 506.970709][ T5877] Bluetooth: hci4: command 0x0419 tx timeout [ 506.992464][ T9453] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 507.120179][ T8958] hsr_slave_0: entered promiscuous mode [ 507.142214][ T8958] hsr_slave_1: entered promiscuous mode [ 507.157785][ T8958] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 507.189829][ T8958] Cannot create hsr debugfs directory [ 507.934973][ T8924] hsr_slave_0: left promiscuous mode [ 507.952671][ T8924] hsr_slave_1: left promiscuous mode [ 507.969996][ T8924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 508.002986][ T8924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 508.064298][ T8924] veth1_macvtap: left promiscuous mode [ 508.105999][ T8924] veth0_macvtap: left promiscuous mode [ 508.119237][ T8924] veth1_vlan: left promiscuous mode [ 508.124745][ T8924] veth0_vlan: left promiscuous mode [ 508.408686][ T5877] Bluetooth: hci2: command 0x0406 tx timeout [ 508.726784][ T5877] Bluetooth: hci1: command 0x0406 tx timeout [ 508.886622][ T5877] Bluetooth: hci3: command 0x0406 tx timeout [ 508.999367][ T8924] team0 (unregistering): Port device team_slave_1 removed [ 509.046717][ T5877] Bluetooth: hci4: command 0x0419 tx timeout [ 511.141244][ T5877] Bluetooth: hci4: command 0x0419 tx timeout [ 513.214440][ T5877] Bluetooth: hci4: command 0x0419 tx timeout [ 513.660566][ T8958] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 513.849202][ T8958] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 513.929149][ T8958] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 513.982971][ T8958] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 514.380085][ T8958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.479580][ T8958] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.512791][ T9730] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 514.558535][ T8922] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.565850][ T8922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.638873][ T8924] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.646021][ T8924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.050813][ T8958] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 515.073404][ T8958] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 515.620369][ T8958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.805415][ T8958] veth0_vlan: entered promiscuous mode [ 515.883589][ T8958] veth1_vlan: entered promiscuous mode [ 516.128712][ T8958] veth0_macvtap: entered promiscuous mode [ 516.165586][ T8958] veth1_macvtap: entered promiscuous mode [ 516.274798][ T8958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.369851][ T8958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 516.477954][ T8958] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.506636][ T8958] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.556676][ T8958] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.593443][ T8958] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.607001][ T8927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.626886][ T8927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.296936][ T8913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.342711][ T8913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 521.418883][ T9905] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 522.666090][ T9953] netlink: 'syz.0.648': attribute type 11 has an invalid length. [ 522.684769][ T9953] netlink: 'syz.0.648': attribute type 11 has an invalid length. [ 522.698276][ T9953] netlink: 'syz.0.648': attribute type 11 has an invalid length. [ 523.432182][ T9989] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 524.433384][ T8891] syz.3.602 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 524.444835][ T8891] CPU: 0 UID: 0 PID: 8891 Comm: syz.3.602 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 524.444870][ T8891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 524.444884][ T8891] Call Trace: [ 524.444892][ T8891] [ 524.444901][ T8891] dump_stack_lvl+0x16c/0x1f0 [ 524.444948][ T8891] dump_header+0x101/0x930 [ 524.444991][ T8891] oom_kill_process+0x270/0xa60 [ 524.445034][ T8891] out_of_memory+0x350/0x1700 [ 524.445079][ T8891] ? __pfx_out_of_memory+0x10/0x10 [ 524.445128][ T8891] mem_cgroup_out_of_memory+0x118/0x130 [ 524.445160][ T8891] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 524.445198][ T8891] ? do_raw_spin_unlock+0x172/0x230 [ 524.445243][ T8891] try_charge_memcg+0x72b/0xd50 [ 524.445272][ T8891] ? __pfx_try_charge_memcg+0x10/0x10 [ 524.445296][ T8891] ? __print_lock_name+0x91/0xe0 [ 524.445321][ T8891] ? rcu_read_unlock+0x17/0x60 [ 524.445354][ T8891] charge_memcg+0x8a/0x230 [ 524.445378][ T8891] __mem_cgroup_charge+0x2b/0x1e0 [ 524.445407][ T8891] shmem_alloc_and_add_folio+0x514/0xc20 [ 524.445469][ T8891] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 524.445511][ T8891] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 524.445556][ T8891] shmem_get_folio_gfp+0x67f/0x1600 [ 524.445602][ T8891] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 524.445645][ T8891] ? __pte_offset_map_lock+0x174/0x310 [ 524.445680][ T8891] shmem_write_begin+0x160/0x300 [ 524.445758][ T8891] ? find_held_lock+0x2b/0x80 [ 524.445786][ T8891] ? __pfx_shmem_write_begin+0x10/0x10 [ 524.445843][ T8891] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 524.445884][ T8891] ? __pfx_timestamp_truncate+0x10/0x10 [ 524.445937][ T8891] generic_perform_write+0x3d0/0x930 [ 524.445993][ T8891] ? __pfx_generic_perform_write+0x10/0x10 [ 524.446040][ T8891] ? inode_needs_update_time.part.0+0x191/0x270 [ 524.446103][ T8891] shmem_file_write_iter+0x10e/0x140 [ 524.446133][ T8891] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 524.446159][ T8891] __kernel_write_iter+0x31a/0xa90 [ 524.446210][ T8891] ? __pfx___kernel_write_iter+0x10/0x10 [ 524.446257][ T8891] ? __up_read+0x1f8/0x750 [ 524.446308][ T8891] ? dump_user_range+0x745/0xb60 [ 524.446352][ T8891] dump_user_range+0x41f/0xb60 [ 524.446398][ T8891] ? __pfx_dump_user_range+0x10/0x10 [ 524.446436][ T8891] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 524.446493][ T8891] ? __pfx_writenote+0x10/0x10 [ 524.446543][ T8891] elf_core_dump+0x288a/0x3a90 [ 524.446605][ T8891] ? __pfx_elf_core_dump+0x10/0x10 [ 524.446643][ T8891] ? kasan_save_stack+0x42/0x60 [ 524.446686][ T8891] ? kasan_save_stack+0x33/0x60 [ 524.446729][ T8891] ? kasan_save_track+0x14/0x30 [ 524.446791][ T8891] ? __kasan_kmalloc+0xaa/0xb0 [ 524.446846][ T8891] ? do_coredump+0x1c9a/0x4f10 [ 524.446891][ T8891] ? get_signal+0x22e3/0x26d0 [ 524.446931][ T8891] ? arch_do_signal_or_restart+0x8f/0x790 [ 524.446980][ T8891] ? 0xffffffffff600000 [ 524.447059][ T8891] ? do_coredump+0x399f/0x4f10 [ 524.447087][ T8891] do_coredump+0x399f/0x4f10 [ 524.447130][ T8891] ? __pfx_do_coredump+0x10/0x10 [ 524.447162][ T8891] ? find_held_lock+0x2b/0x80 [ 524.447188][ T8891] ? is_bpf_text_address+0x8a/0x1a0 [ 524.447231][ T8891] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 524.447263][ T8891] ? is_bpf_text_address+0x94/0x1a0 [ 524.447301][ T8891] ? kernel_text_address+0x8d/0x100 [ 524.447343][ T8891] ? __kernel_text_address+0xd/0x40 [ 524.447383][ T8891] ? unwind_get_return_address+0x59/0xa0 [ 524.447448][ T8891] ? stack_depot_save_flags+0x28/0xa40 [ 524.447480][ T8891] ? __lock_acquire+0xb8a/0x1c90 [ 524.447518][ T8891] ? kasan_save_stack+0x42/0x60 [ 524.447556][ T8891] ? kasan_save_stack+0x33/0x60 [ 524.447612][ T8891] ? kasan_save_track+0x14/0x30 [ 524.447653][ T8891] ? kasan_save_free_info+0x3b/0x60 [ 524.447687][ T8891] ? __kasan_slab_free+0x51/0x70 [ 524.447729][ T8891] ? kmem_cache_free+0x2d1/0x4d0 [ 524.447768][ T8891] ? __sigqueue_free+0xba/0x2a0 [ 524.447805][ T8891] ? get_signal+0xcba/0x26d0 [ 524.447841][ T8891] ? arch_do_signal_or_restart+0x8f/0x790 [ 524.447927][ T8891] ? proc_coredump_connector+0x2d1/0x4f0 [ 524.447973][ T8891] ? __pfx_proc_coredump_connector+0x10/0x10 [ 524.448028][ T8891] ? rcu_is_watching+0x12/0xc0 [ 524.448063][ T8891] get_signal+0x22e3/0x26d0 [ 524.448111][ T8891] ? __pfx_get_signal+0x10/0x10 [ 524.448145][ T8891] ? rcu_is_watching+0x12/0xc0 [ 524.448173][ T8891] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 524.448224][ T8891] arch_do_signal_or_restart+0x8f/0x790 [ 524.448257][ T8891] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 524.448315][ T8891] irqentry_exit_to_user_mode+0x12a/0x270 [ 524.448348][ T8891] asm_exc_page_fault+0x26/0x30 [ 524.448375][ T8891] RIP: 0033:0x401000 [ 524.448404][ T8891] Code: Unable to access opcode bytes at 0x400fd6. [ 524.448416][ T8891] RSP: 002b:0000000000000018 EFLAGS: 00010246 [ 524.448438][ T8891] RAX: 0000000000000000 RBX: 00007f5a461b6160 RCX: 00007f5a45f8e929 [ 524.448457][ T8891] RDX: 0000200000000040 RSI: 0000000000000010 RDI: 0000000000000003 [ 524.448474][ T8891] RBP: 00007f5a46010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 524.448491][ T8891] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 524.448507][ T8891] R13: 0000000000000000 R14: 00007f5a461b6160 R15: 00007fffb280de08 [ 524.448546][ T8891] [ 525.022355][ T8891] memory: usage 307200kB, limit 307200kB, failcnt 28198 [ 525.029369][ T8891] memory+swap: usage 432068kB, limit 9007199254740988kB, failcnt 0 [ 525.037626][ T8891] kmem: usage 4424kB, limit 9007199254740988kB, failcnt 0 [ 525.044742][ T8891] Memory cgroup stats for /syz3: [ 525.044947][ T8891] cache 309575680 [ 525.053588][ T8891] rss 299008 [ 525.056972][ T8891] rss_huge 0 [ 525.060172][ T8891] shmem 309452800 [ 525.063802][ T8891] mapped_file 4096 [ 525.067601][ T8891] dirty 0 [ 525.070541][ T8891] writeback 0 [ 525.073916][ T8891] workingset_refault_anon 244 [ 525.078761][ T8891] workingset_refault_file 1500 [ 525.083552][ T8891] swap 127864832 [ 525.087124][ T8891] swapcached 114688 [ 525.090930][ T8891] nr_memmap_boot_pages 288474 [ 525.096344][ T8891] pgpgin 213909 [ 525.099849][ T8891] pglazyfree 194812 [ 525.103656][ T8891] pgfault 161 [ 525.106992][ T8891] a_other 62279680 [ 525.110710][ T8891] inactive_anon 247582720 [ 525.115035][ T8891] active_anon 0 [ 525.118522][ T8891] inactive_file 122880 [ 525.122581][ T8891] active_file 0 [ 525.126039][ T8891] hierarchical_memory_limit 314572800 [ 525.131454][ T8891] hierarchical_memsw_limit 9223372036854771712 [ 525.137630][ T8891] total_cache 309575680 [ 525.142045][ T8891] total_rss 299008 [ 525.145789][ T8891] total_rss_huge 0 [ 525.149550][ T8891] total_shmem 309452800 [ 525.153700][ T8891] total_mapped_file 4096 [ 525.157972][ T8891] total_dirty 0 [ 525.161436][ T8891] total_writeback 0 [ 525.165241][ T8891] total_workingset_refault_anon 244 [ 525.170488][ T8891] total_workingset_refault_file 1500 [ 525.175774][ T8891] total_swap 127864832 [ 525.179970][ T8891] total_swapcached 114688 [ 525.184301][ T8891] total_nr_memmap_boot_pages 288474 [ 525.189732][ T8891] total_pgpgin 213909 [ 525.193712][ T8891] total_pglazyfree 194812 [ 525.198763][ T8891] total_pgfault 161 [ 525.202579][ T8891] total_a_other 62279680 [ 525.206880][ T8891] total_inactive_anon 247582720 [ 525.211734][ T8891] total_active_anon 0 [ 525.215716][ T8891] total_inactive_file 122880 [ 525.220358][ T8891] total_active_file 0 [ 525.224339][ T8891] anon_cost 0 [ 525.227674][ T8891] file_cost 0 [ 525.230960][ T8891] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.602,pid=8890,uid=0 [ 525.247419][ T8891] Memory cgroup out of memory: Killed process 8890 (syz.3.602) total-vm:131532kB, anon-rss:1092kB, file-rss:22080kB, shmem-rss:172kB, UID:0 pgtables:260kB oom_score_adj:1000 [ 529.449164][T10093] program syz.0.674 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 529.458819][T10093] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 529.633873][T10087] snd_aloop snd_aloop.0: control 1:262152:7:ª¸è:0 is already present [ 531.934288][T10165] ================================================================== [ 531.942402][T10165] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 531.950334][T10165] Read of size 8 at addr ffff88801c2fb800 by task syz.1.683/10165 [ 531.958171][T10165] [ 531.960556][T10165] CPU: 1 UID: 0 PID: 10165 Comm: syz.1.683 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 531.960601][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 531.960623][T10165] Call Trace: [ 531.960634][T10165] [ 531.960648][T10165] dump_stack_lvl+0x116/0x1f0 [ 531.960706][T10165] print_report+0xcd/0x680 [ 531.960738][T10165] ? __virt_addr_valid+0x81/0x610 [ 531.960774][T10165] ? __phys_addr+0xe8/0x180 [ 531.960810][T10165] ? force_devcd_write+0x312/0x340 [ 531.960844][T10165] kasan_report+0xe0/0x110 [ 531.960876][T10165] ? force_devcd_write+0x312/0x340 [ 531.960916][T10165] force_devcd_write+0x312/0x340 [ 531.960950][T10165] ? __pfx_force_devcd_write+0x10/0x10 [ 531.960987][T10165] ? __debugfs_file_get+0x1fe/0x840 [ 531.961020][T10165] ? __pfx___debugfs_file_get+0x10/0x10 [ 531.961060][T10165] full_proxy_write+0x13f/0x200 [ 531.961093][T10165] ? __pfx_full_proxy_write+0x10/0x10 [ 531.961125][T10165] vfs_write+0x2a0/0x1150 [ 531.961175][T10165] ? __pfx___mutex_lock+0x10/0x10 [ 531.961207][T10165] ? __pfx_vfs_write+0x10/0x10 [ 531.961270][T10165] ? __fget_files+0x20e/0x3c0 [ 531.961336][T10165] ksys_write+0x12a/0x250 [ 531.961384][T10165] ? __pfx_ksys_write+0x10/0x10 [ 531.961438][T10165] do_syscall_64+0xcd/0x490 [ 531.961470][T10165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.961504][T10165] RIP: 0033:0x7f9ab4b8e929 [ 531.961530][T10165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.961563][T10165] RSP: 002b:00007f9ab29f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 531.961593][T10165] RAX: ffffffffffffffda RBX: 00007f9ab4db6080 RCX: 00007f9ab4b8e929 [ 531.961624][T10165] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 531.961641][T10165] RBP: 00007f9ab4c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 531.961658][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.961675][T10165] R13: 0000000000000000 R14: 00007f9ab4db6080 R15: 00007ffef5e32628 [ 531.961702][T10165] [ 531.961711][T10165] [ 532.170229][T10165] Allocated by task 8922: [ 532.174576][T10165] kasan_save_stack+0x33/0x60 [ 532.179289][T10165] kasan_save_track+0x14/0x30 [ 532.183989][T10165] __kasan_kmalloc+0xaa/0xb0 [ 532.188604][T10165] __kmalloc_noprof+0x223/0x510 [ 532.193479][T10165] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 532.199401][T10165] ieee80211_inform_bss+0x10b/0x1140 [ 532.204710][T10165] cfg80211_inform_single_bss_data+0x8e7/0x1df0 [ 532.210974][T10165] cfg80211_inform_bss_data+0x224/0x3bc0 [ 532.216628][T10165] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 532.222730][T10165] ieee80211_bss_info_update+0x310/0xab0 [ 532.228391][T10165] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 532.234566][T10165] ieee80211_iface_work+0xbf4/0x1020 [ 532.239970][T10165] cfg80211_wiphy_work+0x3dc/0x550 [ 532.245102][T10165] process_one_work+0x9cf/0x1b70 [ 532.250188][T10165] worker_thread+0x6c8/0xf10 [ 532.254800][T10165] kthread+0x3c2/0x780 [ 532.258889][T10165] ret_from_fork+0x5d7/0x6f0 [ 532.263504][T10165] ret_from_fork_asm+0x1a/0x30 [ 532.268294][T10165] [ 532.270638][T10165] Freed by task 8922: [ 532.274627][T10165] kasan_save_stack+0x33/0x60 [ 532.279328][T10165] kasan_save_track+0x14/0x30 [ 532.284031][T10165] kasan_save_free_info+0x3b/0x60 [ 532.289077][T10165] __kasan_slab_free+0x51/0x70 [ 532.293887][T10165] kfree+0x2b4/0x4d0 [ 532.297803][T10165] ieee80211_inform_bss+0x77c/0x1140 [ 532.303113][T10165] cfg80211_inform_single_bss_data+0x8e7/0x1df0 [ 532.309368][T10165] cfg80211_inform_bss_data+0x224/0x3bc0 [ 532.315019][T10165] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 532.321122][T10165] ieee80211_bss_info_update+0x310/0xab0 [ 532.326787][T10165] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 532.332964][T10165] ieee80211_iface_work+0xbf4/0x1020 [ 532.338277][T10165] cfg80211_wiphy_work+0x3dc/0x550 [ 532.343413][T10165] process_one_work+0x9cf/0x1b70 [ 532.348476][T10165] worker_thread+0x6c8/0xf10 [ 532.353094][T10165] kthread+0x3c2/0x780 [ 532.357186][T10165] ret_from_fork+0x5d7/0x6f0 [ 532.361799][T10165] ret_from_fork_asm+0x1a/0x30 [ 532.366586][T10165] [ 532.368922][T10165] The buggy address belongs to the object at ffff88801c2fb800 [ 532.368922][T10165] which belongs to the cache kmalloc-1k of size 1024 [ 532.382989][T10165] The buggy address is located 0 bytes inside of [ 532.382989][T10165] freed 1024-byte region [ffff88801c2fb800, ffff88801c2fbc00) [ 532.396713][T10165] [ 532.399052][T10165] The buggy address belongs to the physical page: [ 532.405489][T10165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c2f8 [ 532.414266][T10165] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 532.422776][T10165] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 532.430680][T10165] page_type: f5(slab) [ 532.434677][T10165] raw: 00fff00000000040 ffff88801b441dc0 ffffea0001641e00 dead000000000003 [ 532.443282][T10165] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 532.451877][T10165] head: 00fff00000000040 ffff88801b441dc0 ffffea0001641e00 dead000000000003 [ 532.460565][T10165] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 532.469266][T10165] head: 00fff00000000003 ffffea000070be01 00000000ffffffff 00000000ffffffff [ 532.477950][T10165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 532.486888][T10165] page dumped because: kasan: bad access detected [ 532.493304][T10165] page_owner tracks the page as allocated [ 532.499033][T10165] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 0, tgid 0 (swapper/0), ts 1628148908, free_ts 0 [ 532.517022][T10165] post_alloc_hook+0x1c0/0x230 [ 532.521810][T10165] get_page_from_freelist+0x1321/0x3890 [ 532.527379][T10165] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 532.533301][T10165] new_slab+0x94/0x330 [ 532.537394][T10165] ___slab_alloc+0xd9c/0x1940 [ 532.542092][T10165] __slab_alloc.constprop.0+0x56/0xb0 [ 532.547500][T10165] __kmalloc_cache_node_noprof+0x100/0x420 [ 532.553342][T10165] alloc_desc+0x5d/0x930 [ 532.557608][T10165] early_irq_init+0x205/0x350 [ 532.562302][T10165] start_kernel+0x20b/0x4d0 [ 532.566814][T10165] x86_64_start_reservations+0x18/0x30 [ 532.572286][T10165] x86_64_start_kernel+0x130/0x190 [ 532.577412][T10165] common_startup_64+0x13e/0x148 [ 532.582380][T10165] page_owner free stack trace missing [ 532.587759][T10165] [ 532.590096][T10165] Memory state around the buggy address: [ 532.595729][T10165] ffff88801c2fb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 532.603803][T10165] ffff88801c2fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 532.611873][T10165] >ffff88801c2fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.619972][T10165] ^ [ 532.624050][T10165] ffff88801c2fb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.632126][T10165] ffff88801c2fb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.640283][T10165] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 532.846636][T10165] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 532.853955][T10165] CPU: 1 UID: 0 PID: 10165 Comm: syz.1.683 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 532.865689][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 532.875781][T10165] Call Trace: [ 532.879089][T10165] [ 532.882042][T10165] dump_stack_lvl+0x3d/0x1f0 [ 532.886688][T10165] panic+0x71c/0x800 [ 532.890634][T10165] ? __pfx_panic+0x10/0x10 [ 532.895109][T10165] ? mark_held_locks+0x49/0x80 [ 532.899924][T10165] ? preempt_schedule_thunk+0x16/0x30 [ 532.905351][T10165] ? force_devcd_write+0x312/0x340 [ 532.910534][T10165] ? preempt_schedule_common+0x44/0xc0 [ 532.916057][T10165] ? force_devcd_write+0x312/0x340 [ 532.921208][T10165] check_panic_on_warn+0xab/0xb0 [ 532.926213][T10165] end_report+0x107/0x170 [ 532.930595][T10165] kasan_report+0xee/0x110 [ 532.935060][T10165] ? force_devcd_write+0x312/0x340 [ 532.940215][T10165] force_devcd_write+0x312/0x340 [ 532.945197][T10165] ? __pfx_force_devcd_write+0x10/0x10 [ 532.950692][T10165] ? __debugfs_file_get+0x1fe/0x840 [ 532.955916][T10165] ? __pfx___debugfs_file_get+0x10/0x10 [ 532.961492][T10165] full_proxy_write+0x13f/0x200 [ 532.966369][T10165] ? __pfx_full_proxy_write+0x10/0x10 [ 532.971758][T10165] vfs_write+0x2a0/0x1150 [ 532.976125][T10165] ? __pfx___mutex_lock+0x10/0x10 [ 532.981175][T10165] ? __pfx_vfs_write+0x10/0x10 [ 532.985985][T10165] ? __fget_files+0x20e/0x3c0 [ 532.990707][T10165] ksys_write+0x12a/0x250 [ 532.995074][T10165] ? __pfx_ksys_write+0x10/0x10 [ 532.999973][T10165] do_syscall_64+0xcd/0x490 [ 533.004586][T10165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.010529][T10165] RIP: 0033:0x7f9ab4b8e929 [ 533.014963][T10165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.034588][T10165] RSP: 002b:00007f9ab29f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 533.043018][T10165] RAX: ffffffffffffffda RBX: 00007f9ab4db6080 RCX: 00007f9ab4b8e929 [ 533.051005][T10165] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 533.058994][T10165] RBP: 00007f9ab4c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 533.066982][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.074964][T10165] R13: 0000000000000000 R14: 00007f9ab4db6080 R15: 00007ffef5e32628 [ 533.082955][T10165] [ 533.086323][T10165] Kernel Offset: disabled [ 533.090674][T10165] Rebooting in 86400 seconds..