last executing test programs: 6.521695308s ago: executing program 1 (id=1580): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=r2, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) 6.083224376s ago: executing program 1 (id=1582): r0 = openat$auto_autofs_root_operations_autofs_i(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim6/ports/2\x00', 0x14000, 0x0) mmap$auto(0xd, 0x20008, 0xe1, 0xeb1, r0, 0x8003) r1 = io_uring_setup$auto(0xf, 0x0) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/usb/usbmon/10u\x00', 0x0, 0x0) ioctl$auto_VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x800, r1}) pread64$auto(r2, 0x0, 0x0, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) semctl$auto_IPC_INFO(0x8, 0x5, 0x3, 0x7) fcntl$auto(r3, 0x6, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000180)=""/250, 0xfa) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x7, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000008000300000400000a00050000000000000000000a00010000000000000000000a0005000000000000000000080003000300000008000200", @ANYRES32=0x0, @ANYBLOB="cee6f70a0fe3397f86dedaa7737f6745daf1145efbaee37a021bfb99a298bcf84ada4bb5973009a89b126771c97a57f45c7709b31854bfe2554c171c27b8171a329feaf396351df1a64ca246e8a8363d0a1cff55aff1af374806eb10572e28"], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESOCT=r5, @ANYRESHEX], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x9, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/bcachefs/parameters/expensive_debug_checks\x00', 0x101, 0x0) write$auto(r6, 0x0, 0xffff) connect$auto(0x3, &(0x7f0000000140), 0x55) socket(0x2, 0x80002, 0x73) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) 5.978551973s ago: executing program 3 (id=1583): r0 = socket(0x2d, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x2d, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={0x0, 0xa0}}, 0x20040804) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0xfffffffc, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r2 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r2, 0x0, 0x0) ioctl$auto(0x3, 0x800005411, 0x38) pwrite64$auto(0xc8, &(0x7f0000000380)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'`\x9f\x1e\x0e\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x3fd, 0x7bcd9e96) 4.955429475s ago: executing program 1 (id=1587): mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8008000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x20000, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14abfd) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PSE_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x2c, r2, 0x1, 0x703d27, 0x25dfdbfc, {}, [@ETHTOOL_A_PSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000050}, 0x40d8) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r3, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40086200, 0x38) setreuid$auto(0x0, 0x5) fcntl$auto(r0, 0x400, 0x1) setresuid$auto(0x2, 0xee01, 0x8080) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x159a02, 0xa4) close_range$auto(0x2, 0x8, 0x0) write$auto(0xca, 0x0, 0xfff) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getsockopt$auto(0x6, 0x107, 0x18, 0x0, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x11, 0x80003, 0x300) socket(0x2c, 0x80003, 0x0) setsockopt$auto(0x3, 0x11b, 0x0, 0xffffffffffffffff, 0x43) socketpair$auto(0x3, 0x3, 0xfffffff9, &(0x7f00000000c0)=0x3ff) 4.395000945s ago: executing program 1 (id=1588): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0x2, 0x6, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x0, 0x5}, 0x5, 0x49) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) mq_open$auto(&(0x7f0000000080)='!\x00', 0x76d0, 0x101, &(0x7f0000000100)={0x7, 0x8, 0x7fffffffffffffff, 0x5b}) bind$auto(0x3, 0x0, 0x801) setuid$auto(0xe) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) 4.124875085s ago: executing program 3 (id=1589): socket(0x1d, 0x4, 0x8) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x40600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x4b42, 0xe1d2b27bdc14aaa1) mmap$auto(0x6, 0x2020009, 0x3, 0xeb1, r0, 0x8000) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r1, 0x2275, &(0x7f0000000040)="d93ca7") write$auto(r1, 0x0, 0xffd8) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0xa, 0x5, 0x0) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x71, 0x0, &(0x7f0000000280)=0x22a) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x2682, 0x0) ioctl$auto(0xffffffffffffffff, 0xaa00, 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000001ff, 0xa, 0xd, 0x400000000000002, 0x0, 0x6, 0x20000000000000, 0x1, 0x8, 0x5, 0x8, 0x7, 0x4d40, 0x5, 0xfffffffffffffff7, 0x5]}, 0x0) 4.041517905s ago: executing program 0 (id=1590): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=r2, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) 3.7020352s ago: executing program 0 (id=1591): r0 = socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x842, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd2/mq/0/cpu_list\x00', 0xa0440, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/64, 0x40) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6c, 0x0, 0x0, 0xfffffffffffffffd, 0x4ea, 0x1, 0x6, 0x0, 0x1, 0x0, 0x8, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x6, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) (fail_nth: 4) timerfd_create$auto(0x100, 0x150b) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x9, 0x1, 0x4) mprotect$auto(0x5, 0x8000000000000004, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x0, 0x2000000005, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x1, 0xfc00, 0xa) r4 = syz_clone(0x40040000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NFC_CMD_GET_DEVICE(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)={0x90, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0xd28}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x8}, @NFC_ATTR_VENDOR_DATA={0x4c, 0x1f, "8cc22bfbe229c6f30a0f8473bfeb4cb1a42eb2fa27b9dfbf3d0948716e0e54fd347b80ba8f64d3a5c4671667aca57c23b79cc3fe82e496dc37fb5187a334dd33fbb227cb38478f16"}, @NFC_ATTR_FIRMWARE_NAME={0xa, 0x14, 'wlan1\x00'}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x9}, @NFC_ATTR_LLC_SDP={0xc, 0x13, 0x0, 0x1, [@typed={0x8, 0xfd, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x48851}, 0x4000) move_pages$auto(r4, 0x1002, 0x0, 0x0, 0x0, 0x5) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, &(0x7f0000000040), 0x1c) pkey_free$auto(0x7ff) 3.42806205s ago: executing program 1 (id=1592): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8081, 0x0) socketpair$auto(0x9, 0xe205, 0x3, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c04, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c04, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps_rollup\x00', 0x40400, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f00000010c0)=""/4096, 0x1000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r5) sendmsg$auto_NETDEV_CMD_DEV_GET(r4, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f00000017c0)={0x14, r6, 0x301, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0xf0ffff, 0x0, 0x4005}, 0x28044004) 2.870446458s ago: executing program 2 (id=1593): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="15009ce4bf2185792920"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 2.817059275s ago: executing program 3 (id=1594): mbind$auto(0x0, 0x7, 0x8, &(0x7f0000000000)=0x4, 0x101, 0x5) mbind$auto(0x2, 0x1, 0x2, &(0x7f0000000040)=0x9, 0x8, 0x40) r0 = prctl$auto_PR_SYS_DISPATCH_ON(0x5, 0x1, 0xffffffffffffffff, 0x10d384ee, 0x21a) ioctl$auto_TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000080)=0x4) (async) mbind$auto(0x7f, 0x9, 0x9, &(0x7f00000000c0)=0x3, 0x9, 0x2) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000740)={&(0x7f0000000100), 0xc, &(0x7f0000000700)={&(0x7f0000000180)={0x56c, r1, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_VENDOR_DATA={0xf, 0xc5, "6031c68de2a8d3e666c92e"}, @NL80211_ATTR_BEACON_HEAD={0x4e0, 0xe, "5d23201a1c75d5ddfd7e4837f28309c803962c63d3a7b5ab12cdd3efe143f2b81e5578817687610b26a50b30572f7bf955db7470f616610fa0c004fb15dc1b165f782f61ff37274a8e00a27eb1f3ab43ee39613896f8e95f0209a909064f18571ed751b2603b02adf5eabf7fe6625f71cf444882a338ae98ea485e846bcfaf8d694a8ded715bba22c9994d3d912e08e1a6acc0a7c2b3f1ebdebb621218dadf0fe4971bee694eb720d15fbf59a24449e317a06727853dfb263a9562e78ebafb51e12b6a99c2ec6eab87dec9c25b17c4f63d0659d38b1bdbf527bb2895ccb83557b51c5b1c76a9f0ee8703a204166d84af412a24bed348f41bb9fe3efbdba4616474c7499595bb770cde0c882fbdfaabc42b43c3d0b7be5679837d21f3758e6f8e5e25ce07c453364602834808ff2819ac6957ad565499da14809d28c3877bf201ec870b4de147cf7957bb40821e805d132bf348ef9ea05e504ded9cf22c36ea742bf3e50f8cbf49d48a0c762daa3d407f625880bc5dd1ec541e6bbff555d90446fc9c299465fe86c3db6fa86c838a5d3fdddd1b61da324d5f235baf27dd3304a0b9f43971aa9154a062aeb23dd539018afc58366a40444cf4f649ed29b1ad65aa09e9b29c17e0a5cdfaef9a74584489cfebefb603d187c07f3b5069ed204011bd1b1e273b76cf7ba4abd39171e7448330b86722dc7a8977485884a539c1449e53f3fa4cc7f38ac8abafe0fc6eb163047759a4769259f1518626ce9f9c2594de60b4f8c1b85e7747f4ee72f94938e6b2194124fed7f522e4dbca08ddfdbacbc4c3f27e415a0220fa3bbfdcfe21cee8acb88fcf30de334711fe63e46c7fec65a0ba374b0e6564747e5bcf95248e7635feee0a5757b9b6426a5ba25dfb58719cf65fd5dbd9f644bedc12f92a9c1624d1d25a22700c1fabc70e2684e06bbd499ea1bdb70d3e1a98017ddb60c5da601b8977f3da1a2dcf6a94f056aa0cb7b88dee911f614d0a97a642f142dfb5c8d38c111e35ee526b55d5c67890155874054407d2f21a78dd275f8ca98919888efb1b2822b769dcc5e9ef67ba5a600ee6a94bc75467c8d4558c2b32aa49a818de487e0a27b5f45b21d105eeb1034011c78b29adb4e5a2c33e397ec89cd964f091fbb3ea8a1b670dcc4cd33a6d6eb01707c5026e3d68359d407581e6116bde6d0cf46b3e7b06ed173c15a3f73bb43afdd8dac6304d2180d865c699ab54f00aec132a7a972accfefa1bc524baee01d9f088991de6c45c13d85f1c0ded886ddfea66fb808a495fb682312e8f1ed35daf22ed239216d2bfe22dbeed677a4065e1c562893ea6b2ccb000fcddbbf652cac8fcb8079705fda2e7bf2aba8fb4687a62203a62f6cd6ef478e1096768929610ad9eaa1dac91571ad117e7d1545b8a53ffbec4f88fa247afcf35d9b759aceccde5c8b06c2f20c8dbaba34d707a43081d09124cbbe34d5250bffe3f96d07827a092954290f5e3b4309ea6f839b2aabcabf2db8620cfb27c9fd458c710c03e48d829ceddb13bc5a8a63a8e49421b4fde19424188ee0a859ef6cf587abbfef82f69f084a7cd3909926f003adf2fa06ba2eb94366c893dcaa7a6c6f66abeb7eb327bbea98838be59f8dec4bfb37a3d6cafdc73d23ac07fd0ff068112b0543ef1c85375bde721c7454e3bddf8dd344f8a5a9239ae44bc0c3fce618e120cf1357978a3494e444fefde61e918be6661513952215fed8b2f3c95f408fa3e79e1fcf9100ad85e79ab"}, @NL80211_ATTR_MAC_HINT={0x55, 0xc8, "d84e2644a5903b49b5cfef7feb7a8bde37929862820e346a7c0e973160ffbc0e5072b9d6884c92c029cbf5a614a3f6d972b8056b99b32ac0cbd9aa746db39dc996e5d9c2bb06565b69cea11318a2830afb"}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x8, 0xbe, "67e0cb28"}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_DISABLE_HE={0x4}]}, 0x56c}, 0x1, 0x0, 0x0, 0x2000c014}, 0x4101) (async) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x4c, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BLA_OWN={0x4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x14}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xce72}, @BATADV_ATTR_VERSION={0xc, 0x1, 'nl80211\x00'}, @BATADV_ATTR_LOG_LEVEL={0x8, 0x36, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44084}, 0x804) (async, rerun: 64) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000900), 0xffffffffffffffff) (async, rerun: 64) msgctl$auto_MSG_STAT_ANY(0x4, 0xd, &(0x7f00000009c0)={{0x8, 0xffffffffffffffff, 0x0, 0x8, 0x1, 0x100}, &(0x7f0000000940)=0x40, &(0x7f0000000980)=0x31, 0x4, 0xfffffffffffff801, 0x0, 0x0, 0x6, 0x1, 0x8000, 0x6, @raw=0x3, @raw=0xfffffff7}) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, &(0x7f0000000bc0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a40)={0x104, r2, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x6}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x3d}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, 0x7}, @NFC_ATTR_LLC_SDP={0xd8, 0x13, 0x0, 0x1, [@nested={0x8, 0x96, 0x0, 0x1, [@nested={0x4, 0x34}]}, @generic="d9d38936ad2a1124f819a23928b5d071f27bb3f3b35174e4cf2108aead6509bcb51f1649d46dc45fc2098b915d2cc35cbe8edbfd61be847d9148b39185a33015f128cf2cee654901e001cbf0afed35d328d793c31da17c69a2c2ceb3098e1e7d852a6ab94d2b6850eb", @typed={0x8, 0x2e, 0x0, 0x0, @uid=r3}, @generic="4d1021add45c38376df557431c000db35bd068954b74b9c9f1fc75b2ac98b3a40ed7f7a1ce6f0e841d6522af5bd6c96d53dd199f2d4630012788765d15661e741d4e8e448fbb4b77fbef9577da1da02fd69201d5222e146828905c"]}]}, 0x104}, 0x1, 0x0, 0x0, 0x4000}, 0x4) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(r5, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x54, r1, 0x0, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x9}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x5}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6}, @NL80211_ATTR_AP_SETTINGS_FLAGS={0x8, 0x135, 0x400}, @NL80211_ATTR_STA_WME={0x14, 0x81, 0x0, 0x1, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x81}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x9}]}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) (async) select$auto(0x7, &(0x7f0000000d40)={[0x3, 0x9a24, 0x51ac, 0x6, 0x4, 0x46, 0x4, 0xe7, 0x0, 0x7fff, 0x4, 0x2145764a, 0x4fe, 0xffff, 0x2, 0x7]}, &(0x7f0000000dc0)={[0xfffffffffffffe01, 0x9, 0xfffffffffffffff5, 0x7, 0x400, 0x7, 0x419b, 0x7, 0x101, 0x9, 0x3, 0x0, 0xb7, 0x81, 0x200000000000, 0x9]}, &(0x7f0000000e40)={[0x6, 0x4, 0x40, 0x3, 0x7fff, 0x0, 0x6a4, 0x1, 0xa38, 0x4, 0x91dd, 0x10001, 0x6342, 0x6, 0x40, 0x5e07]}, &(0x7f0000000ec0)={0x3bc, 0xf}) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000f40), r0) sendmsg$auto_BATADV_CMD_SET_VLAN(r6, &(0x7f0000001040)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f80)={0x60, r7, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_ADDRESS={0xa}, @BATADV_ATTR_BLA_ADDRESS={0xa, 0x1f, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, @BATADV_ATTR_DAT_CACHE_IP4ADDRESS={0x8, 0x23, @dev={0xac, 0x14, 0x14, 0xc}}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ROUTER={0xa, 0x1d, @remote}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_TT_CRC32={0x8, 0x13, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x20000005) (async) sendmmsg$auto(r6, &(0x7f0000001200)={{&(0x7f0000001080)="524fc8d1f542a5f1f4c2a63c9eebfbfc55efd362e5ee9188535477c71b345adeb33afcdbf6eb4c8f1e565b96e03f6290d895a72a9145ba1ff5966bdd4334b1ab5c0c5d453c3bbe", 0x7, &(0x7f0000001140)={&(0x7f0000001100)="79bde87fe9dbb6"}, 0x8, &(0x7f0000001180)="8faef1b8ee8931351aafa787a078791c380f8ac4647ceacfe0f783fbaf01aeee6e136ca962b22c17222e99d8f9f15cfb79a71b8cff03c7192aef739b38b075223eb141e3caf9e8263988dec8fe22ced9238582261f63944a5122f5bb8f17c2283a56578bc06b6c85", 0x28, 0x1a1b}}, 0x2c, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000001240)="7735ee7e91de87ea0263bb1873857894c7cb7024468a0e947232c9af1d0467d32be992e3a21c305444973cb62358d36779f42910e9718547adeb7b5eb751dce95a767ed77474a1cf9c45e0bb1c", 0x4d) (async) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000012c0), r0) writev$auto(r0, &(0x7f0000001340)={&(0x7f0000001300)="85ddbca0b9cf425bbd15f58b1ac550b3aafb37edb8610e076bcb82a0b0208abed1118950c206cd4ce5c1cdf113fafdb0fca914395486554122b5abd6fa18", 0x40}, 0xffffffff) (async) ioctl$auto_VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000001380)={0x7fffffff, r5}) epoll_ctl$auto(r0, 0xc6a, r8, &(0x7f00000013c0)={0xbe1, 0x20}) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001400)='/sys/devices/virtual/block/nbd1/discard_alignment\x00', 0x402, 0x0) (async) msgctl$auto_MSG_STAT(0x7ff, 0xb, &(0x7f00000014c0)={{0xfffffffd, r3, r4, 0x6, 0x0, 0x9, 0xfdad}, &(0x7f0000001440)=0x9, &(0x7f0000001480)=0x4, 0x9, 0x7, 0xffff, 0x7fffffff, 0x0, 0x6, 0x5daf, 0xfff, @raw, @raw=0x36a}) (async) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001580), r0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r8, &(0x7f0000001740)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001700)={&(0x7f00000015c0)={0x140, r9, 0x500, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x6}, @NL80211_ATTR_FRAME_MATCH={0x75, 0x5b, "36ad68708c772f622fd50b93d65dca53f72c946b169a2100fe305a0288172545afab292dcd903622ef62061d91552ebccfe985cd9e24b8dfdfdda70edb739a9111a0f9a029001d30f08952878822d0f15849d2104456644c1a7113091271e5156979165b989c3021f9dfc06a7d65994cd5"}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x59}, @NL80211_ATTR_CNTDWN_OFFS_BEACON={0x85, 0xba, "f2ec984bcd77a5cbf6d2ae9ed5dfff35a5a4253ff8b141aa3bd424e42b46bca55f5c5d78869df3799ede8e10e4a13c308d1826fc11c9101c986abd91ef65b5eb034a3d0c687ddcb95f7d2e8c8561d518667ecc9143b6cbcdc7ae3c78b0213d8f2730142a4579b74c6354db99803f66dfaf73a09047fd9a8aa5409e91d1a1511544"}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'pimreg0\x00'}]}, 0x140}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) (async) r10 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000017c0), r0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000029c0)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0x92166cdbcc61fb3d}, 0xc, &(0x7f0000002980)={&(0x7f0000001800)={0x1160, r10, 0x10, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFNAME={0x14, 0x4, 'dvmrp1\x00'}, @NL802154_ATTR_PEER={0x10d8, 0x28, 0x0, 0x1, [@typed={0x8, 0x80, 0x0, 0x0, @ipv4=@private=0xa010100}, @nested={0xc5, 0x146, 0x0, 0x1, [@generic="e79af29e230939808679a9f956c09be8fc93004d1393f63bdbd8efeaa92c6c386d422e28d24f36bc979348e1c002551dd46dc0e0c82c481689598cbc72356087e4ec7fd4d1c2e7f3621f3e475f66315f830e422f745564bc3ec0e96c7386a1b8a3be2532f1053e26252fcd654f75a0e34ecf3d81b24949922e03f8d11c4c816c34424f882c953ae9a1db374dbe7d000fb920f499bb0984fd2812e09d97ba6920f7a153bc52e28b403d5a746d8ee45137357081fb016421818ce0802716b626faab"]}, @typed={0x1004, 0x139, 0x0, 0x0, @binary="d6aeba6056044c7f552da806a6bbb20a7b0f396ec37a40ccc8dfd404e39a4b3d3c378c2d6a2ec718e431e71c9d6e562a306e36646ed2b63b4f355f682f313a529e0791d020c03d47c219606321b8d5c95b2dfa9d8da17714b1272b652a7773ccfd5e90b6143f6c29b382d609a651f431e86a864d831c78645d6910691af73ad8cfad5c590d10dfb44f848768279dda158ac9e176fadb7a41cd0a883493980a4966a1ee48634a72eab77fd06103f1497bbc5d89ae2b9bf939e73d0ccce186e201edbe9cc15b76853e5f4b053a45f4deade2b6fabc6b32a6238660b6888f0e2a1d1c3e385d201f4d9599560d0409b1e53f068ec65ca0952546ded8cef0345bc196f58cd95b02bfe668e15d726c3131ab7df027c4fe05bd96ebbe69b62e8ca11e57e17e5281a67cadd3124428c5a6e0411c98b8872c6e37ef640846539bf8ce6cf703098eb40e9657d172f5b501072c697cc390e4bce16e0a4b34c5646992dff073cc1c870350e239f4b9e0ff32db0be85761fe34536692029d129fc642d7b95d1db8a0af2c362e358bd5639223111766859ab6474ff8301a1834d5fd30627e5e75fe875de1c30e6f717ca9e2781f3dc47781d3e31c70369aa8a64f131842c3f49e9990cb4a8ff4c8414f7096998954bc4288d1aa1c952c386d32c16a4382a45a0f0d66c43cebdf880be0c520a0f50395cbd6bffd5e9012258bbcbe86da6959268623545d04de53de6fd90cdbc6c251a743032ace29e32f5520528338aabaefafab8ca948b998c1c61ae8e77b96cc245c8777d820a53ef85f39134f9f9d3235c49254ce280828709c10e69527d4c30e8592f2af99ad09307a1bb839e6481bb37b3f2a7df13ac12eed6078ddcc0a2545ea6c82068b4b7d90ae01d48de4e2cc2749258fee2b9e822eaae6cffabb63b12ee38e8cee051effec6a85c134ccc1554b69048d2c8767103578dc3295391ee93747b9a3f824eb823a222098a80e0def9209c2d61289f75bdd5f4d2b7d58ba6a37f5dc091fdd4e66085925ab5fd9b191c32d8bf0e52bb82c75e088f1b92a92e05cbae5d9eedcbf186521561569f9b438ff4cfb6cc40760a802fcdc0b8c2089ccb3d4e2e3ac03899fd78cc6ace6d9bd4da4529501a0eb29a0696db56b58bd7e9f989c92628666b4eb3ee54d7a9f6f0aa5f64178c6b03540c58b8ef8902154a94e1874ca211a2ac99d4db67ae8b5855b3085a57a1ecc0a9b6def995b782ba51779c7306b67ee7bf7f75719abc92f0b59ac449dcbead58731c72b63c046fc528bc20e43e1dd161b9ad67192b32c2396b3321d26e7981aa314b556bedc7a7636d3eebec82d9571e968d61a80ada297ffccfed9ab14d62bfb75cdbb2edb0198dbe918d7ea6bc00a65f08a5d7a72edf1bf2f73c754ae7cb84b137d9c932e893d83ebc8f849c742373423e9468e155eeeea8c103fd1b86d37cfa0cd87d79efff8e119f1fd77cdce50e0789642aba32b1ea5634dc0516d73aef6927d6719db36437f62120ae7db67acbc8156d9d69f76d69b3f23faa8aaf926c35194744ac5129b3f640d3ac21737c30ec553ea174ab716fbbe02759e981f7e1e091c7cbd9087c47c47add8c9a8a5edf5eecac210ecdeb1d660072973bc15b0a713b8be72019245c6d77d08cc14a30b7ac62a27647710e59985c087a198af061f430a7282794854f75ac2b7af189631c8ad442f71771561be518769fef2ab86abaa96c37af98a6ea22512e8452e1a617679067cbd0369e57ba81062fd7a59eba8e81e3444496da855705e5756e19d82d74a00e821556255ffd83732fdd6f3c99f45586122c0ab970dd3c458f875b0922252dbefa870460d06d0acfbbf4ddf57483c55f690d62084d90f9a439c5a8d50fd5d9ad68dc43b10f410263f95d7c19264e9f73761c759a1697c9bdddf8298d5e5dbb7b5ca602e0c5078645a362fdb3f24b7c84fc723d7d7a0c771d75882442308bee0a8426a766082c9ec006dcb499017965738777c449c3075f9a3bbd5437b6593529d0beda102506bcebe8192c5d84b4052b91ff598648ee89d3552c2b2dacfbc91c1ed6b2eceb028e06732cee5a0cd359cde8aeaa2bb783819b7d566e1267ea302af6f442896c84e69afb33003a2933da4693d03ffbc713eb65443da9174857f5ab1e8716c045c878e843feefb40968ca1bec49ccb9829ee97005f9247dd31755fd90fc557aa640cad6f6dcfa0ac07f00e09cba90821f61fa8976680584548d29ad0697dc8e0b44dd7eff11913d9647bf92e041602bffcbd086f06d80ff6b64e2f854cbfb6442e7abb6d954db96876b2638f54c9580f254176dc28047fbcb7bbfa74f2f3427c3aee87c245cb313bb58625fa8479adf5c394d3d3dcd57705126e6f2dd8ee52e0dc536fa14db5fb06cdf9089d631e89e1665ea691d6b856d49e9e2a6904d70b9423915d3ccd7241d1e3ec394f51752faa165d00a910d7bcda8e98f8adca699c791b7f618c73ea16883a366174b10289ef6e455735c4563b7e68be6509e14ee9994131c557ecf3e0b0b890f2dc2a31c5645e1e3f3e9dd620c4eedbbc1335d9fd8aeab05795f20a19f287c839dad39934fad076f4f29e883116250e6dcb0c348f83ca0781a511bf6b012e6606de1ad6261d5112a52ed08f9bea2464631b83676b029734ef0546faa1ae3b0eaf5246f857c417f3d3b4e346dfdcbb51a20bff9bd75fe0d23d362a085cc7f80cb28a4b13781b8cd531241dd21b2f99505cb2bfc08aa206ead369ab9d67dcef09a5d1f53190bc5d78304f23e68be1e285afd2fd922bd959cbb8dcc0b1f77a8b66eef28cdbafac5b9468b5be1295498fc4957bb9c7d5b174035d6e745a68d371e6d070290f05ccee14231d61b6667c1c8dd46d625204da5a3c04d8c88a2f87beba7885fe79b37881df6718199fceb06d4951df4859ff758c3e86720c8276edf98bba47fed89476c204672dfcd33197968a77a81ffc2ffc483926a823a12bc454ca77abcf0cf100c1805bc480a234f1808817ef4f86da83a5df97e41dccd03177c52327b74f0094f02f344f988dd8d3249be8bf179ea2bcd0c463408483f2e7cdc95b6db507bdce7e8969a3b6824da49993dc1b0813f42c6864c4233d30ac7faa927e61c9c17f865f0f5ada41ba941d2a1e8ef290ab75be3719e6c59cdd4e01944514039c56a2511bd0a7e0e0406eaf3686dae1e6cf58ea9ae357ad80ef4d4bcfb4bf19f467bd994648d73a43ec5f7b41e013a85f7cefe21f5eb671d25dbd3475242a388beb336b3800cddb911e5ecd26e9247c5c0a0dd609df1b348a5b70b29da699a254770316d28de7974ac95d0586f23884b09a51aff62490db18135c6ccef7ff29aba9eb9e42a06febff5f1f9383b9d459f9b8a6323287d848b86153ec827265422014eb39a2e51e34ba3d90be0d34d95901b5daeb4548c5275ab2805f9c5e75bc594c987233c5b701c9b59918f53a9568a2448b87d5ff2e7a6222837c0ba071f7f22f30453f0d9294b3d81bd0e40eae02c934c417bb4f15a0d5e369cf2cda71d5eae86f8db10acdc90c7cba09523651139e73b582235807d1e83d0767bce81125f55eeae5bfcc0774809c1ee69c2c677eda7e09c48319b182d7abc84e84e7b108daef384c5a50adda585d3e9fb924f627cab6c48d36f0dd8e8c8999ea3415dcb1580cb7696a7294da4720a4ff763221526a2a29781930fb5cf1b39cceeb56626194b66740c41a42f2917e8f78f9a364617caf8346da477937752fe7de4efb3fd3d2ac312812999ff2e78612c036d352ad9b2089787828572ab7312b8a49c77bd731952b9defac76c1fa8b4a16ea140795b88948e1ac596ddba2f47aede36de5657593454c0731c4af1d97140304238fc07eccb2d525d6f2b061830a939607366552c9c9b546ef9ead2eadb78e6a159a89738da44052154b514cfe6487d3aea4061b5c41330b8cfbbd5436e2a1fa99031938e98a524983f045a42d1bc9791a8e3040590569d3ddf3f33d6cc9f36d13d942b450ae6f6540164ab7a65fd3e4ce28937e6c07df5eded0becefb38cf700ff7c280b0f6524dc11f15c9956c74b4364c16b928c36fc0f06a3f48512edeafffffc2de8398879e7a8c154f4eb3049c23dbf04caf1abb47a8220a56d3fc0ec773789bdedf823a072ece2a4d5738af67cf76a6259f375c055fc0a2f41537b17c814b2c72834522c280888ed457f7180ee93db23ea4278a811c446d3bc288fda7b7c6df1e1bc677d3e0797c10708496766a65b0d5690654ba430badedf14117c77060371b2db50ffd0b17f860ae0d53ece0d1f3d50b00d7050a161407e51759c26916474ba6e317323a065ee0d7b2ed426c90f649692fc960dc18a31dc0fdffd8271d57650470c1b8e87dc8d7a63bf5cedfe8c42b24de607a330922c772b0b10936e2c70633ef2a3865b0b9fbd662f4b88134ec206a96b51e5535a0b1e87c08a01cb42695c3ec4789727242ea10a0b3c66108dab117cff3d74c54e4738eee6c29934ba6a7103d51ab2437af93efbe3024a424d0a89549ecac9c08154bf157afe18922e1d14e17508c01bcb25690e42208dfe3dfe3d9c30a3c0472190c63cff0bc734ab961c1ea01d1fa54b99c23a1d6f9e68a988b4f43d81173d260032230ba69c81700d15fe27e7d126ec3de197c8ade434792cd47caa5bc73cd1284aac5f768f475897c1eedac3173e6b90881d3fac6a8ce8bda90f3eb48f7e924f5f4dbb710d22c0ec2fb3e54a0538c7a26275394070e8d70212fbab7b15796ac758f35a60a68695c51cf643075c58556212bf98460ae3cfe234866fab7332304f0de785d8dbc9b6dd6aabddf390e9adacdcdb2f5232e4df47f9a2dbf247c65b0aeb3040ec69fa3bc2a60873534ed970c8bd261d33b5226c912aef09b307ce205aaccbf2e3f1b66a5819ee796aeccb2d2aab8660be62e9fdc0995bed841f7400403846f932208a1c1637c606284c819c268c0686b14976397697c7d31aaf405aa8d99316949728268780d894b07df9e1fb83cd1988ae06f3c9f08bbe7de3db562d815cbf80c2a70b91513698c254402a1697bc2d3e1a5a6b42da3a96ec975e0217c907f7bb28d87eca7a107c7cbc273fa94798a512175820277c950f998ac007a6b683e1b046746a99dd63eb7c3c84ff65a82e32187dc5b3f6852a7693a8cd98c3c3884bced76f587a4065f9935be9104dba2cbbac91eb2e4d705741ebc52b2b79bcbcd8a1d4185b2f9f05be5a8a2453d56eaa9d2edaf64cfe008c001683e0f5e7e3c846b091d192dfc01d92801e036dedc0dc178b074088610175406ebe46c63ba27c006279a54359ff5dc474ab4392b14a33735f42ae253d8336f37aed9ad8d51562c91ff5f3e0aa8a6ce2855e1a3999a4bca550d6e432afec1fa36e80ff5ea110fecb321acc1418bb75848e99aef0bf3bc38d4d8f0095393d91da691975e0f05386c7f462c5f087518a57b691d2f7d441d6778623d25133beb7a193b9d23771cc534f419387653615947cd0b066fdf94e8f31c5f4cfa14f0687bfb2b90dad4a0207a4b16fc65d85d55ffd8dd2045e20d10334b64bc02cf1798f1a8901fe287f8b659dc8cf62c75e01559147149ccd8dfee60d499abb2a7e2b3a80c3d3f4ebbcc8b90b33b560bb69e453936c6ed94308978c0e419451c3d7663fc915c25e426bc546a4f344ce2de31cdf78d1485bf3a316d1ce435748fd4cfccb501c4b064e8de19b1fed598e60cb35f68a32545e5385fb32a68e3252850b99942fea538e74d655a7a09717313c5c9e558a9029ae1a0a277"}]}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x43, 0x2b, 0x0, 0x1, [@generic="299ef38f63505adc79b16dcff33ba26fab5ac6cf6da48117aac3c885f2494f6f6ec7bc167686b1eae4a59e20c53681f9d9bddbb4ed5dbfd58975165b1d4126"]}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL802154_ATTR_WPAN_PHY_NAME={0x13, 0x2, 'MAC80211_HWSIM\x00'}]}, 0x1160}, 0x1, 0x0, 0x0, 0x800}, 0x884) (async) writev$auto(r6, &(0x7f0000002a80)={&(0x7f0000002a00)="0ff8a43e300ff1c071c438401e0a643cdf554f7e216b6bd58c35a93eafad17909795730846af74c2a07ad0690e34ae5a0fcdc143d6fd314fee29c0c9880e336de730b9e3a5ecb4e0c73d5a05fef83a26bb27", 0x4}, 0x7fff) 2.622448486s ago: executing program 2 (id=1595): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(r0, 0x300, 0x0, 0x2cbd5a) close_range$auto(0x2, 0x8, 0x0) 2.466590996s ago: executing program 3 (id=1596): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x840000000002, 0x3, 0xff) r0 = socket(0x11, 0x80003, 0x300) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0x9) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) connect$auto(0x3, &(0x7f0000000040), 0x55) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x4000000, 0x9}, 0x3}, 0x3, 0x0) 2.465656717s ago: executing program 2 (id=1597): r0 = socket(0x2d, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x2d, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={0x0, 0xa0}}, 0x20040804) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0xfffffffc, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r2 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r2, 0x0, 0x0) ioctl$auto(0x3, 0x800005411, 0x38) pwrite64$auto(0xc8, &(0x7f0000000380)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'`\x9f\x1e\x0e\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x3fd, 0x7bcd9e96) 2.296977745s ago: executing program 3 (id=1598): socket(0x3, 0x80003, 0x300) rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x1000, @sival_ptr=0x0, 0x8}}}) socket(0x5, 0x3, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000140)='./file0\x00', 0x901080, 0x1db) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000300)=""/208, 0xd0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dsp\x00', 0x618081, 0x0) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x5000000000000000, 0x0, 0x2, 0x8000000001e, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400040}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008010}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.857017281s ago: executing program 0 (id=1599): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=r2, @ANYBLOB='\b\x00a\x00\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) 1.406526169s ago: executing program 0 (id=1600): capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x2, 0x1) socket(0x2, 0x801, 0x106) socket(0x26, 0x80805, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x145) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(r0, 0x0, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0xa821, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r1, 0x802c550a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) ioctl$auto_SNAPSHOT_UNFREEZE(r3, 0x3302, 0x0) socket(0x23, 0x2, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/cmdline\x00', 0x101400, 0x0) getsockopt$auto_SO_SNDLOWAT(0xffffffffffffffff, 0x66, 0x13, &(0x7f0000000180)='-{*\xbe\x00', &(0x7f0000000280)=0x9) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) symlink$auto(&(0x7f0000000300)='\\\':.\x00', &(0x7f0000000340)='\xfb\x00') readlink$auto(&(0x7f0000000b00)='\xfb\x00', 0x0, 0x800) 1.355622868s ago: executing program 2 (id=1601): mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) mlock$auto(0xc, 0x87) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000) 1.092315902s ago: executing program 2 (id=1602): socket(0x1d, 0x4, 0x8) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x40600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) open(0x0, 0x4b42, 0xe1d2b27bdc14aaa1) mmap$auto(0x6, 0x2020009, 0x3, 0xeb1, r0, 0x8000) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r1, 0x2275, &(0x7f0000000040)="d93ca7") write$auto(r1, 0x0, 0xffd8) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0xa, 0x5, 0x0) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x71, 0x0, &(0x7f0000000280)=0x22a) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x2682, 0x0) ioctl$auto(0xffffffffffffffff, 0xaa00, 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000001ff, 0xa, 0xd, 0x400000000000002, 0x0, 0x6, 0x20000000000000, 0x1, 0x8, 0x5, 0x8, 0x7, 0x4d40, 0x5, 0xfffffffffffffff7, 0x5]}, 0x0) 245.480255ms ago: executing program 0 (id=1603): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="15009ce4bf21857929207e"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 178.427205ms ago: executing program 1 (id=1604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0x2, 0x6, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x0, 0x5}, 0x5, 0x49) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) mq_open$auto(&(0x7f0000000080)='!\x00', 0x76d0, 0x101, &(0x7f0000000100)={0x7, 0x8, 0x7fffffffffffffff, 0x5b}) bind$auto(0x3, 0x0, 0x801) setuid$auto(0xe) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) 151.322274ms ago: executing program 3 (id=1605): mmap$auto(0x0, 0x6, 0xdf, 0x400009b72, 0x2, 0x80000000) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91\vI\x1eRN8\x99\x88\xca\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\v\xea\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd3\x81Y\xa3Fp\v\xdc\xe2\xc3\xc3\xdbS\xdc', 0xfdef, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) write$auto_mousedev_fops_mousedev(r0, &(0x7f00000000c0)="13", 0x1) 51.556741ms ago: executing program 2 (id=1606): openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec24\x00', 0x900, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) fanotify_mark$auto(0xffffffffffffffff, 0x0, 0x4, 0xffffffffffffffff, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, 0x0, 0x3) r3 = open(0x0, 0x22240, 0x154) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0x1f, "ada88ee3e9a22747df91b12a8ad1d3ca5d7b82880e21037187eafadb1c91cd28", @inferred=r0}) mount$auto(0x0, 0x0, &(0x7f0000000180)='nfs\x00\x00', 0x200, 0x0) unshare$auto(0x40000080) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyx3\x00', 0x142, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x14) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0xfffffffc, 0xd80, 0x10100000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0xffffffffffffffff, r4, 0xa) 0s ago: executing program 0 (id=1607): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r0, 0x0, 0xfb) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x1, 0x0, 0x1) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/mode\x00', 0x181002, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = fanotify_init$auto(0x1ff, 0x6) ioctl$auto(r2, 0x400454cb, r2) close_range$auto(r2, r1, 0xfffffffb) (async) r3 = socket(0x2, 0x6, 0x0) setsockopt$auto_SO_MARK(r3, 0x0, 0x24, 0x0, 0x3) (async) munmap$auto(0x8000, 0xfff) (async) mlockall$auto(0x7) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x600, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) (async) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='nfs\x00\"p\x17\x9b\xdd\xb4\xed\xb9\xb0\xc7@\xd0_\xf9\xa1\x17tP\x86\xb1,\x93\x87\xae\x03\x8a\xc4\xb5q\xd4\x8c\xc3\xa2?\xe7\xf4\xb2\xd4\xe1\x93A+\xe9\x8d\xc9\xac9|\xc7\t\xff\'\xaa\xac|\xaa\x85\xa9\xd4j\x12\xca\xfe', 0x6, &(0x7f00000004c0)="77bec3605f85e082fbcf491e2b3b12fde18109d1f64859f820ba86bbb7abcf4c75f53e3ecb7fd57568812ae0e9433c2b0bb0f0c0db3d") ioctl$auto_RTC_PARAM_SET(r4, 0x40187014, &(0x7f0000000080)={0x1, @uvalue=0x6, 0xff}) (async) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(r4, &(0x7f0000000100)={&(0x7f00000001c0)="b8b666b0c375dd9a9a3f9765a3b37fedb0243e8266001efc77e15f73ea78dd8987640c252f12aff1218bb621170bdb538cb6b03fb8982ddf4a5ecd2a92aed0b41bfd033fa338a0de3a53407deac853c1bb32a8d75b23a266b1618645b078208897f4a0b0", 0x3}, 0xda0) (async) mremap$auto(0x8, 0x929, 0x4, 0xdd2b, 0x100000001) (async) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x180800, 0x0) r6 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x1, 0x0) write$auto(r6, &(0x7f0000001080)='\xcb:\x00', 0x2) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x3a8) kernel console output (not intermixed with test programs): 41] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 313.441265][ T9041] page dumped because: unmovable page [ 313.505105][ T9041] page_owner tracks the page as allocated [ 313.570856][ T9041] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 313.687250][ T9041] post_alloc_hook+0x181/0x1b0 [ 313.716110][ T9041] get_page_from_freelist+0x1193/0x39b0 [ 313.765282][ T9041] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 313.806092][ T9041] alloc_pages_mpol+0x1fb/0x550 [ 313.811031][ T9041] new_slab+0x23c/0x330 [ 313.831875][ T9059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.793'. [ 313.871452][ T9041] ___slab_alloc+0xd9c/0x1940 [ 313.899575][ T9041] __slab_alloc.constprop.0+0x56/0xb0 [ 313.920761][ T9041] kmem_cache_alloc_noprof+0xef/0x3b0 [ 313.946099][ T9041] getname_flags.part.0+0x48/0x540 [ 313.966321][ T9041] getname_flags+0x93/0xf0 [ 313.986858][ T9041] __x64_sys_symlinkat+0x86/0xc0 [ 314.018083][ T9041] do_syscall_64+0xcd/0x260 [ 314.028796][ T9041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.046812][ T9041] page last free pid 5826 tgid 5826 stack trace: [ 314.062082][ T9041] __free_frozen_pages+0x69d/0xff0 [ 314.077734][ T9041] __folio_put+0x329/0x450 [ 314.108058][ T9041] skb_release_data+0x618/0x960 [ 314.131020][ T9041] __kfree_skb+0x4f/0x70 [ 314.153542][ T9041] tcp_ack+0x19b2/0x5c90 [ 314.183735][ T9041] tcp_rcv_established+0xcf0/0x2180 [ 314.213836][ T9041] tcp_v4_do_rcv+0x5ca/0xa90 [ 314.233050][ T9041] __release_sock+0x31b/0x400 [ 314.248075][ T9041] release_sock+0x5a/0x220 [ 314.265071][ T9041] tcp_sendmsg+0x38/0x50 [ 314.278121][ T9041] inet_sendmsg+0xb9/0x140 [ 314.296147][ T9041] sock_write_iter+0x4aa/0x5b0 [ 314.328714][ T9041] vfs_write+0x5ba/0x1180 [ 314.346376][ T9041] ksys_write+0x205/0x240 [ 314.350809][ T9041] do_syscall_64+0xcd/0x260 [ 314.385532][ T9041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.403732][ T9059] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.576256][ T9059] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.322142][ T9087] FAULT_INJECTION: forcing a failure. [ 316.322142][ T9087] name failslab, interval 1, probability 0, space 0, times 0 [ 316.401531][ T9087] CPU: 0 UID: 0 PID: 9087 Comm: syz.0.801 Tainted: G S 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 316.401583][ T9087] Tainted: [S]=CPU_OUT_OF_SPEC [ 316.401595][ T9087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 316.401612][ T9087] Call Trace: [ 316.401623][ T9087] [ 316.401634][ T9087] dump_stack_lvl+0x16c/0x1f0 [ 316.401686][ T9087] should_fail_ex+0x512/0x640 [ 316.401722][ T9087] ? fs_reclaim_acquire+0xae/0x150 [ 316.401764][ T9087] ? tomoyo_encode2+0x100/0x3e0 [ 316.401805][ T9087] should_failslab+0xc2/0x120 [ 316.401835][ T9087] __kmalloc_noprof+0xd2/0x510 [ 316.401893][ T9087] ? d_absolute_path+0x136/0x1a0 [ 316.401933][ T9087] tomoyo_encode2+0x100/0x3e0 [ 316.401982][ T9087] tomoyo_encode+0x29/0x50 [ 316.402022][ T9087] tomoyo_realpath_from_path+0x18f/0x6e0 [ 316.402078][ T9087] tomoyo_check_open_permission+0x2ab/0x3c0 [ 316.402126][ T9087] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 316.402206][ T9087] ? do_raw_spin_lock+0x12c/0x2b0 [ 316.402253][ T9087] tomoyo_file_open+0x6b/0x90 [ 316.402306][ T9087] security_file_open+0x84/0x1e0 [ 316.402348][ T9087] do_dentry_open+0x596/0x1c10 [ 316.402406][ T9087] vfs_open+0x82/0x3f0 [ 316.402443][ T9087] path_openat+0x1e5e/0x2d40 [ 316.402505][ T9087] ? __pfx_path_openat+0x10/0x10 [ 316.402554][ T9087] ? stack_trace_save+0x8e/0xc0 [ 316.402594][ T9087] ? __pfx_stack_trace_save+0x10/0x10 [ 316.402640][ T9087] do_filp_open+0x20b/0x470 [ 316.402687][ T9087] ? __pfx_do_filp_open+0x10/0x10 [ 316.402730][ T9087] ? kasan_save_stack+0x42/0x60 [ 316.402773][ T9087] ? kasan_save_stack+0x33/0x60 [ 316.402862][ T9087] file_open_name+0x2a3/0x450 [ 316.402898][ T9087] ? __pfx_file_open_name+0x10/0x10 [ 316.402966][ T9087] acct_on+0x77/0x870 [ 316.402997][ T9087] __x64_sys_acct+0xaf/0x230 [ 316.403025][ T9087] ? lockdep_hardirqs_on+0x7c/0x110 [ 316.403069][ T9087] do_syscall_64+0xcd/0x260 [ 316.403126][ T9087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.403158][ T9087] RIP: 0033:0x7f6b07f8d169 [ 316.403182][ T9087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.403213][ T9087] RSP: 002b:00007f6b08d20038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 316.403239][ T9087] RAX: ffffffffffffffda RBX: 00007f6b081a6080 RCX: 00007f6b07f8d169 [ 316.403259][ T9087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 316.403277][ T9087] RBP: 00007f6b08d20090 R08: 0000000000000000 R09: 0000000000000000 [ 316.403295][ T9087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.403312][ T9087] R13: 0000000000000000 R14: 00007f6b081a6080 R15: 00007fff1a9b6ee8 [ 316.403352][ T9087] [ 316.403460][ T9087] ERROR: Out of memory at tomoyo_realpath_from_path. [ 317.985358][ T9086] kexec: Could not allocate control_code_buffer [ 318.392166][ T9111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 318.446218][ T9111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 318.551332][ T9111] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 318.560104][ T9111] page_type: f5(slab) [ 318.611365][ T9111] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 318.658835][ T9111] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 318.769323][ T9111] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 318.841610][ T9111] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 318.881366][ T9111] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 318.944288][ T9111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 319.015399][ T30] audit: type=1800 audit(6039343468.376:12): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.810" name="members" dev="configfs" ino=21468 res=0 errno=0 [ 319.058021][ T9111] page dumped because: unmovable page [ 319.069212][ T9111] page_owner tracks the page as allocated [ 319.131223][ T9111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 319.212011][ T9121] vivid-006: ================= START STATUS ================= [ 319.219740][ T9121] vivid-006: FM Deviation: 75000 [ 319.231315][ T9111] post_alloc_hook+0x181/0x1b0 [ 319.236165][ T9111] get_page_from_freelist+0x1193/0x39b0 [ 319.258330][ T9121] vivid-006: ================== END STATUS ================== [ 319.280220][ T9111] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 319.323414][ T9111] alloc_pages_mpol+0x1fb/0x550 [ 319.328364][ T9111] new_slab+0x23c/0x330 [ 319.381863][ T9111] ___slab_alloc+0xd9c/0x1940 [ 319.401256][ T9111] __slab_alloc.constprop.0+0x56/0xb0 [ 319.406732][ T9111] kmem_cache_alloc_noprof+0xef/0x3b0 [ 319.434429][ T9111] getname_flags.part.0+0x48/0x540 [ 319.439636][ T9111] getname_flags+0x93/0xf0 [ 319.454895][ T9111] __x64_sys_symlinkat+0x86/0xc0 [ 319.459934][ T9111] do_syscall_64+0xcd/0x260 [ 319.482419][ T9111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.488404][ T9111] page last free pid 5826 tgid 5826 stack trace: [ 319.526482][ T9111] __free_frozen_pages+0x69d/0xff0 [ 319.551273][ T9111] __folio_put+0x329/0x450 [ 319.555767][ T9111] skb_release_data+0x618/0x960 [ 319.560690][ T9111] __kfree_skb+0x4f/0x70 [ 319.595039][ T9111] tcp_ack+0x19b2/0x5c90 [ 319.599378][ T9111] tcp_rcv_established+0xcf0/0x2180 [ 319.627426][ T9111] tcp_v4_do_rcv+0x5ca/0xa90 [ 319.641324][ T9111] __release_sock+0x31b/0x400 [ 319.646106][ T9111] release_sock+0x5a/0x220 [ 319.650581][ T9111] tcp_sendmsg+0x38/0x50 [ 319.661258][ T9111] inet_sendmsg+0xb9/0x140 [ 319.665739][ T9111] sock_write_iter+0x4aa/0x5b0 [ 319.670574][ T9111] vfs_write+0x5ba/0x1180 [ 319.704723][ T9111] ksys_write+0x205/0x240 [ 319.709430][ T9111] do_syscall_64+0xcd/0x260 [ 319.727338][ T9111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.935610][ T9170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 322.027576][ T9170] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 322.148084][ T9170] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 322.276143][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.291794][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.309034][ T9170] page_type: f5(slab) [ 322.364379][ T9170] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 322.585281][ T9170] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 322.770097][ T9170] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 322.833015][ T9170] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 322.842307][ T9170] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 322.851637][ T9170] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 322.861035][ T9170] page dumped because: unmovable page [ 322.867844][ T9170] page_owner tracks the page as allocated [ 322.873748][ T9170] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 322.895369][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.901785][ T9170] post_alloc_hook+0x181/0x1b0 [ 322.906623][ T9170] get_page_from_freelist+0x1193/0x39b0 [ 322.912886][ T9170] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 322.919174][ T9170] alloc_pages_mpol+0x1fb/0x550 [ 322.924281][ T9170] new_slab+0x23c/0x330 [ 322.928692][ T9170] ___slab_alloc+0xd9c/0x1940 [ 322.934071][ T9170] __slab_alloc.constprop.0+0x56/0xb0 [ 322.939610][ T9170] kmem_cache_alloc_noprof+0xef/0x3b0 [ 322.945602][ T9170] getname_flags.part.0+0x48/0x540 [ 322.950874][ T9170] getname_flags+0x93/0xf0 [ 322.955943][ T9170] __x64_sys_symlinkat+0x86/0xc0 [ 322.982300][ T9170] do_syscall_64+0xcd/0x260 [ 322.987048][ T9170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.011574][ T9170] page last free pid 5826 tgid 5826 stack trace: [ 323.047518][ T9170] __free_frozen_pages+0x69d/0xff0 [ 323.095316][ T9170] __folio_put+0x329/0x450 [ 323.140429][ T9170] skb_release_data+0x618/0x960 [ 323.229984][ T9170] __kfree_skb+0x4f/0x70 [ 323.231718][ T9184] netlink: 330 bytes leftover after parsing attributes in process `syz.1.827'. [ 323.301185][ T9170] tcp_ack+0x19b2/0x5c90 [ 323.363663][ T9170] tcp_rcv_established+0xcf0/0x2180 [ 323.423491][ T9170] tcp_v4_do_rcv+0x5ca/0xa90 [ 323.469418][ T9170] __release_sock+0x31b/0x400 [ 323.490975][ T9170] release_sock+0x5a/0x220 [ 323.510665][ T9170] tcp_sendmsg+0x38/0x50 [ 323.519410][ T9170] inet_sendmsg+0xb9/0x140 [ 323.524168][ T9170] sock_write_iter+0x4aa/0x5b0 [ 323.530397][ T9170] vfs_write+0x5ba/0x1180 [ 323.535104][ T9170] ksys_write+0x205/0x240 [ 323.540811][ T9170] do_syscall_64+0xcd/0x260 [ 323.547938][ T9170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.593764][ T9184] mac80211_hwsim hwsim6 : renamed from wlan0 (while UP) [ 324.081058][ T9194] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 325.646377][ T9210] can: request_module (can-proto-0) failed. [ 326.034945][ T55] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 327.977897][ T9224] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[9224] [ 330.167161][ T9265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.847'. [ 332.293422][ T9289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.855'. [ 332.672425][ T9296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 333.084111][ T9296] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 333.171415][ T9296] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 333.304740][ T9296] page_type: f5(slab) [ 333.325145][ T9296] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 333.381798][ T9296] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 333.405089][ T9286] kexec: Could not allocate control_code_buffer [ 333.445511][ T9296] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 333.480663][ T9296] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 333.504852][ T9296] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 333.578242][ T9296] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 333.646895][ T9296] page dumped because: unmovable page [ 333.748749][ T9296] page_owner tracks the page as allocated [ 333.809886][ T9296] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 333.920060][ T9296] post_alloc_hook+0x181/0x1b0 [ 334.278914][ T9296] get_page_from_freelist+0x1193/0x39b0 [ 334.319749][ T9320] netlink: 16 bytes leftover after parsing attributes in process `syz.0.862'. [ 334.447354][ T9296] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 334.648464][ T9296] alloc_pages_mpol+0x1fb/0x550 [ 334.714119][ T9296] new_slab+0x23c/0x330 [ 334.718385][ T9296] ___slab_alloc+0xd9c/0x1940 [ 334.878335][ T9296] __slab_alloc.constprop.0+0x56/0xb0 [ 334.905063][ T9296] kmem_cache_alloc_noprof+0xef/0x3b0 [ 334.910546][ T9296] getname_flags.part.0+0x48/0x540 [ 334.956523][ T9296] getname_flags+0x93/0xf0 [ 334.978284][ T9296] __x64_sys_symlinkat+0x86/0xc0 [ 335.003660][ T9296] do_syscall_64+0xcd/0x260 [ 335.008276][ T9296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.038896][ T9296] page last free pid 5826 tgid 5826 stack trace: [ 335.059450][ T9296] __free_frozen_pages+0x69d/0xff0 [ 335.079723][ T9296] __folio_put+0x329/0x450 [ 335.089860][ T9296] skb_release_data+0x618/0x960 [ 335.112666][ T9296] __kfree_skb+0x4f/0x70 [ 335.117030][ T9296] tcp_ack+0x19b2/0x5c90 [ 335.133443][ T9296] tcp_rcv_established+0xcf0/0x2180 [ 335.138751][ T9296] tcp_v4_do_rcv+0x5ca/0xa90 [ 335.145896][ T9296] __release_sock+0x31b/0x400 [ 335.150724][ T9296] release_sock+0x5a/0x220 [ 335.157607][ T9296] tcp_sendmsg+0x38/0x50 [ 335.163994][ T9296] inet_sendmsg+0xb9/0x140 [ 335.169001][ T9296] sock_write_iter+0x4aa/0x5b0 [ 335.175971][ T9296] vfs_write+0x5ba/0x1180 [ 335.180555][ T9296] ksys_write+0x205/0x240 [ 335.200956][ T9296] do_syscall_64+0xcd/0x260 [ 335.215579][ T9296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.825105][ T9338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 335.925497][ T9338] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 335.953390][ T9338] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 335.961812][ T9338] page_type: f5(slab) [ 335.967283][ T9338] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 336.001382][ T9338] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 336.010161][ T9338] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 336.137394][ T9338] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 336.176819][ T9338] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 336.197648][ T9338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 336.358260][ T9338] page dumped because: unmovable page [ 336.364325][ T9338] page_owner tracks the page as allocated [ 336.376464][ T9338] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 336.398989][ T9338] post_alloc_hook+0x181/0x1b0 [ 336.404216][ T9338] get_page_from_freelist+0x1193/0x39b0 [ 336.410550][ T9338] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 336.417294][ T9338] alloc_pages_mpol+0x1fb/0x550 [ 336.422898][ T9338] new_slab+0x23c/0x330 [ 336.427130][ T9338] ___slab_alloc+0xd9c/0x1940 [ 336.433047][ T9338] __slab_alloc.constprop.0+0x56/0xb0 [ 336.438481][ T9338] kmem_cache_alloc_noprof+0xef/0x3b0 [ 336.444350][ T9338] getname_flags.part.0+0x48/0x540 [ 336.449599][ T9338] getname_flags+0x93/0xf0 [ 336.497024][ T9338] __x64_sys_symlinkat+0x86/0xc0 [ 336.503812][ T9338] do_syscall_64+0xcd/0x260 [ 336.508528][ T9338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.515601][ T9338] page last free pid 5826 tgid 5826 stack trace: [ 336.522430][ T9338] __free_frozen_pages+0x69d/0xff0 [ 336.528044][ T9338] __folio_put+0x329/0x450 [ 336.533280][ T9338] skb_release_data+0x618/0x960 [ 336.538617][ T9338] __kfree_skb+0x4f/0x70 [ 336.556077][ T9338] tcp_ack+0x19b2/0x5c90 [ 336.618172][ T9338] tcp_rcv_established+0xcf0/0x2180 [ 336.632286][ T9338] tcp_v4_do_rcv+0x5ca/0xa90 [ 336.661438][ T9338] __release_sock+0x31b/0x400 [ 336.694388][ T9338] release_sock+0x5a/0x220 [ 336.719811][ T9338] tcp_sendmsg+0x38/0x50 [ 336.805905][ T9338] inet_sendmsg+0xb9/0x140 [ 336.810966][ T9338] sock_write_iter+0x4aa/0x5b0 [ 336.816615][ T9338] vfs_write+0x5ba/0x1180 [ 336.821497][ T9338] ksys_write+0x205/0x240 [ 336.825923][ T9338] do_syscall_64+0xcd/0x260 [ 336.830600][ T9338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.406939][ T9347] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 337.413751][ T9347] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 337.422092][ T9347] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 337.428320][ T9347] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 338.403671][ T9369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 338.441216][ T9369] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 338.470611][ T9369] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 338.501237][ T9369] page_type: f5(slab) [ 338.505318][ T9369] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 338.550602][ T9369] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 338.599902][ T9369] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 338.741413][ T9369] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 338.805997][ T9367] openvswitch: netlink: IP tunnel dst address not specified [ 338.844765][ T9369] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 338.901317][ T9369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 338.910068][ T9369] page dumped because: unmovable page [ 338.956437][ T9369] page_owner tracks the page as allocated [ 338.966520][ T9369] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 339.052040][ T9369] post_alloc_hook+0x181/0x1b0 [ 339.071287][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 339.091828][ T9369] get_page_from_freelist+0x1193/0x39b0 [ 339.097488][ T9369] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 339.104242][ T9369] alloc_pages_mpol+0x1fb/0x550 [ 339.109171][ T9369] new_slab+0x23c/0x330 [ 339.114936][ T9369] ___slab_alloc+0xd9c/0x1940 [ 339.119701][ T9369] __slab_alloc.constprop.0+0x56/0xb0 [ 339.125872][ T9369] kmem_cache_alloc_noprof+0xef/0x3b0 [ 339.131648][ T9369] getname_flags.part.0+0x48/0x540 [ 339.137117][ T9369] getname_flags+0x93/0xf0 [ 339.142064][ T9369] __x64_sys_symlinkat+0x86/0xc0 [ 339.147092][ T9369] do_syscall_64+0xcd/0x260 [ 339.152318][ T9369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.158909][ T9369] page last free pid 5826 tgid 5826 stack trace: [ 339.166033][ T9369] __free_frozen_pages+0x69d/0xff0 [ 339.171695][ T9369] __folio_put+0x329/0x450 [ 339.176180][ T9369] skb_release_data+0x618/0x960 [ 339.280059][ T9369] __kfree_skb+0x4f/0x70 [ 339.302552][ T9379] FAULT_INJECTION: forcing a failure. [ 339.302552][ T9379] name failslab, interval 1, probability 0, space 0, times 0 [ 339.341215][ T9369] tcp_ack+0x19b2/0x5c90 [ 339.346871][ T9379] CPU: 1 UID: 0 PID: 9379 Comm: syz.3.876 Tainted: G S 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 339.346925][ T9379] Tainted: [S]=CPU_OUT_OF_SPEC [ 339.346937][ T9379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 339.346957][ T9379] Call Trace: [ 339.346967][ T9379] [ 339.346980][ T9379] dump_stack_lvl+0x16c/0x1f0 [ 339.347031][ T9379] should_fail_ex+0x512/0x640 [ 339.347069][ T9379] ? __kmalloc_noprof+0xbf/0x510 [ 339.347121][ T9379] ? lsm_blob_alloc+0x68/0x90 [ 339.347169][ T9379] should_failslab+0xc2/0x120 [ 339.347200][ T9379] __kmalloc_noprof+0xd2/0x510 [ 339.347259][ T9379] lsm_blob_alloc+0x68/0x90 [ 339.347309][ T9379] security_sk_alloc+0x30/0x270 [ 339.347346][ T9379] sk_prot_alloc+0x1c7/0x2a0 [ 339.347400][ T9379] sk_alloc+0x36/0xc20 [ 339.347440][ T9379] __netlink_create+0x5e/0x2c0 [ 339.347483][ T9379] __netlink_kernel_create+0xed/0x750 [ 339.347543][ T9379] ? __pfx___netlink_kernel_create+0x10/0x10 [ 339.347606][ T9379] fib_net_init+0x26d/0x3f0 [ 339.347650][ T9379] ? __pfx___register_sysctl_table+0x10/0x10 [ 339.347688][ T9379] ? __pfx_fib_net_init+0x10/0x10 [ 339.347731][ T9379] ? lockdep_init_map_type+0x5c/0x280 [ 339.347764][ T9379] ? __pfx_nl_fib_input+0x10/0x10 [ 339.347815][ T9379] ? devinet_init_net+0x5c2/0x910 [ 339.347867][ T9379] ? __pfx_fib_net_init+0x10/0x10 [ 339.347916][ T9379] ops_init+0x1df/0x5f0 [ 339.347965][ T9379] setup_net+0x21e/0x850 [ 339.348015][ T9379] ? __pfx_setup_net+0x10/0x10 [ 339.348058][ T9379] ? lockdep_init_map_type+0x5c/0x280 [ 339.348089][ T9379] ? __pfx_down_read_killable+0x10/0x10 [ 339.348125][ T9379] ? debug_mutex_init+0x37/0x70 [ 339.348170][ T9379] copy_net_ns+0x2a6/0x5f0 [ 339.348224][ T9379] create_new_namespaces+0x3ea/0xad0 [ 339.348280][ T9379] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 339.348332][ T9379] ksys_unshare+0x45b/0xa40 [ 339.348383][ T9379] ? __pfx_ksys_unshare+0x10/0x10 [ 339.348431][ T9379] ? xfd_validate_state+0x5d/0x180 [ 339.348469][ T9379] ? rcu_is_watching+0x12/0xc0 [ 339.348527][ T9379] __x64_sys_unshare+0x31/0x40 [ 339.348578][ T9379] do_syscall_64+0xcd/0x260 [ 339.348631][ T9379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.348664][ T9379] RIP: 0033:0x7fdfe3b8d169 [ 339.348690][ T9379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.348722][ T9379] RSP: 002b:00007fdfe4a89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 339.348753][ T9379] RAX: ffffffffffffffda RBX: 00007fdfe3da6080 RCX: 00007fdfe3b8d169 [ 339.348774][ T9379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 339.348793][ T9379] RBP: 00007fdfe3c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 339.348813][ T9379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.348831][ T9379] R13: 0000000000000000 R14: 00007fdfe3da6080 R15: 00007ffcadd66f78 [ 339.348872][ T9379] [ 339.639400][ T9369] tcp_rcv_established+0xcf0/0x2180 [ 339.644832][ T9369] tcp_v4_do_rcv+0x5ca/0xa90 [ 339.649487][ T9369] __release_sock+0x31b/0x400 [ 339.673220][ T9369] release_sock+0x5a/0x220 [ 339.677761][ T9369] tcp_sendmsg+0x38/0x50 [ 339.711244][ T9369] inet_sendmsg+0xb9/0x140 [ 339.715768][ T9369] sock_write_iter+0x4aa/0x5b0 [ 339.720609][ T9369] vfs_write+0x5ba/0x1180 [ 339.724954][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.731100][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 339.737257][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 339.782541][ T9369] ksys_write+0x205/0x240 [ 339.805343][ T9369] do_syscall_64+0xcd/0x260 [ 339.825965][ T9369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.782656][ T9398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 340.859515][ T9398] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 340.896840][ T9398] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 340.990683][ T9398] page_type: f5(slab) [ 341.005656][ T9398] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 341.027998][ T9398] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 341.073624][ T9398] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 341.121623][ T9398] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 341.145885][ T9398] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 341.174957][ T9398] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 341.216755][ T9398] page dumped because: unmovable page [ 341.234476][ T9398] page_owner tracks the page as allocated [ 341.240272][ T9398] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 341.344105][ T9398] post_alloc_hook+0x181/0x1b0 [ 341.348989][ T9398] get_page_from_freelist+0x1193/0x39b0 [ 341.434442][ T9398] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 341.451282][ T9398] alloc_pages_mpol+0x1fb/0x550 [ 341.486033][ T9398] new_slab+0x23c/0x330 [ 341.490301][ T9398] ___slab_alloc+0xd9c/0x1940 [ 341.495808][ T9398] __slab_alloc.constprop.0+0x56/0xb0 [ 341.503821][ T9398] kmem_cache_alloc_noprof+0xef/0x3b0 [ 341.532105][ T9398] getname_flags.part.0+0x48/0x540 [ 341.574135][ T9398] getname_flags+0x93/0xf0 [ 341.582038][ T9398] __x64_sys_symlinkat+0x86/0xc0 [ 341.587082][ T9398] do_syscall_64+0xcd/0x260 [ 341.594493][ T9398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.609063][ T9398] page last free pid 5826 tgid 5826 stack trace: [ 341.667205][ T9398] __free_frozen_pages+0x69d/0xff0 [ 341.681918][ T9398] __folio_put+0x329/0x450 [ 341.721181][ T9398] skb_release_data+0x618/0x960 [ 341.726146][ T9398] __kfree_skb+0x4f/0x70 [ 341.730471][ T9398] tcp_ack+0x19b2/0x5c90 [ 341.776188][ T9398] tcp_rcv_established+0xcf0/0x2180 [ 341.801203][ T9398] tcp_v4_do_rcv+0x5ca/0xa90 [ 341.816156][ T9398] __release_sock+0x31b/0x400 [ 341.820928][ T9398] release_sock+0x5a/0x220 [ 341.841223][ T9398] tcp_sendmsg+0x38/0x50 [ 341.845569][ T9398] inet_sendmsg+0xb9/0x140 [ 341.866040][ T9398] sock_write_iter+0x4aa/0x5b0 [ 341.875872][ T9398] vfs_write+0x5ba/0x1180 [ 341.880513][ T9398] ksys_write+0x205/0x240 [ 341.901221][ T9398] do_syscall_64+0xcd/0x260 [ 341.905938][ T9398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.024920][ T9403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 342.131861][ T9412] netlink: 28 bytes leftover after parsing attributes in process `syz.0.883'. [ 342.152565][ T9403] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 342.190059][ T9412] ipvlan1: entered allmulticast mode [ 342.210980][ T9403] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 342.230322][ T9403] page_type: f5(slab) [ 342.246192][ T9403] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 342.261255][ T9412] veth0_vlan: entered allmulticast mode [ 342.273937][ T5847] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 342.273978][ T5847] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 342.288935][ T5847] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 342.288974][ T5847] Bluetooth: hci2: adv larger than maximum supported [ 342.296451][ T5847] Bluetooth: hci2: Malformed LE Event: 0x0d [ 342.311347][ T9403] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 342.320033][ T9403] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 342.328927][ T9403] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 342.338482][ T9403] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 342.347888][ T9403] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 342.356684][ T9403] page dumped because: unmovable page [ 342.362151][ T9403] page_owner tracks the page as allocated [ 342.367919][ T9403] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 342.390019][ T9403] post_alloc_hook+0x181/0x1b0 [ 342.394916][ T9403] get_page_from_freelist+0x1193/0x39b0 [ 342.400559][ T9403] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 342.406584][ T9403] alloc_pages_mpol+0x1fb/0x550 [ 342.411586][ T9403] new_slab+0x23c/0x330 [ 342.416013][ T9403] ___slab_alloc+0xd9c/0x1940 [ 342.420848][ T9403] __slab_alloc.constprop.0+0x56/0xb0 [ 342.426551][ T9403] kmem_cache_alloc_noprof+0xef/0x3b0 [ 342.432038][ T9403] getname_flags.part.0+0x48/0x540 [ 342.437510][ T9403] getname_flags+0x93/0xf0 [ 342.442048][ T9403] __x64_sys_symlinkat+0x86/0xc0 [ 342.447068][ T9403] do_syscall_64+0xcd/0x260 [ 342.451720][ T9403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.457683][ T9403] page last free pid 5826 tgid 5826 stack trace: [ 342.464135][ T9403] __free_frozen_pages+0x69d/0xff0 [ 342.469326][ T9403] __folio_put+0x329/0x450 [ 342.541171][ T9403] skb_release_data+0x618/0x960 [ 342.581371][ T9403] __kfree_skb+0x4f/0x70 [ 342.585727][ T9403] tcp_ack+0x19b2/0x5c90 [ 342.590048][ T9403] tcp_rcv_established+0xcf0/0x2180 [ 342.625788][ T9403] tcp_v4_do_rcv+0x5ca/0xa90 [ 342.630502][ T9403] __release_sock+0x31b/0x400 [ 342.655639][ T9403] release_sock+0x5a/0x220 [ 342.665748][ T9403] tcp_sendmsg+0x38/0x50 [ 342.690465][ T9403] inet_sendmsg+0xb9/0x140 [ 342.700589][ T9403] sock_write_iter+0x4aa/0x5b0 [ 342.716812][ T9403] vfs_write+0x5ba/0x1180 [ 342.734688][ T9403] ksys_write+0x205/0x240 [ 342.739136][ T9403] do_syscall_64+0xcd/0x260 [ 342.803601][ T9403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.484476][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.886'. [ 344.281597][ T5847] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 347.926401][ T9485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 348.097621][ T9485] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 348.223099][ T9485] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 348.378101][ T9485] page_type: f5(slab) [ 348.382559][ T9485] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 348.391500][ T9485] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 348.400135][ T9485] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 348.409468][ T9485] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 348.418364][ T9485] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 348.427572][ T9485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 348.577482][ T9485] page dumped because: unmovable page [ 348.584765][ T9485] page_owner tracks the page as allocated [ 348.590542][ T9485] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 348.612465][ T9485] post_alloc_hook+0x181/0x1b0 [ 348.617313][ T9485] get_page_from_freelist+0x1193/0x39b0 [ 348.626255][ T9485] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 348.632945][ T9485] alloc_pages_mpol+0x1fb/0x550 [ 348.637852][ T9485] new_slab+0x23c/0x330 [ 348.647858][ T9485] ___slab_alloc+0xd9c/0x1940 [ 348.652718][ T9485] __slab_alloc.constprop.0+0x56/0xb0 [ 348.658187][ T9485] kmem_cache_alloc_noprof+0xef/0x3b0 [ 348.663716][ T9485] getname_flags.part.0+0x48/0x540 [ 348.669528][ T9485] getname_flags+0x93/0xf0 [ 348.674142][ T9485] __x64_sys_symlinkat+0x86/0xc0 [ 348.679187][ T9485] do_syscall_64+0xcd/0x260 [ 348.684187][ T9485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.690144][ T9485] page last free pid 5826 tgid 5826 stack trace: [ 348.696588][ T9485] __free_frozen_pages+0x69d/0xff0 [ 348.701845][ T9485] __folio_put+0x329/0x450 [ 348.706325][ T9485] skb_release_data+0x618/0x960 [ 348.711792][ T9485] __kfree_skb+0x4f/0x70 [ 348.716123][ T9485] tcp_ack+0x19b2/0x5c90 [ 348.720440][ T9485] tcp_rcv_established+0xcf0/0x2180 [ 348.726457][ T9485] tcp_v4_do_rcv+0x5ca/0xa90 [ 348.751226][ T9485] __release_sock+0x31b/0x400 [ 348.756015][ T9485] release_sock+0x5a/0x220 [ 348.760507][ T9485] tcp_sendmsg+0x38/0x50 [ 348.851357][ T9485] inet_sendmsg+0xb9/0x140 [ 348.855888][ T9485] sock_write_iter+0x4aa/0x5b0 [ 348.860728][ T9485] vfs_write+0x5ba/0x1180 [ 348.921569][ T9485] ksys_write+0x205/0x240 [ 348.926121][ T9485] do_syscall_64+0xcd/0x260 [ 348.930709][ T9485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.117930][ T9487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078803300 pfn:0x78800 [ 349.167370][ T9487] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 349.192018][ T9487] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 349.277308][ T9487] page_type: f5(slab) [ 349.315247][ T9487] raw: 00fff00000000240 ffff888140408640 ffffea000088e410 ffffea0000938210 [ 349.358581][ T9487] raw: ffff888078803300 0000000000070003 00000000f5000000 0000000000000000 [ 349.392561][ T9487] head: 00fff00000000240 ffff888140408640 ffffea000088e410 ffffea0000938210 [ 349.431754][ T9487] head: ffff888078803300 0000000000070003 00000000f5000000 0000000000000000 [ 349.440523][ T9487] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 349.501422][ T9487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 349.510325][ T9487] page dumped because: unmovable page [ 349.581192][ T9487] page_owner tracks the page as allocated [ 349.587053][ T9487] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 349.737054][ T9487] post_alloc_hook+0x181/0x1b0 [ 349.779438][ T9487] get_page_from_freelist+0x1193/0x39b0 [ 349.790612][ T9487] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 349.801298][ T9487] alloc_pages_mpol+0x1fb/0x550 [ 349.806358][ T9487] new_slab+0x23c/0x330 [ 349.810867][ T9487] ___slab_alloc+0xd9c/0x1940 [ 349.871336][ T9487] __slab_alloc.constprop.0+0x56/0xb0 [ 349.881269][ T9487] kmem_cache_alloc_noprof+0xef/0x3b0 [ 349.897242][ T9487] getname_flags.part.0+0x48/0x540 [ 349.917481][ T9487] getname_flags+0x93/0xf0 [ 349.947877][ T9487] __x64_sys_symlinkat+0x86/0xc0 [ 349.971244][ T9487] do_syscall_64+0xcd/0x260 [ 349.975924][ T9487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.993669][ T9487] page last free pid 5826 tgid 5826 stack trace: [ 350.000078][ T9487] __free_frozen_pages+0x69d/0xff0 [ 350.069573][ T9487] __folio_put+0x329/0x450 [ 350.079703][ T9487] skb_release_data+0x618/0x960 [ 350.089842][ T9487] __kfree_skb+0x4f/0x70 [ 350.099976][ T9487] tcp_ack+0x19b2/0x5c90 [ 350.104681][ T9487] tcp_rcv_established+0xcf0/0x2180 [ 350.109946][ T9487] tcp_v4_do_rcv+0x5ca/0xa90 [ 350.119921][ T9487] __release_sock+0x31b/0x400 [ 350.131276][ T9487] release_sock+0x5a/0x220 [ 350.135879][ T9487] tcp_sendmsg+0x38/0x50 [ 350.140174][ T9487] inet_sendmsg+0xb9/0x140 [ 350.151223][ T9487] sock_write_iter+0x4aa/0x5b0 [ 350.156186][ T9487] vfs_write+0x5ba/0x1180 [ 350.160585][ T9487] ksys_write+0x205/0x240 [ 350.171235][ T9487] do_syscall_64+0xcd/0x260 [ 350.175952][ T9487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.627929][ T5847] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 351.263294][ T9508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 351.390985][ T9508] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 351.400542][ T9508] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 351.683005][ T9508] page_type: f5(slab) [ 351.687345][ T9508] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 351.698084][ T9508] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 351.706999][ T9508] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 351.716075][ T9508] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 351.725002][ T9508] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 351.734033][ T9508] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 351.754100][ T9508] page dumped because: unmovable page [ 351.766646][ T9508] page_owner tracks the page as allocated [ 351.778128][ T9508] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 351.839195][ T9508] post_alloc_hook+0x181/0x1b0 [ 351.863472][ T9508] get_page_from_freelist+0x1193/0x39b0 [ 351.909633][ T9508] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 351.953873][ T9508] alloc_pages_mpol+0x1fb/0x550 [ 351.958893][ T9508] new_slab+0x23c/0x330 [ 351.969542][ T9508] ___slab_alloc+0xd9c/0x1940 [ 351.997927][ T9508] __slab_alloc.constprop.0+0x56/0xb0 [ 352.064083][ T9508] kmem_cache_alloc_noprof+0xef/0x3b0 [ 352.071247][ T9508] getname_flags.part.0+0x48/0x540 [ 352.076542][ T9508] getname_flags+0x93/0xf0 [ 352.081022][ T9508] __x64_sys_symlinkat+0x86/0xc0 [ 352.088712][ T9508] do_syscall_64+0xcd/0x260 [ 352.093383][ T9508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.099430][ T9508] page last free pid 5826 tgid 5826 stack trace: [ 352.106069][ T9508] __free_frozen_pages+0x69d/0xff0 [ 352.111731][ T9508] __folio_put+0x329/0x450 [ 352.116222][ T9508] skb_release_data+0x618/0x960 [ 352.121210][ T9508] __kfree_skb+0x4f/0x70 [ 352.125619][ T9508] tcp_ack+0x19b2/0x5c90 [ 352.129928][ T9508] tcp_rcv_established+0xcf0/0x2180 [ 352.224574][ T9508] tcp_v4_do_rcv+0x5ca/0xa90 [ 352.229267][ T9508] __release_sock+0x31b/0x400 [ 352.301450][ T9508] release_sock+0x5a/0x220 [ 352.302728][ T9524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.905'. [ 352.331491][ T9524] ipvlan1: entered allmulticast mode [ 352.346545][ T9508] tcp_sendmsg+0x38/0x50 [ 352.349764][ T9524] veth0_vlan: entered allmulticast mode [ 352.350846][ T9508] inet_sendmsg+0xb9/0x140 [ 352.461475][ T9508] sock_write_iter+0x4aa/0x5b0 [ 352.466358][ T9508] vfs_write+0x5ba/0x1180 [ 352.470749][ T9508] ksys_write+0x205/0x240 [ 352.550749][ T9508] do_syscall_64+0xcd/0x260 [ 352.576647][ T9508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.002969][ T9546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 355.111170][ T9546] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 355.171361][ T9546] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 355.179441][ T9546] page_type: f5(slab) [ 355.251184][ T9546] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 355.259961][ T9546] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 355.281243][ T9546] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 355.290010][ T9546] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 355.307555][ T9546] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 355.316426][ T9546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 355.325378][ T9546] page dumped because: unmovable page [ 355.331040][ T9546] page_owner tracks the page as allocated [ 355.336863][ T9546] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 355.359326][ T9546] post_alloc_hook+0x181/0x1b0 [ 355.364238][ T9546] get_page_from_freelist+0x1193/0x39b0 [ 355.369866][ T9546] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 355.376037][ T9546] alloc_pages_mpol+0x1fb/0x550 [ 355.380943][ T9546] new_slab+0x23c/0x330 [ 355.385224][ T9546] ___slab_alloc+0xd9c/0x1940 [ 355.389955][ T9546] __slab_alloc.constprop.0+0x56/0xb0 [ 355.395458][ T9546] kmem_cache_alloc_noprof+0xef/0x3b0 [ 355.400898][ T9546] getname_flags.part.0+0x48/0x540 [ 355.406128][ T9546] getname_flags+0x93/0xf0 [ 355.410598][ T9546] __x64_sys_symlinkat+0x86/0xc0 [ 355.461672][ T9546] do_syscall_64+0xcd/0x260 [ 355.466300][ T9546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.504418][ T9546] page last free pid 5826 tgid 5826 stack trace: [ 355.531293][ T9546] __free_frozen_pages+0x69d/0xff0 [ 355.584860][ T9546] __folio_put+0x329/0x450 [ 355.589391][ T9546] skb_release_data+0x618/0x960 [ 355.619222][ T9546] __kfree_skb+0x4f/0x70 [ 355.629342][ T9546] tcp_ack+0x19b2/0x5c90 [ 355.649156][ T9546] tcp_rcv_established+0xcf0/0x2180 [ 355.741218][ T9546] tcp_v4_do_rcv+0x5ca/0xa90 [ 355.745916][ T9546] __release_sock+0x31b/0x400 [ 355.750836][ T9546] release_sock+0x5a/0x220 [ 355.871983][ T9546] tcp_sendmsg+0x38/0x50 [ 355.911285][ T9546] inet_sendmsg+0xb9/0x140 [ 355.915811][ T9546] sock_write_iter+0x4aa/0x5b0 [ 355.960650][ T9546] vfs_write+0x5ba/0x1180 [ 355.977301][ T9546] ksys_write+0x205/0x240 [ 356.009818][ T9546] do_syscall_64+0xcd/0x260 [ 356.030115][ T9546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.356024][ T9579] netlink: 28 bytes leftover after parsing attributes in process `syz.3.918'. [ 358.845193][ T9579] ipvlan1: entered allmulticast mode [ 358.911727][ T9579] veth0_vlan: entered allmulticast mode [ 363.635894][ T5847] Bluetooth: hci3: Malformed HCI Event: 0x22 [ 365.142325][ T9667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 365.193800][ T9667] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 365.261218][ T9667] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 365.310033][ T9667] page_type: f5(slab) [ 365.351246][ T9667] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 365.359926][ T9667] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 365.407606][ T9667] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 365.416662][ T9667] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 365.431249][ T9667] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 365.439988][ T9667] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 365.450527][ T9667] page dumped because: unmovable page [ 365.456936][ T9667] page_owner tracks the page as allocated [ 365.462800][ T9667] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 365.484845][ T9667] post_alloc_hook+0x181/0x1b0 [ 365.489778][ T9667] get_page_from_freelist+0x1193/0x39b0 [ 365.495466][ T9667] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 365.501467][ T9667] alloc_pages_mpol+0x1fb/0x550 [ 365.506361][ T9667] new_slab+0x23c/0x330 [ 365.510566][ T9667] ___slab_alloc+0xd9c/0x1940 [ 365.515350][ T9667] __slab_alloc.constprop.0+0x56/0xb0 [ 365.520809][ T9667] kmem_cache_alloc_noprof+0xef/0x3b0 [ 365.527291][ T9667] getname_flags.part.0+0x48/0x540 [ 365.532811][ T9667] getname_flags+0x93/0xf0 [ 365.537612][ T9667] __x64_sys_symlinkat+0x86/0xc0 [ 365.565833][ T9667] do_syscall_64+0xcd/0x260 [ 365.570432][ T9667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.590984][ T9667] page last free pid 5826 tgid 5826 stack trace: [ 365.597560][ T9667] __free_frozen_pages+0x69d/0xff0 [ 365.606257][ T9667] __folio_put+0x329/0x450 [ 365.618468][ T9667] skb_release_data+0x618/0x960 [ 365.638973][ T9667] __kfree_skb+0x4f/0x70 [ 365.686575][ T9667] tcp_ack+0x19b2/0x5c90 [ 365.718996][ T9667] tcp_rcv_established+0xcf0/0x2180 [ 365.758068][ T9667] tcp_v4_do_rcv+0x5ca/0xa90 [ 365.809569][ T9667] __release_sock+0x31b/0x400 [ 365.848428][ T9667] release_sock+0x5a/0x220 [ 365.912141][ T9667] tcp_sendmsg+0x38/0x50 [ 365.988301][ T9667] inet_sendmsg+0xb9/0x140 [ 366.082686][ T9667] sock_write_iter+0x4aa/0x5b0 [ 366.173031][ T9667] vfs_write+0x5ba/0x1180 [ 366.232190][ T9667] ksys_write+0x205/0x240 [ 366.285579][ T9667] do_syscall_64+0xcd/0x260 [ 366.290208][ T9667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.365674][ T9697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 367.444788][ T9697] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 367.476866][ T9697] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 367.561321][ T9697] page_type: f5(slab) [ 367.569285][ T9697] raw: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 367.581049][ T9697] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 367.593649][ T9697] head: 00fff00000000040 ffff888140408640 0000000000000000 dead000000000001 [ 367.666171][ T9697] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 367.725967][ T9697] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 367.747149][ T9697] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 367.766958][ T9697] page dumped because: unmovable page [ 367.776900][ T9697] page_owner tracks the page as allocated [ 367.799405][ T9697] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8650, tgid 8650 (syz-executor), ts 288860302918, free_ts 288816915584 [ 367.847073][ T9697] post_alloc_hook+0x181/0x1b0 [ 367.853553][ T9697] get_page_from_freelist+0x1193/0x39b0 [ 367.872800][ T9697] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 367.878801][ T9697] alloc_pages_mpol+0x1fb/0x550 [ 367.924433][ T9697] new_slab+0x23c/0x330 [ 367.945687][ T9697] ___slab_alloc+0xd9c/0x1940 [ 367.961475][ T9697] __slab_alloc.constprop.0+0x56/0xb0 [ 367.972438][ T9697] kmem_cache_alloc_noprof+0xef/0x3b0 [ 367.981201][ T9697] getname_flags.part.0+0x48/0x540 [ 367.986517][ T9697] getname_flags+0x93/0xf0 [ 367.991084][ T9697] __x64_sys_symlinkat+0x86/0xc0 [ 368.000283][ T9697] do_syscall_64+0xcd/0x260 [ 368.006417][ T9697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.016236][ T9697] page last free pid 5826 tgid 5826 stack trace: [ 368.023048][ T9697] __free_frozen_pages+0x69d/0xff0 [ 368.028327][ T9697] __folio_put+0x329/0x450 [ 368.039592][ T9697] skb_release_data+0x618/0x960 [ 368.047069][ T9697] __kfree_skb+0x4f/0x70 [ 368.054869][ T9697] tcp_ack+0x19b2/0x5c90 [ 368.059403][ T9697] tcp_rcv_established+0xcf0/0x2180 [ 368.065297][ T9697] tcp_v4_do_rcv+0x5ca/0xa90 [ 368.070032][ T9697] __release_sock+0x31b/0x400 [ 368.080143][ T9697] release_sock+0x5a/0x220 [ 368.086124][ T9697] tcp_sendmsg+0x38/0x50 [ 368.090629][ T9697] inet_sendmsg+0xb9/0x140 [ 368.098907][ T9697] sock_write_iter+0x4aa/0x5b0 [ 368.104231][ T9697] vfs_write+0x5ba/0x1180 [ 368.108709][ T9697] ksys_write+0x205/0x240 [ 368.118293][ T9697] do_syscall_64+0xcd/0x260 [ 368.123415][ T9697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.897823][ T30] audit: type=1800 audit(6039343528.258:13): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.966" name="discovery_nqn" dev="configfs" ino=25818 res=0 errno=0 [ 375.463516][ T9790] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 375.482889][ T9790] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 375.499196][ T9790] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 375.509024][ T9790] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 375.852595][ T9808] netlink: 4 bytes leftover after parsing attributes in process `syz.0.991'. [ 376.526330][ T9819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78810 [ 376.593946][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 376.631308][ T9819] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 376.719117][ T9819] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 376.740545][ T9819] page_type: f5(slab) [ 376.779854][ T9819] raw: 00fff00000000040 ffff88801b442000 0000000000000000 dead000000000001 [ 376.805304][ T9819] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 376.841215][ T9819] head: 00fff00000000040 ffff88801b442000 0000000000000000 dead000000000001 [ 376.880089][ T9819] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 376.922503][ T9819] head: 00fff00000000003 ffffea0001e20401 00000000ffffffff 00000000ffffffff [ 376.973396][ T9819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 377.151378][ T9819] page dumped because: unmovable page [ 377.161736][ T9819] page_owner tracks the page as allocated [ 377.197331][ T9819] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9397, tgid 9396 (syz.0.880), ts 340591706463, free_ts 340532103526 [ 377.323808][ T9819] post_alloc_hook+0x181/0x1b0 [ 377.328717][ T9819] get_page_from_freelist+0x1193/0x39b0 [ 377.501350][ T9819] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 377.507518][ T9819] alloc_pages_mpol+0x1fb/0x550 [ 377.519291][ T9819] new_slab+0x23c/0x330 [ 377.530373][ T9819] ___slab_alloc+0xd9c/0x1940 [ 377.544264][ T9819] __slab_alloc.constprop.0+0x56/0xb0 [ 377.551779][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 377.551807][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 377.557827][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 377.581331][ T9819] __kmalloc_noprof+0x2f2/0x510 [ 377.586294][ T9819] sk_prot_alloc+0x1a8/0x2a0 [ 377.590960][ T9819] sk_alloc+0x36/0xc20 [ 377.840131][ T9819] __netlink_create+0x5e/0x2c0 [ 377.863690][ T9819] __netlink_kernel_create+0xed/0x750 [ 377.869477][ T9819] diag_net_init+0xbd/0x140 [ 377.914231][ T9819] ops_init+0x1df/0x5f0 [ 377.918497][ T9819] setup_net+0x21e/0x850 [ 377.984566][ T9819] copy_net_ns+0x2a6/0x5f0 [ 378.001348][ T9819] page last free pid 5835 tgid 5835 stack trace: [ 378.024964][ T9819] __free_frozen_pages+0x69d/0xff0 [ 378.061234][ T9819] __put_partials+0x16d/0x1c0 [ 378.065989][ T9819] qlist_free_all+0x4e/0x120 [ 378.070601][ T9819] kasan_quarantine_reduce+0x195/0x1e0 [ 378.200280][ T9819] __kasan_slab_alloc+0x69/0x90 [ 378.224460][ T9819] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 378.267050][ T9819] copy_process+0x4bd/0x91a0 [ 378.303629][ T9819] kernel_clone+0xfc/0x960 [ 378.332940][ T9819] __do_sys_clone+0xce/0x120 [ 378.384601][ T9819] do_syscall_64+0xcd/0x260 [ 378.411205][ T9819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.095366][ T9858] [U] gg&GÝi¶DC¶æhŠ+ZÙß&iæùÍ#e2²×c¬Œ¯KÞL0µ0¬n»ÿ•d}j¡µ]ÞZ@›[QBer‘éÝf¿”ê2h’ƒ»‰]¼ [ 379.105818][ T9858] [U] —rÖâPÉt5i‰‹}H¬ìÝò€ÏmÔºÁª9(e…\ê°âóO7Ý쎥‡üMï‚V°«*nÊÄ b½B¢+ãw [ 379.229619][ T9858] [U] µ˜À7¸ð‰Ï‹ BªûjÉ$ÏU-ñX§õœ&æ/?Ï2Ø`Â%œ±³Šw?óϺùÅ°hÚÞ\×w©‡ [ 379.237651][ T9858] [U] R!Cu+°‰½ò³ƒ‡·.ŠS96b>Ööï”ÝüÊ{ò [ 379.243779][ T9858] [U] oäP =í³jW5^%ÿW›\c _H@~Ί|lO[%‚ao [ 379.249429][ T9858] [U] kº˜À¢ƒUûÜîÉâdRÃ_ŠÙ?–ò.Y"Ô?oÜ ùìÅQµqD;°÷¨–`N¤óÄ0QBŒÉÛ²Œ* `ž@;^’§'¯§g±ù}ó5îr–†À>LÁŠ¥JØ+@<ÆÁÿcAU`A}}HðiÉ%Ê?Î`ÊzÇgýßaÊö/:¶}­?¯Ã4>Aœ.—U>Ê­X¿ q’çnš¼\›é2qŠº2Í}¼Æ¼cJFQ9mFd£ðÕŲGø8™y̵eÆFfÛq4Ñ\ÿZèù5¥¼²<ªÎ.Ý+7§&W^<°Rà^ÝŸãëawg¶¥W( [ 379.368079][ T9858] [U] (‹R¯D¡`{`c†~\VÄIhýP›Yƒúæ±îû/Œî ´›‹Vœñ;w­¼"Η,×zÅqîA¤FÑ91øIÕclr™–³nÈAqýâ`¤à—pÏhu‘§˜3®dsÅÀú«–ï >axÔ…Rm¿w\”2Lv½Jòe.6±Ì [ 379.408164][ T9858] [U] =ð\’2înï|OF¦ÏŠÑ`­zºi(¿kó­áÑ5©eÄ¢²ƒHW7Úgþ™"/¿³º§Muþ)*ßØ/Ë“%·ê‚jRU–TçmIJ7M•5úÏÍJ²HãˆÅ»Š [ 379.433013][ T9858] [U] ÁQ±U~A×Æ%Æz±Å [ 379.437521][ T9858] [U] o¹{¡\Ucî¤K!©>­o{ý…n(x/ [ 379.444657][ T9858] [U] ÐPDÙ›—9ÒÌë†Ï&¬ëà‰¨a4 ýáºk£ƒ0ê.`R¸~ám~(¾CÑ+²¶y7Ý&¨®¸Oï/-R÷R2¤ [ 379.491411][ T9858] [U] ªoj3KQÒu)Øn¥Î‡Ebùù=¤]$B$¹6üí;eŠ»çª [ 379.505437][ T9858] [U] P/ÿ΂?RŠ´~£T"ñDs6f"šàŒü~a$wBêN< 8®|{Áî—\ƒyg.LïĘ”«s»¢X [ 379.544317][ T9858] [U] ÄvÌV¶t‹ŽÛ³z?ÚúÔì«Î|Mü2ä [ 379.549659][ T9858] [U] Z³{:n«í¾úØîñ‰¹#cÓ98Jòk}G•=‚„\›f¥¼½dÉáÆÙ«]* IÑ—j0š¾ž[?žb2B±Ø›ÃiÑE§Š›ßT=¿þ‰Ÿù6` £°BJcFµ0ÚÙï#ñ6¡ r‡ŽWóÂÞE­ð¡Ã(à[—LªF²æᦺ qÀd·©I{ä  ±qb­ýM{dúóx*’3:Л„ŠµôÑU4¸Ää=É`K0øÓI²È [ 379.602468][ T9858] [U] ˜ýàÔ`íü8ÜÅÓ—Nh+½UZÁ–%¿nØ€3‘ìœ-ÄÄè¼êäõ5s$â6&®E [ 379.609828][ T9858] [U] ÀÝ‘J}R¥w¸ݬJ4v\&©ˆ9³í¶) [ 379.631449][ T9858] [U] ¿ðÇY‘ÖøÁ½u@óŠ%þÂóSŸ‰L“Ž<ðÿi”Ö¦ìÄW¤‚ðEºq*…èãýIÈãH [ 379.665449][ T9858] [U] ÁÃmV«.άnZ„tUØïN=EÍFË™ºý2~30<ôG³h [ 379.702526][ T9858] [U] *©íçÝr2PuÈ<.φj Tïõ^¾NHžr.j0â4‡2pN°)—ÿÒ:cú«û»ÑûL«`o®ÒJ90XΡÁ(`î\ ¢kjëÝG©LëÛE¿èÇqß93ÚÓ|íB¶Ú!-ÉõÁMù™¾âf!y-BäIë¨Xš‚>^™Æ_ßû®þ‰âã$ìLõtã5âÒˆäÍ­Vô±µ|6NÓ∠ä€ÖôÇëô;Ò¦Ö¨ÉúÊæ·øòÅoy*âÀÌ]Ù¾® «5GëµFqƒÂðý{Ñ‘ˆ†u-Å€“½¼‘4‡CD0ó==úœ%IEåúO†`è"SÈ&·¾¤é§¡Æ'á V×x¦D½`òœõ9‹áLÀýìEÆ^+–zí·RîÑë¤M¦! [ 379.741344][ T9858] [U] ¦†ýpn–º†c²åð©°N2Š3{þ§(Š?ïPbÇäÁzÓÔ‡ [ 379.751069][ T9858] [U] 9Á x§N«%É“R~1:OYØmåZ©¨¦?sL-µVi/é“°Íà«T4ÉìÕsTõ^k]Z{ah]í®!ìç :¿t!)©ë¿Þÿ¢Àó²tmؘÁræÚô Üæ,"‡ËðÓ ú1={¯N\ªõ”ð« [ 379.774627][ T9858] [U] …O<ïvÿƒéo¤ŠG;Q ¤Zî.š[7+Žè(öE iyì5y„€Ç‚N„`(À/XµdË® y«Øa‚¦b»BÉ4mºb°Ú):Îó;‹v¨ˆ\.]hSH¶Œ[D@ŸXØÕò“DþŠ.L$2®b+±‘.¦]Ut¿ø•[×,×€Õœº ˆjý]fvÒÞbf1R\\Ã÷\éë£xz‰uP,Lœ8Ü”,ôâÖ—BíîݶkEŸÏotK,@«!ýN™´G~%ÌZšõ‘ȲõiÔº"|uO)OÜk8?ؘa¢ôÔî3Jë!îA [ 379.859205][ T9858] [U] iS:¢E 5Éz¶ð8)ȤÃ?àûÈÕy»ÛDí¤ó5Ò¼Q,§ó`<)<”ß,•3ôB$2õt !é [ 379.941248][ T9858] [U] ã¤ÏTÞFâY†1[0•o¬äž&èܼÉá66'©óŠ.è0CÚ´=wôÃ7U*jÂ0x…ÍÑ^sBcä—B¢+ãw [ 383.866055][ T9911] [U] µ˜À7¸ð‰Ï‹ BªûjÉ$ÏU-ñX§õœ&æ/?Ï2Ø`Â%œ±³Šw?óϺùÅ°hÚÞ\×w©‡ [ 383.874197][ T9911] [U] R!Cu+°‰½ò³ƒ‡·.ŠS96b>Ööï”ÝüÊ{ò [ 383.998770][ T9911] [U] oäP =í³jW5^%ÿW›\c _H@~Ί|lO[%‚ao [ 384.072046][ T9911] [U] kº˜À¢ƒUûÜîÉâdRÃ_ŠÙ?–ò.Y"Ô?oÜ ùìÅQµqD;°÷¨–`N¤óÄ0QBŒÉÛ²Œ* `ž@;^’§'¯§g±ù}ó5îr–†À>LÁŠ¥JØ+@<ÆÁÿcAU`A}}HðiÉ%Ê?Î`ÊzÇgýßaÊö/:¶}­?¯Ã4>Aœ.—U>Ê­X¿ q’çnš¼\›é2qŠº2Í}¼Æ¼cJFQ9mFd£ðÕŲGø8™y̵eÆFfÛq4Ñ\ÿZèù5¥¼²<ªÎ.Ý+7§&W^<°Rà^ÝŸãëawg¶¥W( [ 384.161282][ T9911] [U] (‹R¯D¡`{`c†~\VÄIhýP›Yƒúæ±îû/Œî ´›‹Vœñ;w­¼"Η,×zÅqîA¤FÑ91øIÕclr™–³nÈAqýâ`¤à—pÏhu‘§˜3®dsÅÀú«–ï >axÔ…Rm¿w\”2Lv½Jòe.6±Ì [ 384.175403][ T9911] [U] =ð\’2înï|OF¦ÏŠÑ`­zºi(¿kó­áÑ5©eÄ¢²ƒHW7Úgþ™"/¿³º§Muþ)*ßØ/Ë“%·ê‚jRU–TçmIJ7M•5úÏÍJ²HãˆÅ»Š [ 384.191635][ T9911] [U] ÁQ±U~A×Æ%Æz±Å [ 384.195844][ T9911] [U] o¹{¡\Ucî¤K!©>­o{ý…n(x/ [ 384.206967][ T9911] [U] ÐPDÙ›—9ÒÌë†Ï&¬ëà‰¨a4 ýáºk£ƒ0ê.`R¸~ám~(¾CÑ+²¶y7Ý&¨®¸Oï/-R÷R2¤ [ 384.221449][ T9911] [U] ªoj3KQÒu)Øn¥Î‡Ebùù=¤]$B$¹6üí;eŠ»çª [ 384.251579][ T9911] [U] P/ÿ΂?RŠ´~£T"ñDs6f"šàŒü~a$wBêN< 8®|{Áî—\ƒyg.LïĘ”«s»¢X [ 384.261521][ T9911] [U] ÄvÌV¶t‹ŽÛ³z?ÚúÔì«Î|Mü2ä [ 384.281669][ T9911] [U] Z³{:n«í¾úØîñ‰¹#cÓ98Jòk}G•=‚„\›f¥¼½dÉáÆÙ«]* IÑ—j0š¾ž[?žb2B±Ø›ÃiÑE§Š›ßT=¿þ‰Ÿù6` £°BJcFµ0ÚÙï#ñ6¡ r‡ŽWóÂÞE­ð¡Ã(à[—LªF²æᦺ qÀd·©I{ä  ±qb­ýM{dúóx*’3:Л„ŠµôÑU4¸Ää=É`K0øÓI²È [ 384.311623][ T9911] [U] ˜ýàÔ`íü8ÜÅÓ—Nh+½UZÁ–%¿nØ€3‘ìœ-ÄÄè¼êäõ5s$â6&®E [ 384.318976][ T9911] [U] ÀÝ‘J}R¥w¸ݬJ4v\&©ˆ9³í¶) [ 384.331735][ T9911] [U] ¿ðÇY‘ÖøÁ½u@óŠ%þÂóSŸ‰L“Ž<ðÿi”Ö¦ìÄW¤‚ðEºq*…èãýIÈãH [ 384.351318][ T9911] [U] ÁÃmV«.άnZ„tUØïN=EÍFË™ºý2~30<ôG³h [ 384.372073][ T9911] [U] *©íçÝr2PuÈ<.φj Tïõ^¾NHžr.j0â4‡2pN°)—ÿÒ:cú«û»ÑûL«`o®ÒJ90XΡÁ(`î\ ¢kjëÝG©LëÛE¿èÇqß93ÚÓ|íB¶Ú!-ÉõÁMù™¾âf!y-BäIë¨Xš‚>^™Æ_ßû®þ‰âã$ìLõtã5âÒˆäÍ­Vô±µ|6NÓ∠ä€ÖôÇëô;Ò¦Ö¨ÉúÊæ·øòÅoy*âÀÌ]Ù¾® «5GëµFqƒÂðý{Ñ‘ˆ†u-Å€“½¼‘4‡CD0ó==úœ%IEåúO†`è"SÈ&·¾¤é§¡Æ'á V×x¦D½`òœõ9‹áLÀýìEÆ^+–zí·RîÑë¤M¦! [ 384.401761][ T9911] [U] ¦†ýpn–º†c²åð©°N2Š3{þ§(Š?ïPbÇäÁzÓÔ‡ [ 384.408003][ T9911] [U] 9Á x§N«%É“R~1:OYØmåZ©¨¦?sL-µVi/é“°Íà«T4ÉìÕsTõ^k]Z{ah]í®!ìç :¿t!)©ë¿Þÿ¢Àó²tmؘÁræÚô Üæ,"‡ËðÓ ú1={¯N\ªõ”ð« [ 384.421947][ T9911] [U] …O<ïvÿƒéo¤ŠG;Q ¤Zî.š[7+Žè(öE iyì5y„€Ç‚N„`(À/XµdË® y«Øa‚¦b»BÉ4mºb°Ú):Îó;‹v¨ˆ\.]hSH¶Œ[D@ŸXØÕò“DþŠ.L$2®b+±‘.¦]Ut¿ø•[×,×€Õœº ˆjý]fvÒÞbf1R\\Ã÷\éë£xz‰uP,Lœ8Ü”,ôâÖ—BíîݶkEŸÏotK,@«!ýN™´G~%ÌZšõ‘ȲõiÔº"|uO)OÜk8?ؘa¢ôÔî3Jë!îA [ 384.446553][ T9911] [U] iS:¢E 5Éz¶ð8)ȤÃ?àûÈÕy»ÛDí¤ó5Ò¼Q,§ó`<)<”ß,•3ôB$2õt !é [ 384.454768][ T9911] [U] ã¤ÏTÞFâY†1[0•o¬äž&èܼÉá66'©óŠ.è0CÚ´=wôÃ7U*jÂ0x…ÍÑ^sBcä— 260 [ 401.674316][ T5847] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 401.689801][ T5847] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 401.689840][ T5847] Bluetooth: hci1: adv larger than maximum supported [ 401.697277][ T5847] Bluetooth: hci1: Malformed LE Event: 0x0d [ 402.591960][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 403.401295][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 403.407406][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 403.413670][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 404.079992][T10212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 404.110702][T10212] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 404.132654][T10212] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 404.140274][T10212] page_type: f5(slab) [ 404.193997][T10212] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 404.254784][T10212] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 404.281210][T10212] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 404.345999][T10212] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 404.430719][T10212] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 404.469106][T10212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 404.533911][T10212] page dumped because: unmovable page [ 404.539419][T10212] page_owner tracks the page as allocated [ 404.545843][T10212] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 404.567309][T10212] post_alloc_hook+0x181/0x1b0 [ 404.572227][T10212] get_page_from_freelist+0x1193/0x39b0 [ 404.578018][T10212] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 404.584121][T10212] alloc_pages_mpol+0x1fb/0x550 [ 404.589170][T10212] new_slab+0x23c/0x330 [ 404.593996][T10212] ___slab_alloc+0xd9c/0x1940 [ 404.598749][T10212] __slab_alloc.constprop.0+0x56/0xb0 [ 404.604421][T10212] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 404.618113][T10212] kmalloc_reserve+0xef/0x2c0 [ 404.622987][T10212] __alloc_skb+0x166/0x380 [ 404.627610][T10212] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 404.633379][T10212] process_one_work+0x9cc/0x1b70 [ 404.638524][T10212] worker_thread+0x6c8/0xf10 [ 404.645150][T10212] kthread+0x3c2/0x780 [ 404.649429][T10212] ret_from_fork+0x45/0x80 [ 404.657875][T10212] ret_from_fork_asm+0x1a/0x30 [ 404.693444][T10212] page last free pid 5826 tgid 5826 stack trace: [ 404.741277][T10212] __free_frozen_pages+0x69d/0xff0 [ 404.754912][T10212] __folio_put+0x329/0x450 [ 404.759667][T10212] skb_release_data+0x618/0x960 [ 404.800655][T10212] __kfree_skb+0x4f/0x70 [ 404.881392][T10212] tcp_ack+0x19b2/0x5c90 [ 404.885755][T10212] tcp_rcv_established+0xcf0/0x2180 [ 404.891007][T10212] tcp_v4_do_rcv+0x5ca/0xa90 [ 404.939102][T10212] __release_sock+0x31b/0x400 [ 404.969490][T10212] release_sock+0x5a/0x220 [ 404.999895][T10212] tcp_sendmsg+0x38/0x50 [ 405.030320][T10212] inet_sendmsg+0xb9/0x140 [ 405.040456][T10212] sock_write_iter+0x4aa/0x5b0 [ 405.054246][T10212] vfs_write+0x5ba/0x1180 [ 405.059180][T10212] ksys_write+0x205/0x240 [ 405.064266][T10212] do_syscall_64+0xcd/0x260 [ 405.070006][T10212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.802282][T10246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 405.823474][T10246] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 405.854359][T10246] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 405.893544][T10246] page_type: f5(slab) [ 405.919282][T10246] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 405.970605][T10246] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 406.024104][T10246] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 406.201177][T10246] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 406.331606][T10246] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 406.367748][T10246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 406.376667][T10246] page dumped because: unmovable page [ 406.382221][T10246] page_owner tracks the page as allocated [ 406.388062][T10246] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 406.411150][T10246] post_alloc_hook+0x181/0x1b0 [ 406.416006][T10246] get_page_from_freelist+0x1193/0x39b0 [ 406.431247][T10246] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 406.456869][T10246] alloc_pages_mpol+0x1fb/0x550 [ 406.475530][T10246] new_slab+0x23c/0x330 [ 406.479796][T10246] ___slab_alloc+0xd9c/0x1940 [ 406.525484][T10246] __slab_alloc.constprop.0+0x56/0xb0 [ 406.559784][T10246] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 406.571158][T10246] kmalloc_reserve+0xef/0x2c0 [ 406.575944][T10246] __alloc_skb+0x166/0x380 [ 406.620325][T10246] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 406.628010][T10246] process_one_work+0x9cc/0x1b70 [ 406.662314][T10246] worker_thread+0x6c8/0xf10 [ 406.711488][T10246] kthread+0x3c2/0x780 [ 406.732421][T10246] ret_from_fork+0x45/0x80 [ 406.753142][T10246] ret_from_fork_asm+0x1a/0x30 [ 406.772500][T10246] page last free pid 5826 tgid 5826 stack trace: [ 406.794682][T10246] __free_frozen_pages+0x69d/0xff0 [ 406.800095][T10246] __folio_put+0x329/0x450 [ 406.823059][T10246] skb_release_data+0x618/0x960 [ 406.828105][T10246] __kfree_skb+0x4f/0x70 [ 406.859012][T10246] tcp_ack+0x19b2/0x5c90 [ 406.886715][T10246] tcp_rcv_established+0xcf0/0x2180 [ 406.901294][T10246] tcp_v4_do_rcv+0x5ca/0xa90 [ 406.920064][T10246] __release_sock+0x31b/0x400 [ 406.943444][T10246] release_sock+0x5a/0x220 [ 406.976571][T10246] tcp_sendmsg+0x38/0x50 [ 406.981062][T10246] inet_sendmsg+0xb9/0x140 [ 406.985905][T10246] sock_write_iter+0x4aa/0x5b0 [ 406.990847][T10246] vfs_write+0x5ba/0x1180 [ 407.001466][T10246] ksys_write+0x205/0x240 [ 407.006010][T10246] do_syscall_64+0xcd/0x260 [ 407.010711][T10246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.273235][T10265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 407.298702][T10265] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 407.309310][T10265] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 407.325180][T10265] page_type: f5(slab) [ 407.341425][T10265] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 407.366712][T10265] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 407.434588][T10265] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 407.496554][T10265] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 407.525944][T10265] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 407.547890][T10265] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 407.572521][T10265] page dumped because: unmovable page [ 407.588798][T10265] page_owner tracks the page as allocated [ 407.596485][T10265] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 407.618151][T10265] post_alloc_hook+0x181/0x1b0 [ 407.623764][T10265] get_page_from_freelist+0x1193/0x39b0 [ 407.629633][T10265] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 407.636327][T10265] alloc_pages_mpol+0x1fb/0x550 [ 407.642325][T10265] new_slab+0x23c/0x330 [ 407.646643][T10265] ___slab_alloc+0xd9c/0x1940 [ 407.652113][T10265] __slab_alloc.constprop.0+0x56/0xb0 [ 407.657780][T10265] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 407.664921][T10265] kmalloc_reserve+0xef/0x2c0 [ 407.670007][T10265] __alloc_skb+0x166/0x380 [ 407.675144][T10265] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 407.680829][T10265] process_one_work+0x9cc/0x1b70 [ 407.685983][T10265] worker_thread+0x6c8/0xf10 [ 407.690641][T10265] kthread+0x3c2/0x780 [ 407.694892][T10265] ret_from_fork+0x45/0x80 [ 407.699392][T10265] ret_from_fork_asm+0x1a/0x30 [ 407.704296][T10265] page last free pid 5826 tgid 5826 stack trace: [ 407.710659][T10265] __free_frozen_pages+0x69d/0xff0 [ 407.715949][T10265] __folio_put+0x329/0x450 [ 407.720470][T10265] skb_release_data+0x618/0x960 [ 407.725456][T10265] __kfree_skb+0x4f/0x70 [ 407.729758][T10265] tcp_ack+0x19b2/0x5c90 [ 407.734222][T10265] tcp_rcv_established+0xcf0/0x2180 [ 407.739470][T10265] tcp_v4_do_rcv+0x5ca/0xa90 [ 407.744349][T10265] __release_sock+0x31b/0x400 [ 407.749094][T10265] release_sock+0x5a/0x220 [ 407.753693][T10265] tcp_sendmsg+0x38/0x50 [ 407.758006][T10265] inet_sendmsg+0xb9/0x140 [ 407.762589][T10265] sock_write_iter+0x4aa/0x5b0 [ 407.767432][T10265] vfs_write+0x5ba/0x1180 [ 407.772243][T10265] ksys_write+0x205/0x240 [ 407.776630][T10265] do_syscall_64+0xcd/0x260 [ 407.781275][T10265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.308314][T10283] program syz.3.1099 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 408.729853][T10290] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1102'. [ 409.663324][T10308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 409.778276][T10308] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 409.839636][T10308] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 410.017169][T10308] page_type: f5(slab) [ 410.046925][T10308] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 410.129029][T10308] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 410.159276][T10308] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 410.168455][T10308] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 410.177679][T10308] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 410.186838][T10308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 410.195957][T10308] page dumped because: unmovable page [ 410.201844][T10308] page_owner tracks the page as allocated [ 410.207692][T10308] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 410.231539][T10308] post_alloc_hook+0x181/0x1b0 [ 410.236393][T10308] get_page_from_freelist+0x1193/0x39b0 [ 410.242721][T10308] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 410.248699][T10308] alloc_pages_mpol+0x1fb/0x550 [ 410.261152][T10308] new_slab+0x23c/0x330 [ 410.271567][T10308] ___slab_alloc+0xd9c/0x1940 [ 410.286286][T10308] __slab_alloc.constprop.0+0x56/0xb0 [ 410.312739][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 410.368854][T10308] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 410.419610][T10308] kmalloc_reserve+0xef/0x2c0 [ 410.461783][T10308] __alloc_skb+0x166/0x380 [ 410.499728][T10308] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 410.545363][T10308] process_one_work+0x9cc/0x1b70 [ 410.588267][T10308] worker_thread+0x6c8/0xf10 [ 410.701234][T10308] kthread+0x3c2/0x780 [ 410.705413][T10308] ret_from_fork+0x45/0x80 [ 410.759464][T10308] ret_from_fork_asm+0x1a/0x30 [ 410.764495][T10308] page last free pid 5826 tgid 5826 stack trace: [ 410.770861][T10308] __free_frozen_pages+0x69d/0xff0 [ 410.776148][T10308] __folio_put+0x329/0x450 [ 410.780615][T10308] skb_release_data+0x618/0x960 [ 410.785587][T10308] __kfree_skb+0x4f/0x70 [ 410.790003][T10308] tcp_ack+0x19b2/0x5c90 [ 410.794349][T10308] tcp_rcv_established+0xcf0/0x2180 [ 410.799592][T10308] tcp_v4_do_rcv+0x5ca/0xa90 [ 410.804336][T10308] __release_sock+0x31b/0x400 [ 410.809077][T10308] release_sock+0x5a/0x220 [ 410.813607][T10308] tcp_sendmsg+0x38/0x50 [ 410.818185][T10308] inet_sendmsg+0xb9/0x140 [ 410.921263][T10308] sock_write_iter+0x4aa/0x5b0 [ 410.926139][T10308] vfs_write+0x5ba/0x1180 [ 410.930515][T10308] ksys_write+0x205/0x240 [ 410.995856][T10308] do_syscall_64+0xcd/0x260 [ 411.000474][T10308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.400081][T10346] program syz.0.1114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 413.873162][T10360] FAULT_INJECTION: forcing a failure. [ 413.873162][T10360] name failslab, interval 1, probability 0, space 0, times 0 [ 413.912946][T10360] CPU: 0 UID: 0 PID: 10360 Comm: syz.2.1121 Tainted: G S 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 413.912997][T10360] Tainted: [S]=CPU_OUT_OF_SPEC [ 413.913007][T10360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 413.913036][T10360] Call Trace: [ 413.913046][T10360] [ 413.913057][T10360] dump_stack_lvl+0x16c/0x1f0 [ 413.913106][T10360] should_fail_ex+0x512/0x640 [ 413.913141][T10360] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 413.913191][T10360] should_failslab+0xc2/0x120 [ 413.913219][T10360] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 413.913263][T10360] ? __proc_create+0xc3/0x8c0 [ 413.913293][T10360] ? __proc_create+0x2ce/0x8c0 [ 413.913329][T10360] __proc_create+0x2ce/0x8c0 [ 413.913361][T10360] ? __pfx___proc_create+0x10/0x10 [ 413.913393][T10360] ? insert_header+0xf8d/0x1480 [ 413.913426][T10360] ? __register_sysctl_table+0x736/0x1900 [ 413.913463][T10360] proc_create_reg+0x7d/0x180 [ 413.913500][T10360] proc_create_net_data+0x8e/0x1b0 [ 413.913534][T10360] ? __pfx_proc_create_net_data+0x10/0x10 [ 413.913568][T10360] ? __pfx___register_sysctl_table+0x10/0x10 [ 413.913600][T10360] ? is_module_address+0x69/0xf0 [ 413.913627][T10360] ? register_net_sysctl_sz+0x228/0x3e0 [ 413.913675][T10360] ? __pfx_nf_log_net_init+0x10/0x10 [ 413.913714][T10360] nf_log_net_init+0x69/0x450 [ 413.913754][T10360] ? __pfx_nf_log_net_init+0x10/0x10 [ 413.913791][T10360] ops_init+0x1df/0x5f0 [ 413.913837][T10360] setup_net+0x21e/0x850 [ 413.913880][T10360] ? __pfx_setup_net+0x10/0x10 [ 413.913917][T10360] ? lockdep_init_map_type+0x5c/0x280 [ 413.913964][T10360] ? __pfx_down_read_killable+0x10/0x10 [ 413.913997][T10360] ? debug_mutex_init+0x37/0x70 [ 413.914053][T10360] copy_net_ns+0x2a6/0x5f0 [ 413.914122][T10360] create_new_namespaces+0x3ea/0xad0 [ 413.914177][T10360] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 413.914229][T10360] ksys_unshare+0x45b/0xa40 [ 413.914278][T10360] ? __pfx_ksys_unshare+0x10/0x10 [ 413.914326][T10360] ? xfd_validate_state+0x5d/0x180 [ 413.914365][T10360] ? rcu_is_watching+0x12/0xc0 [ 413.914414][T10360] __x64_sys_unshare+0x31/0x40 [ 413.914462][T10360] do_syscall_64+0xcd/0x260 [ 413.914510][T10360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.914542][T10360] RIP: 0033:0x7fba4238d169 [ 413.914567][T10360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.914600][T10360] RSP: 002b:00007fba43149038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 413.914631][T10360] RAX: ffffffffffffffda RBX: 00007fba425a5fa0 RCX: 00007fba4238d169 [ 413.914651][T10360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 413.914670][T10360] RBP: 00007fba4240e990 R08: 0000000000000000 R09: 0000000000000000 [ 413.914689][T10360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.914707][T10360] R13: 0000000000000000 R14: 00007fba425a5fa0 R15: 00007ffdcbc35d48 [ 413.914748][T10360] [ 414.975319][T10381] FAULT_INJECTION: forcing a failure. [ 414.975319][T10381] name failslab, interval 1, probability 0, space 0, times 0 [ 415.049241][T10381] CPU: 0 UID: 0 PID: 10381 Comm: syz.3.1123 Tainted: G S 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 415.049295][T10381] Tainted: [S]=CPU_OUT_OF_SPEC [ 415.049307][T10381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 415.049326][T10381] Call Trace: [ 415.049336][T10381] [ 415.049348][T10381] dump_stack_lvl+0x16c/0x1f0 [ 415.049400][T10381] should_fail_ex+0x512/0x640 [ 415.049437][T10381] ? __kvmalloc_node_noprof+0x122/0x600 [ 415.049488][T10381] should_failslab+0xc2/0x120 [ 415.049518][T10381] __kvmalloc_node_noprof+0x135/0x600 [ 415.049566][T10381] ? io_alloc_cache_init+0x33/0x170 [ 415.049618][T10381] ? io_alloc_cache_init+0x33/0x170 [ 415.049660][T10381] io_alloc_cache_init+0x33/0x170 [ 415.049707][T10381] io_uring_setup+0x675/0x2090 [ 415.049746][T10381] ? __pfx_io_uring_setup+0x10/0x10 [ 415.049776][T10381] ? do_futex+0x122/0x350 [ 415.049822][T10381] ? __pfx_do_futex+0x10/0x10 [ 415.049890][T10381] ? rcu_is_watching+0x12/0xc0 [ 415.049950][T10381] __x64_sys_io_uring_setup+0xc2/0x170 [ 415.049986][T10381] do_syscall_64+0xcd/0x260 [ 415.050035][T10381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.050069][T10381] RIP: 0033:0x7fdfe3b8d169 [ 415.050093][T10381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.050125][T10381] RSP: 002b:00007fdfe4aaa038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 415.050157][T10381] RAX: ffffffffffffffda RBX: 00007fdfe3da5fa0 RCX: 00007fdfe3b8d169 [ 415.050179][T10381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 415.050198][T10381] RBP: 00007fdfe3c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 415.050217][T10381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 415.050236][T10381] R13: 0000000000000000 R14: 00007fdfe3da5fa0 R15: 00007ffcadd66f78 [ 415.050277][T10381] [ 415.311508][ T5847] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 417.610193][T10416] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1128'. [ 418.605327][T10443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 418.645053][T10443] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 418.688885][T10443] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 418.725469][T10443] page_type: f5(slab) [ 418.729695][T10443] raw: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 418.759893][T10443] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 418.796497][T10443] head: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 418.825795][T10443] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 418.835377][T10443] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 418.844760][T10443] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 418.855142][T10443] page dumped because: unmovable page [ 418.860714][T10443] page_owner tracks the page as allocated [ 418.875659][T10443] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 418.968163][T10443] post_alloc_hook+0x181/0x1b0 [ 418.981255][T10443] get_page_from_freelist+0x1193/0x39b0 [ 419.005900][T10443] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 419.028876][T10443] alloc_pages_mpol+0x1fb/0x550 [ 419.050682][T10443] new_slab+0x23c/0x330 [ 419.077446][T10443] ___slab_alloc+0xd9c/0x1940 [ 419.171275][T10443] __slab_alloc.constprop.0+0x56/0xb0 [ 419.228117][T10443] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 419.298815][T10443] kmalloc_reserve+0xef/0x2c0 [ 419.364045][T10443] __alloc_skb+0x166/0x380 [ 419.368625][T10443] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 419.387826][T10443] process_one_work+0x9cc/0x1b70 [ 419.395415][T10443] worker_thread+0x6c8/0xf10 [ 419.450948][T10443] kthread+0x3c2/0x780 [ 419.493075][T10443] ret_from_fork+0x45/0x80 [ 419.530744][T10443] ret_from_fork_asm+0x1a/0x30 [ 419.565429][T10443] page last free pid 5826 tgid 5826 stack trace: [ 419.706476][T10463] random: crng reseeded on system resumption [ 419.719896][T10443] __free_frozen_pages+0x69d/0xff0 [ 419.756036][T10443] __folio_put+0x329/0x450 [ 419.770534][T10443] skb_release_data+0x618/0x960 [ 419.802688][T10443] __kfree_skb+0x4f/0x70 [ 419.807273][T10443] tcp_ack+0x19b2/0x5c90 [ 419.814844][T10443] tcp_rcv_established+0xcf0/0x2180 [ 419.822588][T10443] tcp_v4_do_rcv+0x5ca/0xa90 [ 419.827559][T10443] __release_sock+0x31b/0x400 [ 419.836481][T10443] release_sock+0x5a/0x220 [ 419.842319][T10443] tcp_sendmsg+0x38/0x50 [ 419.846767][T10443] inet_sendmsg+0xb9/0x140 [ 419.855574][T10443] sock_write_iter+0x4aa/0x5b0 [ 419.860751][T10443] vfs_write+0x5ba/0x1180 [ 419.865699][T10443] ksys_write+0x205/0x240 [ 419.871050][T10443] do_syscall_64+0xcd/0x260 [ 419.877285][T10443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.005323][T10515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 423.070897][T10515] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 423.099782][T10515] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 423.120324][T10515] page_type: f5(slab) [ 423.130595][T10515] raw: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 423.139348][T10515] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 423.148227][T10515] head: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 423.159715][T10515] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 423.169666][T10515] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 423.178674][T10515] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 423.188717][T10515] page dumped because: unmovable page [ 423.198863][T10515] page_owner tracks the page as allocated [ 423.208992][T10515] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 423.391688][T10515] post_alloc_hook+0x181/0x1b0 [ 423.421223][T10515] get_page_from_freelist+0x1193/0x39b0 [ 423.547631][T10515] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 423.661458][T10515] alloc_pages_mpol+0x1fb/0x550 [ 423.677533][T10515] new_slab+0x23c/0x330 [ 423.695007][T10515] ___slab_alloc+0xd9c/0x1940 [ 423.721379][T10515] __slab_alloc.constprop.0+0x56/0xb0 [ 423.726879][T10515] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 423.836060][T10515] kmalloc_reserve+0xef/0x2c0 [ 423.927409][T10515] __alloc_skb+0x166/0x380 [ 424.069729][T10515] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 424.101441][T10515] process_one_work+0x9cc/0x1b70 [ 424.149147][T10515] worker_thread+0x6c8/0xf10 [ 424.205654][T10515] kthread+0x3c2/0x780 [ 424.209819][T10515] ret_from_fork+0x45/0x80 [ 424.254819][T10515] ret_from_fork_asm+0x1a/0x30 [ 424.284836][T10515] page last free pid 5826 tgid 5826 stack trace: [ 424.318194][T10515] __free_frozen_pages+0x69d/0xff0 [ 424.336472][T10515] __folio_put+0x329/0x450 [ 424.356654][T10515] skb_release_data+0x618/0x960 [ 424.365906][T10515] __kfree_skb+0x4f/0x70 [ 424.392348][T10515] tcp_ack+0x19b2/0x5c90 [ 424.407659][T10515] tcp_rcv_established+0xcf0/0x2180 [ 424.413421][T10515] tcp_v4_do_rcv+0x5ca/0xa90 [ 424.421463][T10515] __release_sock+0x31b/0x400 [ 424.448243][T10515] release_sock+0x5a/0x220 [ 424.461373][T10515] tcp_sendmsg+0x38/0x50 [ 424.478990][T10515] inet_sendmsg+0xb9/0x140 [ 424.490556][T10515] sock_write_iter+0x4aa/0x5b0 [ 424.500702][T10515] vfs_write+0x5ba/0x1180 [ 424.530703][T10515] ksys_write+0x205/0x240 [ 424.541278][T10515] do_syscall_64+0xcd/0x260 [ 424.546341][T10515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.808472][T10547] program syz.3.1162 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 426.838327][T10579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 426.858154][T10579] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 426.907616][T10579] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 426.954318][T10579] page_type: f5(slab) [ 426.964828][T10579] raw: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 427.011716][T10579] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 427.090416][T10579] head: 00fff00000000040 ffff88801b442140 0000000000000000 0000000000000001 [ 427.118925][T10579] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 427.136788][T10579] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 427.148935][T10579] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 427.158816][T10579] page dumped because: unmovable page [ 427.167070][T10579] page_owner tracks the page as allocated [ 427.173825][T10579] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 427.195269][T10579] post_alloc_hook+0x181/0x1b0 [ 427.200332][T10579] get_page_from_freelist+0x1193/0x39b0 [ 427.265355][T10579] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 427.298416][T10579] alloc_pages_mpol+0x1fb/0x550 [ 427.310536][T10579] new_slab+0x23c/0x330 [ 427.331415][T10579] ___slab_alloc+0xd9c/0x1940 [ 427.344503][T10590] program syz.1.1173 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 427.349215][T10579] __slab_alloc.constprop.0+0x56/0xb0 [ 427.379175][T10579] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 427.411326][T10579] kmalloc_reserve+0xef/0x2c0 [ 427.416675][T10579] __alloc_skb+0x166/0x380 [ 427.431515][T10579] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 427.447632][T10579] process_one_work+0x9cc/0x1b70 [ 427.457552][T10579] worker_thread+0x6c8/0xf10 [ 427.463052][T10579] kthread+0x3c2/0x780 [ 427.479676][T10579] ret_from_fork+0x45/0x80 [ 427.495983][T10579] ret_from_fork_asm+0x1a/0x30 [ 427.507970][T10579] page last free pid 5826 tgid 5826 stack trace: [ 427.534632][T10579] __free_frozen_pages+0x69d/0xff0 [ 427.551425][T10579] __folio_put+0x329/0x450 [ 427.568760][T10579] skb_release_data+0x618/0x960 [ 427.577795][T10579] __kfree_skb+0x4f/0x70 [ 427.584925][T10579] tcp_ack+0x19b2/0x5c90 [ 427.589538][T10579] tcp_rcv_established+0xcf0/0x2180 [ 427.594883][T10579] tcp_v4_do_rcv+0x5ca/0xa90 [ 427.599838][T10579] __release_sock+0x31b/0x400 [ 427.604650][T10579] release_sock+0x5a/0x220 [ 427.609339][T10579] tcp_sendmsg+0x38/0x50 [ 427.613923][T10579] inet_sendmsg+0xb9/0x140 [ 427.619431][T10579] sock_write_iter+0x4aa/0x5b0 [ 427.626926][T10579] vfs_write+0x5ba/0x1180 [ 427.632949][T10579] ksys_write+0x205/0x240 [ 427.637642][T10579] do_syscall_64+0xcd/0x260 [ 427.655583][T10579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.805507][T10622] Invalid ELF header magic: != ELF [ 432.276212][T10667] program syz.0.1193 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 433.136632][T10676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1196'. [ 433.203420][T10676] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.2.1196: iget: checksum invalid [ 433.222414][T10676] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc1-syzkaller-00173-g0c7cae12f67c/regulatory.db failed with error -74 [ 433.265161][T10676] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.2.1196: iget: checksum invalid [ 433.307310][T10676] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 433.339334][T10676] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.2.1196: iget: checksum invalid [ 433.396020][T10676] platform regulatory.0: loading /lib/firmware/6.15.0-rc1-syzkaller-00173-g0c7cae12f67c/regulatory.db failed with error -74 [ 433.457987][T10676] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.2.1196: iget: checksum invalid [ 433.488587][T10676] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 433.502341][T10676] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 433.534018][T10678] program syz.0.1197 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 433.549289][T10676] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 434.920211][T10698] program syz.1.1203 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 435.404334][T10712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78808 [ 435.439613][T10712] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 435.491262][T10712] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 435.526735][T10712] page_type: f5(slab) [ 435.530836][T10712] raw: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 435.596682][T10712] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 435.621211][T10712] head: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 435.649463][T10712] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 435.676383][T10712] head: 00fff00000000003 ffffea0001e20201 00000000ffffffff 00000000ffffffff [ 435.685878][T10712] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 435.707676][T10712] page dumped because: unmovable page [ 435.713712][T10712] page_owner tracks the page as allocated [ 435.719758][T10712] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8055, tgid 8055 (kworker/u8:8), ts 259803783717, free_ts 259652207278 [ 435.788818][T10712] post_alloc_hook+0x181/0x1b0 [ 435.948698][T10712] get_page_from_freelist+0x1193/0x39b0 [ 435.974003][T10712] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 435.980013][T10712] alloc_pages_mpol+0x1fb/0x550 [ 436.062026][T10712] new_slab+0x23c/0x330 [ 436.066461][T10712] ___slab_alloc+0xd9c/0x1940 [ 436.091902][T10712] __slab_alloc.constprop.0+0x56/0xb0 [ 436.362731][T10712] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 436.425114][T10712] kmalloc_reserve+0xef/0x2c0 [ 436.452418][T10712] __alloc_skb+0x166/0x380 [ 436.488009][T10712] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 436.523138][T10712] process_one_work+0x9cc/0x1b70 [ 436.541266][T10712] worker_thread+0x6c8/0xf10 [ 436.546134][T10712] kthread+0x3c2/0x780 [ 436.561950][T10712] ret_from_fork+0x45/0x80 [ 436.566457][T10712] ret_from_fork_asm+0x1a/0x30 [ 436.571872][T10712] page last free pid 13 tgid 13 stack trace: [ 436.578010][T10712] __free_frozen_pages+0x69d/0xff0 [ 436.588661][T10712] __put_partials+0x16d/0x1c0 [ 436.594016][T10712] qlist_free_all+0x4e/0x120 [ 436.598814][T10712] kasan_quarantine_reduce+0x195/0x1e0 [ 436.604936][T10712] __kasan_slab_alloc+0x69/0x90 [ 436.609978][T10712] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 436.617012][T10712] gro_cells_destroy+0x32b/0x540 [ 436.623808][T10712] ip6gre_dev_free+0x19/0x30 [ 436.628474][T10712] netdev_run_todo+0x78c/0x1320 [ 436.634319][T10712] cleanup_net+0x59b/0xb30 [ 436.638817][T10712] process_one_work+0x9cc/0x1b70 [ 436.644556][T10712] worker_thread+0x6c8/0xf10 [ 436.649548][T10712] kthread+0x3c2/0x780 [ 436.654198][T10712] ret_from_fork+0x45/0x80 [ 436.658779][T10712] ret_from_fork_asm+0x1a/0x30 [ 437.080357][T10727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1210'. [ 437.114204][T10727] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.0.1210: iget: checksum invalid [ 437.161726][T10727] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc1-syzkaller-00173-g0c7cae12f67c/regulatory.db failed with error -74 [ 437.189574][T10727] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.0.1210: iget: checksum invalid [ 437.219350][T10730] program syz.2.1213 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 437.250987][T10727] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 437.310029][T10727] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.0.1210: iget: checksum invalid [ 437.400922][T10727] platform regulatory.0: loading /lib/firmware/6.15.0-rc1-syzkaller-00173-g0c7cae12f67c/regulatory.db failed with error -74 [ 437.498926][T10727] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.0.1210: iget: checksum invalid [ 437.512350][T10727] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 437.531448][T10727] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 437.595556][T10727] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 444.738397][ T30] audit: type=1800 audit(6039343618.101:14): pid=10832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1241" name="members" dev="configfs" ino=29073 res=0 errno=0 [ 445.156838][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.163274][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.881925][ T30] audit: type=1800 audit(6039343629.242:15): pid=10888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1263" name="members" dev="configfs" ino=29181 res=0 errno=0 [ 448.582221][T10898] can: request_module (can-proto-0) failed. [ 451.764651][ T30] audit: type=1800 audit(6039343641.136:16): pid=10939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1278" name="members" dev="configfs" ino=30279 res=0 errno=0 [ 452.182579][T10951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 452.264415][T10951] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 452.347149][T10951] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 452.381191][T10951] page_type: f5(slab) [ 452.385295][T10951] raw: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 452.476099][T10951] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 452.521777][T10951] head: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 452.561164][T10951] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 452.657311][T10951] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 452.688649][T10951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 452.721968][T10951] page dumped because: unmovable page [ 452.755512][T10951] page_owner tracks the page as allocated [ 452.771781][T10944] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[10944] [ 452.782479][T10951] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 452.841569][T10951] post_alloc_hook+0x181/0x1b0 [ 452.860114][T10951] get_page_from_freelist+0x1193/0x39b0 [ 452.886807][T10951] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 452.903840][T10951] alloc_pages_mpol+0x1fb/0x550 [ 452.908877][T10951] new_slab+0x23c/0x330 [ 452.966260][T10951] ___slab_alloc+0xd9c/0x1940 [ 452.984818][T10951] __slab_alloc.constprop.0+0x56/0xb0 [ 453.001625][T10951] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 453.024945][T10951] kmalloc_reserve+0xef/0x2c0 [ 453.029919][T10951] __alloc_skb+0x166/0x380 [ 453.090481][T10951] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 453.140884][T10951] process_one_work+0x9cc/0x1b70 [ 453.181204][T10951] worker_thread+0x6c8/0xf10 [ 453.208736][T10951] kthread+0x3c2/0x780 [ 453.218364][T10951] ret_from_fork+0x45/0x80 [ 453.224867][T10951] ret_from_fork_asm+0x1a/0x30 [ 453.238393][T10951] page last free pid 5826 tgid 5826 stack trace: [ 453.263898][T10951] __free_frozen_pages+0x69d/0xff0 [ 453.314824][T10951] __folio_put+0x329/0x450 [ 453.319342][T10951] skb_release_data+0x618/0x960 [ 453.406566][T10951] __kfree_skb+0x4f/0x70 [ 453.442929][T10951] tcp_ack+0x19b2/0x5c90 [ 453.447405][T10951] tcp_rcv_established+0xcf0/0x2180 [ 453.480714][T10951] tcp_v4_do_rcv+0x5ca/0xa90 [ 453.498837][T10951] __release_sock+0x31b/0x400 [ 453.507697][T10951] release_sock+0x5a/0x220 [ 453.513842][T10951] tcp_sendmsg+0x38/0x50 [ 453.552057][T10951] inet_sendmsg+0xb9/0x140 [ 453.606303][T10951] sock_write_iter+0x4aa/0x5b0 [ 453.641262][T10951] vfs_write+0x5ba/0x1180 [ 453.656209][T10951] ksys_write+0x205/0x240 [ 453.660628][T10951] do_syscall_64+0xcd/0x260 [ 453.721285][T10951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.323372][T11010] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1297'. [ 457.094094][T10982] kexec: Could not allocate control_code_buffer [ 457.349633][T11015] busy [ 458.315841][T11035] can: request_module (can-proto-0) failed. [ 460.040082][T11042] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[11042] [ 461.233159][T11077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 461.271261][T11077] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 461.381173][T11077] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 461.450679][T11077] page_type: f5(slab) [ 461.467815][T11077] raw: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 461.570408][T11077] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 461.638509][T11077] head: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 461.694386][T11077] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 461.754450][T11077] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 461.824113][T11077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 461.844581][T11077] page dumped because: unmovable page [ 461.878214][T11077] page_owner tracks the page as allocated [ 461.905834][T11077] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 461.926860][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.946006][T11077] post_alloc_hook+0x181/0x1b0 [ 461.950869][T11077] get_page_from_freelist+0x1193/0x39b0 [ 461.958158][T11077] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 461.969876][T11077] alloc_pages_mpol+0x1fb/0x550 [ 461.976033][T11077] new_slab+0x23c/0x330 [ 461.980609][T11077] ___slab_alloc+0xd9c/0x1940 [ 461.988404][T11077] __slab_alloc.constprop.0+0x56/0xb0 [ 462.093426][T11077] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 462.137062][T11077] kmalloc_reserve+0xef/0x2c0 [ 462.217418][T11077] __alloc_skb+0x166/0x380 [ 462.256803][T11077] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 462.269861][T11077] process_one_work+0x9cc/0x1b70 [ 462.279154][T11077] worker_thread+0x6c8/0xf10 [ 462.284418][T11077] kthread+0x3c2/0x780 [ 462.288559][T11077] ret_from_fork+0x45/0x80 [ 462.297626][T11077] ret_from_fork_asm+0x1a/0x30 [ 462.303717][T11077] page last free pid 5826 tgid 5826 stack trace: [ 462.310134][T11077] __free_frozen_pages+0x69d/0xff0 [ 462.316204][T11077] __folio_put+0x329/0x450 [ 462.320727][T11077] skb_release_data+0x618/0x960 [ 462.326776][T11077] __kfree_skb+0x4f/0x70 [ 462.331751][T11077] tcp_ack+0x19b2/0x5c90 [ 462.336172][T11077] tcp_rcv_established+0xcf0/0x2180 [ 462.342023][T11077] tcp_v4_do_rcv+0x5ca/0xa90 [ 462.346797][T11077] __release_sock+0x31b/0x400 [ 462.352451][T11077] release_sock+0x5a/0x220 [ 462.357475][T11077] tcp_sendmsg+0x38/0x50 [ 462.362612][T11077] inet_sendmsg+0xb9/0x140 [ 462.367299][T11077] sock_write_iter+0x4aa/0x5b0 [ 462.372788][T11077] vfs_write+0x5ba/0x1180 [ 462.377311][T11077] ksys_write+0x205/0x240 [ 462.382253][T11077] do_syscall_64+0xcd/0x260 [ 462.386835][T11077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.480074][T11078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 462.495977][T11078] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 462.505491][T11078] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 462.516247][T11078] page_type: f5(slab) [ 462.520304][T11078] raw: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 462.529369][T11078] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 462.540216][T11078] head: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 462.549145][T11078] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 462.559252][T11078] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 462.568236][T11078] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 462.579681][T11078] page dumped because: unmovable page [ 462.585246][T11078] page_owner tracks the page as allocated [ 462.591937][T11078] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 462.612937][ C0] vkms_vblank_simulate: vblank timer overrun [ 462.691868][T11078] post_alloc_hook+0x181/0x1b0 [ 462.696787][T11078] get_page_from_freelist+0x1193/0x39b0 [ 462.730545][T11078] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 462.747024][T11078] alloc_pages_mpol+0x1fb/0x550 [ 462.754369][T11078] new_slab+0x23c/0x330 [ 462.768508][T11078] ___slab_alloc+0xd9c/0x1940 [ 462.781183][T11078] __slab_alloc.constprop.0+0x56/0xb0 [ 462.790165][T11078] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 462.807029][T11078] kmalloc_reserve+0xef/0x2c0 [ 462.823096][T11078] __alloc_skb+0x166/0x380 [ 462.830633][T11078] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 462.850139][T11078] process_one_work+0x9cc/0x1b70 [ 462.863050][T11078] worker_thread+0x6c8/0xf10 [ 462.867742][T11078] kthread+0x3c2/0x780 [ 462.883217][T11078] ret_from_fork+0x45/0x80 [ 462.887738][T11078] ret_from_fork_asm+0x1a/0x30 [ 462.933169][T11078] page last free pid 5826 tgid 5826 stack trace: [ 462.943479][T11078] __free_frozen_pages+0x69d/0xff0 [ 462.951632][T11078] __folio_put+0x329/0x450 [ 462.956137][T11078] skb_release_data+0x618/0x960 [ 462.978724][T11078] __kfree_skb+0x4f/0x70 [ 462.987812][T11078] tcp_ack+0x19b2/0x5c90 [ 462.997928][T11078] tcp_rcv_established+0xcf0/0x2180 [ 463.011205][T11078] tcp_v4_do_rcv+0x5ca/0xa90 [ 463.018124][T11078] __release_sock+0x31b/0x400 [ 463.041259][T11078] release_sock+0x5a/0x220 [ 463.045812][T11078] tcp_sendmsg+0x38/0x50 [ 463.050107][T11078] inet_sendmsg+0xb9/0x140 [ 463.061231][T11078] sock_write_iter+0x4aa/0x5b0 [ 463.066279][T11078] vfs_write+0x5ba/0x1180 [ 463.070687][T11078] ksys_write+0x205/0x240 [ 463.108999][T11078] do_syscall_64+0xcd/0x260 [ 463.113738][T11078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.960035][T11139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 465.999719][T11139] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 466.081280][T11139] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 466.119899][T11139] page_type: f5(slab) [ 466.152001][T11139] raw: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 466.164249][T11139] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 466.235368][T11139] head: 00fff00000000040 ffff88801b442140 0000000000000000 dead000000000001 [ 466.315490][T11139] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 466.369554][T11139] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 466.418206][T11139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 466.489355][T11139] page dumped because: unmovable page [ 466.526933][T11139] page_owner tracks the page as allocated [ 466.640049][T11139] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4276, tgid 4276 (kworker/u8:7), ts 393544402318, free_ts 393522938827 [ 466.801122][T11139] post_alloc_hook+0x181/0x1b0 [ 466.806011][T11139] get_page_from_freelist+0x1193/0x39b0 [ 466.907575][T11139] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 466.950237][T11139] alloc_pages_mpol+0x1fb/0x550 [ 467.244117][T11139] new_slab+0x23c/0x330 [ 467.248391][T11139] ___slab_alloc+0xd9c/0x1940 [ 467.333523][T11139] __slab_alloc.constprop.0+0x56/0xb0 [ 467.375909][T11139] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 467.451146][T11139] kmalloc_reserve+0xef/0x2c0 [ 467.503719][T11139] __alloc_skb+0x166/0x380 [ 467.544089][T11139] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 467.590574][T11139] process_one_work+0x9cc/0x1b70 [ 467.641326][T11139] worker_thread+0x6c8/0xf10 [ 467.646055][T11139] kthread+0x3c2/0x780 [ 467.650177][T11139] ret_from_fork+0x45/0x80 [ 467.696973][T11139] ret_from_fork_asm+0x1a/0x30 [ 467.725257][T11139] page last free pid 5826 tgid 5826 stack trace: [ 467.755427][T11139] __free_frozen_pages+0x69d/0xff0 [ 467.760697][T11139] __folio_put+0x329/0x450 [ 467.801422][T11139] skb_release_data+0x618/0x960 [ 467.806385][T11139] __kfree_skb+0x4f/0x70 [ 467.810751][T11139] tcp_ack+0x19b2/0x5c90 [ 467.871449][T11139] tcp_rcv_established+0xcf0/0x2180 [ 467.877195][T11139] tcp_v4_do_rcv+0x5ca/0xa90 [ 467.901211][T11139] __release_sock+0x31b/0x400 [ 467.906004][T11139] release_sock+0x5a/0x220 [ 467.919591][T11139] tcp_sendmsg+0x38/0x50 [ 467.926286][T11139] inet_sendmsg+0xb9/0x140 [ 467.930758][T11139] sock_write_iter+0x4aa/0x5b0 [ 467.937470][T11139] vfs_write+0x5ba/0x1180 [ 467.944443][T11139] ksys_write+0x205/0x240 [ 467.948989][T11139] do_syscall_64+0xcd/0x260 [ 467.955531][T11139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.214048][T11163] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 469.244696][T11163] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 469.281781][T11163] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 469.288162][T11163] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 469.311865][T11178] openvswitch: netlink: IP tunnel dst address not specified [ 471.071198][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 471.311210][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 471.311597][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 471.317654][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 471.731155][ T30] audit: type=1800 audit(6039343661.086:17): pid=11211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1351" name="members" dev="configfs" ino=31877 res=0 errno=0 [ 472.509389][T11227] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078800000 pfn:0x78800 [ 472.646645][T11227] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 472.718469][T11227] raw: 00fff00000002000 ffffea0000ea8dc8 ffffea0001e20048 0000000000000000 [ 472.781259][T11227] raw: ffff888078800000 0000000000000000 00000001ffffffff 0000000000000000 [ 472.825541][T11227] page dumped because: unmovable page [ 472.866190][T11227] page_owner tracks the page as allocated [ 472.939145][T11227] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x10cc0(GFP_KERNEL|__GFP_NORETRY), pid 11216, tgid 11215 (syz.0.1353), ts 471849126815, free_ts 472889930022 [ 473.074685][T11227] post_alloc_hook+0x181/0x1b0 [ 473.085074][T11216] kexec: Could not allocate control_code_buffer [ 473.091660][T11227] get_page_from_freelist+0x1193/0x39b0 [ 473.119739][T11227] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 473.162415][T11227] alloc_pages_mpol+0x1fb/0x550 [ 473.186105][T11227] new_slab+0x23c/0x330 [ 473.202148][T11227] ___slab_alloc+0xd9c/0x1940 [ 473.269324][T11227] __slab_alloc.constprop.0+0x56/0xb0 [ 473.306535][T11227] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 473.349906][T11227] kmalloc_reserve+0xef/0x2c0 [ 473.370121][T11227] __alloc_skb+0x166/0x380 [ 473.392939][T11227] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 473.415784][T11227] process_one_work+0x9cc/0x1b70 [ 473.464298][T11227] worker_thread+0x6c8/0xf10 [ 473.508617][T11227] kthread+0x3c2/0x780 [ 473.526642][T11227] ret_from_fork+0x45/0x80 [ 473.641167][T11227] ret_from_fork_asm+0x1a/0x30 [ 473.646050][T11227] page last free pid 11216 tgid 11215 stack trace: [ 473.731172][T11227] __free_frozen_pages+0x69d/0xff0 [ 473.736404][T11227] kimage_free_page_list+0x130/0x230 [ 473.779579][T11227] kimage_alloc_control_pages+0x3b3/0x910 [ 473.788906][T11227] do_kexec_load+0x480/0x8d0 [ 473.819259][T11227] __x64_sys_kexec_load+0x1bf/0x230 [ 473.833982][T11227] do_syscall_64+0xcd/0x260 [ 473.856734][T11227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.154438][ T30] audit: type=1800 audit(6039343665.526:18): pid=11266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1365" name="members" dev="configfs" ino=31021 res=0 errno=0 [ 478.605752][T11305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1377'. [ 479.597709][ T30] audit: type=1800 audit(6039343668.966:19): pid=11315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1378" name="members" dev="configfs" ino=32128 res=0 errno=0 [ 483.491723][T11374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1389'. [ 483.615073][ T30] audit: type=1800 audit(6039343672.966:20): pid=11373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1392" name="members" dev="configfs" ino=31181 res=0 errno=0 [ 486.639118][ T30] audit: type=1800 audit(6039343676.006:21): pid=11418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1405" name="members" dev="configfs" ino=32397 res=0 errno=0 [ 486.884906][T11430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78800 [ 486.903074][T11430] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 486.915137][T11430] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 486.942330][T11430] page_type: f5(slab) [ 486.951542][T11430] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 486.960213][T11430] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 486.975156][T11430] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 486.984926][T11430] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 487.019916][T11430] head: 00fff00000000003 ffffea0001e20001 00000000ffffffff 00000000ffffffff [ 487.040463][T11430] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 487.051929][T11430] page dumped because: unmovable page [ 487.057629][T11430] page_owner tracks the page as allocated [ 487.064109][T11430] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 36, tgid 36 (kworker/u8:2), ts 473025923899, free_ts 472889930022 [ 487.102375][T11430] post_alloc_hook+0x181/0x1b0 [ 487.111439][T11430] get_page_from_freelist+0x1193/0x39b0 [ 487.117204][T11430] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 487.123234][T11430] alloc_pages_mpol+0x1fb/0x550 [ 487.131157][T11430] new_slab+0x23c/0x330 [ 487.135406][T11430] ___slab_alloc+0xd9c/0x1940 [ 487.141496][T11430] __slab_alloc.constprop.0+0x56/0xb0 [ 487.159667][T11430] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 487.180355][T11430] kmalloc_reserve+0xef/0x2c0 [ 487.198756][T11430] __alloc_skb+0x166/0x380 [ 487.219235][T11430] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 487.282980][T11424] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 487.284275][T11430] process_one_work+0x9cc/0x1b70 [ 487.295181][T11424] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 487.308076][T11424] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 487.315943][T11430] worker_thread+0x6c8/0xf10 [ 487.321263][T11424] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 487.333553][T11430] kthread+0x3c2/0x780 [ 487.361587][T11430] ret_from_fork+0x45/0x80 [ 487.366117][T11430] ret_from_fork_asm+0x1a/0x30 [ 487.391443][T11430] page last free pid 11216 tgid 11215 stack trace: [ 487.408492][T11430] __free_frozen_pages+0x69d/0xff0 [ 487.418601][T11430] kimage_free_page_list+0x130/0x230 [ 487.431261][T11430] kimage_alloc_control_pages+0x3b3/0x910 [ 487.439392][T11430] do_kexec_load+0x480/0x8d0 [ 487.447174][T11430] __x64_sys_kexec_load+0x1bf/0x230 [ 487.453511][T11430] do_syscall_64+0xcd/0x260 [ 487.458276][T11430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.911333][T11214] Bluetooth: hci0: command 0x0c1a tx timeout [ 489.263647][T11459] openvswitch: netlink: IP tunnel dst address not specified [ 489.311213][T11214] Bluetooth: hci2: command 0x0c1a tx timeout [ 489.317307][ T30] audit: type=1800 audit(6039343678.686:22): pid=11468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1420" name="members" dev="configfs" ino=32523 res=0 errno=0 [ 489.337715][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 489.391252][T11214] Bluetooth: hci3: command 0x0c1a tx timeout [ 492.123196][ T30] audit: type=1800 audit(6039343681.496:23): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1434" name="members" dev="configfs" ino=32605 res=0 errno=0 [ 492.143495][ C1] vkms_vblank_simulate: vblank timer overrun [ 493.545326][T11523] openvswitch: netlink: IP tunnel dst address not specified [ 494.530839][ T30] audit: type=1800 audit(6039343683.896:24): pid=11557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1449" name="members" dev="configfs" ino=31590 res=0 errno=0 [ 495.047207][T11569] program syz.2.1453 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 496.253402][T11582] program syz.3.1458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 496.605118][ T30] audit: type=1800 audit(6039343685.976:25): pid=11587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1461" name="members" dev="configfs" ino=31635 res=0 errno=0 [ 496.897929][T11595] program syz.1.1464 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 499.103235][T11624] program syz.0.1471 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 499.390910][T11629] program syz.2.1476 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 499.640980][ T30] audit: type=1800 audit(6039343688.986:26): pid=11622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1473" name="members" dev="configfs" ino=31729 res=0 errno=0 [ 499.661316][ C1] vkms_vblank_simulate: vblank timer overrun [ 501.803375][T11664] program syz.2.1485 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 502.186533][T11669] program syz.3.1489 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 502.938321][ T30] audit: type=1800 audit(6039343692.286:27): pid=11685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1498" name="members" dev="configfs" ino=33896 res=0 errno=0 [ 503.259825][T11699] program syz.1.1503 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 504.697210][ T30] audit: type=1800 audit(6039343694.066:28): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1510" name="members" dev="configfs" ino=33094 res=0 errno=0 [ 505.000351][T11734] program syz.0.1516 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 506.421273][T11769] program syz.3.1530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 506.537896][ T30] audit: type=1800 audit(6039343695.906:29): pid=11766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1528" name="members" dev="configfs" ino=33205 res=0 errno=0 [ 506.597414][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.604460][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.910807][T11784] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1536'. [ 507.947590][ T30] audit: type=1800 audit(6039343697.316:30): pid=11807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1544" name="members" dev="configfs" ino=34121 res=0 errno=0 [ 508.132688][T11814] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1546'. [ 509.619492][ T30] audit: type=1800 audit(6039343698.966:31): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1556" name="members" dev="configfs" ino=33321 res=0 errno=0 [ 509.796912][T11850] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1558'. [ 511.384276][T11885] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1569'. [ 511.669761][T11891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1570'. [ 513.324277][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.350966][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.377299][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.400294][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.441001][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.467040][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.512479][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.520343][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.588712][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 513.631522][T11917] netlink: 'syz.3.1579': attribute type 11 has an invalid length. [ 515.933818][T11957] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1590'. [ 518.061444][T11995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1599'. [ 520.107841][T12016] [ 520.110230][T12016] ====================================================== [ 520.117246][T12016] WARNING: possible circular locking dependency detected [ 520.124266][T12016] 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 Tainted: G S [ 520.132942][T12016] ------------------------------------------------------ [ 520.139959][T12016] syz.0.1607/12016 is trying to acquire lock: [ 520.146024][T12016] ffff888034c55658 (sk_lock-AF_INET){+.+.}-{0:0}, at: sockopt_lock_sock+0x54/0x70 [ 520.155299][T12016] [ 520.155299][T12016] but task is already holding lock: [ 520.162666][T12016] ffffffff9012dae8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xf6/0x3240 [ 520.171564][T12016] [ 520.171564][T12016] which lock already depends on the new lock. [ 520.171564][T12016] [ 520.181969][T12016] [ 520.181969][T12016] the existing dependency chain (in reverse order) is: [ 520.191001][T12016] [ 520.191001][T12016] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 520.198228][T12016] __mutex_lock+0x199/0xb90 [ 520.203295][T12016] smc_vlan_by_tcpsk+0x251/0x620 [ 520.208776][T12016] __smc_connect+0x44b/0x4880 [ 520.213991][T12016] smc_connect+0x2fc/0x760 [ 520.218944][T12016] __sys_connect_file+0x13e/0x1a0 [ 520.224506][T12016] __sys_connect+0x14d/0x170 [ 520.229630][T12016] __x64_sys_connect+0x72/0xb0 [ 520.234931][T12016] do_syscall_64+0xcd/0x260 [ 520.239981][T12016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.246431][T12016] [ 520.246431][T12016] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 520.254107][T12016] __lock_acquire+0x1173/0x1ba0 [ 520.259511][T12016] lock_acquire+0x179/0x350 [ 520.264546][T12016] lock_sock_nested+0x41/0xf0 [ 520.269860][T12016] sockopt_lock_sock+0x54/0x70 [ 520.275168][T12016] do_ip_setsockopt+0xfe/0x3240 [ 520.280573][T12016] ip_setsockopt+0x59/0xf0 [ 520.285528][T12016] dccp_setsockopt+0xfa/0x970 [ 520.290746][T12016] do_sock_setsockopt+0x221/0x470 [ 520.296320][T12016] __sys_setsockopt+0x1a0/0x230 [ 520.301714][T12016] __x64_sys_setsockopt+0xbd/0x160 [ 520.307457][T12016] do_syscall_64+0xcd/0x260 [ 520.312511][T12016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.318942][T12016] [ 520.318942][T12016] other info that might help us debug this: [ 520.318942][T12016] [ 520.329260][T12016] Possible unsafe locking scenario: [ 520.329260][T12016] [ 520.336713][T12016] CPU0 CPU1 [ 520.342085][T12016] ---- ---- [ 520.347453][T12016] lock(rtnl_mutex); [ 520.351452][T12016] lock(sk_lock-AF_INET); [ 520.358402][T12016] lock(rtnl_mutex); [ 520.364918][T12016] lock(sk_lock-AF_INET); [ 520.369348][T12016] [ 520.369348][T12016] *** DEADLOCK *** [ 520.369348][T12016] [ 520.377494][T12016] 1 lock held by syz.0.1607/12016: [ 520.382610][T12016] #0: ffffffff9012dae8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xf6/0x3240 [ 520.391963][T12016] [ 520.391963][T12016] stack backtrace: [ 520.397889][T12016] CPU: 0 UID: 0 PID: 12016 Comm: syz.0.1607 Tainted: G S 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 520.397929][T12016] Tainted: [S]=CPU_OUT_OF_SPEC [ 520.397939][T12016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 520.397955][T12016] Call Trace: [ 520.397964][T12016] [ 520.397973][T12016] dump_stack_lvl+0x116/0x1f0 [ 520.398013][T12016] print_circular_bug+0x275/0x350 [ 520.398056][T12016] check_noncircular+0x14c/0x170 [ 520.398101][T12016] __lock_acquire+0x1173/0x1ba0 [ 520.398150][T12016] lock_acquire+0x179/0x350 [ 520.398171][T12016] ? sockopt_lock_sock+0x54/0x70 [ 520.398209][T12016] lock_sock_nested+0x41/0xf0 [ 520.398241][T12016] ? sockopt_lock_sock+0x54/0x70 [ 520.398273][T12016] sockopt_lock_sock+0x54/0x70 [ 520.398305][T12016] do_ip_setsockopt+0xfe/0x3240 [ 520.398332][T12016] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 520.398361][T12016] ? __pfx___might_resched+0x10/0x10 [ 520.398400][T12016] ip_setsockopt+0x59/0xf0 [ 520.398424][T12016] dccp_setsockopt+0xfa/0x970 [ 520.398460][T12016] ? __pfx_dccp_setsockopt+0x10/0x10 [ 520.398492][T12016] ? errseq_sample+0x53/0x70 [ 520.398524][T12016] ? sock_common_setsockopt+0x2e/0xf0 [ 520.398564][T12016] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 520.398603][T12016] do_sock_setsockopt+0x221/0x470 [ 520.398642][T12016] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 520.398690][T12016] __sys_setsockopt+0x1a0/0x230 [ 520.398723][T12016] __x64_sys_setsockopt+0xbd/0x160 [ 520.398753][T12016] ? do_syscall_64+0x91/0x260 [ 520.398790][T12016] ? lockdep_hardirqs_on+0x7c/0x110 [ 520.398825][T12016] do_syscall_64+0xcd/0x260 [ 520.398870][T12016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.398896][T12016] RIP: 0033:0x7f6b07f8d169 [ 520.398917][T12016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.398942][T12016] RSP: 002b:00007f6b08d41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 520.398965][T12016] RAX: ffffffffffffffda RBX: 00007f6b081a5fa0 RCX: 00007f6b07f8d169 [ 520.398983][T12016] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000007 [ 520.398998][T12016] RBP: 00007f6b0800e990 R08: 0000000000000003 R09: 0000000000000000 [ 520.399013][T12016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.399028][T12016] R13: 0000000000000000 R14: 00007f6b081a5fa0 R15: 00007fff1a9b6ee8 [ 520.399052][T12016]