last executing test programs: 6.676091985s ago: executing program 3 (id=492): mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0x8000000000000eb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0021f00", @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.372997452s ago: executing program 3 (id=494): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x3, 0x0, 0xab77, 0x9}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0x18, 0xa, 0x1) r2 = io_uring_setup$auto(0x80, &(0x7f0000000000)={0x0, 0x3, 0x9, 0x4, 0x9, 0x3, r1, [0x200, 0x80000001, 0x9], {0xff, 0x3e2f0c75, 0x10, 0x707b, 0x5, 0x2, 0x1, 0x2, 0x314}, {0x0, 0x8, 0x7, 0x800, 0x4, 0x0, 0x5, 0x9, 0x7fff}}) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r3 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r2, 0x8004b709, &(0x7f0000000080)=0x7ff) prctl$auto(0x0, 0xa4, r3, 0x0, 0xfffffffffffffff7) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) getsockopt$auto_SO_MARK(r4, 0x0, 0x24, &(0x7f00000000c0)='/dev/sequencer2\x00', &(0x7f0000000100)=0x8) ioctl$auto(r4, 0xc0045401, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYRES16, @ANYRES8, @ANYBLOB="64e6"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40814) ioctl$auto(r0, 0x89fd, 0x24) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0) preadv$auto(0x3, 0x0, 0x3, 0x10000, 0x10) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x82802, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 4.092634899s ago: executing program 0 (id=506): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/hid/drivers/zeroplus/uevent\x00', 0x121681, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) readahead$auto(r0, 0x4, 0x4) sysfs$auto(0x3, 0x401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x1c, &(0x7f00000000c0)={0x0, 0x8001}, 0x400000000000002, 0x0, 0x5, 0xfff}}, 0x7, 0x5, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) mprotect$auto(0x0, 0xe6a, 0x6) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty34\x00', 0x8000, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/controlC1\x00', 0x80, 0x0) ioctl$auto(r2, 0x80dc5521, r1) semctl$auto_GETNCNT(0x0, 0x0, 0xe, 0xa8) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f00000001c0)={{@raw=0x3, 0x100110d, 0xffff, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000000000000000040000660e070100", @raw=0x8}, 0x6, 0x0, 0x4, @inferred, @integer64={0x6, 0x4, 0x6}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) mmap$auto(0x800000000000001, 0x8020006, 0x4000000002df, 0xeb1, r1, 0x8000) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket(0x11, 0x3, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80880, 0x0) sendmsg$auto_ILA_CMD_DEL(0xffffffffffffffff, 0x0, 0x10) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) 4.084935766s ago: executing program 2 (id=507): socket(0xa, 0x3, 0x3a) (async) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) (async) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x1ff, 0x1001, 0x5, 0x717e, 0x0, 0x7, 0x200000000000003, 0xd, 0x2, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xfffffffffffffffe, 0x7, 0x10005, 0x7f, 0x2a2, 0x2, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x100000000000]}, 0x1fe, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd03, &(0x7f00000001c0)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) (async) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000400), 0x8000, 0x0) mmap$auto(0x2000000, 0x400008, 0xdf, 0x9b72, 0x100000000002, 0x8000) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) setgroups$auto(0xe32, 0x0) (async) open(0x0, 0x40, 0x0) (async) socket(0xa, 0x2, 0x0) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r1, 0x8, 0x400000000000006, 0x4) (async) umount2$auto(&(0x7f0000000080)='/dev/mapper/control\x00', 0x0) (async) rseq$auto(&(0x7f0000000000)={0x4, 0x7c, 0x7, 0x6, 0x8, 0x1, "50cad5fe762915f20216fb526f955018e6fb23e86b4fbdc2e849e7a9249dfed9eb58104305f4cbd6be2e1ea631465d3519bc06bd60254a66b16229ff3e030df27755ad2fb3c3ffe783"}, 0x7, 0x6, 0x3) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) (async) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) 3.844848178s ago: executing program 2 (id=508): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mbind$auto(0x20f5, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) 3.84323132s ago: executing program 1 (id=509): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_UI_SET_RELBIT(r0, 0x40045566, &(0x7f0000000040)=0xffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x840141, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) fcntl$auto_F_WRLCK(r1, 0x7, 0x1) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) r3 = socket(0x11, 0x0, 0x2) getsockopt$auto(r3, 0x107, 0xb, 0x0, 0x0) fstat$auto(0xffffffffffffffff, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/lockd/parameters/nlm_tcpport\x00', 0xc2481, 0x0) write$auto(r4, &(0x7f0000000040)='-\b\x1c\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x81) r5 = setfsgid$auto(0xee01) r6 = geteuid() r7 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) ioctl$auto(r7, 0x64cb, 0xffffffffffffffff) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0xfdc1, r6, 0x0, 0x81, 0xa0, 0x101, 0x7}, 0xc, 0x8, 0x8fad, 0xfb, @raw=0x81, @inferred=0xffffffffffffffff, 0x700, 0x0, 0x0, &(0x7f0000000240)="e7799d343ce9200bbdc7dbe0830bd6d792ca0e09ef7045ef9b5029d55849d21f43624efa5939b16128ecf139840cc0a75c271b623e1c7421fa45f47d1a847ff6738639c43fb168872d979466fb12f4661501b7e49d7b89e3db3e489717866df3561b5a"}) r11 = getegid() fchown$auto(r7, r8, r11) r12 = getegid() r13 = getgid() setresgid$auto(r11, r12, r13) shmctl$auto_SHM_UNLOCK(0x1ff, 0xc, &(0x7f0000000480)={{0xb, r6, r9, 0xa26, 0xee, 0x800, 0x400}, 0x3, 0x2, 0x3, 0x0, @raw=0x7, @inferred=r10, 0x401, 0x0, &(0x7f0000000380)="b323aec16c1ebabe4c8820c2f7a00a0b3c66a3078eb810aa579c17318dffb59340675b5136cd594214dbca650c8af39592d12f9cc9b2a952c234de292f161c4a0f14540bbb3230cb595de53b0d124ff3f5e6db949ef4a33dfaa7294b8a9a1e62e17521c5ca112426cd15e60bcc75e582a2fe40da872cc6999eb7b7aaf320ee9da3f9681e3be46060cd502cad7fab9c14af1e0be3c706ea6f2fb8fe4b92cd002577525ec88f8277f29f799d0d175c41a4ae2205557d0661d8331509e591535f865ba4795451ebe05577381c2ed4d695be61ad4b177a39c93cef32ddbe9d55c78b780abd8b743c", &(0x7f00000001c0)="b1982e8b9271459a216a7dd2984392819e50cee6ba02257d8006a7f7cdb3ca5c19f396ba79c33ae9a6"}) setresgid$auto(r5, r14, r13) fsconfig$auto(r2, 0x4, &(0x7f0000000080)='\x00', &(0x7f0000000100)="fb9bc162f4c7bf97707ae02096b64612af213f420ce93299b22c71e0994a1b269032aa4311f0cbdf7e1977ab82e0789e9a1212ab7c11590c11ea8911beff5c9fe1b50395ea40a1e3ac43fbf27821e79b33d6e6d0ed33a154f89bb2d70c7bb7d13b9fef47cc14df6eeb15841ddbec18370bfb8aa3190c05bf6e1c149448ca3cc25e4bd2774619f0c27a4b7694e59ec6b2", r5) ioctl$auto(0xffffffffffffffff, 0xc1205531, r2) 3.481421821s ago: executing program 1 (id=510): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) tkill$auto(0x0, 0x7) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) adjtimex$auto(&(0x7f0000000000)={0x1ff, 0x0, 0xff, 0x6, 0x8, 0x0, 0x10, 0x0, 0x2, 0xbf, 0x1f6a, {0x0, 0x3}, 0x9, 0x1, 0x2, 0x6, 0x0, 0x8, 0x545, 0x1, 0x0, 0x8}) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/nr_hugepages\x00', 0x68001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sched_setattr$auto(0x0, &(0x7f00000002c0)={0x9, 0x53, 0x3, 0xa9, 0x0, 0x8, 0x9, 0x7000000000, 0xb, 0x6}, 0x0) 3.284477314s ago: executing program 2 (id=511): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x141401, 0x0) r0 = socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) tee$auto(r0, r0, 0x2, 0x5) timerfd_create$auto(0x9, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x5, 0x7]}, 0x0, 0x0) 3.114590404s ago: executing program 2 (id=512): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xe0, 0x1000000ebe, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x5412, 0x38) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb-serial/drivers/xr_serial/new_id\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/dmi/id/product_name\x00', 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe3102, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) io_setup$auto(0x10000, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) socket(0x15, 0x5, 0x2) 3.092414928s ago: executing program 0 (id=513): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(r1, &(0x7f0000000000)='/dev/kvm\x00', 0x8) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f00000035c0), 0x181, 0x0) writev$auto(r2, &(0x7f0000004000)={0x0, 0x5}, 0x1) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.853624984s ago: executing program 3 (id=514): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = gettid() mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_setup$auto(0xc, 0x0) mkdir$auto(&(0x7f0000000540)='./file0\x00', 0x45dd) socket(0xf, 0x801, 0x84) r3 = io_uring_setup$auto(0x4, 0x0) io_uring_enter$auto(0x3, 0x0, 0x5, 0x3, 0x0, 0x2) kill$auto(r2, 0x11) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r5, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000140)={0x98, r4, 0xb77b02080cac5bcb, 0x70bd2c, 0x259fdbff, {}, [@ETHTOOL_A_MODULE_EEPROM_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2649d98d}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10001}]}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5}, @ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x49}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x6}]}, 0x98}}, 0x82) 2.71744372s ago: executing program 0 (id=515): sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={0xffffffffffffffff, r0, 0x2f}, 0x121) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x5) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x7fff}, 0x55) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto(r2, 0x0, 0xffffff7f) madvise$auto(0x7f, 0x7fff, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) prctl$auto(0x801, 0x1, 0x0, 0x3, 0xfffffffffffffffb) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x9, &(0x7f0000000100)={0x694f, 0x4, 0x2, 0x80, 0xbf, 0x1, 0xffffffffffffffff, [0x81, 0x1, 0x1], {0xffffffff, 0xb627, 0x1, 0x8, 0x0, 0x1, 0x1, 0xfffffff7, 0xa}, {0x8, 0x9f33, 0xb27, 0x3, 0x9, 0x9, 0xabd, 0x3, 0x9}}) socket(0x22, 0x2, 0x2) setsockopt$auto(0x7, 0x114, 0x3, 0xffffffffffffffff, 0xa0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) madvise$auto(0x7, 0x1, 0x7) read$auto(r3, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x181000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 2.454088649s ago: executing program 1 (id=516): rmdir$auto(&(0x7f0000000000)='./file0\x00') r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vgem/clients\x00', 0x4e0000, 0x0) getsockopt$auto_SO_INCOMING_CPU(r0, 0x3, 0x31, &(0x7f0000000080)=')@//\x00', &(0x7f00000000c0)=0x6) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptysa\x00', 0x1, 0x0) statx$auto(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x4, 0x3, &(0x7f0000000180)={0x3, 0x0, 0x6f, 0x9, 0xffffffffffffffff, 0x0, 0x3, 0x9, 0x1, 0x8, 0x200, 0x5, {0x6, 0x7}, {0x1000, 0x7}, {0x4d4}, {0x1, 0xb}, 0x80, 0x7fffffff, 0xfffffff9, 0x5, 0xffffffff, 0x1, 0x0, 0x8000000000000001, 0xe06, 0x0, 0x7, 0x5, [0xffffffff, 0x5, 0x6, 0x7f, 0x0, 0xffffffffffffffff, 0x9640, 0x9, 0x6]}) r4 = waitid$auto(0x6, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x5, &(0x7f0000000300)={{0x100000001, 0x4}, {0x9, 0x20002}, 0x7ff, 0x1ff, 0x3, 0x4, 0x7dbd, 0x9, 0x3, 0x0, 0xb, 0x0, 0x0, 0xfffffffffffffff7, 0x5, 0xffffffffffffff01}) shmctl$auto_IPC_STAT(0x6, 0x2, &(0x7f0000000500)={{0x1, 0xee01, r3, 0x8, 0x4, 0x7f, 0x9}, 0x5, 0x1, 0x9, 0x3, @inferred=r4, @inferred=0x0, 0x8, 0x0, &(0x7f00000003c0)="0a773410cec11823e44daaeadfa21c344a0a10daf301d235b786d6508d7672d6f2ec200aae42c214cf7e5915b21b24010060da52c646d1f410c846a57e644389b1fff05b59cdfbf3a8a120659e7109055348bdbe68629b396590c9ff5dfd8a9099c72741db0c944ecd0d0fa189", &(0x7f0000000440)="92cc633d0e3af81f8baba5c76b4eca814a733772d2656d1edabda3e8e32c899df4920203819ce91a6f7683a76c4f4fd2bf2cb5dd4a95479aae4034524b54bd9212023e40a6d1c3d058e783ab38520bd0b075e83d1ea7fcfe26bef0d45202b20a08c5f3ed3b55a2ce90c88c345d5286f34fa9fd64fdba9487136f88e3bea54023dc801d949ccf731eb0859fccb02a1ebc1343fa71bdd13a3b5fc50f4e1694d3952e39b01d6bf56cfebef0b39f6fe0d149ba4dace9feb7d1"}) r7 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/numa_maps\x00', 0x404040, 0x0) close_range$auto(r1, r7, 0x2) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f00000005c0), 0x200040, 0x0) r8 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000600)=@bpf_attr_1={r1, 0x1, @value=0x5, 0x3}, 0x200) r10 = open_tree_attr$auto(r8, &(0x7f00000006c0)='./file0\x00', 0x5, &(0x7f0000000700)={0xffff, 0x1, 0x92, @raw=0x7}, 0x3) ioctl$auto_X86_IOC_WRMSR_REGS(0xffffffffffffffff, 0xc02063a1, &(0x7f0000000740)=[0x83, 0x5, 0xfffff800, 0xffffff5a, 0x0, 0x1, 0xe, 0x55]) statmount$auto(&(0x7f0000000780)={0x8, @inferred=r10, 0x1, 0x6986, 0x7fffffff}, &(0x7f00000007c0)={0xfffffff7, 0xffffff81, 0x0, 0x5, 0x7fff, 0x7, 0x4, 0x62, 0x5, 0xb, 0x80000001, 0x10001, 0x7, 0xfffffffffffffff8, 0x6, 0x0, 0x0, 0x3, 0xe1f4, 0x800, 0x81, 0x4, 0x4, 0x9, 0x7f, 0x34, 0x0, 0x10001, 0xfffffffd, 0xd, 0x3, [0x7, 0x8, 0x9aef, 0x95, 0x3, 0x1, 0xf3a0, 0x1, 0x0, 0x59d, 0x7f, 0x7, 0xfffffffffffffff0, 0x5, 0x5, 0xfffffffffffffffc, 0x1c00000000, 0x8, 0x1, 0xffffffffffffff5d, 0x6, 0x4, 0x1565, 0x8000000000000001, 0xffffffff, 0x5, 0x9, 0x10, 0x4, 0x6, 0x5, 0x8ee6, 0x8, 0x6, 0x5, 0xa, 0x0, 0x80000001, 0x97, 0xfffffffffffff554, 0x0, 0x1, 0x550a], "e9b8e84525bc60d7fd0451d3c42500d614e0f0425c35ac4bea706813b4e2e669ce737b01bac049a35c73c553f58e22e364e024baec47c60e9cf0f546a3ccf1c7"}, 0x0, 0x7) r11 = set_tid_address$auto(&(0x7f0000000a00)=0x80) shmctl$auto_SHM_STAT_ANY(0x5, 0xf, &(0x7f0000000ac0)={{0x2, r2, r5, 0xfff, 0x2, 0x6, 0x7}, 0x80000000, 0x400, 0xfff, 0x7, @inferred=r11, @inferred=r6, 0x2, 0x0, &(0x7f0000000a40), &(0x7f0000000a80)="e623993423c7a4dbf01a859789b740f373f9c7057d19c53c6017e62957ba428f9698b9887e50ce24bfb3d5c0ff1aab168e954c7e0db6f2c34d4456ad"}) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(r8, 0xc0385868, &(0x7f0000000dc0)={r0, &(0x7f0000000b40)="ab469cffcdfae885f5f2059998fbfe3219cdaf1a300d2ccf2a3862f5f3128ccbb656d43e93730b52c3bb8fb7c6e621f6880ba8cd7ccd7be8f8457dc183bd74d4bf5debe029c630fab6f2df77a6cebad9ea4fb16f49afc2bb3ffa2a2c15a025a236d45cd0dc97ce51e7f761a97e839f3169a78ca4a8c87004579f64325d045187807a0b46585eef25ae7bcecae34e4666981fb18450e2275543deffb8d1c91bb212aa1cbfb3fe5e92caba1d5a3df5f3e41a85607cc0c51554e28f73bc249775c34b4913609a", 0x9, &(0x7f0000000c40)="d4a24ce27d2765de778261e459aed95c7df70bf7fbff665b4bdcaa6afc6bc1884159eae49d5375f06a288929fbf5b33a74efd666d1f34e1c2f48cc01c240dbe7aa0bef60a45d2b71380a71f0407bca095fd08b7d402335e0c85b3a49a36ecc3e61f5b7b97506e62a7b4ec9c1fe616261efdb78165281676181d4b40f54f9cd5d831de347e15ba6d59a6e1ce5c73b9fabc7bccc8a1bb0e85302430dd4c39254da1b6f72d6d2ee2145c4e491", 0x253, &(0x7f0000000d00)="e9d5c51a51f79e5692e8bc8088ec494c17961c6a008cfc2ae1ed1b0df23e181a84e51b003b302db3424dbb9eeae218cc3cac81493d2aa39f5ed383062ec6049bc3a91cf8", &(0x7f0000000d80)=0x81}) read$auto_drm_debugfs_entry_fops_drm_debugfs(r13, &(0x7f0000000e00)=""/254, 0xfe) setuid$auto(r2) sched_rr_get_interval$auto(r12, &(0x7f0000000f00)={0x6, 0x5}) ioctl$auto(r8, 0x5, r13) r14 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000f40)='/dev/midi2\x00', 0x100, 0x0) read$auto(r14, &(0x7f0000000f80)='\x00', 0x6) mincore$auto(0x5, 0xfffffffffffffffa, &(0x7f0000000fc0)='$%\x00') write$auto(r13, &(0x7f0000001000)='^*/^@-(.%[\xd6/^\x00', 0x9) write$auto(r9, &(0x7f0000001040)=']\x00', 0x3ff) unshare$auto(0x57c8) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000001080), r10) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/binderfs/binder0\x00', 0x1800, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000001100)='\xd3\x00', 0x5) 2.138035433s ago: executing program 3 (id=517): mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) socket(0x29, 0x2, 0x0) r0 = socket(0x28, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) close_range$auto(0x2, 0xa, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) 1.554425276s ago: executing program 0 (id=518): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_UI_SET_RELBIT(r0, 0x40045566, &(0x7f0000000040)=0xffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x840141, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) fcntl$auto_F_WRLCK(r1, 0x7, 0x1) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) r3 = socket(0x11, 0x0, 0x2) getsockopt$auto(r3, 0x107, 0xb, 0x0, 0x0) fstat$auto(0xffffffffffffffff, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/lockd/parameters/nlm_tcpport\x00', 0xc2481, 0x0) write$auto(r4, &(0x7f0000000040)='-\b\x1c\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x81) r5 = setfsgid$auto(0xee01) r6 = geteuid() r7 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) ioctl$auto(r7, 0x64cb, 0xffffffffffffffff) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0xfdc1, r6, 0x0, 0x81, 0xa0, 0x101, 0x7}, 0xc, 0x8, 0x8fad, 0xfb, @raw=0x81, @inferred=0xffffffffffffffff, 0x700, 0x0, 0x0, &(0x7f0000000240)="e7799d343ce9200bbdc7dbe0830bd6d792ca0e09ef7045ef9b5029d55849d21f43624efa5939b16128ecf139840cc0a75c271b623e1c7421fa45f47d1a847ff6738639c43fb168872d979466fb12f4661501b7e49d7b89e3db3e489717866df3561b5a"}) r11 = getegid() fchown$auto(r7, r8, r11) r12 = getegid() r13 = getgid() setresgid$auto(r11, r12, r13) shmctl$auto_SHM_UNLOCK(0x1ff, 0xc, &(0x7f0000000480)={{0xb, r6, r9, 0xa26, 0xee, 0x800, 0x400}, 0x3, 0x2, 0x3, 0x0, @raw=0x7, @inferred=r10, 0x401, 0x0, &(0x7f0000000380)="b323aec16c1ebabe4c8820c2f7a00a0b3c66a3078eb810aa579c17318dffb59340675b5136cd594214dbca650c8af39592d12f9cc9b2a952c234de292f161c4a0f14540bbb3230cb595de53b0d124ff3f5e6db949ef4a33dfaa7294b8a9a1e62e17521c5ca112426cd15e60bcc75e582a2fe40da872cc6999eb7b7aaf320ee9da3f9681e3be46060cd502cad7fab9c14af1e0be3c706ea6f2fb8fe4b92cd002577525ec88f8277f29f799d0d175c41a4ae2205557d0661d8331509e591535f865ba4795451ebe05577381c2ed4d695be61ad4b177a39c93cef32ddbe9d55c78b780abd8b743c", &(0x7f00000001c0)="b1982e8b9271459a216a7dd2984392819e50cee6ba02257d8006a7f7cdb3ca5c19f396ba79c33ae9a6"}) setresgid$auto(r5, r14, r13) fsconfig$auto(r2, 0x4, &(0x7f0000000080)='\x00', &(0x7f0000000100)="fb9bc162f4c7bf97707ae02096b64612af213f420ce93299b22c71e0994a1b269032aa4311f0cbdf7e1977ab82e0789e9a1212ab7c11590c11ea8911beff5c9fe1b50395ea40a1e3ac43fbf27821e79b33d6e6d0ed33a154f89bb2d70c7bb7d13b9fef47cc14df6eeb15841ddbec18370bfb8aa3190c05bf6e1c149448ca3cc25e4bd2774619f0c27a4b7694e59ec6b2", r5) ioctl$auto(0xffffffffffffffff, 0xc1205531, r2) 1.421521066s ago: executing program 1 (id=519): mmap$auto(0x6000000, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 1.187250601s ago: executing program 0 (id=520): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mkdir$auto(&(0x7f0000000080)='./file0\x00', 0x1) rmdir$auto(&(0x7f0000000280)='./file0\x00') mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'xfrm0\x00'}) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="34800000", @ANYRES16=r1, @ANYBLOB="040429bd7000fcdbdf250500000008003400040000000800150005000000080034000008000008001c0003000000"], 0x34}, 0x1, 0x0, 0x0, 0x8010}, 0x0) prctl$auto(0x3, 0x1, 0x4, 0x5, 0x7) ioperm$auto(0x7, 0x6, 0xffffffff) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6', 0x4, 0x0) mmap$auto(0x2000000000000000, 0x4, 0xdf, 0xeb1, 0x1, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/stat/synproxy\x00', 0xc0a00, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0x4048aecb, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) fspick$auto(0xffffffffffffffff, 0x0, 0x8) adjtimex$auto(&(0x7f00000004c0)={0xd, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368e, 0x2, {0x100000000, 0x10000}, 0x874, 0x8, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x81, 0xdfffffffffff628e, 0x4, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 1.151370081s ago: executing program 2 (id=521): openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) (async) keyctl$auto_KEYCTL_READ(0xb, 0xfffffffffffffffd, 0x4, 0x2, 0x7ff) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) (async) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xb5, 0xeb1, r0, 0x167c) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) (async) epoll_create$auto(0x4) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0) readv$auto(r1, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) (async) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) (async) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) (async) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, &(0x7f0000000000)='!.##\x00', &(0x7f0000000180)) (async) ioctl$auto_BTRFS_IOC_FORGET_DEV(0xffffffffffffffff, 0x50009405, &(0x7f00000001c0)={@raw=0xbe, "147f624b05a2b22a62eb108f57b62c1a128c0f4a188dab9dc484db51686adb5a70d52b7f2f66145c31facd1cbb574c587628bd4cd6107b246f8f98fc23c6a864a492955d4c9350848a1d376d48008c8245ef620306a514c0e2f4dccf4932b8161402a453d31f6a2849bd701d53c73b5c87638db257f5ee75b4b2f3050dcd85bdda18e5f6c8f07bcbafc93b528f48baacd00dff67c662817347d58f7e2540061f146deeeb8a8fbea98e59c0ed49ac5898827aaa13b42a504dc9de98747915c70a39df9e7ad1373109c541923589e6364976cd3168fe3d0f085186627bde1577bbf260387eb8ecb5ad8d705de9f1e9b3d50ce454db9cbecf236dffbd3b274b5a7a63d3be027f04c7111ed622df2830ad588ef1d8b6c480b0f0772b5e7f621f8afa59a92859c296e01a7fa3f30f0d0d4337652988adb2b9d680d2c4f9896e1139548670c3598f33ba0f43def8ca1044626e75ca4d2b886f6db26ebb438a587407e59cf70e6cedf804044a4ccbccdcdcfd3e18152f5ac92af75d4deb491679de72f1b13ad5478ed08bb7acfc503580dae5c23583d01fdfecc9207f9e276540cf2328ba7a585937fd6acbda9a3a770277729be4f41177789decd4e0854b9861c08504c89215d7e8ce3473a0ad98f25d1d9e5fe2054a4ba9d3e0a67718ac00f384b74f5c8b24097e30e63af0c374c78f21d0af94486933450a311f8194051592e9e37607542244627393d338575c5a0a51815a01bd5ecf313cadddbb3c6bd4941a5c636b0c884ea266740b25c397ff3ea626070602d43ffbbebc0bddfdc47602432ecedce3bb6b0aba196f0eb714251d210bc979b4518005e41b5b6b0fc0ba793a8e77edd81553ce3a99cf9e7f4a9a41858e1971ac4127fa9995c888259e3436b7366e1344955ec1dd8628581a07056ec537e8196f87ab570af4fb4744f874fb283f8a54cae01cb32f70543eb60b6f65cc5269171d7e5fff4cbe4cc0b76983aaba8d869d8848e496e2c5359251a39e5f9d1c0c6756456dcdd744e82594b2a6bfe3db7877c7fc123c259f8f70b36b3c48ae31875d5cf3eb6b00a32e107f419a079641e51c8233f4c304b4bf7942814ec1eb8166f0b168d76fb3c05cb1d0ccd66fd15cbb399f3730076246721f4d71f5bbcb63d2309c74878bb16ec592873f7514b66118673f808c2cb16b4a7b3be7b560b5183bb231be5829d9de866ecbf23c70779c6f9d37b7d185cdf53a328eeee8ea27931c68c68edad37f2a10fbfcffacbacb80e8c39a0504bddab3156c7c35ab417aee9c979bf14718975e59ec51a37516a71abd59ddc916de121937da400f09b85e96b554a1f5688b20e2df0f814163e46db2ef60268a6c57035008998b834560a7f9a69bcde2110f8d401321db671c7cd28fce473d9dd43d598ef1e576c93281a5a510fb48e7dbfe06451e2e9718ab0b6cd6ec02b6b62ae9d6cc7ec94af64311793125d92ef9ac91b0d99445c4dae30f46ef49f8068950a6a32661094ac22af30e313fc183ebe103e709be8bcb4e657a731ac05e55a5f3b772ec5f89074fce97e565f560d172c6975dd1edde80507a9e442b208fd57520cbbcac16ddcb26fc8ef1d19d2cfb07e80d32aab1769e628303478aff29f0143140478b50d392fb3e53e0d386ea97d901c27ae5911330f337ef7048cb7f5307fb0231066c100177c09722719372aa5dcffbfa6e84469bfa884446d5848d6af5c4a324f0805e5a1c82e97387239ba24e8406edccd92d37c0bafd97160cea312ba3ef96b6982d28e0d5e2b3bba83dcee9f5de3155d635deebc55bc030f9dadc659a0b6f5a84d539077e785ed5ed098115b576a7238c3532cea0fe9f00cfad2112908e57e66be5e86339812b5257a03e735727ea8c4cf5bcf0820dcf87a906bd962806a2767971f6079613acfb781d514111f35ba1fcdecaa15764d9ca817794c536cb4b1d4a2f60cf116520aa1cd2f7ade5d38c195ee6aaa196ceeaad0a3d642b0e4b54a5c9ffe8941e4f661aba9b9d77a0e2af0d1dd8120810f4b4f93bc56a2405b32ec460ccfae654ed07abfbfc3dab30d5e0b77538033ee73833910ecb297be29cf034a1133583e5afd7633e4a1b44c844cd34eb7d5e07d74e695b4abea1a70b5eb902385563e30134ec33ada8dc78433b4eefa2ead19df77dfc71148607e5c708f7692f1645e7a323f175849bd045f0bbed4f6a06169deceb2a4d361493ee6db8c7b0bd18b9782f48f7459c9d9033221dcf6a07464c04df0b11f99a943e12b1b0b6dc71c3bfef7128b2df83f1ee99952e4cc0a51189a21302e998fd2ed37b2ae8bfd96a47d50eb3d196fea3af714157e6a4e0630e0944de57556aa3225b485388faed23a9a9d595a5ff296e8e29452ef5541230954d4d0f916a27781041902f13cf0e962527e1a0f659a95a0c3831bb62841ba3e01c74859818283ad0725e76ed82f695405fffccd90ad1be0ad211891546a2ab3f75b9872c3ad68c2f5f4d8510cf1e087e789c5ab821ef46e197a36986434b1569499ad2717db7b200afd77b7542ba00a46192341aee8fe3bfe3d6e0c2767cafca11ce2beaf97602ef9095e815ab6eaec42399865f724ee9d96217f45a84a0def5d87375c65e0430cdc83422b8d367982f2722e793c6ba37687d34f0e2068c114fae854a3158abba5f5689a40488d095de19071a71d8d7a17f4389f2d20c4c0f9c16760d52d166acc5c201cfaecc0fc54b7143c60aaaac0ae196b36f3e1447e3e0992be2642ca8302b24514bd06cce84279ce361bb8ce245ca5152848ab4cced61c67e4579c0db21efd26efc0780cf4a04b02ddaa54335fa327d57320307e0dc3fe1f6cdb686150e2235e05ddeba10a193d49408ee47f57229a6ff30351dedf61b8789900eb15db5b0069c57984ba31710509d88da1d78b3eface0ad5b2cb7f303e248cb68abfd5a0c3ac672d1f6178fe54ef67e034d38c01e3458d9b64a97eb0cccfae7efbbbc0c8b806e75ae5dbdf641d8daa862f90cac0d460c6f70a7765169cd1e9fe305db403e4e453ce84c35a3573751a93ca7dd478ba547449254f3d7ac7b05f345bf0eec346db042b982c964c81545bf05986d033df8e41e9e19d3561250514ed703444048f44763261a860aa3cf0b539544af9a1fc4ba7f989111e00dcab0e64b538a1019467c3b43641e13c2707a4fdc78648b92302a54a0e7e3de53488e852f0fe658557ad1df2cf12a898515769bcde0f4a3386764d5b2f0eba5eee1e3257215c005b3bad612ff43b4121efc277fe9b80c69eee2c1ffdcb3ef843485d636a0025848254e22cd2f51c1f85202ae22d53969072c1ec4dbb973a157059ed523b8dad9671f6bba68a9d4521564a826b208df019ea32eeaf5b8f973263fdcab4c2519ac0d5ce4c181b12ba71bb3fc02388e72e89a24152e07b264fb00b425633ca2b2aaccd7208d5df00002b7fa4502656593a8e84e4b620bc65a60bf3d3c8b0c1d0ac93bcc711b9cf206b1037d3437e515913badbd7ce52a69b32cd5b828193dac41fe0ff1a869bf086927eff915e422be23f40a54a2384e478f74bb2a397ecd214224294d9300d921afad2f50960e9830dc1ac8ee08ea0ff474d40a23b1f7dbc7761120c889b3354281751342d2429eb2555a8a57063f61c6cb3115d99d41a040c4d9fb3c5ddec980abfef33562607b7ad6fc8ac67c8026d50f2e01d949d065a8ea488b3d0d7ba296c914352b99a6c36aad4c030d1f9bef8696cb6d9dee3835646695b2a43f8682405c118477dd6486699dcd9cb93d911dae691fabfdfcc76ae48bcdf5d5ea87fffdcaf4e14faaa36689da73c9012ff943a787ec0e83f52cf221219f3468bdc010698450a19717e4ed062ab7d682d9e18c4469581bd09cd31aeaf1d17afb02b9cd769f56830d0ad155e4898889b438edfb13fb40d46bfe082ae1cd0f287805e4f2d011f43cd070f883668f45612132b19ff2f406bf80a1e5e69c741c63bc366c102a7a7e78d92e058d1f771031e582094bc7536182ddf2b88ef13d6573d0d34183c5e4dff48654ec1d18a44f6b2c67b17eb06489523bc3e7908b612e5204985cad17ff99b41650e49e469d8d80f3a2e32e93826e02160fbf19d92ab300bee4319b333aa9e96ac46d22ed71cf8394663f62362fe145094d140588c2e6f3eadc0bc16f6f6172aeac1e9ca44d93fa1399c641729e21f97f25ce5b4163419235bb98a218fa9d50b7aaa835d122c0436352b27909dcab907e43630907b23713bb445b93b8ec840b17d3d4618dd38bf58f2a0a6c3272a00aa8704774078f565faa4195ddfc15b33b196e646ebd8ab55e74da11ab4c30d031785c7c168d30ca12d23dcfa4a5a4f883f3b887fb77d822dae0a161d6c3565037a1f36bb1cf1d8601d94e4111b4ee435a98c21577b1e647ba160921881339a00a2d04210e603dcd9dfe2c40d32e5d93d9e94a5c176ca6291d5befa75121ec0abd660e2bac1458bd5609a6d725af0895b0d559ad726f34b50a06fd45f86764508386ab65ade7c76d0ce07330bf0d342216a769c98edb854cad6f6b02e0d09e713bbb7e12c786edd9d1078f3c5d0a87d34d9326e938098d674fb2d1ab1e39e3683a3ef0e00d9b66d56582e9d5f2d61a60226ee2c9cda7d44ef0504d6109fcd7978207df3eb9ed5ac860e0172907362654efb54cd6d04f7a58578fa3853d65e9243730466085905cbf1e1b34ea7a2f9dd268495d49824045074debb4c9140dfdbfc81fc6d371ec49521ddd996fd8761ada5d427348503a57a73a3ac74a540df4c2af59a1ecf644c00ebfbffafbf2990776717a2687889da69fefd0b0cb33c8351d147bcf31f98c8909e554c7ffd2cc9f64e4eb6b9c4b232489a2d912f19f79108b73a38de79fafd4a885de47810bdc4658d6d773c97e523732997392f1e02396875eda8ff955ef0ad75145cc1819df6a53878b9f1c5964146dcd73eabed0df798aea5c533fc263bc8d2533e36cde59e2cdd2ffac12cd7e6bea69ccc14b0b22b7606a6f82e8528f8dc739cd5c0ed0795d49452f257be2068055dcfaa7589ca65820d31583a81834910d8d1327469e370339dce1d87c31a750a02270cdaef457da2d50abac6651357858c391464781009209d79cf4286045773fe247e705a14b162583cd89e850df91b7517bd0a4476ac02fdc1dbd0faa81fa1e829ad0a548236939efcdf63c15b868b8712ca05571d7c0b810cc02cba9d1ae63e987b59ec3281cd706d7571d6b69a92663f11a24a68dbc6b2436b8049986f78fbe8effcf94457d5085dbf8812abb1fd431c6b465203eb67070a936a665fb19273240ed1e3905ea27b996b74b31b1216a77734b106dd9752a5f430ac5aef718c6942379dbd342aa66537e655afa95ec78cadcfc80584045cd07d43911c4d7dc3a37a4cf3cdf6eea9904c441ec02cfe0515c6c360463237aa6b3fafebcb1a59be1bf5ebe4680819f3e78ccc1e517987db6220b45bf840fb8fc9b33757a0e258468a911f2504358981410b6daad15bb0ed81ff971ef3cc89f06dacfa45a37cb37e946f5010d0a308ff760227d439f07401839b7844bd4e5f5d1824c17797c5abfb5a326f6b4626f9789d8d7a074b7f223cc4183f68e14de037a197920a858c310e3602a3c6f319b506bc4c523af495a95b74eb88af2699cbbeecbab62811ed05a0ea5e292e72e565ccbeb3fda2f32ee05ff7bfa40bfead96ace132532026e553bc4438a65ea897d64e9cdec2baa75839f9ea4dba584b81a9b813dc648e3ac31c885ec5dcedda3efc7a3a7"}) socket(0x11, 0xa, 0x1) (async) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x6000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) close_range$auto(0x2, 0x8, 0x0) 1.149050606s ago: executing program 3 (id=522): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1a, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000004c0), 0x22000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START(r0, 0x54a0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mkdir$auto(&(0x7f0000000080)='./file0\x00', 0x1) rmdir$auto(&(0x7f0000000280)='./file0\x00') adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xffffffffffffffdf, 0xfffffffffffffff4, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x3, 0x368a, 0x2, {0x100000000}, 0x5, 0x40000000008, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty29\x00', 0x400cc1, 0x0) ioctl$auto(r3, 0x5453, r3) getrandom$auto(0x0, 0x8, 0x7) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xffffffffffffffff, 0x4) madvise$auto(0x110c230000, 0x1, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) unshare$auto(0x20000) write$auto(r4, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x1, 0x858d, 0x3ff, 0x200000000eb1, r1, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0xa72, 0x0, 0x9f60) 633.964356ms ago: executing program 1 (id=523): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) clock_gettime$auto(0x10000, &(0x7f0000000000)={0x4, 0xe}) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) dup2$auto(0x5, 0x4) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x40090) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 220.222366ms ago: executing program 0 (id=524): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) tkill$auto(0x0, 0x7) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) adjtimex$auto(&(0x7f0000000000)={0x1ff, 0x0, 0xff, 0x6, 0x8, 0x0, 0x10, 0x0, 0x2, 0xbf, 0x1f6a, {0x0, 0x3}, 0x9, 0x1, 0x2, 0x6, 0x0, 0x8, 0x545, 0x1, 0x0, 0x8}) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/nr_hugepages\x00', 0x68001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sched_setattr$auto(0x0, &(0x7f00000002c0)={0x9, 0x53, 0x3, 0xa9, 0x0, 0x8, 0x9, 0x7000000000, 0xb, 0x6}, 0x0) 186.207282ms ago: executing program 3 (id=525): r0 = socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f00000000c0)=@test={0xffffffffffffffff, 0x3, 0x80, 0x9d, 0x1, 0x1, 0x1, 0x1193, 0x5, 0x6, 0x800, 0xffffffff, 0x100, 0x1, 0x5}, 0xf) r1 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6b) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x801, 0x84) ftruncate$auto(r0, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = socket(0x10, 0x2, 0x0) mprotect$auto(0x2, 0x6, 0x7fffffff) sendmmsg$auto(r3, 0x0, 0x7, 0x4008) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/fib_trie\x00', 0x101000, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) madvise$auto(0x0, 0x200007, 0x8) socket(0xa, 0x801, 0x84) 91.925834ms ago: executing program 1 (id=526): r0 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0\x00', 0x200000, 0x0) mmap$auto(0x4, 0x408008, 0xdf, 0x400009b72, r0, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000180)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x200000}, 0x6e) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000000c0)="9304f4055ee86da58f0e24c526d1d87a07000041a9f0c41b9615a975ebc1a5950a8c176f8dd5711580e35281d6f09a6649b4c533f6dc8ca44c72f87b040940b4d4fda3b2bd709d04396b42be0739a69a06d3b84698fc42", 0x14, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r2 = io_uring_setup$auto(0x7, 0x0) r3 = socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r3, 0x0, 0x24048048) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r5, @ANYBLOB="01002fbd7000fddbdf25040000009800110000abeef33d208a2cdc647de0792f60e68418a69aae5ae028084b3be05a426b49a50486ff1f98e1d14875f7597fa02b309be50d4c2059a6d4e21dcceb1b24f32042608af2dde554893e6c2597eadfefe315465caedd79b210850a2c1332411eba33e0e4b0fdc35d468ae68f0d73d9e481848ab39ee5d79557fd9388633c0220d921135a73e2cead406fc06c0f767126d2cb4a4e97bb6181d8f3015d4c1dc30805f92485b57bc2874cf4bf9987605a40a89921e7d04bbcf91d37e585c6f2c57cacb99f33163cf3799bd180d0dc858e311bc97ffd572ffeb5959c70470193a70f6dda1080c858bf3d0beedbea67771b575ef1534cb6ac01495700fca1d4f9ca037a582e204fda7e744f3f2dc49d6221c2cb067e42d5e85f2676b07282b55273ce75bf4b6c29d9c9a22e43ef27faac509f86ac9ecc75a10e486ce0d24f"], 0xac}, 0x1, 0x0, 0x0, 0x801}, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r6, 0x5423, 0x0) socketpair$auto(0x3, 0x1, 0x20000, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r7, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r6, 0x5437, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) writev$auto(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) ioctl$auto_RNDADDENTROPY2(r2, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) 0s ago: executing program 2 (id=527): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/zram0/algorithm_params\x00', 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0xffefffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x3, 0x8000) setitimer$auto(0x2, &(0x7f0000000000)={{0x7ffe, 0x8000000000006}, {0xa48, 0xffffffffffff8000}}, 0x0) mmap$auto(0x3, 0x8001, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x880080, 0x0) bpf$auto(0x40000e, &(0x7f00000002c0)=@link_create={@prog_fd, @target_ifindex, 0x2, 0x1, @uprobe_multi={0x6, 0x1, 0x1, 0x9, 0x6f4d2777, 0xffffffff}}, 0x5) ioctl$auto_BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000380)={0xd851, "ecf0106db82100a9220b2ee4865298ae4dec96e630ca8b426787a7fbfc44d207ae229cd1df7099b4d6736c4c9379ba90b9f9c2817cf4ac7dd684093f64f1bf8af97bc01febdc5b174ba6c69480898bf3bb15c291fbc98f17e4335bb4d1a6850d95de4b165d225ec3fab12262831e7db43d0bc9df541f90691a14fd80f55bc7e95ced13ac2f3a958f7cf6c1603c4dd59a59b0b2f3ba6ccf241e7dcdcd340cfb1870ccbe74861e1c7ec7fa36de29334e3e9ee5c4928f779fd0fa081770a996f14737a1de993f9f492621639717353e8b50fa1b7183505549e6ab65e28d08cfc7f5fd51734033719c7cce0e0d1e17833aaeb4a651bdd40daf4bb894a2c4a873a492", 0x2, 0x1, 0x4, 0x10001, "06d1c8bbff265644827b41f6c34a16f0", "51e4d9cafefbb05bd6f2be5abd99e69f", "a53450540b67a9928e9f4f00546d8c66", 0x2, 0xfffffffffffffff9, 0x3, 0x0, {0x10000, 0xcd6}, {0x40, 0x717}, {0x5a, 0x4}, {0x3, 0x1}, [0x2, 0x35a2, 0xb, 0x2, 0xf, 0x6, 0x6, 0x90]}) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) open(0x0, 0x222ac2, 0x5d745cb200ae4d73) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000000}, 0x3, 0xf8, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/oom_adj\x00', 0x4000, 0x0) read$auto(r2, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop12/queue/nr_requests\x00', 0x80302, 0x0) mmap$auto(0x0, 0x4, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8002008000) read$auto(r3, 0x0, 0xf30) write$auto(0x3, 0x0, 0xffd8) r4 = gettid() r5 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/7u\x00', 0x28000, 0x0) read$auto_mon_fops_text_t_mon_text(r5, 0x0, 0x0) kill$auto(r4, 0x11) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x2) socket(0x6, 0x5, 0x4) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.94' (ED25519) to the list of known hosts. [ 97.113252][ T851] cfg80211: failed to load regulatory.db [ 99.958771][ T5820] cgroup: Unknown subsys name 'net' [ 100.135467][ T5820] cgroup: Unknown subsys name 'cpuset' [ 100.146887][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 102.011661][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 104.536481][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.544764][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 104.553315][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.561452][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.569393][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.577937][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.586275][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.586468][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.596352][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.608342][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.617769][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.622979][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.634000][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.641861][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.656665][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.663055][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.665185][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.672089][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.687593][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.695596][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 105.322108][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 105.368566][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 105.508914][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 105.556537][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 105.702630][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.709946][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.718926][ T5840] bridge_slave_0: entered allmulticast mode [ 105.727496][ T5840] bridge_slave_0: entered promiscuous mode [ 105.736096][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.743512][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.750930][ T5837] bridge_slave_0: entered allmulticast mode [ 105.758487][ T5837] bridge_slave_0: entered promiscuous mode [ 105.786062][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.793523][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.800825][ T5840] bridge_slave_1: entered allmulticast mode [ 105.808258][ T5840] bridge_slave_1: entered promiscuous mode [ 105.816559][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.823746][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.831333][ T5837] bridge_slave_1: entered allmulticast mode [ 105.838723][ T5837] bridge_slave_1: entered promiscuous mode [ 105.964742][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.977187][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.989646][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.013782][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.021224][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.028437][ T5839] bridge_slave_0: entered allmulticast mode [ 106.036138][ T5839] bridge_slave_0: entered promiscuous mode [ 106.047855][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.087071][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.095133][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.102664][ T5838] bridge_slave_0: entered allmulticast mode [ 106.110020][ T5838] bridge_slave_0: entered promiscuous mode [ 106.118835][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.126166][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.133526][ T5839] bridge_slave_1: entered allmulticast mode [ 106.141142][ T5839] bridge_slave_1: entered promiscuous mode [ 106.197173][ T5840] team0: Port device team_slave_0 added [ 106.203478][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.211768][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.219050][ T5838] bridge_slave_1: entered allmulticast mode [ 106.226667][ T5838] bridge_slave_1: entered promiscuous mode [ 106.256028][ T5837] team0: Port device team_slave_0 added [ 106.264508][ T5837] team0: Port device team_slave_1 added [ 106.275617][ T5840] team0: Port device team_slave_1 added [ 106.301657][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.314576][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.415730][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.429930][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.455634][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.462911][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.489064][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.503010][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.510001][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.536267][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.568026][ T5839] team0: Port device team_slave_0 added [ 106.575845][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.582979][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.609095][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.629580][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.636615][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.662957][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.691101][ T5839] team0: Port device team_slave_1 added [ 106.711133][ T5847] Bluetooth: hci1: command tx timeout [ 106.711137][ T5844] Bluetooth: hci3: command tx timeout [ 106.711358][ T5847] Bluetooth: hci0: command tx timeout [ 106.758305][ T5838] team0: Port device team_slave_0 added [ 106.791092][ T5847] Bluetooth: hci2: command tx timeout [ 106.807476][ T5837] hsr_slave_0: entered promiscuous mode [ 106.815388][ T5837] hsr_slave_1: entered promiscuous mode [ 106.825429][ T5838] team0: Port device team_slave_1 added [ 106.865853][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.873194][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.899987][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.914167][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.921499][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.947942][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.977685][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.984888][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.010990][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.024231][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.031292][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.057358][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.123416][ T5840] hsr_slave_0: entered promiscuous mode [ 107.129871][ T5840] hsr_slave_1: entered promiscuous mode [ 107.136708][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.144928][ T5840] Cannot create hsr debugfs directory [ 107.239557][ T5838] hsr_slave_0: entered promiscuous mode [ 107.247074][ T5838] hsr_slave_1: entered promiscuous mode [ 107.254418][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.262967][ T5838] Cannot create hsr debugfs directory [ 107.328981][ T5839] hsr_slave_0: entered promiscuous mode [ 107.336148][ T5839] hsr_slave_1: entered promiscuous mode [ 107.342547][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.350144][ T5839] Cannot create hsr debugfs directory [ 107.786759][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.810099][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.847286][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.874612][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.934040][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.954077][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.967258][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.980007][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.097012][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.110281][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.125099][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.137717][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.268305][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.306925][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.319579][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.345338][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.366242][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.430231][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.442888][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.462997][ T1327] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.470411][ T1327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.525613][ T1327] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.533334][ T1327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.558788][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.579957][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.616903][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.624142][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.680033][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.687289][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.714904][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.776220][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.783483][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.790738][ T5847] Bluetooth: hci0: command tx timeout [ 108.792519][ T55] Bluetooth: hci3: command tx timeout [ 108.796515][ T5847] Bluetooth: hci1: command tx timeout [ 108.860203][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.867478][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.876857][ T5847] Bluetooth: hci2: command tx timeout [ 108.897999][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.046559][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.106215][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.113464][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.159719][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.167598][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.428544][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.555342][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.625848][ T5837] veth0_vlan: entered promiscuous mode [ 109.705632][ T5837] veth1_vlan: entered promiscuous mode [ 109.782593][ T5840] veth0_vlan: entered promiscuous mode [ 109.797147][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.846635][ T5840] veth1_vlan: entered promiscuous mode [ 109.871262][ T5837] veth0_macvtap: entered promiscuous mode [ 109.889863][ T5837] veth1_macvtap: entered promiscuous mode [ 109.906144][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.963588][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.983250][ T5840] veth0_macvtap: entered promiscuous mode [ 110.005139][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.017562][ T5840] veth1_macvtap: entered promiscuous mode [ 110.053181][ T5838] veth0_vlan: entered promiscuous mode [ 110.067128][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.077462][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.087112][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.096508][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.148864][ T5838] veth1_vlan: entered promiscuous mode [ 110.167235][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.195457][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.224533][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.237176][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.246495][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.255352][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.294140][ T5839] veth0_vlan: entered promiscuous mode [ 110.394678][ T5839] veth1_vlan: entered promiscuous mode [ 110.398658][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.409487][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.413979][ T5838] veth0_macvtap: entered promiscuous mode [ 110.448496][ T5838] veth1_macvtap: entered promiscuous mode [ 110.529768][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.531596][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.548802][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.554395][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.564019][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.595805][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.657313][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.666773][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.675910][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.684846][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.699243][ T5839] veth0_macvtap: entered promiscuous mode [ 110.721608][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.729960][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.755558][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.757188][ T5839] veth1_macvtap: entered promiscuous mode [ 110.871812][ T5847] Bluetooth: hci3: command tx timeout [ 110.874941][ T55] Bluetooth: hci0: command tx timeout [ 110.877269][ T5847] Bluetooth: hci1: command tx timeout [ 110.909444][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.951708][ T5847] Bluetooth: hci2: command tx timeout [ 110.990182][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.037407][ T1327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.082662][ T1327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.105211][ T5839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.111851][ T5904] random: crng reseeded on system resumption [ 111.131114][ T5839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.150078][ T5839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.159069][ T5839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.243614][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.254788][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.991311][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.014847][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.073682][ T5918] netlink: 330 bytes leftover after parsing attributes in process `syz.0.7'. [ 112.377140][ T1327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.403219][ T1327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.428390][ T5925] ceph: Failed to parse sending metrics switch value 'P^' [ 112.597736][ T5925] Invalid ELF header magic: != ELF [ 112.950895][ T5847] Bluetooth: hci1: command tx timeout [ 112.951420][ T55] Bluetooth: hci0: command tx timeout [ 112.956473][ T5847] Bluetooth: hci3: command tx timeout [ 113.031364][ T5847] Bluetooth: hci2: command tx timeout [ 113.070672][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 113.632358][ T5934] mmap: syz.3.11 (5934) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 113.911309][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 113.951075][ T5934] Zero length message leads to an empty skb [ 114.322553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.720660][ T5956] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.196173][ T5969] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.208604][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.217356][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.217813][ T5956] netlink: 330 bytes leftover after parsing attributes in process `syz.1.14'. [ 118.568208][ T6004] FAULT_INJECTION: forcing a failure. [ 118.568208][ T6004] name failslab, interval 1, probability 0, space 0, times 1 [ 118.624185][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz.2.28 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 118.624220][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.624237][ T6004] Call Trace: [ 118.624245][ T6004] [ 118.624256][ T6004] dump_stack_lvl+0x16c/0x1f0 [ 118.624299][ T6004] should_fail_ex+0x512/0x640 [ 118.624335][ T6004] ? fs_reclaim_acquire+0xae/0x150 [ 118.624374][ T6004] ? tomoyo_encode2+0x100/0x3e0 [ 118.624407][ T6004] should_failslab+0xc2/0x120 [ 118.624437][ T6004] __kmalloc_noprof+0xd2/0x510 [ 118.624463][ T6004] ? d_absolute_path+0x136/0x1a0 [ 118.624498][ T6004] tomoyo_encode2+0x100/0x3e0 [ 118.624537][ T6004] tomoyo_encode+0x29/0x50 [ 118.624570][ T6004] tomoyo_realpath_from_path+0x18f/0x6e0 [ 118.624614][ T6004] tomoyo_path_number_perm+0x245/0x580 [ 118.624643][ T6004] ? tomoyo_path_number_perm+0x237/0x580 [ 118.624676][ T6004] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 118.624708][ T6004] ? find_held_lock+0x2b/0x80 [ 118.624758][ T6004] ? find_held_lock+0x2b/0x80 [ 118.624781][ T6004] ? hook_file_ioctl_common+0x145/0x410 [ 118.624815][ T6004] ? __fget_files+0x20e/0x3c0 [ 118.624841][ T6004] security_file_ioctl+0x9b/0x240 [ 118.624873][ T6004] __x64_sys_ioctl+0xb7/0x200 [ 118.624908][ T6004] do_syscall_64+0xcd/0x230 [ 118.624946][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.624969][ T6004] RIP: 0033:0x7f8d1fb8e969 [ 118.624986][ T6004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.625008][ T6004] RSP: 002b:00007f8d2098f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.625035][ T6004] RAX: ffffffffffffffda RBX: 00007f8d1fdb5fa0 RCX: 00007f8d1fb8e969 [ 118.625049][ T6004] RDX: 0000000000000003 RSI: 0000000000004b4b RDI: 0000000000000003 [ 118.625063][ T6004] RBP: 00007f8d2098f090 R08: 0000000000000000 R09: 0000000000000000 [ 118.625076][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.625090][ T6004] R13: 0000000000000000 R14: 00007f8d1fdb5fa0 R15: 00007ffda3707088 [ 118.625119][ T6004] [ 118.625138][ T6004] ERROR: Out of memory at tomoyo_realpath_from_path. [ 119.018240][ T6008] netlink: 504 bytes leftover after parsing attributes in process `syz.2.29'. [ 119.825849][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 119.835470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 120.100884][ T5878] Process accounting resumed [ 120.410871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.441227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 120.520989][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.564844][ T6038] netlink: 330 bytes leftover after parsing attributes in process `syz.3.35'. [ 121.628160][ T6056] : Can't lookup blockdev [ 121.761525][ T6056] FAULT_INJECTION: forcing a failure. [ 121.761525][ T6056] name failslab, interval 1, probability 0, space 0, times 0 [ 121.781675][ T6057] netlink: 330 bytes leftover after parsing attributes in process `syz.3.41'. [ 121.842427][ T6056] CPU: 1 UID: 0 PID: 6056 Comm: syz.0.42 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 121.842479][ T6056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.842503][ T6056] Call Trace: [ 121.842514][ T6056] [ 121.842527][ T6056] dump_stack_lvl+0x16c/0x1f0 [ 121.842605][ T6056] should_fail_ex+0x512/0x640 [ 121.842658][ T6056] ? __kmalloc_noprof+0xbf/0x510 [ 121.842700][ T6056] ? snd_pcm_plugin_build+0x434/0x650 [ 121.842733][ T6056] should_failslab+0xc2/0x120 [ 121.842777][ T6056] __kmalloc_noprof+0xd2/0x510 [ 121.842816][ T6056] ? __mutex_unlock_slowpath+0x131/0x6a0 [ 121.842878][ T6056] snd_pcm_plugin_build+0x434/0x650 [ 121.842917][ T6056] snd_pcm_plugin_build_linear+0x29d/0x850 [ 121.842956][ T6056] ? wake_up_all_idle_cpus+0x165/0x1e0 [ 121.843008][ T6056] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 121.843053][ T6056] ? snd_pcm_hw_params+0xcd/0x1b40 [ 121.843094][ T6056] snd_pcm_plug_format_plugins+0x7f8/0x1430 [ 121.843133][ T6056] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 121.843175][ T6056] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 121.843243][ T6056] snd_pcm_oss_change_params_locked+0x2eeb/0x3b40 [ 121.843323][ T6056] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 121.843416][ T6056] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 121.843480][ T6056] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 121.843538][ T6056] ? hook_file_ioctl_common+0x145/0x410 [ 121.843587][ T6056] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 121.843647][ T6056] ? __fget_files+0x20e/0x3c0 [ 121.843686][ T6056] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 121.843745][ T6056] __x64_sys_ioctl+0x193/0x200 [ 121.843798][ T6056] do_syscall_64+0xcd/0x230 [ 121.843856][ T6056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.843890][ T6056] RIP: 0033:0x7f8c4bf8e969 [ 121.843923][ T6056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.843960][ T6056] RSP: 002b:00007f8c4cea9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.843992][ T6056] RAX: ffffffffffffffda RBX: 00007f8c4c1b5fa0 RCX: 00007f8c4bf8e969 [ 121.844015][ T6056] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 121.844035][ T6056] RBP: 00007f8c4c010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 121.844055][ T6056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.844075][ T6056] R13: 0000000000000000 R14: 00007f8c4c1b5fa0 R15: 00007ffed4481508 [ 121.844120][ T6056] [ 122.097294][ C1] vkms_vblank_simulate: vblank timer overrun [ 122.323000][ T6060] netlink: 'syz.1.43': attribute type 16 has an invalid length. [ 122.330973][ T6060] netlink: 326 bytes leftover after parsing attributes in process `syz.1.43'. [ 122.341681][ T6060] veth1_macvtap: left promiscuous mode [ 122.816565][ T6069] Invalid ELF header magic: != ELF [ 122.829031][ T5847] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 123.038459][ T5847] Bluetooth: hci0: unexpected event 0x03 length: 17 > 11 [ 124.522522][ T5847] Bluetooth: hci3: unexpected event 0x3e length: 728 > 260 [ 124.535044][ T5847] Bluetooth: hci3: unexpected subevent 0x03 length: 727 > 9 [ 124.792783][ T6096] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 124.811334][ T6096] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 124.853761][ T6096] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 124.901493][ T6096] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 124.930945][ T6096] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 124.939637][ T6096] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 124.962746][ T6101] could not allocate digest TFM handle [ 124.982877][ T6096] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 125.040516][ T6096] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 125.142791][ T6096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 125.152134][ T6096] page dumped because: unmovable page [ 125.158059][ T6096] page_owner tracks the page as allocated [ 125.167858][ T6096] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 102593425981, free_ts 102589474733 [ 125.189765][ T6096] post_alloc_hook+0x181/0x1b0 [ 125.199967][ T6096] get_page_from_freelist+0x135c/0x3920 [ 125.213096][ T6096] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 125.222049][ T6096] alloc_pages_mpol+0x1fb/0x550 [ 125.241197][ T6096] alloc_pages_noprof+0x131/0x390 [ 125.257344][ T6096] skb_page_frag_refill+0x186/0x5a0 [ 125.266657][ T6096] try_fill_recv+0x79c/0x2690 [ 125.280364][ T6096] virtnet_poll+0x1e23/0x3c00 [ 125.290771][ T6096] __napi_poll.constprop.0+0xb7/0x550 [ 125.298087][ T6096] net_rx_action+0xa97/0x1010 [ 125.304790][ T6096] handle_softirqs+0x219/0x8e0 [ 125.311120][ T6096] __irq_exit_rcu+0x109/0x170 [ 125.340683][ T6096] irq_exit_rcu+0x9/0x30 [ 125.360099][ T6096] common_interrupt+0xbf/0xe0 [ 125.398740][ T6096] asm_common_interrupt+0x26/0x40 [ 125.414197][ T6096] page last free pid 0 tgid 0 stack trace: [ 125.430357][ T6096] __free_frozen_pages+0x69d/0xff0 [ 125.460509][ T6096] __folio_put+0x329/0x450 [ 125.472597][ T6096] page_to_skb+0xa23/0xc50 [ 125.481437][ T6096] receive_buf+0x75e/0x3fe0 [ 125.486005][ T6096] virtnet_poll+0x10d6/0x3c00 [ 125.518454][ T6096] __napi_poll.constprop.0+0xb7/0x550 [ 125.531401][ T6096] net_rx_action+0xa97/0x1010 [ 125.550905][ T6096] handle_softirqs+0x219/0x8e0 [ 125.571992][ T6096] __irq_exit_rcu+0x109/0x170 [ 125.584500][ T6096] irq_exit_rcu+0x9/0x30 [ 125.605844][ T6096] common_interrupt+0xbf/0xe0 [ 125.610777][ T6096] asm_common_interrupt+0x26/0x40 [ 125.718139][ T6112] Invalid ELF header magic: != ELF [ 126.063248][ T6122] netlink: 330 bytes leftover after parsing attributes in process `syz.3.56'. [ 127.258854][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'. [ 127.756978][ T6134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.59'. [ 128.435879][ T6137] sp0: Synchronizing with TNC [ 129.397297][ T6155] FAULT_INJECTION: forcing a failure. [ 129.397297][ T6155] name failslab, interval 1, probability 0, space 0, times 0 [ 129.433409][ T6155] CPU: 0 UID: 0 PID: 6155 Comm: syz.1.63 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 129.433456][ T6155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.433476][ T6155] Call Trace: [ 129.433487][ T6155] [ 129.433499][ T6155] dump_stack_lvl+0x16c/0x1f0 [ 129.433557][ T6155] should_fail_ex+0x512/0x640 [ 129.433605][ T6155] ? __kmalloc_noprof+0xbf/0x510 [ 129.433647][ T6155] ? xfrm_hash_alloc+0xd1/0x100 [ 129.433697][ T6155] should_failslab+0xc2/0x120 [ 129.433739][ T6155] __kmalloc_noprof+0xd2/0x510 [ 129.433774][ T6155] ? proc_create_reg+0xe3/0x180 [ 129.433822][ T6155] ? __pfx_xfrm_net_init+0x10/0x10 [ 129.433854][ T6155] xfrm_hash_alloc+0xd1/0x100 [ 129.433905][ T6155] xfrm_state_init+0xdd/0x630 [ 129.433964][ T6155] ? __pfx_xfrm_net_init+0x10/0x10 [ 129.433994][ T6155] xfrm_net_init+0x210/0xcc0 [ 129.434033][ T6155] ? __pfx_xfrm_net_init+0x10/0x10 [ 129.434064][ T6155] ops_init+0x1df/0x5f0 [ 129.434143][ T6155] setup_net+0x21e/0x850 [ 129.434191][ T6155] ? __pfx_setup_net+0x10/0x10 [ 129.434234][ T6155] ? lockdep_init_map_type+0x5c/0x280 [ 129.434282][ T6155] ? __pfx_down_read_killable+0x10/0x10 [ 129.434322][ T6155] ? debug_mutex_init+0x37/0x70 [ 129.434359][ T6155] copy_net_ns+0x2a6/0x5f0 [ 129.434411][ T6155] create_new_namespaces+0x3ea/0xad0 [ 129.434462][ T6155] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 129.434505][ T6155] ksys_unshare+0x45b/0xa40 [ 129.434554][ T6155] ? __pfx_ksys_unshare+0x10/0x10 [ 129.434598][ T6155] ? xfd_validate_state+0x5d/0x180 [ 129.434633][ T6155] ? rcu_is_watching+0x12/0xc0 [ 129.434675][ T6155] __x64_sys_unshare+0x31/0x40 [ 129.434722][ T6155] do_syscall_64+0xcd/0x230 [ 129.434777][ T6155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.434812][ T6155] RIP: 0033:0x7fae3f38e969 [ 129.434839][ T6155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.434872][ T6155] RSP: 002b:00007fae4023f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 129.434903][ T6155] RAX: ffffffffffffffda RBX: 00007fae3f5b6160 RCX: 00007fae3f38e969 [ 129.434923][ T6155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 129.434943][ T6155] RBP: 00007fae3f410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 129.434962][ T6155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.434982][ T6155] R13: 0000000000000000 R14: 00007fae3f5b6160 R15: 00007ffcc80cbb88 [ 129.435026][ T6155] [ 129.685533][ C0] vkms_vblank_simulate: vblank timer overrun [ 130.650819][ T6192] QAT: Device 64 not found [ 132.071156][ T6206] FAULT_INJECTION: forcing a failure. [ 132.071156][ T6206] name failslab, interval 1, probability 0, space 0, times 0 [ 132.142301][ T6206] CPU: 1 UID: 0 PID: 6206 Comm: syz.3.83 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 132.142352][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.142372][ T6206] Call Trace: [ 132.142383][ T6206] [ 132.142396][ T6206] dump_stack_lvl+0x16c/0x1f0 [ 132.142453][ T6206] should_fail_ex+0x512/0x640 [ 132.142503][ T6206] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 132.142547][ T6206] should_failslab+0xc2/0x120 [ 132.142591][ T6206] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 132.142630][ T6206] ? __proc_create+0xc3/0x8c0 [ 132.142668][ T6206] ? __proc_create+0x2ce/0x8c0 [ 132.142711][ T6206] __proc_create+0x2ce/0x8c0 [ 132.142751][ T6206] ? __pfx___proc_create+0x10/0x10 [ 132.142808][ T6206] _proc_mkdir+0xb9/0x200 [ 132.142847][ T6206] ? __pfx__proc_mkdir+0x10/0x10 [ 132.142883][ T6206] ? trace_kmem_cache_alloc+0x28/0xc0 [ 132.142931][ T6206] ? crng_make_state+0x48e/0x6d0 [ 132.142998][ T6206] proc_net_ns_init+0x265/0x410 [ 132.143042][ T6206] ? __pfx_proc_net_ns_init+0x10/0x10 [ 132.143081][ T6206] ops_init+0x1df/0x5f0 [ 132.143131][ T6206] setup_net+0x21e/0x850 [ 132.143178][ T6206] ? __pfx_setup_net+0x10/0x10 [ 132.143221][ T6206] ? lockdep_init_map_type+0x5c/0x280 [ 132.143269][ T6206] ? __pfx_down_read_killable+0x10/0x10 [ 132.143309][ T6206] ? debug_mutex_init+0x37/0x70 [ 132.143347][ T6206] copy_net_ns+0x2a6/0x5f0 [ 132.143400][ T6206] create_new_namespaces+0x3ea/0xad0 [ 132.143450][ T6206] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 132.143495][ T6206] ksys_unshare+0x45b/0xa40 [ 132.143543][ T6206] ? __pfx_ksys_unshare+0x10/0x10 [ 132.143588][ T6206] ? xfd_validate_state+0x5d/0x180 [ 132.143624][ T6206] ? rcu_is_watching+0x12/0xc0 [ 132.143667][ T6206] __x64_sys_unshare+0x31/0x40 [ 132.143713][ T6206] do_syscall_64+0xcd/0x230 [ 132.143768][ T6206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.143803][ T6206] RIP: 0033:0x7fd316f8e969 [ 132.143830][ T6206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.143862][ T6206] RSP: 002b:00007fd317d93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 132.143894][ T6206] RAX: ffffffffffffffda RBX: 00007fd3171b5fa0 RCX: 00007fd316f8e969 [ 132.143915][ T6206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 132.143941][ T6206] RBP: 00007fd317010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 132.143962][ T6206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.143981][ T6206] R13: 0000000000000000 R14: 00007fd3171b5fa0 R15: 00007ffd8c5dcd38 [ 132.144024][ T6206] [ 132.411066][ T6205] Process accounting resumed [ 132.932161][ T6217] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 133.132321][ T6225] netlink: 'syz.2.89': attribute type 16 has an invalid length. [ 133.141283][ T6225] netlink: 326 bytes leftover after parsing attributes in process `syz.2.89'. [ 133.151809][ T6225] veth1_macvtap: left promiscuous mode [ 133.225100][ T6221] bond0: option all_slaves_active: invalid value () [ 133.410063][ T6228] netlink: 'syz.2.90': attribute type 2 has an invalid length. [ 134.647203][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.93'. [ 136.908671][ T6307] FAULT_INJECTION: forcing a failure. [ 136.908671][ T6307] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 136.951598][ T6309] process 'syz.2.108' launched ':,' with NULL argv: empty string added [ 137.040607][ T6307] CPU: 0 UID: 0 PID: 6307 Comm: syz.0.105 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 137.040650][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.040667][ T6307] Call Trace: [ 137.040676][ T6307] [ 137.040687][ T6307] dump_stack_lvl+0x16c/0x1f0 [ 137.040743][ T6307] should_fail_ex+0x512/0x640 [ 137.040797][ T6307] should_fail_alloc_page+0xe7/0x130 [ 137.040840][ T6307] prepare_alloc_pages+0x3c2/0x610 [ 137.040893][ T6307] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 137.040932][ T6307] ? mark_held_locks+0x49/0x80 [ 137.040971][ T6307] ? finish_task_switch.isra.0+0x221/0xc10 [ 137.041004][ T6307] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.041047][ T6307] ? finish_task_switch.isra.0+0x221/0xc10 [ 137.041081][ T6307] ? rcu_is_watching+0x12/0xc0 [ 137.041114][ T6307] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 137.041177][ T6307] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 137.041223][ T6307] ? policy_nodemask+0xea/0x4e0 [ 137.041266][ T6307] alloc_pages_mpol+0x1fb/0x550 [ 137.041307][ T6307] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 137.041359][ T6307] folio_alloc_mpol_noprof+0x36/0x2f0 [ 137.041407][ T6307] alloc_migration_target_by_mpol+0x246/0x490 [ 137.041458][ T6307] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 137.041506][ T6307] ? __pfx___might_resched+0x10/0x10 [ 137.041558][ T6307] migrate_pages_batch+0x3bc/0x31a0 [ 137.041608][ T6307] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 137.041671][ T6307] ? __pfx_migrate_pages_batch+0x10/0x10 [ 137.041733][ T6307] migrate_pages_sync+0x12d/0x8a0 [ 137.041780][ T6307] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 137.041833][ T6307] ? check_preempt_wakeup_fair+0x509/0x880 [ 137.041868][ T6307] ? __pfx_migrate_pages_sync+0x10/0x10 [ 137.041919][ T6307] ? rcu_is_watching+0x12/0xc0 [ 137.041948][ T6307] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 137.041991][ T6307] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.042042][ T6307] migrate_pages+0x1b28/0x2350 [ 137.042090][ T6307] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 137.042147][ T6307] ? wake_up_q+0xb0/0x160 [ 137.042175][ T6307] ? __pfx_migrate_pages+0x10/0x10 [ 137.042220][ T6307] ? rwsem_wake.isra.0+0xc5/0x120 [ 137.042268][ T6307] ? __pfx_rwsem_wake.isra.0+0x10/0x10 [ 137.042313][ T6307] ? find_held_lock+0x2b/0x80 [ 137.042355][ T6307] ? up_write+0x1b2/0x520 [ 137.042405][ T6307] do_mbind+0x6f0/0xf30 [ 137.042464][ T6307] ? __pfx_do_mbind+0x10/0x10 [ 137.042508][ T6307] ? find_held_lock+0x2b/0x80 [ 137.042544][ T6307] ? ksys_write+0x190/0x240 [ 137.042594][ T6307] ? __pfx_get_nodes+0x10/0x10 [ 137.042629][ T6307] ? __fget_files+0x20e/0x3c0 [ 137.042667][ T6307] kernel_mbind+0x1e3/0x1f0 [ 137.042718][ T6307] ? __pfx_kernel_mbind+0x10/0x10 [ 137.042762][ T6307] ? rcu_is_watching+0x12/0xc0 [ 137.042805][ T6307] do_syscall_64+0xcd/0x230 [ 137.042857][ T6307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.042888][ T6307] RIP: 0033:0x7f8c4bf8e969 [ 137.042913][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.042943][ T6307] RSP: 002b:00007f8c4ce88038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 137.042972][ T6307] RAX: ffffffffffffffda RBX: 00007f8c4c1b6080 RCX: 00007f8c4bf8e969 [ 137.042993][ T6307] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 137.043012][ T6307] RBP: 00007f8c4ce88090 R08: 0000000000000006 R09: 0000000000000002 [ 137.043031][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.043049][ T6307] R13: 0000000000000000 R14: 00007f8c4c1b6080 R15: 00007ffed4481508 [ 137.043089][ T6307] [ 137.406011][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.933768][ T6324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.110'. [ 138.084620][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.084751][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.469542][ T6324] team0: Port device team_slave_0 removed [ 140.862648][ T6362] netlink: 330 bytes leftover after parsing attributes in process `syz.0.118'. [ 141.549867][ T6375] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 141.633938][ T6375] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 141.660872][ T6375] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 141.670299][ T6375] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 141.701967][ T6375] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 141.728097][ T6375] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 141.771758][ T6375] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 141.799118][ T6373] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 141.809697][ T6377] could not allocate digest TFM handle binfmt_misc [ 141.870789][ T6375] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 141.902205][ T6375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 142.020569][ T6375] page dumped because: unmovable page [ 142.030657][ T6375] page_owner tracks the page as allocated [ 142.040564][ T6375] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 102593425981, free_ts 102589474733 [ 142.104320][ T6375] post_alloc_hook+0x181/0x1b0 [ 142.131221][ T6375] get_page_from_freelist+0x135c/0x3920 [ 142.146445][ T6375] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 142.182081][ T6375] alloc_pages_mpol+0x1fb/0x550 [ 142.187048][ T6375] alloc_pages_noprof+0x131/0x390 [ 142.243716][ T6375] skb_page_frag_refill+0x186/0x5a0 [ 142.293487][ T6375] try_fill_recv+0x79c/0x2690 [ 142.298264][ T6375] virtnet_poll+0x1e23/0x3c00 [ 142.303279][ T6375] __napi_poll.constprop.0+0xb7/0x550 [ 142.308734][ T6375] net_rx_action+0xa97/0x1010 [ 142.314597][ T6375] handle_softirqs+0x219/0x8e0 [ 142.319450][ T6375] __irq_exit_rcu+0x109/0x170 [ 142.326780][ T6375] irq_exit_rcu+0x9/0x30 [ 142.375951][ T6396] netlink: 330 bytes leftover after parsing attributes in process `syz.3.125'. [ 142.385299][ T6375] common_interrupt+0xbf/0xe0 [ 142.390152][ T6375] asm_common_interrupt+0x26/0x40 [ 142.427524][ T6375] page last free pid 0 tgid 0 stack trace: [ 142.457223][ T6375] __free_frozen_pages+0x69d/0xff0 [ 142.476421][ T6375] __folio_put+0x329/0x450 [ 142.507854][ T6375] page_to_skb+0xa23/0xc50 [ 142.539761][ T6375] receive_buf+0x75e/0x3fe0 [ 142.592625][ T6375] virtnet_poll+0x10d6/0x3c00 [ 142.618950][ T6375] __napi_poll.constprop.0+0xb7/0x550 [ 142.628384][ T6375] net_rx_action+0xa97/0x1010 [ 142.637409][ T6375] handle_softirqs+0x219/0x8e0 [ 142.646330][ T6375] __irq_exit_rcu+0x109/0x170 [ 142.651647][ T6375] irq_exit_rcu+0x9/0x30 [ 142.656324][ T6375] common_interrupt+0xbf/0xe0 [ 142.760672][ T6375] asm_common_interrupt+0x26/0x40 [ 143.235614][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.128'. [ 145.335451][ T6430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.135'. [ 145.906377][ T6441] netlink: 330 bytes leftover after parsing attributes in process `syz.3.137'. [ 147.091279][ T6454] netlink: 330 bytes leftover after parsing attributes in process `syz.3.140'. [ 148.550033][ T6470] netlink: 28 bytes leftover after parsing attributes in process `syz.3.144'. [ 151.733471][ T6509] netlink: 330 bytes leftover after parsing attributes in process `syz.3.156'. [ 152.641971][ T6539] netlink: 16 bytes leftover after parsing attributes in process `syz.2.162'. [ 153.238928][ T6553] syz.2.162 uses obsolete (PF_INET,SOCK_PACKET) [ 155.338574][ T6572] netlink: 'syz.1.172': attribute type 16 has an invalid length. [ 155.369721][ T6572] netlink: 326 bytes leftover after parsing attributes in process `syz.1.172'. [ 156.098668][ T6588] random: crng reseeded on system resumption [ 156.413411][ T6591] Invalid ELF header magic: != ELF [ 156.427614][ T6596] netlink: 28 bytes leftover after parsing attributes in process `syz.1.180'. [ 156.535044][ T6596] team0: Port device team_slave_0 removed [ 156.880572][ T6583] GUP no longer grows the stack in syz.3.175 (6583): 14000-401000 (4000) [ 156.898656][ T6583] CPU: 0 UID: 0 PID: 6583 Comm: syz.3.175 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 156.898705][ T6583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.898726][ T6583] Call Trace: [ 156.898737][ T6583] [ 156.898751][ T6583] dump_stack_lvl+0x16c/0x1f0 [ 156.898809][ T6583] gup_vma_lookup+0x1d2/0x220 [ 156.898863][ T6583] __get_user_pages+0x234/0x36f0 [ 156.898931][ T6583] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 156.898976][ T6583] ? look_up_lock_class+0x59/0x150 [ 156.899024][ T6583] ? __pfx___get_user_pages+0x10/0x10 [ 156.899076][ T6583] ? process_vm_rw+0x216/0x2c0 [ 156.899115][ T6583] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 156.899158][ T6583] ? do_syscall_64+0xcd/0x230 [ 156.899219][ T6583] __gup_longterm_locked+0x20d/0x1850 [ 156.899284][ T6583] ? __pfx___gup_longterm_locked+0x10/0x10 [ 156.899362][ T6583] pin_user_pages_remote+0xed/0x140 [ 156.899397][ T6583] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 156.899428][ T6583] ? mm_access+0x22d/0x2e0 [ 156.899493][ T6583] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 156.899542][ T6583] ? futex_wait_queue+0x14c/0x220 [ 156.899578][ T6583] ? futex_unqueue+0xba/0x140 [ 156.899617][ T6583] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 156.899656][ T6583] ? iovec_from_user+0xbb/0x140 [ 156.899697][ T6583] ? iovec_from_user+0xbb/0x140 [ 156.899726][ T6583] process_vm_rw+0x216/0x2c0 [ 156.899763][ T6583] ? __pfx_process_vm_rw+0x10/0x10 [ 156.899806][ T6583] ? task_mm_cid_work+0x6b9/0x910 [ 156.899862][ T6583] ? xfd_validate_state+0x5d/0x180 [ 156.899897][ T6583] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 156.899934][ T6583] ? do_syscall_64+0x91/0x230 [ 156.899975][ T6583] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.900014][ T6583] do_syscall_64+0xcd/0x230 [ 156.900058][ T6583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.900085][ T6583] RIP: 0033:0x7fd316f8e969 [ 156.900107][ T6583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.900133][ T6583] RSP: 002b:00007fd317d72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 156.900158][ T6583] RAX: ffffffffffffffda RBX: 00007fd3171b6080 RCX: 00007fd316f8e969 [ 156.900178][ T6583] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 00000000000000af [ 156.900198][ T6583] RBP: 00007fd317010ab1 R08: 0000000000000003 R09: 0000000000000000 [ 156.900216][ T6583] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 156.900232][ T6583] R13: 0000000000000000 R14: 00007fd3171b6080 R15: 00007ffd8c5dcd38 [ 156.900266][ T6583] [ 158.494182][ T6616] netlink: 'syz.1.184': attribute type 16 has an invalid length. [ 158.502206][ T6616] netlink: 326 bytes leftover after parsing attributes in process `syz.1.184'. [ 159.063512][ T6622] sock: sock_timestamping_bind_phc: sock not bind to device [ 159.931256][ T6641] netlink: 504 bytes leftover after parsing attributes in process `syz.2.192'. [ 160.332927][ T6651] netlink: 'syz.2.193': attribute type 16 has an invalid length. [ 160.340932][ T6651] netlink: 326 bytes leftover after parsing attributes in process `syz.2.193'. [ 160.693159][ T6618] kexec: Could not allocate control_code_buffer [ 161.090114][ T30] audit: type=1800 audit(6042401349.722:2): pid=6659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.195" name="dbroot" dev="configfs" ino=11803 res=0 errno=0 [ 161.402625][ T6664] FAULT_INJECTION: forcing a failure. [ 161.402625][ T6664] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 161.432313][ T6664] CPU: 0 UID: 0 PID: 6664 Comm: syz.0.198 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 161.432382][ T6664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.432409][ T6664] Call Trace: [ 161.432426][ T6664] [ 161.432444][ T6664] dump_stack_lvl+0x16c/0x1f0 [ 161.432523][ T6664] should_fail_ex+0x512/0x640 [ 161.432609][ T6664] _copy_from_iter+0x2a4/0x15b0 [ 161.432690][ T6664] ? __alloc_skb+0x200/0x380 [ 161.432725][ T6664] ? __pfx__copy_from_iter+0x10/0x10 [ 161.432776][ T6664] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 161.432815][ T6664] ? __lock_acquire+0xaa4/0x1ba0 [ 161.432863][ T6664] netlink_sendmsg+0x829/0xdd0 [ 161.432939][ T6664] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.432994][ T6664] ____sys_sendmsg+0xa98/0xc70 [ 161.433039][ T6664] ? copy_msghdr_from_user+0x10a/0x160 [ 161.433074][ T6664] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.433136][ T6664] ___sys_sendmsg+0x134/0x1d0 [ 161.433174][ T6664] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.433263][ T6664] __sys_sendmsg+0x16d/0x220 [ 161.433300][ T6664] ? __pfx___sys_sendmsg+0x10/0x10 [ 161.433348][ T6664] ? rcu_is_watching+0x12/0xc0 [ 161.433386][ T6664] do_syscall_64+0xcd/0x230 [ 161.433436][ T6664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.433466][ T6664] RIP: 0033:0x7f8c4bf8e969 [ 161.433488][ T6664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.433516][ T6664] RSP: 002b:00007f8c4cea9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.433543][ T6664] RAX: ffffffffffffffda RBX: 00007f8c4c1b5fa0 RCX: 00007f8c4bf8e969 [ 161.433563][ T6664] RDX: 0000000020000080 RSI: 0000200000002540 RDI: 0000000000000004 [ 161.433581][ T6664] RBP: 00007f8c4cea9090 R08: 0000000000000000 R09: 0000000000000000 [ 161.433599][ T6664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.433615][ T6664] R13: 0000000000000000 R14: 00007f8c4c1b5fa0 R15: 00007ffed4481508 [ 161.433653][ T6664] [ 162.336955][ T6677] netlink: 330 bytes leftover after parsing attributes in process `syz.0.200'. [ 162.393096][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 162.830356][ T6665] Process accounting paused [ 163.361399][ T6683] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'. [ 166.737682][ T6724] kexec: Could not allocate control_code_buffer [ 167.383083][ T6749] can: request_module (can-proto-0) failed. [ 168.211715][ T6759] could not allocate digest TFM handle binfmt_misc [ 168.556303][ T6775] netlink: 28 bytes leftover after parsing attributes in process `syz.2.224'. [ 168.643258][ T6775] team0: Port device team_slave_0 removed [ 172.242038][ T6845] : Can't lookup blockdev [ 172.275510][ T6845] FAULT_INJECTION: forcing a failure. [ 172.275510][ T6845] name failslab, interval 1, probability 0, space 0, times 0 [ 172.288356][ T6845] CPU: 0 UID: 0 PID: 6845 Comm: syz.2.243 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 172.288404][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.288425][ T6845] Call Trace: [ 172.288436][ T6845] [ 172.288449][ T6845] dump_stack_lvl+0x16c/0x1f0 [ 172.288513][ T6845] should_fail_ex+0x512/0x640 [ 172.288565][ T6845] ? __kvmalloc_node_noprof+0x122/0x600 [ 172.288607][ T6845] should_failslab+0xc2/0x120 [ 172.288649][ T6845] __kvmalloc_node_noprof+0x135/0x600 [ 172.288684][ T6845] ? rcu_is_watching+0x12/0xc0 [ 172.288717][ T6845] ? kfree+0x252/0x4d0 [ 172.288741][ T6845] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 172.288781][ T6845] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 172.288811][ T6845] snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 172.288850][ T6845] snd_pcm_plug_alloc+0x146/0x330 [ 172.288883][ T6845] snd_pcm_oss_change_params_locked+0x19b8/0x3b40 [ 172.288958][ T6845] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 172.289044][ T6845] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 172.289112][ T6845] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 172.289174][ T6845] ? hook_file_ioctl_common+0x145/0x410 [ 172.289218][ T6845] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 172.289292][ T6845] ? __fget_files+0x20e/0x3c0 [ 172.289326][ T6845] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 172.289379][ T6845] __x64_sys_ioctl+0x193/0x200 [ 172.289428][ T6845] do_syscall_64+0xcd/0x230 [ 172.289490][ T6845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.289523][ T6845] RIP: 0033:0x7f8d1fb8e969 [ 172.289550][ T6845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.289580][ T6845] RSP: 002b:00007f8d2098f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.289611][ T6845] RAX: ffffffffffffffda RBX: 00007f8d1fdb5fa0 RCX: 00007f8d1fb8e969 [ 172.289634][ T6845] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 172.289653][ T6845] RBP: 00007f8d1fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 172.289673][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.289693][ T6845] R13: 0000000000000000 R14: 00007f8d1fdb5fa0 R15: 00007ffda3707088 [ 172.289736][ T6845] [ 172.509695][ C0] vkms_vblank_simulate: vblank timer overrun [ 173.147962][ T30] audit: type=1800 audit(4294967307.109:3): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.244" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 173.672402][ T6878] FAULT_INJECTION: forcing a failure. [ 173.672402][ T6878] name failslab, interval 1, probability 0, space 0, times 0 [ 173.710612][ T6878] CPU: 1 UID: 0 PID: 6878 Comm: syz.1.252 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 173.710655][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.710674][ T6878] Call Trace: [ 173.710684][ T6878] [ 173.710696][ T6878] dump_stack_lvl+0x16c/0x1f0 [ 173.710765][ T6878] should_fail_ex+0x512/0x640 [ 173.710821][ T6878] should_failslab+0xc2/0x120 [ 173.710863][ T6878] __kmalloc_cache_noprof+0x6a/0x3e0 [ 173.710898][ T6878] ? nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 173.710942][ T6878] nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 173.710980][ T6878] notifier_call_chain+0xbc/0x410 [ 173.711019][ T6878] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10 [ 173.711068][ T6878] blocking_notifier_call_chain+0x69/0xa0 [ 173.711115][ T6878] netlink_release+0x186b/0x2020 [ 173.711166][ T6878] ? netlink_release+0x1de/0x2020 [ 173.711213][ T6878] ? __pfx_netlink_release+0x10/0x10 [ 173.711261][ T6878] ? __pfx_locks_remove_file+0x10/0x10 [ 173.711325][ T6878] __sock_release+0xb0/0x270 [ 173.711371][ T6878] ? __pfx_sock_close+0x10/0x10 [ 173.711411][ T6878] sock_close+0x1c/0x30 [ 173.711450][ T6878] __fput+0x3ff/0xb70 [ 173.711504][ T6878] task_work_run+0x14d/0x240 [ 173.711556][ T6878] ? __pfx_task_work_run+0x10/0x10 [ 173.711608][ T6878] ? __pfx___do_sys_close_range+0x10/0x10 [ 173.711641][ T6878] ? rcu_is_watching+0x12/0xc0 [ 173.711680][ T6878] syscall_exit_to_user_mode+0x27b/0x2a0 [ 173.711732][ T6878] do_syscall_64+0xda/0x230 [ 173.711786][ T6878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.711818][ T6878] RIP: 0033:0x7fae3f38e969 [ 173.711843][ T6878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.711874][ T6878] RSP: 002b:00007fae40260038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 173.711903][ T6878] RAX: 0000000000000000 RBX: 00007fae3f5b6080 RCX: 00007fae3f38e969 [ 173.711923][ T6878] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 173.711941][ T6878] RBP: 00007fae40260090 R08: 0000000000000000 R09: 0000000000000000 [ 173.711959][ T6878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.711978][ T6878] R13: 0000000000000000 R14: 00007fae3f5b6080 R15: 00007ffcc80cbb88 [ 173.712021][ T6878] [ 174.373887][ T6889] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 174.972341][ T6903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.263'. [ 175.182416][ T6892] FAULT_INJECTION: forcing a failure. [ 175.182416][ T6892] name failslab, interval 1, probability 0, space 0, times 0 [ 175.267260][ T6892] CPU: 1 UID: 0 PID: 6892 Comm: syz.1.259 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 175.267310][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.267329][ T6892] Call Trace: [ 175.267341][ T6892] [ 175.267353][ T6892] dump_stack_lvl+0x16c/0x1f0 [ 175.267412][ T6892] should_fail_ex+0x512/0x640 [ 175.267462][ T6892] ? fs_reclaim_acquire+0xae/0x150 [ 175.267519][ T6892] should_failslab+0xc2/0x120 [ 175.267563][ T6892] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 175.267604][ T6892] ? security_inode_alloc+0x3b/0x2b0 [ 175.267652][ T6892] security_inode_alloc+0x3b/0x2b0 [ 175.267694][ T6892] inode_init_always_gfp+0xce4/0x1030 [ 175.267734][ T6892] alloc_inode+0x86/0x240 [ 175.267777][ T6892] new_inode+0x22/0x1c0 [ 175.267823][ T6892] __rpc_create_common+0x57/0x2f0 [ 175.267880][ T6892] rpc_mkpipe_dentry+0x12b/0x400 [ 175.267936][ T6892] rpc_fill_super+0x4b5/0x840 [ 175.267987][ T6892] ? sget_fc+0x808/0xc20 [ 175.268033][ T6892] ? __pfx_rpc_fill_super+0x10/0x10 [ 175.268083][ T6892] get_tree_keyed+0x10b/0x1d0 [ 175.268117][ T6892] vfs_get_tree+0x8b/0x340 [ 175.268166][ T6892] vfs_cmd_create+0xd7/0x2a0 [ 175.268207][ T6892] __do_sys_fsconfig+0x7b8/0xbe0 [ 175.268250][ T6892] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 175.268292][ T6892] ? xfd_validate_state+0x5d/0x180 [ 175.268327][ T6892] ? rcu_is_watching+0x12/0xc0 [ 175.268372][ T6892] do_syscall_64+0xcd/0x230 [ 175.268427][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.268460][ T6892] RIP: 0033:0x7fae3f38e969 [ 175.268487][ T6892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.268518][ T6892] RSP: 002b:00007fae40281038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 175.268549][ T6892] RAX: ffffffffffffffda RBX: 00007fae3f5b5fa0 RCX: 00007fae3f38e969 [ 175.268570][ T6892] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 175.268589][ T6892] RBP: 00007fae3f410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 175.268609][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.268628][ T6892] R13: 0000000000000000 R14: 00007fae3f5b5fa0 R15: 00007ffcc80cbb88 [ 175.268671][ T6892] [ 175.268738][ T6892] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd [ 175.520656][ T6892] net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12) [ 176.570944][ T6914] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 176.577495][ T6914] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 176.589228][ T6914] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 176.599461][ T6914] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 176.606301][ T6914] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 176.616726][ T6914] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 176.625786][ T6914] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 176.632131][ T6914] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 176.639491][ T6914] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 176.647370][ T6914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 176.653534][ T6914] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 176.666579][ T6914] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 176.920192][ T6938] netlink: 'syz.2.272': attribute type 16 has an invalid length. [ 176.932402][ T6936] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 176.937792][ T6938] netlink: 326 bytes leftover after parsing attributes in process `syz.2.272'. [ 176.961716][ T6936] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 176.995706][ T6936] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 177.005592][ T6936] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 177.014833][ T6936] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 177.024109][ T6936] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 177.050740][ T6936] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 177.073871][ T6936] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 177.133378][ T6936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 177.203162][ T6936] page dumped because: unmovable page [ 177.210456][ T6936] page_owner tracks the page as allocated [ 177.250187][ T6936] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 102593425981, free_ts 102589474733 [ 177.307020][ T6936] post_alloc_hook+0x181/0x1b0 [ 177.312289][ T6941] could not allocate digest TFM handle binfmt_misc [ 177.312306][ T6936] get_page_from_freelist+0x135c/0x3920 [ 177.328319][ T6936] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 177.334452][ T6936] alloc_pages_mpol+0x1fb/0x550 [ 177.339588][ T6936] alloc_pages_noprof+0x131/0x390 [ 177.372165][ T6936] skb_page_frag_refill+0x186/0x5a0 [ 177.389125][ T6936] try_fill_recv+0x79c/0x2690 [ 177.399957][ T6936] virtnet_poll+0x1e23/0x3c00 [ 177.410654][ T6936] __napi_poll.constprop.0+0xb7/0x550 [ 177.421805][ T6936] net_rx_action+0xa97/0x1010 [ 177.451347][ T6936] handle_softirqs+0x219/0x8e0 [ 177.479826][ T6936] __irq_exit_rcu+0x109/0x170 [ 177.508382][ T6936] irq_exit_rcu+0x9/0x30 [ 177.535078][ T6936] common_interrupt+0xbf/0xe0 [ 177.550064][ T6936] asm_common_interrupt+0x26/0x40 [ 177.573077][ T6936] page last free pid 0 tgid 0 stack trace: [ 177.605189][ T6936] __free_frozen_pages+0x69d/0xff0 [ 177.638969][ T6936] __folio_put+0x329/0x450 [ 177.659082][ T6936] page_to_skb+0xa23/0xc50 [ 177.668991][ T6936] receive_buf+0x75e/0x3fe0 [ 177.676932][ T6954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.690366][ T6936] virtnet_poll+0x10d6/0x3c00 [ 177.696083][ T6936] __napi_poll.constprop.0+0xb7/0x550 [ 177.710032][ T6936] net_rx_action+0xa97/0x1010 [ 177.768845][ T6936] handle_softirqs+0x219/0x8e0 [ 177.789150][ T6936] __irq_exit_rcu+0x109/0x170 [ 177.841432][ T6936] irq_exit_rcu+0x9/0x30 [ 177.850849][ T6936] common_interrupt+0xbf/0xe0 [ 177.912408][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 177.942848][ T6936] asm_common_interrupt+0x26/0x40 [ 178.169290][ T6961] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 178.188058][ T6961] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.206529][ T6961] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 178.215672][ T6961] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.236712][ T6961] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 178.306963][ T6965] FAULT_INJECTION: forcing a failure. [ 178.306963][ T6965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.325284][ T6961] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.335695][ T6965] CPU: 0 UID: 0 PID: 6965 Comm: syz.0.279 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 178.335736][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.335754][ T6965] Call Trace: [ 178.335765][ T6965] [ 178.335776][ T6965] dump_stack_lvl+0x16c/0x1f0 [ 178.335828][ T6965] should_fail_ex+0x512/0x640 [ 178.335883][ T6965] _copy_to_user+0x32/0xd0 [ 178.335916][ T6965] simple_read_from_buffer+0xcb/0x170 [ 178.335969][ T6965] proc_fail_nth_read+0x197/0x270 [ 178.336025][ T6965] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.336074][ T6965] ? rw_verify_area+0xcf/0x680 [ 178.336122][ T6965] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.336170][ T6965] vfs_read+0x1de/0xc70 [ 178.336208][ T6965] ? __pfx___mutex_lock+0x10/0x10 [ 178.336258][ T6965] ? __pfx_vfs_read+0x10/0x10 [ 178.336312][ T6965] ? __fget_files+0x20e/0x3c0 [ 178.336353][ T6965] ksys_read+0x12a/0x240 [ 178.336383][ T6965] ? __pfx_ksys_read+0x10/0x10 [ 178.336426][ T6965] do_syscall_64+0xcd/0x230 [ 178.336477][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.336508][ T6965] RIP: 0033:0x7f8c4bf8d37c [ 178.336532][ T6965] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 178.336562][ T6965] RSP: 002b:00007f8c4cea9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 178.336589][ T6965] RAX: ffffffffffffffda RBX: 00007f8c4c1b5fa0 RCX: 00007f8c4bf8d37c [ 178.336609][ T6965] RDX: 000000000000000f RSI: 00007f8c4cea90a0 RDI: 0000000000000004 [ 178.336627][ T6965] RBP: 00007f8c4cea9090 R08: 0000000000000000 R09: 0000000000000000 [ 178.336646][ T6965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.336662][ T6965] R13: 0000000000000000 R14: 00007f8c4c1b5fa0 R15: 00007ffed4481508 [ 178.336702][ T6965] [ 178.650058][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.660596][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.663315][ T6961] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 178.696563][ T6961] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 178.711066][ T6961] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 178.719957][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.720434][ T6961] page dumped because: unmovable page [ 178.729345][ T6969] FAULT_INJECTION: forcing a failure. [ 178.729345][ T6969] name failslab, interval 1, probability 0, space 0, times 0 [ 178.736350][ T6961] page_owner tracks the page as allocated [ 178.762958][ T6969] CPU: 0 UID: 0 PID: 6969 Comm: syz.0.282 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 178.763014][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.763034][ T6969] Call Trace: [ 178.763045][ T6969] [ 178.763058][ T6969] dump_stack_lvl+0x16c/0x1f0 [ 178.763116][ T6969] should_fail_ex+0x512/0x640 [ 178.763165][ T6969] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 178.763214][ T6969] should_failslab+0xc2/0x120 [ 178.763257][ T6969] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 178.763303][ T6969] ? drm_atomic_get_connector_state+0x231/0x740 [ 178.763361][ T6969] krealloc_noprof+0x1fb/0x380 [ 178.763408][ T6969] drm_atomic_get_connector_state+0x231/0x740 [ 178.763469][ T6969] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 178.763526][ T6969] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 178.763576][ T6969] ? ww_mutex_lock+0x37/0x160 [ 178.763637][ T6969] ? modeset_lock+0x114/0x6e0 [ 178.763681][ T6969] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 178.763739][ T6969] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 178.763797][ T6969] ? drm_client_rotation+0x4d9/0x6a0 [ 178.763850][ T6969] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 178.763913][ T6969] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 178.764018][ T6969] drm_client_modeset_commit_locked+0x14d/0x580 [ 178.764073][ T6969] drm_client_modeset_commit+0x4f/0x80 [ 178.764120][ T6969] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 178.764165][ T6969] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 178.764221][ T6969] drm_fbdev_client_restore+0x2c/0x40 [ 178.764280][ T6969] drm_client_dev_restore+0x1f3/0x2a0 [ 178.764334][ T6969] drm_release+0x2c4/0x360 [ 178.764380][ T6969] ? __pfx_drm_release+0x10/0x10 [ 178.764419][ T6969] __fput+0x3ff/0xb70 [ 178.764475][ T6969] task_work_run+0x14d/0x240 [ 178.764531][ T6969] ? __pfx_task_work_run+0x10/0x10 [ 178.764586][ T6969] ? __pfx___do_sys_close_range+0x10/0x10 [ 178.764619][ T6969] ? rcu_is_watching+0x12/0xc0 [ 178.764661][ T6969] syscall_exit_to_user_mode+0x27b/0x2a0 [ 178.764716][ T6969] do_syscall_64+0xda/0x230 [ 178.764772][ T6969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.764806][ T6969] RIP: 0033:0x7f8c4bf8e969 [ 178.764833][ T6969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.764865][ T6969] RSP: 002b:00007f8c4cea9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 178.764896][ T6969] RAX: 0000000000000000 RBX: 00007f8c4c1b5fa0 RCX: 00007f8c4bf8e969 [ 178.764916][ T6969] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 178.764936][ T6969] RBP: 00007f8c4c010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 178.764955][ T6969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.764975][ T6969] R13: 0000000000000000 R14: 00007f8c4c1b5fa0 R15: 00007ffed4481508 [ 178.765027][ T6969] [ 179.097259][ T6961] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 102593425981, free_ts 102589474733 [ 179.164073][ T6961] post_alloc_hook+0x181/0x1b0 [ 179.169110][ T6961] get_page_from_freelist+0x135c/0x3920 [ 179.174810][ T6961] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 179.181223][ T6961] alloc_pages_mpol+0x1fb/0x550 [ 179.186303][ T6961] alloc_pages_noprof+0x131/0x390 [ 179.191549][ T6961] skb_page_frag_refill+0x186/0x5a0 [ 179.196921][ T6961] try_fill_recv+0x79c/0x2690 [ 179.201845][ T6961] virtnet_poll+0x1e23/0x3c00 [ 179.210378][ T6961] __napi_poll.constprop.0+0xb7/0x550 [ 179.216086][ T6961] net_rx_action+0xa97/0x1010 [ 179.222040][ T6961] handle_softirqs+0x219/0x8e0 [ 179.230642][ T6961] __irq_exit_rcu+0x109/0x170 [ 179.230690][ T6961] irq_exit_rcu+0x9/0x30 [ 179.230728][ T6961] common_interrupt+0xbf/0xe0 [ 179.230766][ T6961] asm_common_interrupt+0x26/0x40 [ 179.230800][ T6961] page last free pid 0 tgid 0 stack trace: [ 179.230820][ T6961] __free_frozen_pages+0x69d/0xff0 [ 179.230853][ T6961] __folio_put+0x329/0x450 [ 179.230898][ T6961] page_to_skb+0xa23/0xc50 [ 179.230944][ T6961] receive_buf+0x75e/0x3fe0 [ 179.230997][ T6961] virtnet_poll+0x10d6/0x3c00 [ 179.231040][ T6961] __napi_poll.constprop.0+0xb7/0x550 [ 179.231078][ T6961] net_rx_action+0xa97/0x1010 [ 179.231111][ T6961] handle_softirqs+0x219/0x8e0 [ 179.231147][ T6961] __irq_exit_rcu+0x109/0x170 [ 179.231184][ T6961] irq_exit_rcu+0x9/0x30 [ 179.231221][ T6961] common_interrupt+0xbf/0xe0 [ 179.231256][ T6961] asm_common_interrupt+0x26/0x40 [ 179.993760][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 180.714433][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 180.720617][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 180.793926][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 181.542267][ T6981] kexec: Could not allocate control_code_buffer [ 182.049597][ T7022] : Can't lookup blockdev [ 182.066405][ T7022] FAULT_INJECTION: forcing a failure. [ 182.066405][ T7022] name failslab, interval 1, probability 0, space 0, times 0 [ 182.079835][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 182.104469][ T7022] CPU: 1 UID: 0 PID: 7022 Comm: syz.1.295 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 182.104514][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.104533][ T7022] Call Trace: [ 182.104543][ T7022] [ 182.104554][ T7022] dump_stack_lvl+0x16c/0x1f0 [ 182.104612][ T7022] should_fail_ex+0x512/0x640 [ 182.104661][ T7022] ? __kmalloc_noprof+0xbf/0x510 [ 182.104703][ T7022] ? snd_pcm_plugin_build+0x64/0x650 [ 182.104734][ T7022] should_failslab+0xc2/0x120 [ 182.104788][ T7022] __kmalloc_noprof+0xd2/0x510 [ 182.104828][ T7022] ? __mutex_unlock_slowpath+0x131/0x6a0 [ 182.104890][ T7022] snd_pcm_plugin_build+0x64/0x650 [ 182.104922][ T7022] ? snd_pcm_plugin_build+0x4b7/0x650 [ 182.104959][ T7022] snd_pcm_plugin_build_linear+0x29d/0x850 [ 182.105002][ T7022] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 182.105047][ T7022] ? snd_pcm_hw_params+0xcd/0x1b40 [ 182.105088][ T7022] snd_pcm_plug_format_plugins+0x614/0x1430 [ 182.105129][ T7022] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 182.105172][ T7022] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 182.105240][ T7022] snd_pcm_oss_change_params_locked+0x2eeb/0x3b40 [ 182.105317][ T7022] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 182.105408][ T7022] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 182.105469][ T7022] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 182.105525][ T7022] ? hook_file_ioctl_common+0x145/0x410 [ 182.105568][ T7022] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 182.105625][ T7022] ? __fget_files+0x20e/0x3c0 [ 182.105663][ T7022] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 182.105720][ T7022] __x64_sys_ioctl+0x193/0x200 [ 182.105779][ T7022] do_syscall_64+0xcd/0x230 [ 182.105836][ T7022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.105870][ T7022] RIP: 0033:0x7fae3f38e969 [ 182.105897][ T7022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.105929][ T7022] RSP: 002b:00007fae40281038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.105961][ T7022] RAX: ffffffffffffffda RBX: 00007fae3f5b5fa0 RCX: 00007fae3f38e969 [ 182.105983][ T7022] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 182.106003][ T7022] RBP: 00007fae3f410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 182.106023][ T7022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.106043][ T7022] R13: 0000000000000000 R14: 00007fae3f5b5fa0 R15: 00007ffcc80cbb88 [ 182.106086][ T7022] [ 182.110543][ T7024] netlink: 'syz.0.296': attribute type 16 has an invalid length. [ 182.371238][ T7024] netlink: 326 bytes leftover after parsing attributes in process `syz.0.296'. [ 182.381099][ T7024] veth1_macvtap: left promiscuous mode [ 182.795077][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 182.795176][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 182.874952][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 183.852997][ T7059] netlink: 326 bytes leftover after parsing attributes in process `syz.0.305'. [ 184.837929][ T7062] FAULT_INJECTION: forcing a failure. [ 184.837929][ T7062] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 184.923857][ T7061] syz.2.304 (7061): /proc/7058/oom_adj is deprecated, please use /proc/7058/oom_score_adj instead. [ 184.968468][ T7062] CPU: 0 UID: 0 PID: 7062 Comm: syz.3.303 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 184.968518][ T7062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.968538][ T7062] Call Trace: [ 184.968549][ T7062] [ 184.968561][ T7062] dump_stack_lvl+0x16c/0x1f0 [ 184.968620][ T7062] should_fail_ex+0x512/0x640 [ 184.968679][ T7062] should_fail_alloc_page+0xe7/0x130 [ 184.968727][ T7062] prepare_alloc_pages+0x3c2/0x610 [ 184.968787][ T7062] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 184.968833][ T7062] ? folio_remove_rmap_ptes+0x138/0x970 [ 184.968870][ T7062] ? noop_dirty_folio+0x5e/0xb0 [ 184.968924][ T7062] ? try_to_migrate_one+0x13d8/0x3380 [ 184.968967][ T7062] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 184.969015][ T7062] ? __pfx_try_to_migrate_one+0x10/0x10 [ 184.969063][ T7062] ? __up_read+0x1f8/0x750 [ 184.969114][ T7062] ? __pfx___up_read+0x10/0x10 [ 184.969165][ T7062] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 184.969215][ T7062] ? policy_nodemask+0xea/0x4e0 [ 184.969262][ T7062] alloc_pages_mpol+0x1fb/0x550 [ 184.969309][ T7062] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 184.969364][ T7062] folio_alloc_mpol_noprof+0x36/0x2f0 [ 184.969433][ T7062] alloc_migration_target_by_mpol+0x246/0x490 [ 184.969487][ T7062] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 184.969537][ T7062] ? __pfx___might_resched+0x10/0x10 [ 184.969582][ T7062] migrate_pages_batch+0x3bc/0x31a0 [ 184.969633][ T7062] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 184.969698][ T7062] ? __pfx_migrate_pages_batch+0x10/0x10 [ 184.969753][ T7062] ? __pfx_walk_pgd_range+0x10/0x10 [ 184.969800][ T7062] migrate_pages_sync+0x12d/0x8a0 [ 184.969850][ T7062] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 184.969908][ T7062] ? queue_pages_test_walk+0x279/0x410 [ 184.969950][ T7062] ? __pfx_find_vma+0x10/0x10 [ 184.969996][ T7062] ? __pfx_migrate_pages_sync+0x10/0x10 [ 184.970057][ T7062] migrate_pages+0x1b28/0x2350 [ 184.970108][ T7062] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 184.970169][ T7062] ? __pfx_migrate_pages+0x10/0x10 [ 184.970218][ T7062] ? find_held_lock+0x2b/0x80 [ 184.970262][ T7062] ? up_write+0x1b2/0x520 [ 184.970313][ T7062] do_mbind+0x6f0/0xf30 [ 184.970371][ T7062] ? __pfx_do_mbind+0x10/0x10 [ 184.970430][ T7062] ? do_writev+0x218/0x330 [ 184.970475][ T7062] ? __pfx_get_nodes+0x10/0x10 [ 184.970518][ T7062] kernel_mbind+0x1e3/0x1f0 [ 184.970562][ T7062] ? __pfx_kernel_mbind+0x10/0x10 [ 184.970597][ T7062] ? rcu_is_watching+0x12/0xc0 [ 184.970635][ T7062] do_syscall_64+0xcd/0x230 [ 184.970682][ T7062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.970711][ T7062] RIP: 0033:0x7fd316f8e969 [ 184.970734][ T7062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.970765][ T7062] RSP: 002b:00007fd317d72038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 184.970794][ T7062] RAX: ffffffffffffffda RBX: 00007fd3171b6080 RCX: 00007fd316f8e969 [ 184.970815][ T7062] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 184.970835][ T7062] RBP: 00007fd317010ab1 R08: 0000000000000006 R09: 0000000000000002 [ 184.970855][ T7062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.970874][ T7062] R13: 0000000000000000 R14: 00007fd3171b6080 R15: 00007ffd8c5dcd38 [ 184.970915][ T7062] [ 185.627914][ T7085] random: crng reseeded on system resumption [ 185.826939][ T7084] bond0: option all_slaves_active: invalid value () [ 189.534415][ T7127] netlink: 330 bytes leftover after parsing attributes in process `syz.1.318'. [ 190.253501][ T7148] netlink: 'syz.1.325': attribute type 16 has an invalid length. [ 190.278837][ T7148] netlink: 326 bytes leftover after parsing attributes in process `syz.1.325'. [ 190.288387][ T7146] FAULT_INJECTION: forcing a failure. [ 190.288387][ T7146] name fail_futex, interval 1, probability 0, space 0, times 1 [ 190.326042][ T7146] CPU: 1 UID: 0 PID: 7146 Comm: syz.2.324 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 190.326087][ T7146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.326101][ T7146] Call Trace: [ 190.326108][ T7146] [ 190.326117][ T7146] dump_stack_lvl+0x16c/0x1f0 [ 190.326157][ T7146] should_fail_ex+0x512/0x640 [ 190.326196][ T7146] get_futex_key+0x49e/0x1000 [ 190.326225][ T7146] ? __pfx_get_futex_key+0x10/0x10 [ 190.326246][ T7146] ? kasan_save_free_info+0x3b/0x60 [ 190.326283][ T7146] ? kmem_cache_free+0x2d4/0x4d0 [ 190.326308][ T7146] ? getname_flags.part.0+0x24c/0x550 [ 190.326339][ T7146] ? getname_flags+0x93/0xf0 [ 190.326373][ T7146] ? __x64_sys_symlink+0x65/0x90 [ 190.326398][ T7146] ? do_syscall_64+0xcd/0x230 [ 190.326433][ T7146] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.326463][ T7146] futex_wake+0xe7/0x4e0 [ 190.326496][ T7146] ? __pfx_futex_wake+0x10/0x10 [ 190.326539][ T7146] do_futex+0x1e3/0x350 [ 190.326565][ T7146] ? __pfx_do_futex+0x10/0x10 [ 190.326590][ T7146] ? rcu_is_watching+0x12/0xc0 [ 190.326612][ T7146] ? kasan_quarantine_put+0x10a/0x240 [ 190.326636][ T7146] ? lockdep_hardirqs_on+0x7c/0x110 [ 190.326674][ T7146] __x64_sys_futex+0x1e0/0x4c0 [ 190.326705][ T7146] ? __pfx___x64_sys_futex+0x10/0x10 [ 190.326732][ T7146] ? getname_flags.part.0+0x1c5/0x550 [ 190.326762][ T7146] ? rcu_is_watching+0x12/0xc0 [ 190.326792][ T7146] do_syscall_64+0xcd/0x230 [ 190.326830][ T7146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.326853][ T7146] RIP: 0033:0x7f8d1fb8e969 [ 190.326871][ T7146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.326894][ T7146] RSP: 002b:00007f8d2098f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 190.326915][ T7146] RAX: ffffffffffffffda RBX: 00007f8d1fdb5fa8 RCX: 00007f8d1fb8e969 [ 190.326930][ T7146] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8d1fdb5fac [ 190.326944][ T7146] RBP: 00007f8d1fdb5fa0 R08: 00007f8d20990000 R09: 0000000000000000 [ 190.326959][ T7146] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8d1fdb5fac [ 190.326974][ T7146] R13: 0000000000000000 R14: 00007ffda3706fa0 R15: 00007ffda3707088 [ 190.327002][ T7146] [ 190.938333][ T7155] FAULT_INJECTION: forcing a failure. [ 190.938333][ T7155] name failslab, interval 1, probability 0, space 0, times 0 [ 191.055954][ T7155] CPU: 1 UID: 0 PID: 7155 Comm: syz.3.327 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 191.055998][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.056016][ T7155] Call Trace: [ 191.056026][ T7155] [ 191.056038][ T7155] dump_stack_lvl+0x16c/0x1f0 [ 191.056091][ T7155] should_fail_ex+0x512/0x640 [ 191.056143][ T7155] should_failslab+0xc2/0x120 [ 191.056185][ T7155] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 191.056225][ T7155] ? skb_clone+0x190/0x3f0 [ 191.056272][ T7155] skb_clone+0x190/0x3f0 [ 191.056314][ T7155] netlink_deliver_tap+0xabd/0xd30 [ 191.056357][ T7155] ? __pfx_rtnl_stats_dump+0x10/0x10 [ 191.056406][ T7155] netlink_dump+0x638/0xd00 [ 191.056453][ T7155] ? __pfx_netlink_dump+0x10/0x10 [ 191.056492][ T7155] ? __pfx___skb_recv_datagram+0x10/0x10 [ 191.056546][ T7155] ? skb_recv_datagram+0x88/0xc0 [ 191.056592][ T7155] netlink_recvmsg+0xa15/0xf20 [ 191.056635][ T7155] ? __pfx_netlink_recvmsg+0x10/0x10 [ 191.056671][ T7155] ? aa_sk_perm+0x2f4/0xb10 [ 191.056713][ T7155] ? __lock_acquire+0xaa4/0x1ba0 [ 191.056758][ T7155] ? __pfx_aa_sk_perm+0x10/0x10 [ 191.056795][ T7155] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 191.056851][ T7155] sock_recvmsg+0x1f9/0x250 [ 191.056910][ T7155] ____sys_recvmsg+0x218/0x6b0 [ 191.056968][ T7155] ? __pfx_____sys_recvmsg+0x10/0x10 [ 191.057034][ T7155] ? __lock_acquire+0x5ca/0x1ba0 [ 191.057085][ T7155] ___sys_recvmsg+0x114/0x1a0 [ 191.057126][ T7155] ? __pfx____sys_recvmsg+0x10/0x10 [ 191.057171][ T7155] ? find_held_lock+0x2b/0x80 [ 191.057231][ T7155] do_recvmmsg+0x2fe/0x740 [ 191.057276][ T7155] ? __pfx_do_recvmmsg+0x10/0x10 [ 191.057326][ T7155] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 191.057391][ T7155] ? __fget_files+0x20e/0x3c0 [ 191.057432][ T7155] __x64_sys_recvmmsg+0x22a/0x280 [ 191.057477][ T7155] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 191.057517][ T7155] ? rcu_is_watching+0x12/0xc0 [ 191.057561][ T7155] do_syscall_64+0xcd/0x230 [ 191.057613][ T7155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.057646][ T7155] RIP: 0033:0x7fd316f8e969 [ 191.057671][ T7155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.057702][ T7155] RSP: 002b:00007fd317d93038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 191.057731][ T7155] RAX: ffffffffffffffda RBX: 00007fd3171b5fa0 RCX: 00007fd316f8e969 [ 191.057751][ T7155] RDX: 0000000000000005 RSI: 0000200000000180 RDI: 0000000000000003 [ 191.057769][ T7155] RBP: 00007fd317d93090 R08: 0000000000000000 R09: 0000000000000000 [ 191.057789][ T7155] R10: 00000000000066a6 R11: 0000000000000246 R12: 0000000000000001 [ 191.057808][ T7155] R13: 0000000000000000 R14: 00007fd3171b5fa0 R15: 00007ffd8c5dcd38 [ 191.057851][ T7155] [ 191.901754][ T7161] random: crng reseeded on system resumption [ 192.268741][ T7162] Invalid ELF header magic: != ELF [ 192.277299][ T7157] kexec: Could not allocate control_code_buffer [ 192.728484][ T7173] netlink: 28 bytes leftover after parsing attributes in process `syz.1.332'. [ 193.408463][ T7172] Process accounting resumed [ 193.678980][ T7186] netlink: 330 bytes leftover after parsing attributes in process `syz.3.334'. [ 194.697751][ T7193] netlink: 50 bytes leftover after parsing attributes in process `syz.0.336'. [ 195.288619][ T7209] netlink: 342 bytes leftover after parsing attributes in process `syz.2.342'. [ 195.312199][ T7209] netlink: 198 bytes leftover after parsing attributes in process `syz.2.342'. [ 196.651876][ T7229] syz.1.347(7229): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 197.036112][ T7218] kexec: Could not allocate control_code_buffer [ 198.716582][ T7268] FAULT_INJECTION: forcing a failure. [ 198.716582][ T7268] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 198.846452][ T7268] CPU: 0 UID: 0 PID: 7268 Comm: syz.3.354 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 198.846500][ T7268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.846521][ T7268] Call Trace: [ 198.846532][ T7268] [ 198.846545][ T7268] dump_stack_lvl+0x16c/0x1f0 [ 198.846602][ T7268] should_fail_ex+0x512/0x640 [ 198.846660][ T7268] should_fail_alloc_page+0xe7/0x130 [ 198.846707][ T7268] prepare_alloc_pages+0x3c2/0x610 [ 198.846769][ T7268] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 198.846815][ T7268] ? stack_trace_save+0x8e/0xc0 [ 198.846850][ T7268] ? __pfx_stack_trace_save+0x10/0x10 [ 198.846885][ T7268] ? stack_depot_save_flags+0x28/0xa50 [ 198.846938][ T7268] ? __kernel_text_address+0xd/0x40 [ 198.846976][ T7268] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 198.847015][ T7268] ? kasan_save_track+0x14/0x30 [ 198.847052][ T7268] ? snd_pcm_attach_substream+0x441/0xd60 [ 198.847091][ T7268] ? snd_pcm_oss_open+0x735/0x1400 [ 198.847138][ T7268] ? soundcore_open+0x409/0x580 [ 198.847179][ T7268] ? chrdev_open+0x231/0x6a0 [ 198.847215][ T7268] ? do_dentry_open+0x741/0x1c10 [ 198.847247][ T7268] ? vfs_open+0x82/0x3f0 [ 198.847288][ T7268] ? path_openat+0x1e5e/0x2d40 [ 198.847317][ T7268] ? do_filp_open+0x20b/0x470 [ 198.847397][ T7268] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 198.847450][ T7268] ? policy_nodemask+0xea/0x4e0 [ 198.847497][ T7268] alloc_pages_mpol+0x1fb/0x550 [ 198.847542][ T7268] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 198.847597][ T7268] alloc_pages_noprof+0x131/0x390 [ 198.847642][ T7268] alloc_pages_exact_noprof+0x31/0x90 [ 198.847675][ T7268] snd_pcm_attach_substream+0x468/0xd60 [ 198.847724][ T7268] snd_pcm_open_substream+0x8d/0x17f0 [ 198.847762][ T7268] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 198.847812][ T7268] snd_pcm_oss_open+0x735/0x1400 [ 198.847880][ T7268] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 198.847932][ T7268] ? __lock_acquire+0xaa4/0x1ba0 [ 198.847978][ T7268] ? __pfx_default_wake_function+0x10/0x10 [ 198.848016][ T7268] ? __lock_acquire+0xaa4/0x1ba0 [ 198.848071][ T7268] ? do_raw_spin_lock+0x12c/0x2b0 [ 198.848126][ T7268] ? soundcore_open+0x35a/0x580 [ 198.848172][ T7268] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 198.848226][ T7268] soundcore_open+0x409/0x580 [ 198.848272][ T7268] ? __pfx_soundcore_open+0x10/0x10 [ 198.848316][ T7268] chrdev_open+0x231/0x6a0 [ 198.848353][ T7268] ? __pfx_apparmor_file_open+0x10/0x10 [ 198.848409][ T7268] ? __pfx_chrdev_open+0x10/0x10 [ 198.848450][ T7268] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 198.848513][ T7268] do_dentry_open+0x741/0x1c10 [ 198.848550][ T7268] ? __pfx_chrdev_open+0x10/0x10 [ 198.848597][ T7268] vfs_open+0x82/0x3f0 [ 198.848648][ T7268] path_openat+0x1e5e/0x2d40 [ 198.848700][ T7268] ? __pfx_path_openat+0x10/0x10 [ 198.848747][ T7268] do_filp_open+0x20b/0x470 [ 198.848787][ T7268] ? __pfx_do_filp_open+0x10/0x10 [ 198.848854][ T7268] ? alloc_fd+0x471/0x7d0 [ 198.848898][ T7268] do_sys_openat2+0x11b/0x1d0 [ 198.848946][ T7268] ? __pfx_do_sys_openat2+0x10/0x10 [ 198.849011][ T7268] __x64_sys_openat+0x174/0x210 [ 198.849060][ T7268] ? __pfx___x64_sys_openat+0x10/0x10 [ 198.849112][ T7268] ? rcu_is_watching+0x12/0xc0 [ 198.849157][ T7268] do_syscall_64+0xcd/0x230 [ 198.849213][ T7268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.849247][ T7268] RIP: 0033:0x7fd316f8e969 [ 198.849274][ T7268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.849306][ T7268] RSP: 002b:00007fd317d51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 198.849338][ T7268] RAX: ffffffffffffffda RBX: 00007fd3171b6160 RCX: 00007fd316f8e969 [ 198.849367][ T7268] RDX: 0000000000008000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 198.849389][ T7268] RBP: 00007fd317010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 198.849409][ T7268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.849429][ T7268] R13: 0000000000000000 R14: 00007fd3171b6160 R15: 00007ffd8c5dcd38 [ 198.849472][ T7268] [ 199.248162][ C0] vkms_vblank_simulate: vblank timer overrun [ 199.542088][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.548912][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.026508][ T7288] netlink: 330 bytes leftover after parsing attributes in process `syz.3.360'. [ 200.504820][ T7300] random: crng reseeded on system resumption [ 200.678649][ T7304] Invalid ELF header magic: != ELF [ 203.176249][ T7329] Unable to find swap-space signature [ 204.157996][ T7338] netlink: 330 bytes leftover after parsing attributes in process `syz.2.371'. [ 205.076170][ T7333] kexec: Could not allocate control_code_buffer [ 207.680512][ T7393] random: crng reseeded on system resumption [ 208.448947][ T7380] random: crng reseeded on system resumption [ 208.480793][ T7396] Invalid ELF header magic: != ELF [ 208.988571][ T7412] [U]  [ 208.991714][ T7412] [U] [ 208.994485][ T7412] [U] [ 208.997266][ T7412] [U] [ 209.029080][ T7412] [U] [ 209.031883][ T7412] [U] [ 209.034646][ T7412] [U] [ 209.037395][ T7412] [U] [ 209.063200][ T7412] [U] [ 209.066004][ T7412] [U] [ 209.068785][ T7412] [U] [ 209.071550][ T7412] [U] [ 209.076819][ T7415] [U] [ 209.779543][ T7432] FAULT_INJECTION: forcing a failure. [ 209.779543][ T7432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.824625][ T7424] netlink: 330 bytes leftover after parsing attributes in process `syz.2.395'. [ 209.844595][ T7432] CPU: 1 UID: 0 PID: 7432 Comm: syz.1.397 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 209.844639][ T7432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.844658][ T7432] Call Trace: [ 209.844668][ T7432] [ 209.844680][ T7432] dump_stack_lvl+0x16c/0x1f0 [ 209.844733][ T7432] should_fail_ex+0x512/0x640 [ 209.844785][ T7432] _copy_from_user+0x2e/0xd0 [ 209.844839][ T7432] copy_msghdr_from_user+0x98/0x160 [ 209.844880][ T7432] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 209.844935][ T7432] ? kfree+0x252/0x4d0 [ 209.844963][ T7432] ? __lock_acquire+0x5ca/0x1ba0 [ 209.845016][ T7432] ___sys_recvmsg+0xdb/0x1a0 [ 209.845057][ T7432] ? __pfx____sys_recvmsg+0x10/0x10 [ 209.845121][ T7432] ? __pfx___might_resched+0x10/0x10 [ 209.845167][ T7432] do_recvmmsg+0x2fe/0x740 [ 209.845214][ T7432] ? __pfx_do_recvmmsg+0x10/0x10 [ 209.845264][ T7432] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 209.845330][ T7432] ? __fget_files+0x20e/0x3c0 [ 209.845370][ T7432] __x64_sys_recvmmsg+0x22a/0x280 [ 209.845416][ T7432] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 209.845454][ T7432] ? rcu_is_watching+0x12/0xc0 [ 209.845497][ T7432] do_syscall_64+0xcd/0x230 [ 209.845547][ T7432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.845580][ T7432] RIP: 0033:0x7fae3f38e969 [ 209.845605][ T7432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.845635][ T7432] RSP: 002b:00007fae40281038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 209.845664][ T7432] RAX: ffffffffffffffda RBX: 00007fae3f5b5fa0 RCX: 00007fae3f38e969 [ 209.845685][ T7432] RDX: 0000000000000005 RSI: 0000200000000180 RDI: 0000000000000003 [ 209.845704][ T7432] RBP: 00007fae40281090 R08: 0000000000000000 R09: 0000000000000000 [ 209.845723][ T7432] R10: 00000000000066a6 R11: 0000000000000246 R12: 0000000000000001 [ 209.845742][ T7432] R13: 0000000000000000 R14: 00007fae3f5b5fa0 R15: 00007ffcc80cbb88 [ 209.845784][ T7432] [ 211.403190][ T7465] netlink: 350 bytes leftover after parsing attributes in process `syz.3.406'. [ 213.554577][ T7482] syz.3.411 (7482) used greatest stack depth: 19656 bytes left [ 215.716683][ T7492] Process accounting resumed [ 216.363635][ T7551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.423'. [ 217.957485][ T7566] bond0: option all_slaves_active: invalid value () [ 221.282724][ T7638] netlink: 330 bytes leftover after parsing attributes in process `syz.3.445'. [ 221.642945][ T7646] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 223.445332][ T7671] netlink: 28 bytes leftover after parsing attributes in process `syz.0.455'. [ 223.898993][ T7671] team0: Port device team_slave_0 removed [ 224.384062][ T7627] Process accounting paused [ 224.651331][ T7683] FAULT_INJECTION: forcing a failure. [ 224.651331][ T7683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.684541][ T7683] CPU: 0 UID: 0 PID: 7683 Comm: syz.1.458 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 224.684590][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.684609][ T7683] Call Trace: [ 224.684620][ T7683] [ 224.684632][ T7683] dump_stack_lvl+0x16c/0x1f0 [ 224.684690][ T7683] should_fail_ex+0x512/0x640 [ 224.684750][ T7683] __fpu_restore_sig+0xf2/0x13a0 [ 224.684806][ T7683] ? __lock_acquire+0xaa4/0x1ba0 [ 224.684851][ T7683] ? __pfx___fpu_restore_sig+0x10/0x10 [ 224.684924][ T7683] ? __might_fault+0xe3/0x190 [ 224.684973][ T7683] ? __might_fault+0x13b/0x190 [ 224.685022][ T7683] fpu__restore_sig+0x115/0x190 [ 224.685078][ T7683] restore_sigcontext+0x4c9/0x6a0 [ 224.685124][ T7683] ? __pfx_restore_sigcontext+0x10/0x10 [ 224.685199][ T7683] ? __pfx_restore_altstack+0x10/0x10 [ 224.685254][ T7683] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.685296][ T7683] ? lockdep_hardirqs_on+0x7c/0x110 [ 224.685351][ T7683] __do_sys_rt_sigreturn+0x1bb/0x230 [ 224.685400][ T7683] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 224.685461][ T7683] do_syscall_64+0xcd/0x230 [ 224.685517][ T7683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.685551][ T7683] RIP: 0033:0x7fae3f38e969 [ 224.685577][ T7683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.685608][ T7683] RSP: 002b:00007fae40281038 EFLAGS: 00000246 [ 224.685634][ T7683] RAX: 0000000000000000 RBX: 00007fae3f5b5fa0 RCX: 00007fae3f38e969 [ 224.685655][ T7683] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000191 [ 224.685675][ T7683] RBP: 00007fae3f410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 224.685695][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.685712][ T7683] R13: 0000000000000000 R14: 00007fae3f5b5fa0 R15: 00007ffcc80cbb88 [ 224.685751][ T7683] [ 227.504974][ T7722] netlink: 330 bytes leftover after parsing attributes in process `syz.3.465'. [ 231.085097][ T30] audit: type=1800 audit(4294968388.035:4): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.472" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 231.105308][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.497984][ T7769] mkiss: ax0: crc mode is auto. [ 232.820746][ T7799] can: request_module (can-proto-0) failed. [ 232.943751][ T7793] zswap: compressor not available [ 232.963379][ T7798] Setting dangerous option i915.mitigations - tainting kernel [ 233.040019][ T7806] FAULT_INJECTION: forcing a failure. [ 233.040019][ T7806] name failslab, interval 1, probability 0, space 0, times 0 [ 233.052983][ T7806] CPU: 1 UID: 0 PID: 7806 Comm: syz.0.481 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 233.053025][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.053044][ T7806] Call Trace: [ 233.053054][ T7806] [ 233.053073][ T7806] dump_stack_lvl+0x16c/0x1f0 [ 233.053128][ T7806] should_fail_ex+0x512/0x640 [ 233.053175][ T7806] ? fs_reclaim_acquire+0xae/0x150 [ 233.053228][ T7806] ? tomoyo_encode2+0x100/0x3e0 [ 233.053274][ T7806] should_failslab+0xc2/0x120 [ 233.053315][ T7806] __kmalloc_noprof+0xd2/0x510 [ 233.053358][ T7806] ? d_absolute_path+0x136/0x1a0 [ 233.053406][ T7806] tomoyo_encode2+0x100/0x3e0 [ 233.053460][ T7806] tomoyo_encode+0x29/0x50 [ 233.053505][ T7806] tomoyo_realpath_from_path+0x18f/0x6e0 [ 233.053567][ T7806] tomoyo_path_number_perm+0x245/0x580 [ 233.053607][ T7806] ? tomoyo_path_number_perm+0x237/0x580 [ 233.053653][ T7806] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 233.053698][ T7806] ? find_held_lock+0x2b/0x80 [ 233.053771][ T7806] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 233.053822][ T7806] ? hook_file_ioctl_common+0x145/0x410 [ 233.053881][ T7806] security_file_ioctl+0x9b/0x240 [ 233.053927][ T7806] __x64_sys_ioctl+0xb7/0x200 [ 233.053977][ T7806] do_syscall_64+0xcd/0x230 [ 233.054029][ T7806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.054061][ T7806] RIP: 0033:0x7f8c4bf8e969 [ 233.054093][ T7806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.054124][ T7806] RSP: 002b:00007f8c4cea9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.054154][ T7806] RAX: ffffffffffffffda RBX: 00007f8c4c1b5fa0 RCX: 00007f8c4bf8e969 [ 233.054174][ T7806] RDX: 0000000000000000 RSI: 00000000000054a0 RDI: 0000000000000000 [ 233.054193][ T7806] RBP: 00007f8c4cea9090 R08: 0000000000000000 R09: 0000000000000000 [ 233.054212][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.054231][ T7806] R13: 0000000000000000 R14: 00007f8c4c1b5fa0 R15: 00007ffed4481508 [ 233.054277][ T7806] [ 233.324620][ T7806] ERROR: Out of memory at tomoyo_realpath_from_path. [ 236.966637][ T7861] netlink: 338 bytes leftover after parsing attributes in process `syz.2.495'. [ 236.986949][ T7861] veth1_macvtap: entered promiscuous mode [ 237.007147][ T7861] macsec0: entered allmulticast mode [ 237.019822][ T7861] veth1_macvtap: entered allmulticast mode [ 238.036681][ T7854] kexec: Could not allocate control_code_buffer [ 238.898186][ T7889] netlink: 338 bytes leftover after parsing attributes in process `syz.1.505'. [ 238.939784][ T7889] veth1_macvtap: entered promiscuous mode [ 238.954609][ T7889] macsec0: entered allmulticast mode [ 238.965043][ T7889] veth1_macvtap: entered allmulticast mode [ 238.980337][ T7891] Invalid ELF header magic: != ELF [ 239.690293][ T7891] snd_aloop snd_aloop.0: control 16781581:65535:6:'x?F/zF˷fC:8 is already present [ 240.640481][ T7922] FAULT_INJECTION: forcing a failure. [ 240.640481][ T7922] name failslab, interval 1, probability 0, space 0, times 0 [ 240.640832][ T7922] CPU: 1 UID: 0 PID: 7922 Comm: syz.0.515 Tainted: G U 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 240.640879][ T7922] Tainted: [U]=USER [ 240.640888][ T7922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.640906][ T7922] Call Trace: [ 240.640916][ T7922] [ 240.640927][ T7922] dump_stack_lvl+0x16c/0x1f0 [ 240.640982][ T7922] should_fail_ex+0x512/0x640 [ 240.641030][ T7922] ? __kmalloc_noprof+0xbf/0x510 [ 240.641070][ T7922] ? xfrm_hash_alloc+0xd1/0x100 [ 240.641119][ T7922] should_failslab+0xc2/0x120 [ 240.641161][ T7922] __kmalloc_noprof+0xd2/0x510 [ 240.641198][ T7922] ? proc_create_reg+0xe3/0x180 [ 240.641250][ T7922] xfrm_hash_alloc+0xd1/0x100 [ 240.641302][ T7922] xfrm_state_init+0x11e/0x630 [ 240.641361][ T7922] ? __pfx_xfrm_net_init+0x10/0x10 [ 240.641393][ T7922] xfrm_net_init+0x210/0xcc0 [ 240.641430][ T7922] ? __pfx_xfrm_net_init+0x10/0x10 [ 240.641461][ T7922] ops_init+0x1df/0x5f0 [ 240.641510][ T7922] setup_net+0x21e/0x850 [ 240.641559][ T7922] ? __pfx_setup_net+0x10/0x10 [ 240.641611][ T7922] ? lockdep_init_map_type+0x5c/0x280 [ 240.641660][ T7922] ? __pfx_down_read_killable+0x10/0x10 [ 240.641700][ T7922] ? debug_mutex_init+0x37/0x70 [ 240.641738][ T7922] copy_net_ns+0x2a6/0x5f0 [ 240.641791][ T7922] create_new_namespaces+0x3ea/0xad0 [ 240.641839][ T7922] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 240.641882][ T7922] ksys_unshare+0x45b/0xa40 [ 240.641931][ T7922] ? __pfx_ksys_unshare+0x10/0x10 [ 240.641976][ T7922] ? xfd_validate_state+0x5d/0x180 [ 240.642011][ T7922] ? rcu_is_watching+0x12/0xc0 [ 240.642054][ T7922] __x64_sys_unshare+0x31/0x40 [ 240.642101][ T7922] do_syscall_64+0xcd/0x230 [ 240.642157][ T7922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.642190][ T7922] RIP: 0033:0x7f8c4bf8e969 [ 240.642217][ T7922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.642249][ T7922] RSP: 002b:00007f8c4ce88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 240.642281][ T7922] RAX: ffffffffffffffda RBX: 00007f8c4c1b6080 RCX: 00007f8c4bf8e969 [ 240.642302][ T7922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 240.642323][ T7922] RBP: 00007f8c4c010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 240.642343][ T7922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.642363][ T7922] R13: 0000000000000000 R14: 00007f8c4c1b6080 R15: 00007ffed4481508 [ 240.642406][ T7922] [ 243.004958][ T7966] [ 243.007367][ T7966] ====================================================== [ 243.014426][ T7966] WARNING: possible circular locking dependency detected [ 243.021491][ T7966] 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 Tainted: G U [ 243.030183][ T7966] ------------------------------------------------------ [ 243.037226][ T7966] syz.2.527/7966 is trying to acquire lock: [ 243.043130][ T7966] ffff888025b653d8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 243.053016][ T7966] [ 243.053016][ T7966] but task is already holding lock: [ 243.060395][ T7966] ffff888025b64ea8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 243.071735][ T7966] [ 243.071735][ T7966] which lock already depends on the new lock. [ 243.071735][ T7966] [ 243.082155][ T7966] [ 243.082155][ T7966] the existing dependency chain (in reverse order) is: [ 243.091181][ T7966] [ 243.091181][ T7966] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 243.099830][ T7966] blk_alloc_queue+0x619/0x760 [ 243.105151][ T7966] blk_mq_alloc_queue+0x179/0x290 [ 243.110734][ T7966] __blk_mq_alloc_disk+0x29/0x120 [ 243.116312][ T7966] loop_add+0x496/0xb70 [ 243.121018][ T7966] loop_init+0x164/0x270 [ 243.125813][ T7966] do_one_initcall+0x120/0x6e0 [ 243.131134][ T7966] kernel_init_freeable+0x5c2/0x900 [ 243.136892][ T7966] kernel_init+0x1c/0x2b0 [ 243.141779][ T7966] ret_from_fork+0x48/0x80 [ 243.146735][ T7966] ret_from_fork_asm+0x1a/0x30 [ 243.152057][ T7966] [ 243.152057][ T7966] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 243.159303][ T7966] fs_reclaim_acquire+0x102/0x150 [ 243.164976][ T7966] kmem_cache_alloc_noprof+0x53/0x3b0 [ 243.170894][ T7966] __kernfs_new_node+0xd2/0x8a0 [ 243.176291][ T7966] kernfs_new_node+0x13c/0x1e0 [ 243.181639][ T7966] kernfs_create_dir_ns+0x4c/0x1a0 [ 243.187303][ T7966] sysfs_create_dir_ns+0x13a/0x2b0 [ 243.192973][ T7966] kobject_add_internal+0x2c4/0x9b0 [ 243.198732][ T7966] kobject_add+0x16e/0x240 [ 243.203714][ T7966] elv_register_queue+0xd3/0x2a0 [ 243.209220][ T7966] blk_register_queue+0x3c4/0x560 [ 243.214796][ T7966] add_disk_fwnode+0x911/0x13a0 [ 243.220207][ T7966] nbd_dev_add+0x78e/0xbb0 [ 243.225168][ T7966] nbd_init+0x181/0x320 [ 243.229879][ T7966] do_one_initcall+0x120/0x6e0 [ 243.235204][ T7966] kernel_init_freeable+0x5c2/0x900 [ 243.240969][ T7966] kernel_init+0x1c/0x2b0 [ 243.245860][ T7966] ret_from_fork+0x48/0x80 [ 243.250817][ T7966] ret_from_fork_asm+0x1a/0x30 [ 243.256139][ T7966] [ 243.256139][ T7966] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 243.263994][ T7966] __lock_acquire+0x1173/0x1ba0 [ 243.269398][ T7966] lock_acquire+0x179/0x350 [ 243.274462][ T7966] __mutex_lock+0x199/0xb90 [ 243.279524][ T7966] queue_requests_store+0x1c7/0x310 [ 243.285268][ T7966] queue_attr_store+0x270/0x310 [ 243.290680][ T7966] sysfs_kf_write+0xef/0x150 [ 243.295825][ T7966] kernfs_fop_write_iter+0x354/0x510 [ 243.301662][ T7966] vfs_write+0x5bd/0x1180 [ 243.306549][ T7966] ksys_write+0x12a/0x240 [ 243.311422][ T7966] do_syscall_64+0xcd/0x230 [ 243.316496][ T7966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.322934][ T7966] [ 243.322934][ T7966] other info that might help us debug this: [ 243.322934][ T7966] [ 243.333178][ T7966] Chain exists of: [ 243.333178][ T7966] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 243.333178][ T7966] [ 243.346967][ T7966] Possible unsafe locking scenario: [ 243.346967][ T7966] [ 243.354445][ T7966] CPU0 CPU1 [ 243.359819][ T7966] ---- ---- [ 243.365194][ T7966] lock(&q->q_usage_counter(io)#29); [ 243.370602][ T7966] lock(fs_reclaim); [ 243.377125][ T7966] lock(&q->q_usage_counter(io)#29); [ 243.385051][ T7966] lock(&q->elevator_lock); [ 243.389838][ T7966] [ 243.389838][ T7966] *** DEADLOCK *** [ 243.389838][ T7966] [ 243.398338][ T7966] 6 locks held by syz.2.527/7966: [ 243.403374][ T7966] #0: ffff88807eedcd38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 243.412482][ T7966] #1: ffff888031414420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 243.421503][ T7966] #2: ffff88807d935488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 243.431311][ T7966] #3: ffff888025cd05a8 (kn->active#134){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 243.441478][ T7966] #4: ffff888025b64ea8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 243.453211][ T7966] #5: ffff888025b64ee0 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 243.465202][ T7966] [ 243.465202][ T7966] stack backtrace: [ 243.471109][ T7966] CPU: 1 UID: 0 PID: 7966 Comm: syz.2.527 Tainted: G U 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 243.471151][ T7966] Tainted: [U]=USER [ 243.471159][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.471175][ T7966] Call Trace: [ 243.471184][ T7966] [ 243.471203][ T7966] dump_stack_lvl+0x116/0x1f0 [ 243.471247][ T7966] print_circular_bug+0x275/0x350 [ 243.471283][ T7966] check_noncircular+0x14c/0x170 [ 243.471320][ T7966] __lock_acquire+0x1173/0x1ba0 [ 243.471361][ T7966] lock_acquire+0x179/0x350 [ 243.471394][ T7966] ? queue_requests_store+0x1c7/0x310 [ 243.471429][ T7966] ? __pfx___might_resched+0x10/0x10 [ 243.471459][ T7966] ? do_raw_spin_lock+0x12c/0x2b0 [ 243.471501][ T7966] __mutex_lock+0x199/0xb90 [ 243.471541][ T7966] ? queue_requests_store+0x1c7/0x310 [ 243.471569][ T7966] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 243.471605][ T7966] ? queue_requests_store+0x1c7/0x310 [ 243.471630][ T7966] ? lockdep_hardirqs_on+0x7c/0x110 [ 243.471669][ T7966] ? __pfx___mutex_lock+0x10/0x10 [ 243.471715][ T7966] ? __pfx_autoremove_wake_function+0x10/0x10 [ 243.471752][ T7966] ? queue_requests_store+0x1c7/0x310 [ 243.471778][ T7966] queue_requests_store+0x1c7/0x310 [ 243.471806][ T7966] ? __pfx_queue_requests_store+0x10/0x10 [ 243.471836][ T7966] ? __mutex_trylock_common+0xe9/0x250 [ 243.471873][ T7966] ? __pfx_queue_requests_store+0x10/0x10 [ 243.471901][ T7966] queue_attr_store+0x270/0x310 [ 243.471927][ T7966] ? __pfx_queue_attr_store+0x10/0x10 [ 243.471960][ T7966] ? find_held_lock+0x2b/0x80 [ 243.471984][ T7966] ? sysfs_file_kobj+0xe4/0x290 [ 243.472025][ T7966] ? __pfx_queue_attr_store+0x10/0x10 [ 243.472049][ T7966] sysfs_kf_write+0xef/0x150 [ 243.472089][ T7966] kernfs_fop_write_iter+0x354/0x510 [ 243.472124][ T7966] ? __pfx_sysfs_kf_write+0x10/0x10 [ 243.472164][ T7966] vfs_write+0x5bd/0x1180 [ 243.472191][ T7966] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 243.472227][ T7966] ? __pfx___mutex_lock+0x10/0x10 [ 243.472268][ T7966] ? __pfx_vfs_write+0x10/0x10 [ 243.472303][ T7966] ksys_write+0x12a/0x240 [ 243.472328][ T7966] ? __pfx_ksys_write+0x10/0x10 [ 243.472353][ T7966] ? rcu_is_watching+0x12/0xc0 [ 243.472382][ T7966] do_syscall_64+0xcd/0x230 [ 243.472430][ T7966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.472458][ T7966] RIP: 0033:0x7f8d1fb8e969 [ 243.472479][ T7966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.472505][ T7966] RSP: 002b:00007f8d2098f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 243.472528][ T7966] RAX: ffffffffffffffda RBX: 00007f8d1fdb5fa0 RCX: 00007f8d1fb8e969 [ 243.472546][ T7966] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 243.472562][ T7966] RBP: 00007f8d1fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 243.472578][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.472593][ T7966] R13: 0000000000000000 R14: 00007f8d1fdb5fa0 R15: 00007ffda3707088 [ 243.472618][ T7966] [ 243.792375][ T7971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 243.999195][ T7962] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23