last executing test programs:

8.728963576s ago: executing program 3 (id=2249):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mount$auto(0x0, 0x0, 0x0, 0x5, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
mremap$auto(0x200000, 0x3, 0x3fd6, 0x3, 0x20000000)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1e, 0x5, 0x80000000, 0x0)
r3 = socket(0xa, 0x5, 0x0)
r4 = socket(0x1d, 0x80000, 0x9)
connect$auto(0x3, 0x0, 0x55)
listen$auto(0x3, 0x81)
syz_genetlink_get_family_id$auto_nl80211(0x0, r3)
sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r4, 0x0, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
accept$auto(0x3, 0x0, 0x0)
socket(0x11, 0x80003, 0x300)
socket(0x2, 0xa, 0x106)
open(0x0, 0x261c2, 0x84)
close_range$auto(0x2, 0x8000, 0x0)
r5 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'dummy0\x00'})

8.356563395s ago: executing program 1 (id=2251):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x38e90acd, 0xeb5, 0xfffefffffffffffa, 0x8000)
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="13032bbd7000eedbdf2505"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4)

7.598136817s ago: executing program 3 (id=2254):
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x2, 0x0)
ioctl$auto_SG_SET_KEEP_ORPHAN(r0, 0x2287, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0xf)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, 0x0, 0x64)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x105c0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)

7.408950256s ago: executing program 1 (id=2256):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x848000000015, 0x805, 0x0)
r1 = socket(0x2, 0x1, 0x0)
setsockopt$auto(r1, 0x6, 0x0, 0x0, 0x44)
setsockopt$auto_SO_LINGER(r1, 0x6, 0xd, &(0x7f0000000000)='/dev/input/event0\x00', 0x10001)
bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r0)
connect$auto(0x3, &(0x7f0000000240)=@generic={0xa, "000000000000000000c3f546d200"}, 0x55)
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x100000, &(0x7f0000001d80)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4)
mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000)
r2 = socket(0x10, 0x2, 0x0)
set_mempolicy$auto(0x9b, &(0x7f0000000000)=0x6, 0x2)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8)
move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x28, 0x800, 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x26, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x8000, 0xe)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)

6.131214165s ago: executing program 1 (id=2257):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x848000000015, 0x805, 0x0)
r1 = socket(0x2, 0x1, 0x0)
setsockopt$auto(r1, 0x6, 0x0, 0x0, 0x44)
setsockopt$auto_SO_LINGER(r1, 0x6, 0xd, &(0x7f0000000000)='/dev/input/event0\x00', 0x10001)
bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r0)
connect$auto(0x3, &(0x7f0000000240)=@generic={0xa, "000000000000000000c3f546d200"}, 0x55)
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x100000, &(0x7f0000001d80)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0) (fail_nth: 1)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4)
mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000)
r2 = socket(0x10, 0x2, 0x0)
set_mempolicy$auto(0x9b, &(0x7f0000000000)=0x6, 0x2)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8)
move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x28, 0x800, 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x26, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x8000, 0xe)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)

5.229895696s ago: executing program 1 (id=2260):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
pidfd_open$auto(0x1, 0x0)
socket(0x2, 0x3, 0x100)
bpf$auto(0x42, &(0x7f00000001c0)=@batch={0x2, 0x80000001, 0x400010007, 0x8250, 0xa6d5, 0xffffffffffffffff, 0xa, 0x9}, 0x103)
sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04700395778e7935c99f6a38f6f3e56e7d8a18d15791b3b4f9378d743a8f0cbbe1c604a782030626ead26826f4790233f19c29fbaf1da77e1b84522d05ca0f4237b24aead87b47d41805fa9967d02ad2deba1895652b8d630c30213ed8f72c1066f1bb9fb1b242d08a55d32398d8d3c635008f2c61049c8abf600a98d1d2d0b0027aecaf27d20b6ff4129883e111e1c858000000dc00090069fccb38f57447a8af8c40a03b92af7adc0c48af4308483b99aa587ed8711b4a79a383c263698842365af6807d1be1800fd492770983a6df345fb472e9fa41b667af43bc36d7063b6b93ab7661925e8d71452acd95b788c31a32ae903b96b9ed9a5e3542c625105e8f21a5b41ff3d17f8704581f4b8b75ae741d0fba8cab2e187c93eeea89f6cf6ab7cc496e0bd9759cc0b408bbe0c6eae2aa29c2d97d48a55fc0ff937c90173d61cf652f97cb301e4d7e3bac0026732e22eadd3a6c5ffa4faed6855a86814c920a650a61936305d2713db1c92a238e265c080001007f0e00000c0002"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc5}, 0x1, 0x0, 0x0, 0xff}, 0x7}, 0x3, 0x0)

4.796909422s ago: executing program 1 (id=2262):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000180)=""/185, 0xb9)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_TIPC_NL_NET_SET(r0, 0x0, 0x52)
mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0)
unshare$auto(0x1)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0)
mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000)
ppoll$auto(0x0, 0xc21c, 0x0, 0x0, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
syz_clone3(0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0xc, 0xffff, 0x8000000000000010, 0x5, 0x0)
futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1)
futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2)
sysfs$auto(0x2, 0x23, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r2, 0x0, 0x4)

4.229230779s ago: executing program 3 (id=2263):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x6}, @ETHTOOL_A_LINKMODES_HEADER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008051}, 0x24000802)

3.980586922s ago: executing program 3 (id=2264):
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
timer_create$auto(0x1, 0x0, 0x0)
r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r1, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}})
read$auto_proc_page_owner_operations_page_owner(r1, 0x0, 0x0)
timer_gettime$auto(0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_AUTHENTICATE(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000001000)={0x350, 0x0, 0x320, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_FILS_ERP_RRK={0x29, 0xfc, "c9dea0bcec743c7e4fa973ba5d0219807c618430e847ff70956406ce1dbe8f71cade9a384f"}, @NL80211_ATTR_IE={0x136, 0x2a, "0afd2c507a1c2323e756f29e95d10567474512210997a5e68478accac27092d2fc9ffba8b334a77428ddffce21d307ec8e647a21c52cb68046f77eb5a9adad90dcf7a8ca73273db6e232d4ccbcf21a6fa4fc7fa9ce071b6aa65d93c563ab4f925ed5dd1de74bc681d78ff22a8a702048c3610a852a548df4073d135fb07c55209fede1f609fa236af3802904e8dd3fe3927663a57c12eb0988b23f268e0c81e5c85a043937d7637034ff4ef36f4e71ac8ec413e5862599e5051d115b49d8e3c8b992a13ad811d96d0face0d8f958ebb55e11b97208859c9026b4dc454bb96e38e6d9c3e86bab825577e820974fe1a1252d58676f40bc900b87dfc3c651fd9bc6f70f7b7a25dd49f7c62d699c235296a868ec31bcdbdf3cd1bb5a77ceede9fa95339998f1840e40661eb15d16b76ac56be17e"}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x5}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x879}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA={0xb, 0x7, "c0054ceffb3c96"}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_EMA_RNR_ELEMS={0x1b0, 0x145, 0x0, 0x1, [@nested={0x8, 0x5a, 0x0, 0x1, [@nested={0x4, 0x96}]}, @nested={0x1a4, 0xbc, 0x0, 0x1, [@nested={0x4, 0x6}, @typed={0xc, 0xa9, 0x0, 0x0, @u64=0x8}, @generic="4a8d8038a595454b86d0a34bfaa35af22fe1b294535b003db4f94e19a3b934cf0188f7c6fe77cd8945a8866ac9a0c489dfe3a75353e3869e23c24103b4687a5f07c551946ad43de2d39382ca6a843da8457ead8aa99f28d79502956f154ff76ac2d19428fe99b166e8fa2e191e11b6c8be4b95765becaec983410e6f3231f627ae9a46ff22a458ed1ae421f86c8d82c284185a1296ff45264fdfb8d565a372776b49", @nested={0x4, 0x76}, @typed={0x8, 0x90, 0x0, 0x0, @uid}, @generic="b78e85dfa72ad237b86380f97706dfecfcfef8f4fb13a95747f48fde054c000beba029ad3fda9fcc4cdecb968baf36079809ac0e1a249ba5a89c717570cf09fff541bdcb6725fd0ec1d08732dcbfce19c4eba9ded2674efc1075dac9996b78cb678d6df875eddd540b6706642c52e29378776fd66e01d9eff4cdbc148b027d91dbf3666e54b166564846c83680c62922d28eab48f8ec3688fc35b87e8a2116fd5b36a78fc8de64b6cfa6fb311aa6001dd3bfe13a007af5ef87d2d642a4297cd8bde5979a55b0d44e2f4c0e928f193d85639a793db7d38194ff00", @typed={0x4, 0xc9}, @nested={0x4, 0x14f}]}]}, @NL80211_ATTR_FREQ_FIXED={0x4}]}, 0x350}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x2cbd5d)
mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x3, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r3)
ioperm$auto(0x5, 0x9, 0x3ffffffc)
fdatasync$auto(0x68a3)
mkdir$auto(&(0x7f0000000300)='./file0\x00', 0xf801)
chmod$auto(&(0x7f0000000040)='./file0\x00', 0x10fe)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r3, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000c00)={0x20, r4, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_SA_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004}, 0x4802)
ioctl$auto(0x3, 0x8108551b, 0x1)
ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000100)={0x4, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb94, 0x2, @stream_id=0x100, 0x2, 0x476, 0x0})

3.969916656s ago: executing program 0 (id=2265):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x73)
r0 = ioctl$auto_TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000280)=0x7)
bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f0000000080)=@query={@target_fd=r0, 0x5, 0x7, 0x3, 0x6, @count=0x2, 0x0, 0x6, 0x0, 0x0, 0x3}, 0x3c)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
iopl$auto(0x3)
getgroups$auto(0xeda, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
socket(0xa, 0x1, 0x100)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
bpf$auto(0x3, &(0x7f00000001c0)=@query={@target_fd, 0x1, 0x86e6, 0x9, 0x63, @count=0x4, 0x0, 0x6, 0x2, 0x10004, 0xb716}, 0xc)
sendmsg$auto_OVS_VPORT_CMD_DEL(r1, 0x0, 0x44000)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
mmap$auto(0x0, 0x4, 0x4, 0x40eb1, 0x401, 0x300000000000)
mknodat$auto(0x5, 0x0, 0xfffffffffffff084, 0x400)
openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = epoll_create$auto(0x2)
epoll_pwait2$auto(r2, 0x0, 0x8, &(0x7f0000002780)={0x0, 0x6}, 0x0, 0x8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)

3.687663497s ago: executing program 2 (id=2266):
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0xa, 0x2, 0x88)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00'})
bpf$auto(0x0, &(0x7f00000000c0)=@task_fd_query={0x0, r2, 0x5, 0x14, 0x7fffffff, 0xf0000000, r0, 0x1, 0x7}, 0x8f)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TIOCSWINSZ2(0xffffffffffffffff, 0x5414, &(0x7f0000000940)="59cb41910e44f52420806edcf111e3904987bc9638fef0b41009165df826a766872c7b59be5a99afbc9b8e96e73b7dd88b7bfd594b9913ddcf190413f889f077b04d1fd0bd3d83fa75e4edd6c5d546fdc4cf6d4c20c8d64f824af7584c01a1a1063eb0586604b9136cdc291761dabf1afa78a2de35a39b3b74da711c53a0ca382e2215319086d009d818db9d44ed09fa0cc3081f717a5764ba4af06b14aac8c04fd94ca0a603d7b34530c1bb03623dc199c386ab4e076b00dc895ef940e273c6fb79dbd64f9972e757ba4b0ef997a4b24a99bf9c801a4dd5896a0026c11b450b0a68fb86cc6795d1521720764a0130f0808b0acdff7f170f72d8")
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc)
readv$auto(0x6, &(0x7f00000000c0)={0x0, 0x1}, 0x1)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
r4 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000040), r0)
sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYBLOB="a0030000", @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf250600000008000900090000000800100005000000f600018091cf52bf068c12ea70f35d70fb30d5ae59e434c4ad03f6e6d90c131bdba9cdeb76ceaf9279acf9f8235f97bdbe896dea9ee1d69880c25c8adee6b894f70989c92f446dd65254b46bb1c21bf24aa954f7c7e35dba7c8a7457d12c637f08e16e41e8abf070c8a559be10485d5d71f88122f314c231fd0934495a592543ec2d3efcb10400f74140c1aace355fd7f8e7b459247917d4b4150044fc2f91fa7706d2166fc5333b216bf966dd3c2f0babe6aaf28030a042c22a1a03f818decf1cd9911ee741bebc8ac033b7145178fd51d033bc73ce77aaf9a9bb78eecb1dafa69ae6f28088be74dbf92152d584a1b1e140e3187c7500007c0214800c00dd000600000000000000b9e14d472574243fedf6b5f01558e0f7432ef9c12150c954ad6779bacdd9fd400eb860e4b06042ecfc7f5a6869604d66b8d89cb1fde9213df795b7b70fe4cdec5676cc67b98e0df3336272e5fba3368abbdade303aaed57e174443f3879711a8e984004c8cccc4d3c38fde025d6e3d94cf4552a28ccaea524429dea80f51c4bb9105aa0ae6ac50c2d8b60a8388ff261fe1ba6804e8bf458a7c927177b50f7d59e44db91f49e98aa0ddc558f09c35e7aa39cddd55898fe255dec22d75474d224b8ca7f1de2671f7a73bc28c4560e6fba06a96aeb114fe0393e32381707e304ce52d72c4000f807d667847d4bbe74c4f742b057f4e32f4973326d85142d81fe9057a06fcc5fcfcc59a0499fa952b6e82c99d52016fedaa44ed8300de4bce320813875c698e6065776241612b8b75eec0fe6db9292af368575f1c728ae03fc98f974b5a042c0ad03bd12a352f653fd386bf6caeb5eaacd847abe3dbe1416dbfa4677ab569c4884c6c1748a069e374ed22ed952d9a306fe45f5f958e49439a9aafea9e92b10eda8ff7b94a13e1ac5ee4b2372400147387b1040150800800ed006401010004004580c81e843071bf27b1550ed468660869f48a1aa993feecfc3e2119b03cb0dce67539054e7f57695193261e94d9da99fa18be39d94ce456b1f747ffa59e904dde49d45b11469d4569fb5382ada8b7224fd2f62ac9e7eb740edb87c3f5cc5da575c2315ac28092df0c0a6d3575a27b41212f2dd7f93a08676cf866dd88c1b126e0cd07106bb6d74a52f3d638eae59fc8445bf46474d31525da73d85f78069f23f0ffdaa3c59f273b2fdcd286952808554d86898815d3e5b5c746543de38dcd5658e0b8815e05cc9808001a0000000000"], 0x3a0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x40440, 0x40)
utime$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)={0x7, 0x2})
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0x80800, 0x0)
syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto_XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000001200)={0xffffffffffffffff, 0x0, 0x4, 0x0, 0x254, &(0x7f00000001c0)="130fc452f71d77efeabd21b28de36fa4075b50581bb611e21d4d55417842b5e72c918a62d03f8695fafabff1d6ad0e51ff0b2a455ff3be916065698c4401ea36a76967038e6970f51b05d802e485510e2e8fd00a77224c3cd061d5ea9f4d61cacc1e35881ebc9b26916149806a04bc874bc6e75cf160c03370bc0e5d4c5e95a21382d40b5c377f2e40a0972e1040925434863aacc6e54ba058856fdb972d8228092fb9feabc5caab0793fa345779316a3b7ebf52268aa602ab4faefa9be32b22a9168acc0880a06b956c914bfa2a564dde04e997ddc9f2f8fad32429cc54c6ea1c5ea6216b3483f053b56964692a8ab45650241ade17cc560e397ecea10aa12a93f771132c74a1279aa88dbaecd881f0a1bae094ef9a7880b63c555492dcfa8810c74ec2a8df9d573450858efa6889f4c64d91e5b056dd090c0c682ce2025b7ead6472cdc4bd6a311bfb3e7abe9a7dad36d5f1dac1de8b80608c660dbb49d6e3d4d0b6af2b420a6a94bbd3e0029704c665565127e0289e232f9811ac47f76772dbafe5f490971cf0ddb83af6db4643dbd07afa289d648f2efa6e619864cb8cf9f7d73abb2cd00c82a03efc8d847e84cfbf809ce32a8809910bd41743bcd823a257d72c04f38387609f37e692fb5a13be959b9402096251dc766f3ece902283f5cba4450acaf19dcd527704712b51a88889365a2b295a3eae625c5b2c50ce7f4b65063084e897ad1b97c65584f576a8a8cbed0bc85715190a18dfece0026d18ad6f6071db9cebbecbdf1ea3e44de0ad72a9578adf2bd21d6e0f5b6a02b3caed84ddac69f39a3c1421a40d23208ee6547be7fd5c90f01f46b036d8ed616d8d4690bcfb27e9f739ce753d823ef4f12beddd3f2528d2653d2428b8e9fd4b23b77e3158f0b8226766be981eee8ae7595549667e05f544e84f297d5647457ef7c57cea45387e88910e59aa34d271461db5daba89c7e2b1de790ddce376289bdbe54951eef408bb9fc5af9bf355548248785f6e693e341d65b3b6f81cad9432f091fc264069a6f0398890917d0d9e4f0e2376b77c05500cef1591f553c1529b9eae79b1b8423406f1f40646425d91b2a68139baca2559560e8e99586b46c1f068219851bf55ba1448f781af76aa2be60b58bbf7b258f84fa48fe3b89e04476f3913cbcad04f78f513aec2702478bfd42c3e7f43d501c7480a6693225a23dbc42b3010e773581089049247e159c492da3aee7de74b9d8f178470b985b292d6d0d0ebb3fda58de7d0b1039459783d78f8b4acac457fe9d56979446fcaa5861b6ce9b5d4f7cbf0d3b9015280457894c204197572b3c036123f671c8fba379ae02c8ff499af8b40770df3e8e4a298b7562a33e0abaea73f1ce8e33ee9de3404019c79afeb3b1e4e33c5b481a494b056a36f79336ccda13a924454c9b68affdea6021b9b1c6e8fb6c17ddcfc9831344f4fd61a237e383254265f8efa85111a5aa04e8bc9249092f62a4cd996ef398f52d8bc4b7bdf2dec5358c37699d4f81eb578bc098e4e869bf862c340425c3630a27573c0e19c54002a7aa150525d25cd7fa410a3ab89e54a0585afe0b8822ae9afa7d13ad3d9dbd57e20679f1e9c60c046a49447539cec47bc782b02433b99a3557724b07e5d5c542f6c13a2cf72a3b4e3402bc2a13189f1e8dd70a58d6514d7c8a7aa523d30bbf42880c3d94803b61d66f52f915f052faee7200a793692cc3c758fd1587cd1d8d4b312dd4a18119c8b960379e2b212039e6062834fa1d608cdbeeb5bf1c316694013931b14defffadbf6d59b35f61eb1061fc32353ae73eb5d7124c3b7f556a63671679ff7e9d97ca85ceb2bbc63746c2d3a10c6253e9679666fdce9c6ea378dcfc6138f00908e0be62484c84e47a11f979343924c062a5106bc0487df8046cb8cec0452d8d137b0f7823e14223a93549635306c9556989f825f324a92dc66530aa35b943e7a10ee71aaa010f2d32598318f93695f21cd130aec2db0ed024a4e45400c1dbae6fbda9deac5b0377c492eaccc2580c2653f961b74b76d6942e5078bb831e8d638b0c037b28dd2da6224a31404b2855520295c7aaf40301d0e4751cd3effa47a32bb44", 0x0})
r6 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r6, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={&(0x7f0000000780)="4c030000000000002106000000000000005f6bba441810", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x1}, 0x2, 0x100)
r7 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_ADD_TXSA(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000001580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYRES32=r7, @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)

3.087634015s ago: executing program 2 (id=2267):
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda\x00', 0x202, 0x0)
mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0x2003ef, 0x15)
preadv$auto(0x40000000000003, 0x0, 0x6, 0x3f, 0x5)

2.924985841s ago: executing program 3 (id=2268):
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x2, 0x0)
ioctl$auto_SG_SET_KEEP_ORPHAN(r0, 0x2287, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0xf)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, 0x0, 0x64)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x105c0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)

2.667627192s ago: executing program 0 (id=2269):
mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0x2744987b)
access$auto(&(0x7f00000001c0)=':,\x00', 0x8)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0xc574, 0xdf, 0x40000000009b71, 0x7, 0x28000)
r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
ioctl$auto_BLKTRACESETUP32(r0, 0xc0401273, &(0x7f00000000c0)={"06957fd3635888818e45a24f66827fecd9113916a6925b8530ee31f0ce197657", 0x3, 0x3800000, 0x0, 0x80000001, 0x8, <r1=>0xffffffffffffffff})
capget$auto(&(0x7f0000000040)={0x8000, r1}, &(0x7f0000000140)={0x9, 0x6, 0x734})
io_uring_setup$auto(0x1, 0x0)
connect$auto(0x3, 0x0, 0x55)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
listen$auto(0x3, 0x81)

2.589430885s ago: executing program 0 (id=2270):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
pidfd_open$auto(0x1, 0x0)
socket(0x2, 0x3, 0x100)
bpf$auto(0x42, &(0x7f00000001c0)=@batch={0x2, 0x80000001, 0x400010007, 0x8250, 0xa6d5, 0xffffffffffffffff, 0xa, 0x9}, 0x103)
sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04700395778e7935c99f6a38f6f3e56e7d8a18d15791b3b4f9378d743a8f0cbbe1c604a782030626ead26826f4790233f19c29fbaf1da77e1b84522d05ca0f4237b24aead87b47d41805fa9967d02ad2deba1895652b8d630c30213ed8f72c1066f1bb9fb1b242d08a55d32398d8d3c635008f2c61049c8abf600a98d1d2d0b0027aecaf27d20b6ff4129883e111e1c858000000dc00090069fccb38f57447a8af8c40a03b92af7adc0c48af4308483b99aa587ed8711b4a79a383c263698842365af6807d1be1800fd492770983a6df345fb472e9fa41b667af43bc36d7063b6b93ab7661925e8d71452acd95b788c31a32ae903b96b9ed9a5e3542c625105e8f21a5b41ff3d17f8704581f4b8b75ae741d0fba8cab2e187c93eeea89f6cf6ab7cc496e0bd9759cc0b408bbe0c6eae2aa29c2d97d48a55fc0ff937c90173d61cf652f97cb301e4d7e3bac0026732e22eadd3a6c5ffa4faed6855a86814c920a650a61936305d2713db1c92a238e265c080001007f0e00000c0002"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1200"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc5}, 0x1, 0x0, 0x0, 0xff}, 0x7}, 0x3, 0x0)

2.513653633s ago: executing program 0 (id=2271):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
socket(0x15, 0x1, 0x1)
socket(0xa, 0x1, 0x84)
socket(0x23, 0x80805, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/peer_notif_delay\x00', 0x101c00, 0x0)
socket(0x2, 0xa, 0x693)
socket(0xa, 0x801, 0x84)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptys0\x00', 0x101e81, 0x0)
openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/cmdline\x00', 0x40, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = prctl$auto_PR_SET_MM_ENV_END(0x2, 0xb, 0x0, 0x7, 0x170000000000)
mmap$auto(0x8, 0x2, 0x100da, 0x13, r0, 0xa4)
r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0)
read$auto_proc_single_file_operations_base(r1, 0x0, 0x0)
r2 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0)
write$auto_console_fops_tty_io(r2, &(0x7f0000001240)='4', 0x1)
socket(0x10, 0x2, 0xc)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_BEARER_SET(r3, 0x0, 0x40044)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x10000)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)

2.449160003s ago: executing program 2 (id=2272):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x6}, @ETHTOOL_A_LINKMODES_HEADER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008051}, 0x24000802)

2.145047325s ago: executing program 2 (id=2273):
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xf6f6, 0x8000)
r0 = socket(0xa, 0x801, 0x84)
listen$auto(r0, 0x3)
getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
shmdt$auto(0x0)
openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/psample/out_tc\x00', 0x42002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/rds/tcp/rds_tcp_sndbuf\x00', 0x40001, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/nfsd.fh/flush\x00', 0xc8201, 0x0)
mmap$auto(0x0, 0x8, 0xf6, 0x80000eb1, 0xffffffffffffffff, 0x8000)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0)
setresuid$auto(0x2, 0x7, 0x8080)
ioprio_get$auto(0x3, 0x2)
socket(0x22, 0x4, 0x106)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x80040, 0x0)
ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r2, 0x5509, 0x0)
unshare$auto(0x40000080)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_UPD_RXSA(0xffffffffffffffff, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40080b4}, 0xcaa9d210872ac7f9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)

2.000867649s ago: executing program 0 (id=2274):
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
timer_create$auto(0x1, 0x0, 0x0)
r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r1, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}})
read$auto_proc_page_owner_operations_page_owner(r1, 0x0, 0x0)
timer_gettime$auto(0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_AUTHENTICATE(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000001000)={0x35c, 0x0, 0x320, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_FILS_ERP_RRK={0x29, 0xfc, "c9dea0bcec743c7e4fa973ba5d0219807c618430e847ff70956406ce1dbe8f71cade9a384f"}, @NL80211_ATTR_IE={0x136, 0x2a, "0afd2c507a1c2323e756f29e95d10567474512210997a5e68478accac27092d2fc9ffba8b334a77428ddffce21d307ec8e647a21c52cb68046f77eb5a9adad90dcf7a8ca73273db6e232d4ccbcf21a6fa4fc7fa9ce071b6aa65d93c563ab4f925ed5dd1de74bc681d78ff22a8a702048c3610a852a548df4073d135fb07c55209fede1f609fa236af3802904e8dd3fe3927663a57c12eb0988b23f268e0c81e5c85a043937d7637034ff4ef36f4e71ac8ec413e5862599e5051d115b49d8e3c8b992a13ad811d96d0face0d8f958ebb55e11b97208859c9026b4dc454bb96e38e6d9c3e86bab825577e820974fe1a1252d58676f40bc900b87dfc3c651fd9bc6f70f7b7a25dd49f7c62d699c235296a868ec31bcdbdf3cd1bb5a77ceede9fa95339998f1840e40661eb15d16b76ac56be17e"}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x5}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x879}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA={0xb, 0x7, "c0054ceffb3c96"}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_EMA_RNR_ELEMS={0x1bc, 0x145, 0x0, 0x1, [@nested={0x8, 0x5a, 0x0, 0x1, [@nested={0x4, 0x96}]}, @nested={0x1af, 0xbc, 0x0, 0x1, [@nested={0x4, 0x6}, @typed={0xc, 0xa9, 0x0, 0x0, @u64=0x8}, @generic="4a8d8038a595454b86d0a34bfaa35af22fe1b294535b003db4f94e19a3b934cf0188f7c6fe77cd8945a8866ac9a0c489dfe3a75353e3869e23c24103b4687a5f07c551946ad43de2d39382ca6a843da8457ead8aa99f28d79502956f154ff76ac2d19428fe99b166e8fa2e191e11b6c8be4b95765becaec983410e6f3231f627ae9a46ff22a458ed1ae421f86c8d82c284185a1296ff45264fdfb8d565a372776b49", @nested={0x4, 0x76}, @typed={0x8, 0x90, 0x0, 0x0, @uid}, @generic="b78e85dfa72ad237b86380f97706dfecfcfef8f4fb13a95747f48fde054c000beba029ad3fda9fcc4cdecb968baf36079809ac0e1a249ba5a89c717570cf09fff541bdcb6725fd0ec1d08732dcbfce19c4eba9ded2674efc1075dac9996b78cb678d6df875eddd540b6706642c52e29378776fd66e01d9eff4cdbc148b027d91dbf3666e54b166564846c83680c62922d28eab48f8ec3688fc35b87e8a2116fd5b36a78fc8de64b6cfa6fb311aa6001dd3bfe13a007af5ef87d2d642a4297cd8bde5979a55b0d44e2f4c0e928f193d85639a793db7d38194ff000531abfac91c0674910e4c", @typed={0x4, 0xc9}, @nested={0x4, 0x14f}]}]}, @NL80211_ATTR_FREQ_FIXED={0x4}]}, 0x35c}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x2cbd5d)
mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x3, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r3)
ioperm$auto(0x5, 0x9, 0x3ffffffc)
fdatasync$auto(0x68a3)
mkdir$auto(&(0x7f0000000300)='./file0\x00', 0xf801)
chmod$auto(&(0x7f0000000040)='./file0\x00', 0x10fe)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r3, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000c00)={0x20, r4, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_SA_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004}, 0x4802)
ioctl$auto(0x3, 0x8108551b, 0x1)
ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000100)={0x4, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb94, 0x2, @stream_id=0x100, 0x2, 0x476, 0x0})

1.282071595s ago: executing program 0 (id=2275):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x2, 0x1)
connect$auto(r0, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x55)
io_uring_setup$auto(0x6, 0x0)
connect$auto(r0, &(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2, 0x1}, 0x7f)
write$auto(0x3, 0x0, 0xfdef)
r1 = getpid()
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x10000, 0x0)
process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
ioperm$auto(0x3, 0x8001, 0x2000000000000149)
setfsuid$auto(0xee00)
unshare$auto(0x40000080)
open(0x0, 0x0, 0x2f)

901.156479ms ago: executing program 1 (id=2276):
r0 = socket(0x2, 0x1, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f00000001c0)="976f09bd689a850edbe36136c8535f593331280bb0b4ba0edd7932ab185cca064833fda24d0f81d1b16c3cca5b2611827c2f1ca88bb01e672131ac62d346b5601f538ccf285e7a197166480ef899794cab4b61107cdae019c6139ce8761b4d", 0x5f)
socket(0xa, 0x3, 0x1000003a)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2, 0xfffffffffffffffe, 0x17, 0x2, 0x8000)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r2, 0x0, 0x3)
setsockopt$auto(r0, 0x4, 0x0, 0x0, 0x44)

330.256354ms ago: executing program 2 (id=2277):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0)
bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=@raw_tracepoint={0x84100000, r0}, 0x6)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = gettid()
r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000001180)='/dev/snd/pcmC0D0p\x00', 0x20080, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_USER_PVERSION(r3, 0x40044104, &(0x7f00000011c0)=0xad)
sendmsg$auto_NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x410, r1, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_FILS_CACHE_ID={0x77, 0xfd, "2a2d75c872bc309f82d68e2361fdaab754ee6a6aebd657581137fd7347a91b83b4c3accf460f9b20ffcb3ebf7d02a695a760d918ebddf6a27fb85a15150c46c1255dab64147ea06ec49f8beb26a58897caeef73ea15640cb78dea54a69da7e78d2f6470a1be7423b041f443d008223ba00afaa"}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x11, 0xbe, "00c554dabe2c39c12301f98dd4"}, @NL80211_ATTR_MESH_CONFIG={0x35d, 0x23, 0x0, 0x1, [@nested={0x34, 0x8e, 0x0, 0x1, [@nested={0x4, 0x74}, @nested={0x4, 0x85}, @nested={0x4, 0x69}, @generic="ed9b788ae8379972fd1200b4df677d46", @typed={0x14, 0x11f, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x12}}]}, @typed={0x8, 0x13e, 0x0, 0x0, @ipv4=@private=0xa010101}, @nested={0x8, 0x101, 0x0, 0x1, [@nested={0x4, 0x144}]}, @nested={0x155, 0x106, 0x0, 0x1, [@generic="7d780793dea96fcab994eb10c3059af94521a7", @generic="f6af42bdf5cf345dc9fc60346b0d659fa4fa4d4b678c247814", @typed={0x8a, 0xd, 0x0, 0x0, @binary="2d1ac0465320a32d8a00d284dfeee8412709482c0fb4254681790bfb6ef00c07746ef29102dc8827de01573840588f8926c9c8c86aacd06af83ba28441b7bb7de24cd4b9ce0c49fb5d3236a06484053e5416944d6b901ba48e71c882ffb1037280fbe5efe8d816431f10711f2b86127b6b5aee4a80a76d3572edf34dfd0344c08641dc33340a"}, @nested={0x4, 0x8c}, @generic="f63e69eaaa60c2166eca599800e3121faca0fe1657b1d26d9db77a66e96283c74d43a612e3772fea17b9ccd7539eeab950aad02d7bac81308306add623d38ed703a1175b398a31345435eb90bef8b70373fb00459f41433d263149eb2dbf35de41c2e3ea2cad231f52c6308d28b7b69b53eee8b538af438a0804a8e4a750cb5a82796a3d70b64640525e07bc73", @typed={0x8, 0x6f, 0x0, 0x0, @pid=r2}]}, @generic="1d4f3108df24dedd77f2918f56e60798bf57294181d8bfe07395e1c54b2a7542bac4d1", @generic="deb7460f937685b8d39de6f43e77a03f23f06afbd043cfba3650d3aa48886c1f42243fd3a6f696eeecdbd2a7fb431cbb211e3e6b8891d13d6ecd6c36f99fb7dc7219a95025cc4536117c783071c1ed63e751ac6085068fb11026689f6ee628a0b2ff5b5f95c702220e9029b500d38d999966b37e9f67456420a7380a96b20ac3c6b0239734acb1051cb5b13247e2805ee2e8265976e85fbe6202ceb3dc736c31a7a26d5ec306e86b637fca315023f48bf0932e72a312dfcc4d67ceee", @generic="e8016cbace4361165713ad3a6fda2b63220c566cfef14fca103fd1f1c04822d7740a7a0a65b78adca47a141e6b9a9995039df2069fb4047c1cd91a8346854402c82be083a120e198d009642afcecdb005fcb93dc8d910c828026c3aaee68ad693242007992dad29b07fa8fe05cd111513489eef4a9cce1991a2fa3964f894818d5892e6839c8bac772a1f3d3ab8b1033054703344ddf9694c735c380eab16da7dc4cbf67f07f9578aedc9638e30bc8d472205a6d91d282ba4f2011d5ea3c41b0c1cda44d906e7f0d92f3c7d4faa63b438cb0cb57b08e72169caf7c78c8a0"]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x2}]}, 0x410}, 0x1, 0x0, 0x0, 0x2404c8c0}, 0x40001)
write$auto(0x3, 0x0, 0x7)

69.729577ms ago: executing program 2 (id=2278):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event\x00', 0xa00, 0x0)
pread64$auto(r0, 0x0, 0xc404, 0x1000) (fail_nth: 3)

0s ago: executing program 3 (id=2279):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event\x00', 0xa00, 0x0)
pread64$auto(r0, 0x0, 0xc404, 0x1000)

kernel console output (not intermixed with test programs):

0000000008
[  536.955701][T12284] page dumped because: unmovable page
[  536.970464][T12284] page_owner tracks the page as allocated
[  537.010608][T12284] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5816, tgid 5816 (syz-executor), ts 417135341289, free_ts 417135227403
[  537.130686][T12284]  post_alloc_hook+0x181/0x1b0
[  537.176904][T12284]  get_page_from_freelist+0x135c/0x3920
[  537.248827][T12284]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  537.311670][T12284]  alloc_pages_mpol+0x1fb/0x550
[  537.317126][T12284]  alloc_pages_noprof+0x131/0x390
[  537.330591][T12284]  skb_page_frag_refill+0x186/0x5a0
[  537.336427][T12284]  try_fill_recv+0x79c/0x2690
[  537.420429][T12284]  virtnet_poll+0x1e23/0x3c00
[  537.425788][T12284]  __napi_poll.constprop.0+0xb7/0x550
[  537.518217][T12284]  net_rx_action+0xa97/0x1010
[  537.567561][T12284]  handle_softirqs+0x216/0x8e0
[  537.573247][T12284]  __irq_exit_rcu+0x109/0x170
[  537.578590][T12284]  irq_exit_rcu+0x9/0x30
[  537.602949][T12284]  common_interrupt+0xbf/0xe0
[  537.608356][T12284]  asm_common_interrupt+0x26/0x40
[  537.660517][T12284] page last free pid 5816 tgid 5816 stack trace:
[  537.669383][T12284]  __free_frozen_pages+0x69d/0xff0
[  537.701885][T12284]  __folio_put+0x329/0x450
[  537.732937][T12284]  page_to_skb+0xa23/0xc50
[  537.773719][T12284]  receive_buf+0x75e/0x3fe0
[  537.870458][T12284]  virtnet_poll+0x10d6/0x3c00
[  537.877531][T12284]  __napi_poll.constprop.0+0xb7/0x550
[  537.916223][T12284]  net_rx_action+0xa97/0x1010
[  537.940545][T12284]  handle_softirqs+0x216/0x8e0
[  537.945966][T12284]  __irq_exit_rcu+0x109/0x170
[  537.960963][T12284]  irq_exit_rcu+0x9/0x30
[  537.965816][T12284]  common_interrupt+0xbf/0xe0
[  537.979498][T12284]  asm_common_interrupt+0x26/0x40
[  539.382679][T12309] blktrace: Concurrent blktraces are not allowed on loop2
[  539.542211][T12313] blktrace: Concurrent blktraces are not allowed on loop2
[  540.215756][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1650'.
[  540.450004][T12325] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0x7fc789cf8 pfn:0x78420
[  540.503587][T12325] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  540.553195][T12325] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  540.568161][T12325] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  540.580114][T12325] raw: 00000007fc789cf8 0000000000000000 00000016ffffffff 0000000000000000
[  540.622684][T12325] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  540.667503][T12325] head: 00000007fc789cf8 0000000000000000 00000016ffffffff 0000000000000000
[  540.760453][T12325] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  540.770092][T12325] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  540.879609][T12325] page dumped because: unmovable page
[  540.906176][T12325] page_owner tracks the page as allocated
[  540.960475][T12325] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5816, tgid 5816 (syz-executor), ts 417135341289, free_ts 417135227403
[  541.045376][T12325]  post_alloc_hook+0x181/0x1b0
[  541.070183][T12325]  get_page_from_freelist+0x135c/0x3920
[  541.077937][T12325]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  541.088906][T12325]  alloc_pages_mpol+0x1fb/0x550
[  541.117906][T12325]  alloc_pages_noprof+0x131/0x390
[  541.148243][T12325]  skb_page_frag_refill+0x186/0x5a0
[  541.156785][T12325]  try_fill_recv+0x79c/0x2690
[  541.165916][T12325]  virtnet_poll+0x1e23/0x3c00
[  541.193789][T12325]  __napi_poll.constprop.0+0xb7/0x550
[  541.217876][T12325]  net_rx_action+0xa97/0x1010
[  541.230259][T12325]  handle_softirqs+0x216/0x8e0
[  541.236136][T12325]  __irq_exit_rcu+0x109/0x170
[  541.342201][T12325]  irq_exit_rcu+0x9/0x30
[  541.390415][T12325]  common_interrupt+0xbf/0xe0
[  541.395792][T12325]  asm_common_interrupt+0x26/0x40
[  541.401566][T12325] page last free pid 5816 tgid 5816 stack trace:
[  541.408687][T12325]  __free_frozen_pages+0x69d/0xff0
[  541.414832][T12325]  __folio_put+0x329/0x450
[  541.421001][T12325]  page_to_skb+0xa23/0xc50
[  541.425945][T12325]  receive_buf+0x75e/0x3fe0
[  541.454021][T12325]  virtnet_poll+0x10d6/0x3c00
[  541.470770][T12325]  __napi_poll.constprop.0+0xb7/0x550
[  541.476776][T12325]  net_rx_action+0xa97/0x1010
[  541.508628][T12325]  handle_softirqs+0x216/0x8e0
[  541.514661][T12325]  __irq_exit_rcu+0x109/0x170
[  541.519985][T12325]  irq_exit_rcu+0x9/0x30
[  541.529006][T12325]  common_interrupt+0xbf/0xe0
[  541.536038][T12325]  asm_common_interrupt+0x26/0x40
[  541.907404][T12346] blktrace: Concurrent blktraces are not allowed on loop2
[  542.642433][T12362] random: crng reseeded on system resumption
[  543.575645][T12375] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0x7fc789cf8 pfn:0x78420
[  543.662096][T12375] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  543.730529][T12375] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  543.790896][T12375] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  543.843942][T12375] raw: 00000007fc789cf8 0000000000000000 00000016ffffffff 0000000000000000
[  543.910900][T12375] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  543.965578][T12375] head: 00000007fc789cf8 0000000000000000 00000016ffffffff 0000000000000000
[  544.016274][T12375] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  544.090766][T12375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  544.123862][T12375] page dumped because: unmovable page
[  544.152503][T12375] page_owner tracks the page as allocated
[  544.200017][T12375] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5816, tgid 5816 (syz-executor), ts 417135341289, free_ts 417135227403
[  544.230967][T12375]  post_alloc_hook+0x181/0x1b0
[  544.265476][T12375]  get_page_from_freelist+0x135c/0x3920
[  544.290462][T12375]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  544.297321][T12375]  alloc_pages_mpol+0x1fb/0x550
[  544.310547][T12375]  alloc_pages_noprof+0x131/0x390
[  544.316192][T12375]  skb_page_frag_refill+0x186/0x5a0
[  544.322535][T12375]  try_fill_recv+0x79c/0x2690
[  544.328908][T12375]  virtnet_poll+0x1e23/0x3c00
[  544.334800][T12375]  __napi_poll.constprop.0+0xb7/0x550
[  544.340947][T12375]  net_rx_action+0xa97/0x1010
[  544.346367][T12375]  handle_softirqs+0x216/0x8e0
[  544.351815][T12375]  __irq_exit_rcu+0x109/0x170
[  544.357261][T12375]  irq_exit_rcu+0x9/0x30
[  544.362147][T12375]  common_interrupt+0xbf/0xe0
[  544.367555][T12375]  asm_common_interrupt+0x26/0x40
[  544.373236][T12375] page last free pid 5816 tgid 5816 stack trace:
[  544.380615][T12375]  __free_frozen_pages+0x69d/0xff0
[  544.386332][T12375]  __folio_put+0x329/0x450
[  544.391534][T12375]  page_to_skb+0xa23/0xc50
[  544.396460][T12375]  receive_buf+0x75e/0x3fe0
[  544.401721][T12375]  virtnet_poll+0x10d6/0x3c00
[  544.406943][T12375]  __napi_poll.constprop.0+0xb7/0x550
[  544.413125][T12375]  net_rx_action+0xa97/0x1010
[  544.419343][T12375]  handle_softirqs+0x216/0x8e0
[  544.430762][T12375]  __irq_exit_rcu+0x109/0x170
[  544.436229][T12375]  irq_exit_rcu+0x9/0x30
[  544.447319][T12375]  common_interrupt+0xbf/0xe0
[  544.461113][T12375]  asm_common_interrupt+0x26/0x40

syzkaller
syzkaller login: [  546.278522][T12404] blktrace: Concurrent blktraces are not allowed on loop2
[  547.318634][T12420] blktrace: Concurrent blktraces are not allowed on loop2

syzkaller
syzkaller login: [  548.794557][T12426] blktrace: Concurrent blktraces are not allowed on loop2
[  549.132695][T12429] random: crng reseeded on system resumption
[  549.311375][T12431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  549.400395][T12431] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  549.409846][T12431] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  549.517191][T12431] page_type: f5(slab)
[  549.571102][T12431] raw: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  549.611010][T12431] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  549.712426][T12431] head: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  549.765037][T12431] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  549.818593][T12431] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  549.883168][T12431] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  549.966640][T12431] page dumped because: unmovable page
[  549.995695][T12431] page_owner tracks the page as allocated
[  550.018853][T12431] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12398, tgid 12398 (scsi_id), ts 546135540835, free_ts 546057142316
[  550.193526][T12431]  post_alloc_hook+0x181/0x1b0
[  550.198880][T12431]  get_page_from_freelist+0x135c/0x3920
[  550.232952][T12431]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  550.239623][T12431]  alloc_pages_mpol+0x1fb/0x550
[  550.300459][T12431]  new_slab+0x244/0x340
[  550.305261][T12431]  ___slab_alloc+0xd9c/0x1940
[  550.350873][T12431]  __slab_alloc.constprop.0+0x56/0xb0
[  550.356915][T12431]  kmem_cache_alloc_noprof+0xef/0x3b0
[  550.424394][T12431]  getname_flags.part.0+0x4c/0x550
[  550.447396][T12431]  getname_flags+0x93/0xf0
[  550.523903][T12431]  do_sys_openat2+0xb8/0x1d0
[  550.532730][T12431]  __x64_sys_openat+0x174/0x210
[  550.552016][T12431]  do_syscall_64+0xcd/0x230
[  550.578611][T12431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.618525][T12431] page last free pid 5816 tgid 5816 stack trace:
[  550.649937][T12431]  __free_frozen_pages+0x69d/0xff0
[  550.810888][T12431]  __folio_put+0x329/0x450
[  550.815872][T12431]  skb_release_data+0x618/0x960
[  550.874290][T12431]  __kfree_skb+0x4f/0x70
[  550.884242][T12431]  tcp_ack+0x19b2/0x5c90
[  550.884291][T12431]  tcp_rcv_established+0xcf0/0x2180
[  550.910906][T12431]  tcp_v4_do_rcv+0x5ca/0xa90
[  550.931297][T12431]  __release_sock+0x31b/0x400
[  550.940743][T12431]  release_sock+0x5a/0x220
[  550.945732][T12431]  tcp_sendmsg+0x38/0x50
[  550.966451][T12431]  inet_sendmsg+0xb9/0x140
[  550.973026][T12431]  sock_write_iter+0x4aa/0x5b0
[  550.999303][T12431]  vfs_write+0x5ba/0x1180
[  551.019010][T12431]  ksys_write+0x205/0x240

syzkaller
syzkaller login: [  551.041111][T12431]  do_syscall_64+0xcd/0x230
[  551.066507][T12431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.352546][T12464] blktrace: Concurrent blktraces are not allowed on loop2

syzkaller
syzkaller login: [  553.293629][T12471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  553.328456][T12471] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  553.370683][T12471] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  553.395770][T12471] page_type: f5(slab)
[  553.441868][T12479] blktrace: Concurrent blktraces are not allowed on loop2
[  553.485698][T12471] raw: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  553.544448][T12471] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  553.560874][T12471] head: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  553.656928][T12471] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  553.710768][T12471] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  553.769002][T12471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  553.825916][T12471] page dumped because: unmovable page
[  553.855911][T12471] page_owner tracks the page as allocated
[  553.881113][T12471] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12398, tgid 12398 (scsi_id), ts 546135540835, free_ts 546057142316
[  553.940835][T12471]  post_alloc_hook+0x181/0x1b0
[  553.967093][T12471]  get_page_from_freelist+0x135c/0x3920
[  554.001083][T12471]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  554.011867][T12471]  alloc_pages_mpol+0x1fb/0x550
[  554.059159][T12471]  new_slab+0x244/0x340
[  554.076717][T12471]  ___slab_alloc+0xd9c/0x1940
[  554.089985][T12471]  __slab_alloc.constprop.0+0x56/0xb0
[  554.107600][T12471]  kmem_cache_alloc_noprof+0xef/0x3b0
[  554.124667][T12471]  getname_flags.part.0+0x4c/0x550
[  554.169602][T12471]  getname_flags+0x93/0xf0
[  554.194626][T12471]  do_sys_openat2+0xb8/0x1d0
[  554.210493][T12471]  __x64_sys_openat+0x174/0x210
[  554.227421][T12471]  do_syscall_64+0xcd/0x230
[  554.292075][T12471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.298831][T12471] page last free pid 5816 tgid 5816 stack trace:
[  554.320670][T12471]  __free_frozen_pages+0x69d/0xff0
[  554.341164][T12471]  __folio_put+0x329/0x450
[  554.351085][T12471]  skb_release_data+0x618/0x960
[  554.362864][T12471]  __kfree_skb+0x4f/0x70
[  554.373773][T12471]  tcp_ack+0x19b2/0x5c90
[  554.378734][T12471]  tcp_rcv_established+0xcf0/0x2180
[  554.396403][T12471]  tcp_v4_do_rcv+0x5ca/0xa90
[  554.410084][T12471]  __release_sock+0x31b/0x400
[  554.415630][T12471]  release_sock+0x5a/0x220
[  554.430408][T12471]  tcp_sendmsg+0x38/0x50
[  554.435197][T12471]  inet_sendmsg+0xb9/0x140
[  554.440125][T12471]  sock_write_iter+0x4aa/0x5b0
[  554.460774][T12471]  vfs_write+0x5ba/0x1180
[  554.481489][T12471]  ksys_write+0x205/0x240
[  554.486355][T12471]  do_syscall_64+0xcd/0x230
[  554.519014][T12471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.926838][T12492] random: crng reseeded on system resumption
[  556.707885][T12513] random: crng reseeded on system resumption
[  557.578273][T12519] sg_write: data in/out 589824/1 bytes for SCSI command 0x7b-- guessing data in;
[  557.578273][T12519]    program syz.1.1693 not setting count and/or reply_len properly
[  559.207448][T12544] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  560.922131][T12567] blktrace: Concurrent blktraces are not allowed on loop2
[  561.045722][T12570] blktrace: Concurrent blktraces are not allowed on loop2
[  563.308959][T12605] FAULT_INJECTION: forcing a failure.
[  563.308959][T12605] name failslab, interval 1, probability 0, space 0, times 0
[  563.357203][T12608] sg_write: data in/out 589824/1 bytes for SCSI command 0x7b-- guessing data in;
[  563.357203][T12608]    program syz.1.1717 not setting count and/or reply_len properly
[  563.393534][T12605] CPU: 0 UID: 0 PID: 12605 Comm: syz.0.1725 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  563.393578][T12605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  563.393596][T12605] Call Trace:
[  563.393605][T12605]  <TASK>
[  563.393617][T12605]  dump_stack_lvl+0x16c/0x1f0
[  563.393664][T12605]  should_fail_ex+0x512/0x640
[  563.393707][T12605]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  563.393747][T12605]  should_failslab+0xc2/0x120
[  563.393785][T12605]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  563.393820][T12605]  ? trace_cap_capable+0x18d/0x200
[  563.393857][T12605]  ? create_new_namespaces+0x30/0xad0
[  563.393897][T12605]  create_new_namespaces+0x30/0xad0
[  563.393930][T12605]  ? bpf_lsm_capable+0x9/0x10
[  563.393961][T12605]  ? security_capable+0x7e/0x260
[  563.394018][T12605]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  563.394057][T12605]  ksys_unshare+0x45b/0xa40
[  563.394100][T12605]  ? __pfx_ksys_unshare+0x10/0x10
[  563.394141][T12605]  ? ksys_write+0x1b9/0x240
[  563.394184][T12605]  __x64_sys_unshare+0x31/0x40
[  563.394226][T12605]  do_syscall_64+0xcd/0x230
[  563.394273][T12605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.394304][T12605] RIP: 0033:0x7ffa9cb8e969
[  563.394328][T12605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.394358][T12605] RSP: 002b:00007ffa9d9e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  563.394386][T12605] RAX: ffffffffffffffda RBX: 00007ffa9cdb5fa0 RCX: 00007ffa9cb8e969
[  563.394406][T12605] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  563.394425][T12605] RBP: 00007ffa9d9e1090 R08: 0000000000000000 R09: 0000000000000000
[  563.394443][T12605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.394461][T12605] R13: 0000000000000001 R14: 00007ffa9cdb5fa0 R15: 00007ffdd97c05f8
[  563.394501][T12605]  </TASK>
[  563.873867][T12611] blktrace: Concurrent blktraces are not allowed on loop2
[  564.433257][T12622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  564.486157][T12622] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  564.590570][T12622] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  564.620291][T12622] page_type: f5(slab)
[  564.649132][T12622] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  564.760497][T12622] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  564.823286][T12622] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  564.865762][T12622] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  564.985312][T12622] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  564.997064][T12622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  565.011254][T12622] page dumped because: unmovable page
[  565.017413][T12622] page_owner tracks the page as allocated
[  565.025240][T12622] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9868, tgid 9868 (kworker/u8:18), ts 563131960357, free_ts 560126910492
[  565.110468][T12622]  post_alloc_hook+0x181/0x1b0
[  565.149505][T12622]  get_page_from_freelist+0x135c/0x3920

syzkaller
syzkaller login: [  565.245621][T12622]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  565.258019][T12622]  alloc_pages_mpol+0x1fb/0x550
[  565.268032][T12622]  new_slab+0x244/0x340
[  565.277307][T12622]  ___slab_alloc+0xd9c/0x1940
[  565.297116][T12622]  __slab_alloc.constprop.0+0x56/0xb0
[  565.308067][T12622]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  565.371354][T12622]  kmalloc_reserve+0xef/0x2c0
[  565.383982][T12622]  __alloc_skb+0x166/0x380
[  565.399429][T12622]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  565.411532][T12622]  process_one_work+0x9cc/0x1b70
[  565.417190][T12622]  worker_thread+0x6c8/0xf10
[  565.423421][T12622]  kthread+0x3c2/0x780
[  565.430916][T12622]  ret_from_fork+0x45/0x80
[  565.436008][T12622]  ret_from_fork_asm+0x1a/0x30
[  565.444573][T12622] page last free pid 12532 tgid 12527 stack trace:
[  565.452072][T12622]  __free_frozen_pages+0x69d/0xff0
[  565.452135][T12622]  __put_partials+0x16d/0x1c0
[  565.452166][T12622]  qlist_free_all+0x4e/0x120
[  565.452196][T12622]  kasan_quarantine_reduce+0x195/0x1e0
[  565.452229][T12622]  __kasan_slab_alloc+0x69/0x90
[  565.452265][T12622]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  565.452299][T12622]  __alloc_skb+0x2b2/0x380
[  565.452329][T12622]  inet6_netconf_notify_devconf+0x87/0x180
[  565.452384][T12622]  addrconf_exit_net+0xe9/0x3f0
[  565.452414][T12622]  ops_exit_list+0xb0/0x180
[  565.452448][T12622]  setup_net+0x4e8/0x850
[  565.452482][T12622]  copy_net_ns+0x2a6/0x5f0
[  565.452521][T12622]  create_new_namespaces+0x3ea/0xad0
[  565.452556][T12622]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  565.452610][T12622]  ksys_unshare+0x45b/0xa40
[  565.452653][T12622]  __x64_sys_unshare+0x31/0x40
[  566.296152][T12653] blktrace: Concurrent blktraces are not allowed on loop2
[  566.370638][T12656] FAULT_INJECTION: forcing a failure.
[  566.370638][T12656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  566.447637][T12656] CPU: 1 UID: 0 PID: 12656 Comm: syz.2.1729 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  566.447681][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  566.447700][T12656] Call Trace:
[  566.447710][T12656]  <TASK>
[  566.447721][T12656]  dump_stack_lvl+0x16c/0x1f0
[  566.447774][T12656]  should_fail_ex+0x512/0x640
[  566.447821][T12656]  _copy_to_user+0x32/0xd0
[  566.447872][T12656]  devkmsg_read+0x32d/0x5a0
[  566.447926][T12656]  ? __pfx_devkmsg_read+0x10/0x10
[  566.447971][T12656]  ? import_ubuf+0x1b6/0x220
[  566.448025][T12656]  ? apparmor_file_permission+0x251/0x400
[  566.448063][T12656]  ? bpf_lsm_file_permission+0x9/0x10
[  566.448112][T12656]  ? security_file_permission+0x71/0x210
[  566.448154][T12656]  ? rw_verify_area+0xcf/0x680
[  566.448201][T12656]  ? __pfx_devkmsg_read+0x10/0x10
[  566.448250][T12656]  vfs_readv+0x6bc/0x8a0
[  566.448308][T12656]  ? __pfx_vfs_readv+0x10/0x10
[  566.448385][T12656]  ? __fget_files+0x20e/0x3c0
[  566.448431][T12656]  ? __fget_files+0x160/0x3c0
[  566.448489][T12656]  ? do_readv+0x132/0x330
[  566.448533][T12656]  do_readv+0x132/0x330
[  566.448580][T12656]  ? __pfx_do_readv+0x10/0x10
[  566.448624][T12656]  ? xfd_validate_state+0x5d/0x180
[  566.448690][T12656]  do_syscall_64+0xcd/0x230
[  566.448738][T12656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.448778][T12656] RIP: 0033:0x7f47fef8e969
[  566.448802][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.448834][T12656] RSP: 002b:00007f47ffde6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  566.448863][T12656] RAX: ffffffffffffffda RBX: 00007f47ff1b5fa0 RCX: 00007f47fef8e969
[  566.448885][T12656] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003
[  566.448904][T12656] RBP: 00007f47ffde6090 R08: 0000000000000000 R09: 0000000000000000
[  566.448923][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.448942][T12656] R13: 0000000000000000 R14: 00007f47ff1b5fa0 R15: 00007ffca221bfd8
[  566.448984][T12656]  </TASK>
[  566.850452][T12657] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1727'.
[  567.547308][T12666] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1732'.
[  568.071209][   T24] Process accounting resumed
[  568.081237][   T24] Process accounting resumed
[  568.156157][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  568.166118][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  568.405569][T12676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  568.440576][T12676] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  568.493010][T12676] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  568.537491][T12676] page_type: f5(slab)
[  568.557829][T12676] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  568.625071][T12676] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  568.698768][T12676] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  568.820426][T12676] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  568.848842][T12676] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  568.902132][T12676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  568.958418][T12690] random: crng reseeded on system resumption
[  568.965683][T12676] page dumped because: unmovable page
[  569.011423][T12676] page_owner tracks the page as allocated
[  569.063735][T12676] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9868, tgid 9868 (kworker/u8:18), ts 563131960357, free_ts 560126910492
[  569.151396][T12676]  post_alloc_hook+0x181/0x1b0
[  569.156739][T12676]  get_page_from_freelist+0x135c/0x3920
[  569.200541][T12676]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  569.250462][T12676]  alloc_pages_mpol+0x1fb/0x550
[  569.255912][T12676]  new_slab+0x244/0x340
[  569.321805][T12676]  ___slab_alloc+0xd9c/0x1940
[  569.327084][T12676]  __slab_alloc.constprop.0+0x56/0xb0
[  569.464367][T12676]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  569.500499][T12676]  kmalloc_reserve+0xef/0x2c0
[  569.518096][T12676]  __alloc_skb+0x166/0x380
[  569.537626][T12676]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  569.551444][T12676]  process_one_work+0x9cc/0x1b70
[  569.573536][T12676]  worker_thread+0x6c8/0xf10
[  569.579120][T12676]  kthread+0x3c2/0x780
[  569.660660][T12676]  ret_from_fork+0x45/0x80
[  569.665637][T12676]  ret_from_fork_asm+0x1a/0x30
[  569.690372][T12676] page last free pid 12532 tgid 12527 stack trace:
[  569.701493][T12676]  __free_frozen_pages+0x69d/0xff0
[  569.707227][T12676]  __put_partials+0x16d/0x1c0
[  569.819945][T12676]  qlist_free_all+0x4e/0x120
[  569.837274][T12676]  kasan_quarantine_reduce+0x195/0x1e0
[  569.865704][T12676]  __kasan_slab_alloc+0x69/0x90
[  569.890460][T12676]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  569.907602][T12676]  __alloc_skb+0x2b2/0x380
[  569.920611][T12676]  inet6_netconf_notify_devconf+0x87/0x180
[  569.949092][T12676]  addrconf_exit_net+0xe9/0x3f0
[  569.959255][T12676]  ops_exit_list+0xb0/0x180
[  569.979589][T12676]  setup_net+0x4e8/0x850
[  569.990030][T12676]  copy_net_ns+0x2a6/0x5f0
[  570.005756][T12676]  create_new_namespaces+0x3ea/0xad0
[  570.018226][T12676]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  570.040428][T12676]  ksys_unshare+0x45b/0xa40

syzkaller
syzkaller login: [  570.064500][T12676]  __x64_sys_unshare+0x31/0x40
[  571.586598][T12723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  571.678794][T12723] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  571.738194][T12723] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  571.806314][T12723] page_type: f5(slab)
[  571.836736][T12723] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  571.938282][T12723] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  572.009722][T12723] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  572.044210][T12723] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  572.054546][T12723] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  572.064819][T12723] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  572.172289][T12723] page dumped because: unmovable page
[  572.179949][T12723] page_owner tracks the page as allocated
[  572.260425][T12723] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9868, tgid 9868 (kworker/u8:18), ts 563131960357, free_ts 560126910492
[  572.358926][T12734] blktrace: Concurrent blktraces are not allowed on loop2
[  572.390410][T12723]  post_alloc_hook+0x181/0x1b0
[  572.426884][T12723]  get_page_from_freelist+0x135c/0x3920
[  572.491778][T12723]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  572.498401][T12723]  alloc_pages_mpol+0x1fb/0x550
[  572.571297][T12723]  new_slab+0x244/0x340
[  572.603073][T12723]  ___slab_alloc+0xd9c/0x1940
[  572.612988][T12723]  __slab_alloc.constprop.0+0x56/0xb0
[  572.694802][T12723]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  572.702072][T12723]  kmalloc_reserve+0xef/0x2c0
[  572.707321][T12723]  __alloc_skb+0x166/0x380
[  572.720390][T12723]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  572.726700][T12723]  process_one_work+0x9cc/0x1b70
[  572.743989][T12723]  worker_thread+0x6c8/0xf10
[  572.749157][T12723]  kthread+0x3c2/0x780
[  572.753771][T12723]  ret_from_fork+0x45/0x80
[  572.758716][T12723]  ret_from_fork_asm+0x1a/0x30
[  572.764336][T12723] page last free pid 12532 tgid 12527 stack trace:
[  572.771570][T12723]  __free_frozen_pages+0x69d/0xff0
[  572.777272][T12723]  __put_partials+0x16d/0x1c0
[  572.782558][T12723]  qlist_free_all+0x4e/0x120
[  572.787658][T12723]  kasan_quarantine_reduce+0x195/0x1e0
[  572.794806][T12723]  __kasan_slab_alloc+0x69/0x90
[  572.800230][T12723]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  572.806843][T12723]  __alloc_skb+0x2b2/0x380
[  572.811800][T12723]  inet6_netconf_notify_devconf+0x87/0x180
[  572.818329][T12723]  addrconf_exit_net+0xe9/0x3f0
[  572.833961][T12723]  ops_exit_list+0xb0/0x180
[  572.839014][T12723]  setup_net+0x4e8/0x850
[  572.861225][T12723]  copy_net_ns+0x2a6/0x5f0
[  572.866471][T12723]  create_new_namespaces+0x3ea/0xad0
[  572.876353][T12723]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  572.883639][T12723]  ksys_unshare+0x45b/0xa40
[  572.889228][T12723]  __x64_sys_unshare+0x31/0x40
[  573.300629][T12744] blktrace: Concurrent blktraces are not allowed on loop2
[  573.481466][T12748] random: crng reseeded on system resumption
[  574.202026][T12755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  574.262653][T12755] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  574.302377][T12755] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  574.322813][T12761] blktrace: Concurrent blktraces are not allowed on loop2
[  574.336236][T12755] page_type: f5(slab)
[  574.370534][T12755] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  574.380127][T12755] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  574.435079][T12755] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  574.535785][T12755] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  574.574762][T12755] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  574.622359][T12755] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  574.704671][T12755] page dumped because: unmovable page
[  574.778846][T12755] page_owner tracks the page as allocated
[  574.785549][T12755] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9868, tgid 9868 (kworker/u8:18), ts 563131960357, free_ts 560126910492
[  574.809056][T12755]  post_alloc_hook+0x181/0x1b0
[  574.814558][T12755]  get_page_from_freelist+0x135c/0x3920
[  574.823177][T12755]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  574.830476][T12755]  alloc_pages_mpol+0x1fb/0x550
[  574.869355][T12755]  new_slab+0x244/0x340
[  574.906858][T12755]  ___slab_alloc+0xd9c/0x1940
[  574.960438][T12755]  __slab_alloc.constprop.0+0x56/0xb0
[  574.966463][T12755]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  575.042750][T12755]  kmalloc_reserve+0xef/0x2c0
[  575.080796][T12755]  __alloc_skb+0x166/0x380
[  575.120463][T12755]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  575.191378][T12755]  process_one_work+0x9cc/0x1b70
[  575.231606][T12755]  worker_thread+0x6c8/0xf10
[  575.267946][T12755]  kthread+0x3c2/0x780
[  575.288919][T12755]  ret_from_fork+0x45/0x80
[  575.304791][T12755]  ret_from_fork_asm+0x1a/0x30
[  575.304844][T12781] blktrace: Concurrent blktraces are not allowed on loop2
[  575.379361][T12755] page last free pid 12532 tgid 12527 stack trace:
[  575.397238][T12755]  __free_frozen_pages+0x69d/0xff0
[  575.414380][T12755]  __put_partials+0x16d/0x1c0
[  575.419703][T12755]  qlist_free_all+0x4e/0x120
[  575.460415][T12755]  kasan_quarantine_reduce+0x195/0x1e0
[  575.480425][T12755]  __kasan_slab_alloc+0x69/0x90
[  575.485872][T12755]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  575.530418][T12755]  __alloc_skb+0x2b2/0x380
[  575.535379][T12755]  inet6_netconf_notify_devconf+0x87/0x180
[  575.560438][T12755]  addrconf_exit_net+0xe9/0x3f0
[  575.565882][T12755]  ops_exit_list+0xb0/0x180
[  575.583347][T12755]  setup_net+0x4e8/0x850
[  575.588107][T12755]  copy_net_ns+0x2a6/0x5f0
[  575.611954][T12755]  create_new_namespaces+0x3ea/0xad0
[  575.617857][T12755]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  575.630399][T12755]  ksys_unshare+0x45b/0xa40
[  575.635468][T12755]  __x64_sys_unshare+0x31/0x40
[  575.869168][T12785] random: crng reseeded on system resumption
[  577.924878][T12812] random: crng reseeded on system resumption
[  580.188196][T12843] random: crng reseeded on system resumption
[  580.534321][T12849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  580.565742][T12849] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  580.607577][T12849] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  580.677424][T12849] page_type: f5(slab)
[  580.704002][T12849] raw: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  580.744125][T12849] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  580.805049][T12849] head: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  580.882660][T12849] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  580.971631][T12849] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  581.055281][T12849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  581.194178][T12849] page dumped because: unmovable page
[  581.240520][T12849] page_owner tracks the page as allocated
[  581.335835][T12849] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9881, tgid 9881 (kworker/u8:28), ts 578510046542, free_ts 577514053542
[  581.412447][T12849]  post_alloc_hook+0x181/0x1b0
[  581.437854][T12849]  get_page_from_freelist+0x135c/0x3920
[  581.470956][T12849]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  581.489849][T12849]  alloc_pages_mpol+0x1fb/0x550
[  581.570773][T12849]  new_slab+0x244/0x340
[  581.575469][T12849]  ___slab_alloc+0xd9c/0x1940
[  581.593119][T12849]  __slab_alloc.constprop.0+0x56/0xb0
[  581.690644][T12849]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  581.697153][T12849]  kmalloc_reserve+0x18b/0x2c0
[  581.730400][T12849]  __alloc_skb+0x166/0x380
[  581.739661][T12849]  tcp_stream_alloc_skb+0x34/0x570
[  581.755816][T12849]  tcp_connect+0xe75/0x5480
[  581.776104][T12849]  tcp_v4_connect+0x1517/0x1ba0
[  581.820479][T12849]  __inet_stream_connect+0x3c5/0x1020
[  581.826506][T12849]  inet_stream_connect+0x57/0xa0
[  581.851934][T12849]  kernel_connect+0x104/0x180
[  581.857191][T12849] page last free pid 12794 tgid 12792 stack trace:
[  581.890442][T12849]  __free_frozen_pages+0x69d/0xff0
[  581.896241][T12849]  __put_partials+0x16d/0x1c0
[  581.920458][T12849]  qlist_free_all+0x4e/0x120
[  581.930389][T12849]  kasan_quarantine_reduce+0x195/0x1e0
[  581.946709][T12849]  __kasan_kmalloc_large+0x86/0x90
[  581.956831][T12849]  __kmalloc_large_node_noprof+0x1c/0x70
[  581.982062][T12849]  __kmalloc_noprof.cold+0xc/0x61
[  581.987708][T12849]  ops_init+0x77/0x5f0
[  582.000485][T12849]  setup_net+0x21e/0x850
[  582.020410][T12849]  copy_net_ns+0x2a6/0x5f0
[  582.025374][T12849]  create_new_namespaces+0x3ea/0xad0
[  582.054541][T12849]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  582.062170][T12849]  ksys_unshare+0x45b/0xa40
[  582.067232][T12849]  __x64_sys_unshare+0x31/0x40
[  582.076719][T12849]  do_syscall_64+0xcd/0x230
[  582.084267][T12849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.949844][T12883] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  584.407023][T12893] FAULT_INJECTION: forcing a failure.
[  584.407023][T12893] name failslab, interval 1, probability 0, space 0, times 0
[  584.482139][T12893] CPU: 0 UID: 0 PID: 12893 Comm: syz.1.1782 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  584.482184][T12893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  584.482202][T12893] Call Trace:
[  584.482212][T12893]  <TASK>
[  584.482224][T12893]  dump_stack_lvl+0x16c/0x1f0
[  584.482269][T12893]  should_fail_ex+0x512/0x640
[  584.482313][T12893]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  584.482351][T12893]  should_failslab+0xc2/0x120
[  584.482388][T12893]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  584.482424][T12893]  ? do_timer_create+0x18a/0x14e0
[  584.482470][T12893]  do_timer_create+0x18a/0x14e0
[  584.482516][T12893]  ? __pfx_do_timer_create+0x10/0x10
[  584.482562][T12893]  ? __fget_files+0x20e/0x3c0
[  584.482611][T12893]  __x64_sys_timer_create+0x199/0x1d0
[  584.482654][T12893]  ? __pfx___x64_sys_timer_create+0x10/0x10
[  584.482694][T12893]  ? fput+0x70/0xf0
[  584.482730][T12893]  ? ksys_write+0x1b9/0x240
[  584.482757][T12893]  ? __pfx_ksys_write+0x10/0x10
[  584.482800][T12893]  do_syscall_64+0xcd/0x230
[  584.482845][T12893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.482876][T12893] RIP: 0033:0x7f1ad3f8e969
[  584.482901][T12893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.482929][T12893] RSP: 002b:00007f1ad4e8a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[  584.482957][T12893] RAX: ffffffffffffffda RBX: 00007f1ad41b5fa0 RCX: 00007f1ad3f8e969
[  584.482978][T12893] RDX: 0000200000000280 RSI: 0000000000000000 RDI: 0000000000000003
[  584.482998][T12893] RBP: 00007f1ad4e8a090 R08: 0000000000000000 R09: 0000000000000000
[  584.483024][T12893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.483043][T12893] R13: 0000000000000001 R14: 00007f1ad41b5fa0 R15: 00007ffd463824f8
[  584.483084][T12893]  </TASK>
[  585.428809][T12910] random: crng reseeded on system resumption
[  585.675545][T12912] FAULT_INJECTION: forcing a failure.
[  585.675545][T12912] name failslab, interval 1, probability 0, space 0, times 0
[  585.760239][T12912] CPU: 1 UID: 0 PID: 12912 Comm: syz.3.1788 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  585.760282][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  585.760305][T12912] Call Trace:
[  585.760314][T12912]  <TASK>
[  585.760325][T12912]  dump_stack_lvl+0x16c/0x1f0
[  585.760371][T12912]  should_fail_ex+0x512/0x640
[  585.760412][T12912]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  585.760452][T12912]  should_failslab+0xc2/0x120
[  585.760491][T12912]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  585.760525][T12912]  ? up_write+0x1b2/0x520
[  585.760567][T12912]  ? vm_area_dup+0x25/0x760
[  585.760603][T12912]  ? __pfx_hugetlb_vm_op_split+0x10/0x10
[  585.760664][T12912]  vm_area_dup+0x25/0x760
[  585.760697][T12912]  ? __pfx_hugetlb_vm_op_split+0x10/0x10
[  585.760744][T12912]  __split_vma+0x17f/0x1030
[  585.760777][T12912]  ? __lock_acquire+0x5ca/0x1ba0
[  585.760818][T12912]  ? __pfx___split_vma+0x10/0x10
[  585.760880][T12912]  vms_gather_munmap_vmas+0x1c2/0x1310
[  585.760934][T12912]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  585.760963][T12912]  ? is_bpf_text_address+0x8a/0x1a0
[  585.760994][T12912]  ? bpf_ksym_find+0x124/0x1c0
[  585.761035][T12912]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  585.761064][T12912]  ? is_bpf_text_address+0x94/0x1a0
[  585.761095][T12912]  ? kernel_text_address+0x8d/0x100
[  585.761135][T12912]  ? __kernel_text_address+0xd/0x40
[  585.761180][T12912]  do_vmi_align_munmap+0x27c/0x7d0
[  585.761211][T12912]  ? __lock_acquire+0x5ca/0x1ba0
[  585.761243][T12912]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  585.761316][T12912]  do_vmi_munmap+0x208/0x3e0
[  585.761349][T12912]  do_munmap+0xbd/0x100
[  585.761387][T12912]  ? __pfx_do_munmap+0x10/0x10
[  585.761434][T12912]  ? __pfx_down_write_killable+0x10/0x10
[  585.761483][T12912]  __do_sys_mremap+0xfb4/0x15d0
[  585.761516][T12912]  ? __pfx___do_sys_mremap+0x10/0x10
[  585.761547][T12912]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  585.761587][T12912]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  585.761628][T12912]  ? __fget_files+0x20e/0x3c0
[  585.761688][T12912]  ? rcu_is_watching+0x12/0xc0
[  585.761721][T12912]  do_syscall_64+0xcd/0x230
[  585.761759][T12912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.761785][T12912] RIP: 0033:0x7f24a058e969
[  585.761806][T12912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.761830][T12912] RSP: 002b:00007f24a13de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  585.761855][T12912] RAX: ffffffffffffffda RBX: 00007f24a07b5fa0 RCX: 00007f24a058e969
[  585.761871][T12912] RDX: 0000000000003fd6 RSI: 0000000000000007 RDI: 0000000000000000
[  585.761887][T12912] RBP: 00007f24a13de090 R08: 0000000000200000 R09: 0000000000000000
[  585.761903][T12912] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  585.761918][T12912] R13: 0000000000000000 R14: 00007f24a07b5fa0 R15: 00007ffd090d8818
[  585.761951][T12912]  </TASK>
[  586.959560][T12952] tipc: Started in network mode
[  586.996766][T12952] tipc: Node identity ee00, cluster identity 4711
[  587.045289][T12952] tipc: Node number set to 60928
[  587.072407][T12964] blktrace: Concurrent blktraces are not allowed on loop2
[  587.409277][T12965] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  587.461621][T12965] CIFS mount error: No usable UNC path provided in device string!
[  587.461621][T12965] 
[  587.478471][T12965] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  589.154091][T12977] Invalid ELF header magic: != ELF
[  589.211626][T12984] random: crng reseeded on system resumption
[  589.266377][T12987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  589.325365][T12987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  589.403205][T12987] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  589.481466][T12987] page_type: f5(slab)
[  589.486739][T12987] raw: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  589.560451][T12987] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  589.570001][T12987] head: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  589.611632][T12987] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  589.688760][T12987] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  589.754767][T12987] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  589.790587][T12987] page dumped because: unmovable page
[  589.796608][T12987] page_owner tracks the page as allocated
[  589.855726][T12987] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9881, tgid 9881 (kworker/u8:28), ts 578510046542, free_ts 577514053542
[  589.940457][T12987]  post_alloc_hook+0x181/0x1b0
[  589.971527][T12987]  get_page_from_freelist+0x135c/0x3920
[  590.014472][T12987]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  590.048596][T12987]  alloc_pages_mpol+0x1fb/0x550
[  590.058671][T12987]  new_slab+0x244/0x340
[  590.066920][T12987]  ___slab_alloc+0xd9c/0x1940
[  590.088885][T12987]  __slab_alloc.constprop.0+0x56/0xb0
[  590.121626][T12987]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  590.128116][T12987]  kmalloc_reserve+0x18b/0x2c0
[  590.181791][T12987]  __alloc_skb+0x166/0x380
[  590.193428][T12987]  tcp_stream_alloc_skb+0x34/0x570
[  590.206035][T13002] blktrace: Concurrent blktraces are not allowed on loop2
[  590.237501][T12987]  tcp_connect+0xe75/0x5480
[  590.248536][T12987]  tcp_v4_connect+0x1517/0x1ba0
[  590.257899][T12987]  __inet_stream_connect+0x3c5/0x1020
[  590.268971][T12987]  inet_stream_connect+0x57/0xa0
[  590.274788][T12987]  kernel_connect+0x104/0x180
[  590.280093][T12987] page last free pid 12794 tgid 12792 stack trace:
[  590.380360][T12987]  __free_frozen_pages+0x69d/0xff0
[  590.390710][T12987]  __put_partials+0x16d/0x1c0
[  590.412568][T12987]  qlist_free_all+0x4e/0x120
[  590.417733][T12987]  kasan_quarantine_reduce+0x195/0x1e0
[  590.448996][T12987]  __kasan_kmalloc_large+0x86/0x90
[  590.458080][T12987]  __kmalloc_large_node_noprof+0x1c/0x70
[  590.471794][T12987]  __kmalloc_noprof.cold+0xc/0x61
[  590.484245][T12987]  ops_init+0x77/0x5f0
[  590.492712][T12987]  setup_net+0x21e/0x850
[  590.504654][T12987]  copy_net_ns+0x2a6/0x5f0
[  590.514614][T12987]  create_new_namespaces+0x3ea/0xad0
[  590.524347][T12987]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  590.533966][T12987]  ksys_unshare+0x45b/0xa40
[  590.539245][T12987]  __x64_sys_unshare+0x31/0x40
[  590.548745][T12987]  do_syscall_64+0xcd/0x230
[  590.558037][T12987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.788787][T13006] sctp: [Deprecated]: syz.2.1802 (pid 13006) Use of int in maxseg socket option.
[  590.788787][T13006] Use struct sctp_assoc_value instead
[  591.184642][T13015] cgroup: fork rejected by pids controller in /syz3
[  591.623761][T13065] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  595.134277][T13108] blktrace: Concurrent blktraces are not allowed on loop2
[  595.184128][T13096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  595.194490][T13096] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  595.270726][T13096] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  595.308758][T13096] page_type: f5(slab)
[  595.308872][T13096] raw: 00fff00000000040 ffff8881416a2b40 ffffea0000ed7700 0000000000000004
[  595.308906][T13096] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  595.308940][T13096] head: 00fff00000000040 ffff8881416a2b40 ffffea0000ed7700 0000000000000004
[  595.308972][T13096] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  595.309005][T13096] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  595.309035][T13096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  595.309056][T13096] page dumped because: unmovable page
[  595.309072][T13096] page_owner tracks the page as allocated
[  595.309085][T13096] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9881, tgid 9881 (kworker/u8:28), ts 578510046542, free_ts 577514053542
[  595.309146][T13096]  post_alloc_hook+0x181/0x1b0
[  595.309180][T13096]  get_page_from_freelist+0x135c/0x3920
[  595.309215][T13096]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  595.309250][T13096]  alloc_pages_mpol+0x1fb/0x550
[  595.309285][T13096]  new_slab+0x244/0x340
[  595.309333][T13096]  ___slab_alloc+0xd9c/0x1940
[  595.309383][T13096]  __slab_alloc.constprop.0+0x56/0xb0
[  595.309433][T13096]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  595.309471][T13096]  kmalloc_reserve+0x18b/0x2c0
[  595.309513][T13096]  __alloc_skb+0x166/0x380
[  595.309543][T13096]  tcp_stream_alloc_skb+0x34/0x570
[  595.309586][T13096]  tcp_connect+0xe75/0x5480
[  595.309633][T13096]  tcp_v4_connect+0x1517/0x1ba0
[  595.309675][T13096]  __inet_stream_connect+0x3c5/0x1020
[  595.309730][T13096]  inet_stream_connect+0x57/0xa0
[  595.309773][T13096]  kernel_connect+0x104/0x180
[  595.309811][T13096] page last free pid 12794 tgid 12792 stack trace:
[  595.309832][T13096]  __free_frozen_pages+0x69d/0xff0
[  595.309885][T13096]  __put_partials+0x16d/0x1c0
[  595.309915][T13096]  qlist_free_all+0x4e/0x120
[  595.309945][T13096]  kasan_quarantine_reduce+0x195/0x1e0
[  595.309980][T13096]  __kasan_kmalloc_large+0x86/0x90
[  595.310018][T13096]  __kmalloc_large_node_noprof+0x1c/0x70
[  595.310067][T13096]  __kmalloc_noprof.cold+0xc/0x61
[  595.310109][T13096]  ops_init+0x77/0x5f0
[  595.310143][T13096]  setup_net+0x21e/0x850
[  595.310179][T13096]  copy_net_ns+0x2a6/0x5f0
[  595.310218][T13096]  create_new_namespaces+0x3ea/0xad0
[  595.310254][T13096]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  595.326684][T13096]  ksys_unshare+0x45b/0xa40
[  595.326748][T13096]  __x64_sys_unshare+0x31/0x40
[  595.326793][T13096]  do_syscall_64+0xcd/0x230
[  595.326838][T13096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f

syzkaller
syzkaller login: [  599.661294][T13162] blktrace: Concurrent blktraces are not allowed on loop2
[  602.068816][T13191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  602.110561][T13191] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  602.133130][T13191] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  602.222376][T13191] page_type: f5(slab)
[  602.249742][T13191] raw: 00fff00000000040 ffff8881416a2b40 ffffea0000ed7700 0000000000000004
[  602.383730][T13191] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  602.439216][T13191] head: 00fff00000000040 ffff8881416a2b40 ffffea0000ed7700 0000000000000004
[  602.488668][T13191] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  602.577747][T13191] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  602.640462][T13191] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  602.650103][T13191] page dumped because: unmovable page
[  602.696993][T13191] page_owner tracks the page as allocated
[  602.717690][T13191] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9881, tgid 9881 (kworker/u8:28), ts 578510046542, free_ts 577514053542

syzkaller
syzkaller login: [  602.777562][T13191]  post_alloc_hook+0x181/0x1b0
[  602.840642][T13191]  get_page_from_freelist+0x135c/0x3920
[  602.880265][T13191]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  602.955916][T13191]  alloc_pages_mpol+0x1fb/0x550
[  603.057383][T13191]  new_slab+0x244/0x340
[  603.063662][T13191]  ___slab_alloc+0xd9c/0x1940
[  603.069063][T13191]  __slab_alloc.constprop.0+0x56/0xb0
[  603.075752][T13191]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  603.082733][T13191]  kmalloc_reserve+0x18b/0x2c0
[  603.088050][T13191]  __alloc_skb+0x166/0x380
[  603.093586][T13191]  tcp_stream_alloc_skb+0x34/0x570
[  603.099290][T13191]  tcp_connect+0xe75/0x5480
[  603.106469][T13191]  tcp_v4_connect+0x1517/0x1ba0
[  603.112530][T13191]  __inet_stream_connect+0x3c5/0x1020
[  603.118647][T13191]  inet_stream_connect+0x57/0xa0
[  603.125044][T13191]  kernel_connect+0x104/0x180
[  603.130790][T13191] page last free pid 12794 tgid 12792 stack trace:
[  603.138007][T13191]  __free_frozen_pages+0x69d/0xff0
[  603.144396][T13191]  __put_partials+0x16d/0x1c0
[  603.149612][T13191]  qlist_free_all+0x4e/0x120
[  603.155364][T13191]  kasan_quarantine_reduce+0x195/0x1e0
[  603.161928][T13191]  __kasan_kmalloc_large+0x86/0x90
[  603.171028][T13191]  __kmalloc_large_node_noprof+0x1c/0x70
[  603.177319][T13191]  __kmalloc_noprof.cold+0xc/0x61
[  603.183511][T13191]  ops_init+0x77/0x5f0
[  603.188057][T13191]  setup_net+0x21e/0x850
[  603.193378][T13191]  copy_net_ns+0x2a6/0x5f0
[  603.198315][T13191]  create_new_namespaces+0x3ea/0xad0
[  603.206571][T13191]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  603.216255][T13191]  ksys_unshare+0x45b/0xa40
[  603.266921][T13191]  __x64_sys_unshare+0x31/0x40
[  603.287175][T13191]  do_syscall_64+0xcd/0x230
[  603.327686][T13191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.420713][T13239] blktrace: Concurrent blktraces are not allowed on loop2
[  605.835863][T13246] blktrace: Concurrent blktraces are not allowed on loop2
[  606.186202][   T30] audit: type=1107 audit(8188642991.016:10): pid=13250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  606.250475][   T30] audit: type=1107 audit(8188642991.016:11): pid=13250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  607.844157][T13279] blktrace: Concurrent blktraces are not allowed on loop2

syzkaller
syzkaller login: [  612.469697][T13330] random: crng reseeded on system resumption
[  612.973894][T13340] blktrace: Concurrent blktraces are not allowed on loop2
[  614.586451][T13368] page: refcount:2 mapcount:1 mapping:0000000000000000 index:0x1bd pfn:0x78015
[  614.625184][T13368] memcg:ffff888030e96000
[  614.678264][T13368] anon flags: 0xfff00000020808(uptodate|owner_2|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[  614.750491][T13368] raw: 00fff00000020808 ffffea00014d7208 ffffea0001356a08 ffff88805df98661
[  614.788022][T13368] raw: 00000000000001bd 0000000000000000 0000000200000000 ffff888030e96000
[  614.798878][T13368] page dumped because: unmovable page
[  614.804975][T13368] page_owner tracks the page as freed
[  614.811091][T13368] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 13358, tgid 13353 (syz.2.1872), ts 613977812773, free_ts 614783265364
[  614.867702][T13368]  post_alloc_hook+0x181/0x1b0
[  614.883844][T13368]  get_page_from_freelist+0x135c/0x3920
[  614.920901][T13368]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  614.927503][T13368]  alloc_pages_mpol+0x1fb/0x550
[  614.958502][T13368]  folio_alloc_mpol_noprof+0x36/0x2f0
[  614.987059][T13368]  vma_alloc_folio_noprof+0xed/0x1e0
[  615.012594][T13368]  do_pte_missing+0x223d/0x3fb0
[  615.032430][T13368]  __handle_mm_fault+0x103d/0x2a40
[  615.077308][T13368]  handle_mm_fault+0x3fe/0xad0
[  615.085965][T13368]  __get_user_pages+0x771/0x36f0
[  615.103816][T13368]  populate_vma_page_range+0x278/0x3a0
[  615.109903][T13368]  __mm_populate+0x1d8/0x380
[  615.137582][T13368]  vm_mmap_pgoff+0x362/0x450
[  615.153092][T13368]  ksys_mmap_pgoff+0x7d/0x5c0
[  615.158350][T13368]  __x64_sys_mmap+0x125/0x190
[  615.310443][T13368]  do_syscall_64+0xcd/0x230
[  615.315523][T13368] page last free pid 13358 tgid 13353 stack trace:
[  615.364903][T13368]  free_unref_folios+0x999/0x1630
[  615.419000][T13382] FAULT_INJECTION: forcing a failure.
[  615.419000][T13382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.444256][T13368]  shrink_folio_list+0x3255/0x40e0
[  615.449976][T13368]  reclaim_folio_list+0xd7/0x5d0
[  615.511557][T13382] CPU: 0 UID: 0 PID: 13382 Comm: syz.2.1876 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  615.511603][T13382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  615.511623][T13382] Call Trace:
[  615.511633][T13382]  <TASK>
[  615.511643][T13382]  dump_stack_lvl+0x16c/0x1f0
[  615.511689][T13382]  should_fail_ex+0x512/0x640
[  615.511740][T13382]  _copy_from_user+0x2e/0xd0
[  615.511789][T13382]  copy_msghdr_from_user+0x98/0x160
[  615.511823][T13382]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  615.511874][T13382]  ___sys_sendmsg+0xfe/0x1d0
[  615.511909][T13382]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.511996][T13382]  __sys_sendmsg+0x16d/0x220
[  615.512032][T13382]  ? __pfx___sys_sendmsg+0x10/0x10
[  615.512076][T13382]  ? rcu_is_watching+0x12/0xc0
[  615.512117][T13382]  do_syscall_64+0xcd/0x230
[  615.512163][T13382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.512195][T13382] RIP: 0033:0x7f47fef8e969
[  615.512216][T13382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.512247][T13382] RSP: 002b:00007f47ffdc5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  615.512276][T13382] RAX: ffffffffffffffda RBX: 00007f47ff1b6080 RCX: 00007f47fef8e969
[  615.512296][T13382] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: 0000000000000003
[  615.512314][T13382] RBP: 00007f47ffdc5090 R08: 0000000000000000 R09: 0000000000000000
[  615.512332][T13382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  615.512348][T13382] R13: 0000000000000000 R14: 00007f47ff1b6080 R15: 00007ffca221bfd8
[  615.512385][T13382]  </TASK>
[  615.702227][T13368]  reclaim_pages+0x47b/0x650
[  615.707376][T13368]  madvise_cold_or_pageout_pte_range+0x13a9/0x20f0
[  615.716085][T13368]  walk_pgd_range+0xba7/0x1a90
[  615.721444][T13368]  __walk_page_range+0x163/0x820
[  615.727054][T13368]  walk_page_range_mm+0x54d/0x8a0
[  615.732730][T13368]  walk_page_range+0x63/0x90
[  615.737954][T13368]  madvise_pageout+0x316/0x800
[  615.743314][T13368]  madvise_vma_behavior+0x416/0x1d50
[  615.749344][T13368]  madvise_walk_vmas+0x1ce/0x2c0
[  615.754949][T13368]  madvise_do_behavior+0x12b/0x3b0
[  615.760762][T13368]  do_madvise+0x10b/0x170
[  615.765605][T13368]  __x64_sys_madvise+0xa9/0x110
[  615.771137][T13368]  do_syscall_64+0xcd/0x230
[  616.140186][T13389] blktrace: Concurrent blktraces are not allowed on loop2
[  617.231105][T13418] FAULT_INJECTION: forcing a failure.
[  617.231105][T13418] name failslab, interval 1, probability 0, space 0, times 0
[  617.247680][T13418] CPU: 0 UID: 0 PID: 13418 Comm: syz.3.1884 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  617.247724][T13418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  617.247741][T13418] Call Trace:
[  617.247751][T13418]  <TASK>
[  617.247763][T13418]  dump_stack_lvl+0x16c/0x1f0
[  617.247805][T13418]  should_fail_ex+0x512/0x640
[  617.247859][T13418]  ? __kmalloc_noprof+0xbf/0x510
[  617.247896][T13418]  ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  617.247936][T13418]  should_failslab+0xc2/0x120
[  617.247973][T13418]  __kmalloc_noprof+0xd2/0x510
[  617.248008][T13418]  ? _kstrtoull+0x145/0x200
[  617.248047][T13418]  process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  617.248090][T13418]  ? find_held_lock+0x2b/0x80
[  617.248123][T13418]  ? __lock_acquire+0x5ca/0x1ba0
[  617.248167][T13418]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  617.248209][T13418]  ? import_ubuf+0x1b6/0x220
[  617.248272][T13418]  ? iovec_from_user+0xbb/0x140
[  617.248325][T13418]  process_vm_rw+0x216/0x2c0
[  617.248365][T13418]  ? __pfx_process_vm_rw+0x10/0x10
[  617.248415][T13418]  ? ksys_write+0x190/0x240
[  617.248482][T13418]  ? ksys_write+0x1b9/0x240
[  617.248510][T13418]  ? __pfx_ksys_write+0x10/0x10
[  617.248545][T13418]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  617.248585][T13418]  ? do_syscall_64+0x91/0x230
[  617.248627][T13418]  ? lockdep_hardirqs_on+0x7c/0x110
[  617.248664][T13418]  do_syscall_64+0xcd/0x230
[  617.248710][T13418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.248742][T13418] RIP: 0033:0x7f24a058e969
[  617.248767][T13418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.248797][T13418] RSP: 002b:00007f24a13de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  617.248834][T13418] RAX: ffffffffffffffda RBX: 00007f24a07b5fa0 RCX: 00007f24a058e969
[  617.248855][T13418] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 000000000000064c
[  617.248873][T13418] RBP: 00007f24a13de090 R08: 0000000000000006 R09: 0000000000000000
[  617.248890][T13418] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  617.248907][T13418] R13: 0000000000000000 R14: 00007f24a07b5fa0 R15: 00007ffd090d8818
[  617.248945][T13418]  </TASK>
[  617.757580][T13415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  617.850463][T13415] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  617.859920][T13415] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  617.938718][T13415] page_type: f5(slab)
[  617.947961][T13415] raw: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  618.011206][T13415] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  618.068448][T13415] head: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  618.081992][T13415] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  618.110430][T13415] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  618.131136][T13429] blktrace: Concurrent blktraces are not allowed on loop2
[  618.213399][T13415] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  618.299496][T13415] page dumped because: unmovable page
[  618.470501][T13415] page_owner tracks the page as allocated
[  618.476886][T13415] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9866, tgid 9866 (kworker/u8:16), ts 609362589603, free_ts 609115273376
[  618.594312][T13415]  post_alloc_hook+0x181/0x1b0
[  618.599664][T13415]  get_page_from_freelist+0x135c/0x3920
[  618.606114][T13415]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  618.639869][T13415]  alloc_pages_mpol+0x1fb/0x550
[  618.680415][T13415]  new_slab+0x244/0x340
[  618.685106][T13415]  ___slab_alloc+0xd9c/0x1940
[  618.721072][T13415]  __slab_alloc.constprop.0+0x56/0xb0
[  618.727127][T13415]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  618.810918][T13415]  kmalloc_reserve+0x18b/0x2c0
[  618.816272][T13415]  __alloc_skb+0x166/0x380
[  618.837399][T13415]  __tcp_send_ack.part.0+0x66/0x700
[  618.857041][T13415]  tcp_send_ack+0x84/0xa0
[  618.893035][T13415]  __tcp_ack_snd_check+0x188/0xad0
[  618.898757][T13415]  tcp_rcv_established+0x8c2/0x2180
[  618.943770][T13415]  tcp_v4_do_rcv+0x5ca/0xa90
[  618.953314][T13415]  tcp_v4_rcv+0x3601/0x4640
[  618.989773][T13415] page last free pid 9884 tgid 9884 stack trace:
[  618.999905][T13415]  __free_frozen_pages+0x69d/0xff0
[  619.030474][T13415]  __put_partials+0x16d/0x1c0
[  619.035720][T13415]  qlist_free_all+0x4e/0x120
[  619.061157][T13415]  kasan_quarantine_reduce+0x195/0x1e0
[  619.098600][T13415]  __kasan_slab_alloc+0x69/0x90
[  619.124815][T13415]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[  619.150521][T13415]  sock_alloc_inode+0x25/0x1c0
[  619.166139][T13415]  alloc_inode+0x61/0x240
[  619.180372][T13415]  sock_alloc+0x40/0x280
[  619.185184][T13415]  sock_create_lite+0x82/0x120
[  619.200376][T13415]  rds_tcp_accept_one+0x16b/0xd10
[  619.216284][T13415]  rds_tcp_accept_worker+0x59/0x80
[  619.260411][T13415]  process_one_work+0x9cc/0x1b70
[  619.282746][T13415]  worker_thread+0x6c8/0xf10
[  619.298185][T13415]  kthread+0x3c2/0x780
[  619.328602][T13415]  ret_from_fork+0x45/0x80

syzkaller
syzkaller login: [  621.028189][T13462] bond0: no command found in slaves file - use +ifname or -ifname
[  621.940958][T13469] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1895'.
[  621.999021][T13469] netlink: 'syz.1.1895': attribute type 4 has an invalid length.
[  622.036651][T13469] netlink: 314 bytes leftover after parsing attributes in process `syz.1.1895'.
[  622.095324][T13469] netlink: 'syz.1.1895': attribute type 4 has an invalid length.
[  622.149607][T13469] netlink: 314 bytes leftover after parsing attributes in process `syz.1.1895'.

syzkaller
syzkaller login: [  625.533357][T13508] blktrace: Concurrent blktraces are not allowed on loop2
[  626.264587][T13513] blktrace: Concurrent blktraces are not allowed on loop2
[  626.489628][T13516] FAULT_INJECTION: forcing a failure.
[  626.489628][T13516] name failslab, interval 1, probability 0, space 0, times 0
[  626.590539][T13516] CPU: 1 UID: 0 PID: 13516 Comm: syz.3.1907 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  626.590583][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  626.590600][T13516] Call Trace:
[  626.590609][T13516]  <TASK>
[  626.590620][T13516]  dump_stack_lvl+0x16c/0x1f0
[  626.590666][T13516]  should_fail_ex+0x512/0x640
[  626.590706][T13516]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  626.590762][T13516]  should_failslab+0xc2/0x120
[  626.590799][T13516]  __kmalloc_cache_noprof+0x6a/0x3e0
[  626.590843][T13516]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  626.590878][T13516]  ? lockdep_hardirqs_on+0x7c/0x110
[  626.590913][T13516]  ? __request_module+0x2ad/0x690
[  626.590970][T13516]  __request_module+0x2ad/0x690
[  626.591012][T13516]  ? __pfx___request_module+0x10/0x10
[  626.591052][T13516]  ? aa_get_newest_label+0x375/0x680
[  626.591084][T13516]  ? __pfx_aa_get_newest_label+0x10/0x10
[  626.591126][T13516]  ? find_held_lock+0x2b/0x80
[  626.591159][T13516]  ? tcp_ca_find_autoload+0xec/0x2f0
[  626.591212][T13516]  tcp_ca_find_autoload+0x10d/0x2f0
[  626.591261][T13516]  tcp_set_congestion_control+0xdb/0xa20
[  626.591299][T13516]  do_tcp_setsockopt+0x5ef/0x2640
[  626.591351][T13516]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  626.591400][T13516]  ? __pfx___might_resched+0x10/0x10
[  626.591445][T13516]  ? __lock_acquire+0x5ca/0x1ba0
[  626.591482][T13516]  ? __pfx_aa_sk_perm+0x10/0x10
[  626.591515][T13516]  ? find_held_lock+0x2b/0x80
[  626.591544][T13516]  tcp_setsockopt+0xe2/0x100
[  626.591593][T13516]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  626.591634][T13516]  do_sock_setsockopt+0x221/0x470
[  626.591673][T13516]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  626.591736][T13516]  __sys_setsockopt+0x120/0x1a0
[  626.591772][T13516]  __x64_sys_setsockopt+0xbd/0x160
[  626.591801][T13516]  ? do_syscall_64+0x91/0x230
[  626.591841][T13516]  ? lockdep_hardirqs_on+0x7c/0x110
[  626.591878][T13516]  do_syscall_64+0xcd/0x230
[  626.591930][T13516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.591959][T13516] RIP: 0033:0x7f24a058e969
[  626.591983][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.592011][T13516] RSP: 002b:00007f24a13de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  626.592039][T13516] RAX: ffffffffffffffda RBX: 00007f24a07b5fa0 RCX: 00007f24a058e969
[  626.592058][T13516] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000003
[  626.592074][T13516] RBP: 00007f24a13de090 R08: 0000000000010001 R09: 0000000000000000
[  626.592090][T13516] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.592107][T13516] R13: 0000000000000000 R14: 00007f24a07b5fa0 R15: 00007ffd090d8818
[  626.592144][T13516]  </TASK>
[  627.809072][   T30] audit: type=1800 audit(8188643012.636:12): pid=13523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1908" name="discovery_nqn" dev="configfs" ino=148469 res=0 errno=0
[  629.625377][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  629.640406][ T1297] ieee802154 phy1 wpan1: encryption failed: -22

syzkaller
syzkaller login: [  632.529832][T13609] FAULT_INJECTION: forcing a failure.
[  632.529832][T13609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  632.553385][T13610] blktrace: Concurrent blktraces are not allowed on loop2
[  632.564981][T13609] CPU: 1 UID: 0 PID: 13609 Comm: syz.1.1925 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  632.565023][T13609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  632.565041][T13609] Call Trace:
[  632.565051][T13609]  <TASK>
[  632.565062][T13609]  dump_stack_lvl+0x16c/0x1f0
[  632.565108][T13609]  should_fail_ex+0x512/0x640
[  632.565156][T13609]  _copy_to_user+0x32/0xd0
[  632.565202][T13609]  do_timer_create+0x6dc/0x14e0
[  632.565246][T13609]  ? __pfx_do_timer_create+0x10/0x10
[  632.565306][T13609]  ? __fget_files+0x20e/0x3c0
[  632.565359][T13609]  __x64_sys_timer_create+0x199/0x1d0
[  632.565399][T13609]  ? __pfx___x64_sys_timer_create+0x10/0x10
[  632.565439][T13609]  ? fput+0x70/0xf0
[  632.565472][T13609]  ? ksys_write+0x1b9/0x240
[  632.565501][T13609]  ? __pfx_ksys_write+0x10/0x10
[  632.565541][T13609]  do_syscall_64+0xcd/0x230
[  632.565586][T13609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.565617][T13609] RIP: 0033:0x7f1ad3f8e969
[  632.565642][T13609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.565672][T13609] RSP: 002b:00007f1ad4e8a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[  632.565700][T13609] RAX: ffffffffffffffda RBX: 00007f1ad41b5fa0 RCX: 00007f1ad3f8e969
[  632.565720][T13609] RDX: 0000200000000280 RSI: 0000000000000000 RDI: 0000000000000003
[  632.565738][T13609] RBP: 00007f1ad4e8a090 R08: 0000000000000000 R09: 0000000000000000
[  632.565755][T13609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  632.565771][T13609] R13: 0000000000000001 R14: 00007f1ad41b5fa0 R15: 00007ffd463824f8
[  632.565809][T13609]  </TASK>
[  634.441334][T13632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  634.528051][T13632] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  634.664608][T13632] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  634.785135][T13632] page_type: f5(slab)
[  634.798376][T13632] raw: 00fff00000000040 ffff8881416a2b40 ffffea000171a600 0000000000000004
[  634.969265][T13632] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  635.062525][T13632] head: 00fff00000000040 ffff8881416a2b40 ffffea000171a600 0000000000000004
[  635.110972][T13632] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  635.150756][T13632] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  635.310174][T13632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  635.370317][T13632] page dumped because: unmovable page
[  635.376315][T13632] page_owner tracks the page as allocated
[  635.430903][T13632] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9866, tgid 9866 (kworker/u8:16), ts 609362589603, free_ts 609115273376
[  635.481755][T13632]  post_alloc_hook+0x181/0x1b0
[  635.487209][T13632]  get_page_from_freelist+0x135c/0x3920
[  635.497312][T13632]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  635.514405][T13632]  alloc_pages_mpol+0x1fb/0x550
[  635.540524][T13632]  new_slab+0x244/0x340
[  635.552756][T13632]  ___slab_alloc+0xd9c/0x1940
[  635.558193][T13632]  __slab_alloc.constprop.0+0x56/0xb0
[  635.568130][T13632]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  635.648971][T13632]  kmalloc_reserve+0x18b/0x2c0
[  635.690595][T13632]  __alloc_skb+0x166/0x380
[  635.706082][T13632]  __tcp_send_ack.part.0+0x66/0x700
[  635.731283][T13632]  tcp_send_ack+0x84/0xa0
[  635.746463][T13632]  __tcp_ack_snd_check+0x188/0xad0
[  635.780382][T13632]  tcp_rcv_established+0x8c2/0x2180
[  635.786220][T13632]  tcp_v4_do_rcv+0x5ca/0xa90
[  635.826715][T13632]  tcp_v4_rcv+0x3601/0x4640
[  635.851856][T13632] page last free pid 9884 tgid 9884 stack trace:
[  635.863674][T13632]  __free_frozen_pages+0x69d/0xff0
[  635.872897][T13632]  __put_partials+0x16d/0x1c0
[  635.878123][T13632]  qlist_free_all+0x4e/0x120
[  635.883857][T13632]  kasan_quarantine_reduce+0x195/0x1e0
[  635.889933][T13632]  __kasan_slab_alloc+0x69/0x90
[  635.897550][T13632]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[  635.904578][T13632]  sock_alloc_inode+0x25/0x1c0
[  635.910091][T13632]  alloc_inode+0x61/0x240
[  635.917344][T13632]  sock_alloc+0x40/0x280
[  635.924290][T13632]  sock_create_lite+0x82/0x120
[  635.929769][T13632]  rds_tcp_accept_one+0x16b/0xd10
[  635.936147][T13632]  rds_tcp_accept_worker+0x59/0x80
[  635.990619][T13632]  process_one_work+0x9cc/0x1b70
[  635.996187][T13632]  worker_thread+0x6c8/0xf10
[  636.036319][T13632]  kthread+0x3c2/0x780
[  636.042257][T13632]  ret_from_fork+0x45/0x80
[  637.112703][T13670] blktrace: Concurrent blktraces are not allowed on loop2
[  638.167151][T13682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  638.260859][T13682] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  638.419362][T13682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  638.494576][T13682] page_type: f5(slab)
[  638.499181][T13682] raw: 00fff00000000040 ffff8881416a2b40 ffffea000171a600 0000000000000004
[  638.508788][T13682] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  638.520744][T13682] head: 00fff00000000040 ffff8881416a2b40 ffffea000171a600 0000000000000004
[  638.530940][T13682] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  638.593101][T13682] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  638.608952][T13682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  638.619854][T13682] page dumped because: unmovable page
[  638.628154][T13682] page_owner tracks the page as allocated
[  638.635438][T13682] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9866, tgid 9866 (kworker/u8:16), ts 609362589603, free_ts 609115273376
[  638.659018][T13682]  post_alloc_hook+0x181/0x1b0
[  638.664418][T13682]  get_page_from_freelist+0x135c/0x3920
[  638.685700][T13682]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  638.705311][T13682]  alloc_pages_mpol+0x1fb/0x550
[  638.750382][T13682]  new_slab+0x244/0x340
[  638.755086][T13682]  ___slab_alloc+0xd9c/0x1940
[  638.792245][T13682]  __slab_alloc.constprop.0+0x56/0xb0
[  638.798284][T13682]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  638.860798][T13682]  kmalloc_reserve+0x18b/0x2c0
[  638.883211][T13682]  __alloc_skb+0x166/0x380
[  638.906768][T13682]  __tcp_send_ack.part.0+0x66/0x700
[  638.931326][T13682]  tcp_send_ack+0x84/0xa0
[  638.951466][T13682]  __tcp_ack_snd_check+0x188/0xad0
[  638.957199][T13682]  tcp_rcv_established+0x8c2/0x2180
[  639.011209][T13682]  tcp_v4_do_rcv+0x5ca/0xa90
[  639.024455][T13682]  tcp_v4_rcv+0x3601/0x4640
[  639.035191][T13682] page last free pid 9884 tgid 9884 stack trace:
[  639.060760][T13682]  __free_frozen_pages+0x69d/0xff0
[  639.073558][T13682]  __put_partials+0x16d/0x1c0
[  639.078891][T13682]  qlist_free_all+0x4e/0x120
[  639.084128][T13682]  kasan_quarantine_reduce+0x195/0x1e0
[  639.100374][T13682]  __kasan_slab_alloc+0x69/0x90
[  639.110844][T13682]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[  639.121892][T13682]  sock_alloc_inode+0x25/0x1c0
[  639.128265][T13682]  alloc_inode+0x61/0x240
[  639.136202][T13682]  sock_alloc+0x40/0x280
[  639.144756][T13682]  sock_create_lite+0x82/0x120
[  639.155465][T13682]  rds_tcp_accept_one+0x16b/0xd10
[  639.162094][T13682]  rds_tcp_accept_worker+0x59/0x80
[  639.167940][T13682]  process_one_work+0x9cc/0x1b70
[  639.176610][T13682]  worker_thread+0x6c8/0xf10
[  639.182828][T13682]  kthread+0x3c2/0x780
[  639.187575][T13682]  ret_from_fork+0x45/0x80
[  640.651708][T13715] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1952'.
[  642.049385][T13738] blktrace: Concurrent blktraces are not allowed on loop2

syzkaller
syzkaller login: [  643.236608][T13753] FAULT_INJECTION: forcing a failure.
[  643.236608][T13753] name failslab, interval 1, probability 0, space 0, times 0
[  643.263755][T13753] CPU: 0 UID: 0 PID: 13753 Comm: syz.1.1960 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  643.263799][T13753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  643.263817][T13753] Call Trace:
[  643.263828][T13753]  <TASK>
[  643.263839][T13753]  dump_stack_lvl+0x16c/0x1f0
[  643.263884][T13753]  should_fail_ex+0x512/0x640
[  643.263927][T13753]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  643.263966][T13753]  should_failslab+0xc2/0x120
[  643.264005][T13753]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  643.264050][T13753]  ? __alloc_skb+0x2b2/0x380
[  643.264088][T13753]  __alloc_skb+0x2b2/0x380
[  643.264121][T13753]  ? __pfx___alloc_skb+0x10/0x10
[  643.264155][T13753]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  643.264191][T13753]  ? __lock_acquire+0xaa4/0x1ba0
[  643.264238][T13753]  netlink_alloc_large_skb+0x69/0x130
[  643.264279][T13753]  netlink_sendmsg+0x6a1/0xdd0
[  643.264324][T13753]  ? __pfx_netlink_sendmsg+0x10/0x10
[  643.264378][T13753]  ____sys_sendmsg+0xa95/0xc70
[  643.264424][T13753]  ? copy_msghdr_from_user+0x10a/0x160
[  643.264459][T13753]  ? __pfx_____sys_sendmsg+0x10/0x10
[  643.264523][T13753]  ___sys_sendmsg+0x134/0x1d0
[  643.264560][T13753]  ? __pfx____sys_sendmsg+0x10/0x10
[  643.264647][T13753]  __sys_sendmsg+0x16d/0x220
[  643.264683][T13753]  ? __pfx___sys_sendmsg+0x10/0x10
[  643.264731][T13753]  ? rcu_is_watching+0x12/0xc0
[  643.264773][T13753]  do_syscall_64+0xcd/0x230
[  643.264821][T13753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.264854][T13753] RIP: 0033:0x7f1ad3f8e969
[  643.264878][T13753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.264907][T13753] RSP: 002b:00007f1ad4e8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  643.264937][T13753] RAX: ffffffffffffffda RBX: 00007f1ad41b5fa0 RCX: 00007f1ad3f8e969
[  643.264959][T13753] RDX: 0000000000004000 RSI: 0000200000001440 RDI: 0000000000000003
[  643.264980][T13753] RBP: 00007f1ad4e8a090 R08: 0000000000000000 R09: 0000000000000000
[  643.265000][T13753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.265020][T13753] R13: 0000000000000000 R14: 00007f1ad41b5fa0 R15: 00007ffd463824f8
[  643.265067][T13753]  </TASK>
[  643.312329][T13755] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1961'.
[  643.317550][    C0] vkms_vblank_simulate: vblank timer overrun
[  643.534973][    C0] vkms_vblank_simulate: vblank timer overrun
[  643.641734][    C0] vkms_vblank_simulate: vblank timer overrun
[  648.140827][T13837] netlink: 'syz.0.1982': attribute type 8 has an invalid length.
[  648.652917][T13846] FAULT_INJECTION: forcing a failure.
[  648.652917][T13846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.689363][T13846] CPU: 1 UID: 0 PID: 13846 Comm: syz.2.1984 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  648.689411][T13846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  648.689431][T13846] Call Trace:
[  648.689442][T13846]  <TASK>
[  648.689455][T13846]  dump_stack_lvl+0x16c/0x1f0
[  648.689509][T13846]  should_fail_ex+0x512/0x640
[  648.689560][T13846]  _copy_from_user+0x2e/0xd0
[  648.689608][T13846]  get_itimerspec64+0x8b/0x2d0
[  648.689648][T13846]  ? __pfx_get_itimerspec64+0x10/0x10
[  648.689689][T13846]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  648.689743][T13846]  __x64_sys_timer_settime+0x17d/0x2c0
[  648.689789][T13846]  ? __pfx___x64_sys_timer_settime+0x10/0x10
[  648.689840][T13846]  ? ksys_write+0x1b9/0x240
[  648.689886][T13846]  do_syscall_64+0xcd/0x230
[  648.689933][T13846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.689966][T13846] RIP: 0033:0x7f47fef8e969
[  648.689991][T13846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.690021][T13846] RSP: 002b:00007f47ffdc5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df
[  648.690051][T13846] RAX: ffffffffffffffda RBX: 00007f47ff1b6080 RCX: 00007f47fef8e969
[  648.690072][T13846] RDX: 0000200000000200 RSI: 0000000000000100 RDI: 0000000000000000
[  648.690092][T13846] RBP: 00007f47ffdc5090 R08: 0000000000000000 R09: 0000000000000000
[  648.690111][T13846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.690130][T13846] R13: 0000000000000001 R14: 00007f47ff1b6080 R15: 00007ffca221bfd8
[  648.690172][T13846]  </TASK>
[  649.455073][T13849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  649.556187][T13849] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  649.686571][T13849] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)

syzkaller
syzkaller login: [  649.751710][T13849] page_type: f5(slab)
[  649.756297][T13849] raw: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  649.840635][T13849] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  649.883983][T13849] head: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  649.960440][T13849] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  650.001359][T13849] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  650.078292][T13849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  650.124445][T13849] page dumped because: unmovable page
[  650.184871][T13849] page_owner tracks the page as allocated
[  650.207690][T13849] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13832, tgid 13830 (syz.3.1981), ts 647850909385, free_ts 645809847456
[  650.233386][T13849]  post_alloc_hook+0x181/0x1b0
[  650.238701][T13849]  get_page_from_freelist+0x135c/0x3920
[  650.245525][T13849]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  650.252446][T13849]  alloc_pages_mpol+0x1fb/0x550
[  650.258032][T13849]  new_slab+0x244/0x340
[  650.263429][T13849]  ___slab_alloc+0xd9c/0x1940
[  650.268837][T13849]  __slab_alloc.constprop.0+0x56/0xb0
[  650.275394][T13849]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  650.282549][T13849]  kmalloc_reserve+0x18b/0x2c0
[  650.287945][T13849]  __alloc_skb+0x166/0x380
[  650.310739][T13849]  skb_copy+0x1c9/0x3a0
[  650.326834][T13849]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6b/0x1310
[  650.347086][T13849]  mac80211_hwsim_tx_frame+0x1f1/0x2a0
[  650.360446][T13849]  mac80211_hwsim_beacon_tx+0x595/0xa40
[  650.400379][T13849]  __iterate_interfaces+0x2e2/0x650
[  650.440689][T13849]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  650.463491][T13849] page last free pid 9868 tgid 9868 stack trace:
[  650.500627][T13849]  __free_frozen_pages+0x69d/0xff0
[  650.506539][T13849]  __folio_put+0x329/0x450
[  650.515321][T13849]  kmem_cache_free_bulk.part.0+0x61c/0x7f0
[  650.540477][T13849]  kvfree_rcu_bulk+0x1bb/0x1f0
[  650.546028][T13849]  kfree_rcu_work+0x124/0x1a0
[  650.569415][T13849]  process_one_work+0x9cc/0x1b70
[  650.591618][T13849]  worker_thread+0x6c8/0xf10
[  650.596787][T13849]  kthread+0x3c2/0x780
[  650.610802][T13849]  ret_from_fork+0x45/0x80
[  650.616778][T13849]  ret_from_fork_asm+0x1a/0x30

syzkaller
syzkaller login: [  652.931163][T13882] blktrace: Concurrent blktraces are not allowed on loop2
[  654.486426][T13902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  654.535753][T13902] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  654.610436][T13902] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  654.637814][T13902] page_type: f5(slab)
[  654.685447][T13902] raw: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  654.750448][T13902] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  654.760040][T13902] head: 00fff00000000040 ffff8881416a2b40 dead000000000122 0000000000000000
[  654.890939][T13902] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000
[  654.928188][T13902] head: 00fff00000000002 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  654.959182][T13902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  655.000381][T13902] page dumped because: unmovable page
[  655.031593][T13902] page_owner tracks the page as allocated
[  655.037980][T13902] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13832, tgid 13830 (syz.3.1981), ts 647850909385, free_ts 645809847456
[  655.121745][T13902]  post_alloc_hook+0x181/0x1b0
[  655.129816][T13902]  get_page_from_freelist+0x135c/0x3920
[  655.150933][T13902]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  655.157508][T13902]  alloc_pages_mpol+0x1fb/0x550
[  655.182815][T13902]  new_slab+0x244/0x340
[  655.192965][T13902]  ___slab_alloc+0xd9c/0x1940
[  655.198232][T13902]  __slab_alloc.constprop.0+0x56/0xb0
[  655.245231][T13902]  kmem_cache_alloc_node_noprof+0xf5/0x3b0
[  655.287075][T13902]  kmalloc_reserve+0x18b/0x2c0
[  655.312873][T13902]  __alloc_skb+0x166/0x380
[  655.328149][T13902]  skb_copy+0x1c9/0x3a0
[  655.333347][T13902]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6b/0x1310
[  655.418871][T13902]  mac80211_hwsim_tx_frame+0x1f1/0x2a0
[  655.443492][T13902]  mac80211_hwsim_beacon_tx+0x595/0xa40
[  655.453523][T13902]  __iterate_interfaces+0x2e2/0x650
[  655.459813][T13902]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  655.468088][T13902] page last free pid 9868 tgid 9868 stack trace:
[  655.480156][T13902]  __free_frozen_pages+0x69d/0xff0
[  655.486182][T13902]  __folio_put+0x329/0x450
[  655.493648][T13902]  kmem_cache_free_bulk.part.0+0x61c/0x7f0
[  655.502846][T13902]  kvfree_rcu_bulk+0x1bb/0x1f0
[  655.508399][T13902]  kfree_rcu_work+0x124/0x1a0
[  655.518292][T13902]  process_one_work+0x9cc/0x1b70
[  655.526127][T13902]  worker_thread+0x6c8/0xf10
[  655.534553][T13902]  kthread+0x3c2/0x780
[  655.539420][T13902]  ret_from_fork+0x45/0x80
[  655.546949][T13902]  ret_from_fork_asm+0x1a/0x30
[  658.074143][T13963] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2013'.
[  658.307774][T13967] FAULT_INJECTION: forcing a failure.
[  658.307774][T13967] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  658.510453][T13967] CPU: 1 UID: 0 PID: 13967 Comm: syz.3.2014 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  658.510511][T13967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  658.510531][T13967] Call Trace:
[  658.510541][T13967]  <TASK>
[  658.510553][T13967]  dump_stack_lvl+0x16c/0x1f0
[  658.510599][T13967]  should_fail_ex+0x512/0x640
[  658.510650][T13967]  should_fail_alloc_page+0xe7/0x130
[  658.510694][T13967]  prepare_alloc_pages+0x3c2/0x610
[  658.510744][T13967]  ? rcu_is_watching+0x12/0xc0
[  658.510790][T13967]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  658.510829][T13967]  ? kasan_save_stack+0x33/0x60
[  658.510874][T13967]  ? __lock_acquire+0xaa4/0x1ba0
[  658.510922][T13967]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  658.510963][T13967]  ? look_up_lock_class+0x6b/0x150
[  658.511013][T13967]  ? __lock_acquire+0x5ca/0x1ba0
[  658.511057][T13967]  ? __lock_acquire+0x5ca/0x1ba0
[  658.511116][T13967]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  658.511164][T13967]  ? policy_nodemask+0xea/0x4e0
[  658.511208][T13967]  alloc_pages_mpol+0x1fb/0x550
[  658.511250][T13967]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  658.511290][T13967]  ? __lock_acquire+0x5ca/0x1ba0
[  658.511340][T13967]  folio_alloc_mpol_noprof+0x36/0x2f0
[  658.511391][T13967]  vma_alloc_folio_noprof+0xed/0x1e0
[  658.511436][T13967]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  658.511498][T13967]  do_pte_missing+0x223d/0x3fb0
[  658.511548][T13967]  __handle_mm_fault+0x103d/0x2a40
[  658.511595][T13967]  ? __pfx___handle_mm_fault+0x10/0x10
[  658.511628][T13967]  ? __pte_offset_map_lock+0x155/0x2f0
[  658.511675][T13967]  ? find_held_lock+0x2b/0x80
[  658.511705][T13967]  ? find_held_lock+0x2b/0x80
[  658.511764][T13967]  handle_mm_fault+0x3fe/0xad0
[  658.511813][T13967]  __get_user_pages+0x771/0x36f0
[  658.511878][T13967]  ? __pfx_mt_find+0x10/0x10
[  658.511929][T13967]  ? __pfx___get_user_pages+0x10/0x10
[  658.511998][T13967]  populate_vma_page_range+0x278/0x3a0
[  658.512033][T13967]  ? __pfx_populate_vma_page_range+0x10/0x10
[  658.512088][T13967]  ? __pfx_find_vma_intersection+0x10/0x10
[  658.512140][T13967]  ? do_mmap+0x69c/0x11b0
[  658.512193][T13967]  __mm_populate+0x1d8/0x380
[  658.512226][T13967]  ? __pfx___mm_populate+0x10/0x10
[  658.512261][T13967]  ? up_write+0x1b2/0x520
[  658.512315][T13967]  vm_mmap_pgoff+0x362/0x450
[  658.512369][T13967]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  658.512426][T13967]  ? __x64_sys_futex+0x1e0/0x4c0
[  658.512460][T13967]  ? __x64_sys_futex+0x1e9/0x4c0
[  658.512502][T13967]  ksys_mmap_pgoff+0x7d/0x5c0
[  658.512551][T13967]  ? rcu_is_watching+0x12/0xc0
[  658.512586][T13967]  __x64_sys_mmap+0x125/0x190
[  658.512624][T13967]  do_syscall_64+0xcd/0x230
[  658.512673][T13967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.512707][T13967] RIP: 0033:0x7f24a058e969
[  658.512735][T13967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.512775][T13967] RSP: 002b:00007f24a13de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  658.512808][T13967] RAX: ffffffffffffffda RBX: 00007f24a07b5fa0 RCX: 00007f24a058e969
[  658.512830][T13967] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  658.512851][T13967] RBP: 00007f24a0610ab1 R08: ffffffffffffffff R09: 0000000000008000
[  658.512873][T13967] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  658.512893][T13967] R13: 0000000000000000 R14: 00007f24a07b5fa0 R15: 00007ffd090d8818
[  658.512937][T13967]  </TASK>
[  658.927656][T13969] netlink: 'syz.2.2015': attribute type 1 has an invalid length.

syzkaller
syzkaller login: [  659.679845][T13961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2013'.
[  661.635734][T14012] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2026'.
[  662.253125][T14030] blktrace: Concurrent blktraces are not allowed on loop2

syzkaller
syzkaller login: [  664.611177][T14067] blktrace: Concurrent blktraces are not allowed on loop2
[  664.883772][T14072] FAULT_INJECTION: forcing a failure.
[  664.883772][T14072] name failslab, interval 1, probability 0, space 0, times 0
[  664.960502][T14072] CPU: 0 UID: 0 PID: 14072 Comm: syz.2.2044 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  664.960548][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  664.960568][T14072] Call Trace:
[  664.960584][T14072]  <TASK>
[  664.960598][T14072]  dump_stack_lvl+0x16c/0x1f0
[  664.960645][T14072]  should_fail_ex+0x512/0x640
[  664.960690][T14072]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  664.960735][T14072]  should_failslab+0xc2/0x120
[  664.960775][T14072]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  664.960816][T14072]  ? __request_module+0x2cb/0x690
[  664.960869][T14072]  kstrdup+0x53/0x100
[  664.960908][T14072]  __request_module+0x2cb/0x690
[  664.960954][T14072]  ? __pfx___request_module+0x10/0x10
[  664.960999][T14072]  ? aa_get_newest_label+0x375/0x680
[  664.961034][T14072]  ? __pfx_aa_get_newest_label+0x10/0x10
[  664.961080][T14072]  ? find_held_lock+0x2b/0x80
[  664.961115][T14072]  ? tcp_ca_find_autoload+0xec/0x2f0
[  664.961178][T14072]  tcp_ca_find_autoload+0x10d/0x2f0
[  664.961230][T14072]  tcp_set_congestion_control+0xdb/0xa20
[  664.961270][T14072]  do_tcp_setsockopt+0x5ef/0x2640
[  664.961329][T14072]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  664.961384][T14072]  ? __pfx___might_resched+0x10/0x10
[  664.961436][T14072]  ? __lock_acquire+0x5ca/0x1ba0
[  664.961477][T14072]  ? __pfx_aa_sk_perm+0x10/0x10
[  664.961514][T14072]  ? find_held_lock+0x2b/0x80
[  664.961549][T14072]  tcp_setsockopt+0xe2/0x100
[  664.961598][T14072]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  664.961644][T14072]  do_sock_setsockopt+0x221/0x470
[  664.961687][T14072]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  664.961755][T14072]  __sys_setsockopt+0x120/0x1a0
[  664.961795][T14072]  __x64_sys_setsockopt+0xbd/0x160
[  664.961824][T14072]  ? do_syscall_64+0x91/0x230
[  664.961866][T14072]  ? lockdep_hardirqs_on+0x7c/0x110
[  664.961906][T14072]  do_syscall_64+0xcd/0x230
[  664.961952][T14072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.961984][T14072] RIP: 0033:0x7f47fef8e969
[  664.962008][T14072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.962039][T14072] RSP: 002b:00007f47ffde6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  664.962068][T14072] RAX: ffffffffffffffda RBX: 00007f47ff1b5fa0 RCX: 00007f47fef8e969
[  664.962088][T14072] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000003
[  664.962107][T14072] RBP: 00007f47ffde6090 R08: 0000000000010001 R09: 0000000000000000
[  664.962127][T14072] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.962153][T14072] R13: 0000000000000000 R14: 00007f47ff1b5fa0 R15: 00007ffca221bfd8
[  664.962194][T14072]  </TASK>
[  665.012726][T14069] block2mtd: illegal erase size

syzkaller
syzkaller login: [  671.271330][T14151] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2064'.

syzkaller
syzkaller login: [  673.290919][T14184] blktrace: Concurrent blktraces are not allowed on loop2
[  673.563589][T14179] MTRR 1 not used
[  676.106074][T14219] FAULT_INJECTION: forcing a failure.
[  676.106074][T14219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.189653][T14219] CPU: 1 UID: 0 PID: 14219 Comm: syz.0.2081 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  676.189696][T14219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  676.189715][T14219] Call Trace:
[  676.189725][T14219]  <TASK>
[  676.189737][T14219]  dump_stack_lvl+0x16c/0x1f0
[  676.189782][T14219]  should_fail_ex+0x512/0x640
[  676.189849][T14219]  _copy_to_user+0x32/0xd0
[  676.189898][T14219]  simple_read_from_buffer+0xcb/0x170
[  676.189947][T14219]  proc_fail_nth_read+0x197/0x270
[  676.189992][T14219]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  676.190038][T14219]  ? rw_verify_area+0xcf/0x680
[  676.190083][T14219]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  676.190127][T14219]  vfs_read+0x1de/0xc70
[  676.190161][T14219]  ? __pfx___mutex_lock+0x10/0x10
[  676.190203][T14219]  ? __pfx_vfs_read+0x10/0x10
[  676.190261][T14219]  ? __fget_files+0x20e/0x3c0
[  676.190320][T14219]  ksys_read+0x12a/0x240
[  676.190348][T14219]  ? __pfx_ksys_read+0x10/0x10
[  676.190376][T14219]  ? rcu_is_watching+0x12/0xc0
[  676.190415][T14219]  do_syscall_64+0xcd/0x230
[  676.190462][T14219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.190495][T14219] RIP: 0033:0x7ffa9cb8d37c
[  676.190520][T14219] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  676.190551][T14219] RSP: 002b:00007ffa9d9e1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  676.190580][T14219] RAX: ffffffffffffffda RBX: 00007ffa9cdb5fa0 RCX: 00007ffa9cb8d37c
[  676.190600][T14219] RDX: 000000000000000f RSI: 00007ffa9d9e10a0 RDI: 0000000000000004
[  676.190617][T14219] RBP: 00007ffa9d9e1090 R08: 0000000000000000 R09: 0000000000000000
[  676.190635][T14219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.190652][T14219] R13: 0000000000000000 R14: 00007ffa9cdb5fa0 R15: 00007ffdd97c05f8
[  676.190693][T14219]  </TASK>
[  677.671533][T14233] openvswitch: netlink: Key type 43 is out of range max 32
[  677.841937][T14238] blktrace: Concurrent blktraces are not allowed on loop2
[  678.762209][T14261] FAULT_INJECTION: forcing a failure.
[  678.762209][T14261] name failslab, interval 1, probability 0, space 0, times 0
[  678.815147][T14261] CPU: 1 UID: 0 PID: 14261 Comm: syz.3.2092 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  678.815193][T14261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  678.815212][T14261] Call Trace:
[  678.815223][T14261]  <TASK>
[  678.815236][T14261]  dump_stack_lvl+0x16c/0x1f0
[  678.815284][T14261]  should_fail_ex+0x512/0x640
[  678.815328][T14261]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  678.815369][T14261]  should_failslab+0xc2/0x120
[  678.815409][T14261]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  678.815444][T14261]  ? vma_merge_new_range+0x3f8/0xc10
[  678.815479][T14261]  ? vm_area_alloc+0x1f/0x160
[  678.815522][T14261]  vm_area_alloc+0x1f/0x160
[  678.815559][T14261]  __mmap_region+0xfd0/0x27c0
[  678.815599][T14261]  ? __pfx___mmap_region+0x10/0x10
[  678.815634][T14261]  ? bpf_ksym_find+0x124/0x1c0
[  678.815693][T14261]  ? __kernel_text_address+0xd/0x40
[  678.815743][T14261]  ? unwind_get_return_address+0x59/0xa0
[  678.815856][T14261]  ? trace_cap_capable+0x18d/0x200
[  678.815891][T14261]  ? cap_capable+0xb3/0x250
[  678.815940][T14261]  mmap_region+0x1ab/0x3f0
[  678.815983][T14261]  do_mmap+0xd8e/0x11b0
[  678.816038][T14261]  ? __pfx_do_mmap+0x10/0x10
[  678.816085][T14261]  ? __pfx_down_write_killable+0x10/0x10
[  678.816141][T14261]  vm_mmap_pgoff+0x281/0x450
[  678.816192][T14261]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  678.816241][T14261]  ? __fget_files+0x20e/0x3c0
[  678.816302][T14261]  ksys_mmap_pgoff+0x7d/0x5c0
[  678.816347][T14261]  ? __pfx_ksys_write+0x10/0x10
[  678.816375][T14261]  ? rcu_is_watching+0x12/0xc0
[  678.816409][T14261]  __x64_sys_mmap+0x125/0x190
[  678.816443][T14261]  do_syscall_64+0xcd/0x230
[  678.816490][T14261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.816521][T14261] RIP: 0033:0x7f24a058e969
[  678.816546][T14261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  678.816575][T14261] RSP: 002b:00007f24a13de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  678.816604][T14261] RAX: ffffffffffffffda RBX: 00007f24a07b5fa0 RCX: 00007f24a058e969
[  678.816624][T14261] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  678.816642][T14261] RBP: 00007f24a13de090 R08: 0000000000000002 R09: 0000000000008000
[  678.816662][T14261] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001
[  678.816681][T14261] R13: 0000000000000000 R14: 00007f24a07b5fa0 R15: 00007ffd090d8818
[  678.816722][T14261]  </TASK>
[  682.039132][T14299] blktrace: Concurrent blktraces are not allowed on loop2
[  682.484045][T14305] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2103'.
[  682.590758][T14305] netlink: 262 bytes leftover after parsing attributes in process `syz.3.2103'.

syzkaller
syzkaller login: [  686.190443][T14352] blktrace: Concurrent blktraces are not allowed on loop2
[  687.559807][T14346] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14346]
[  688.164857][T14371] netlink: 504 bytes leftover after parsing attributes in process `syz.1.2116'.
[  689.448728][T14383] block2mtd: illegal erase size
[  691.039599][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  691.046793][ T1297] ieee802154 phy1 wpan1: encryption failed: -22

syzkaller
syzkaller login: [  693.501039][T14427] FAULT_INJECTION: forcing a failure.
[  693.501039][T14427] name failslab, interval 1, probability 0, space 0, times 0
[  693.537080][T14427] CPU: 0 UID: 0 PID: 14427 Comm: syz.0.2129 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  693.537127][T14427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  693.537147][T14427] Call Trace:
[  693.537159][T14427]  <TASK>
[  693.537172][T14427]  dump_stack_lvl+0x16c/0x1f0
[  693.537221][T14427]  should_fail_ex+0x512/0x640
[  693.537267][T14427]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  693.537309][T14427]  should_failslab+0xc2/0x120
[  693.537352][T14427]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  693.537391][T14427]  ? __d_alloc+0x31/0xaa0
[  693.537431][T14427]  __d_alloc+0x31/0xaa0
[  693.537469][T14427]  d_alloc_pseudo+0x1c/0xc0
[  693.537512][T14427]  alloc_file_pseudo+0xcf/0x230
[  693.537555][T14427]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  693.537599][T14427]  ? alloc_fd+0x471/0x7d0
[  693.537655][T14427]  sock_alloc_file+0x50/0x210
[  693.537714][T14427]  __sys_socket+0x1c0/0x260
[  693.537762][T14427]  ? __pfx___sys_socket+0x10/0x10
[  693.537813][T14427]  ? rcu_is_watching+0x12/0xc0
[  693.537853][T14427]  __x64_sys_socket+0x72/0xb0
[  693.537898][T14427]  ? lockdep_hardirqs_on+0x7c/0x110
[  693.537953][T14427]  do_syscall_64+0xcd/0x230
[  693.538000][T14427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.538032][T14427] RIP: 0033:0x7ffa9cb8e969
[  693.538065][T14427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.538099][T14427] RSP: 002b:00007ffa9d9e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  693.538129][T14427] RAX: ffffffffffffffda RBX: 00007ffa9cdb5fa0 RCX: 00007ffa9cb8e969
[  693.538151][T14427] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  693.538170][T14427] RBP: 00007ffa9cc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  693.538190][T14427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  693.538208][T14427] R13: 0000000000000000 R14: 00007ffa9cdb5fa0 R15: 00007ffdd97c05f8
[  693.538248][T14427]  </TASK>
[  693.756461][    C0] vkms_vblank_simulate: vblank timer overrun
[  694.401497][T14435] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807842e600 pfn:0x78428
[  694.493758][T14435] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  694.505379][T14435] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  694.516598][T14435] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  694.529232][T14435] raw: ffff88807842e600 0000000000000000 00000016ffffffff 0000000000000000
[  694.540852][T14435] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  694.628077][T14435] head: ffff88807842e600 0000000000000000 00000016ffffffff 0000000000000000
[  694.637837][T14435] head: 00fff00000000003 ffffea0001e10a01 00000000ffffffff 00000000ffffffff
[  694.651553][T14435] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  694.666648][T14435] page dumped because: unmovable page
[  694.672995][T14435] page_owner tracks the page as allocated
[  694.679416][T14435] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 13158, tgid 13157 (syz.3.1826), ts 599839305216, free_ts 599839162192
[  694.700859][    C0] vkms_vblank_simulate: vblank timer overrun
[  694.707920][T14435]  post_alloc_hook+0x181/0x1b0
[  694.713300][T14435]  get_page_from_freelist+0x135c/0x3920
[  694.719589][T14435]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  694.726195][T14435]  alloc_pages_mpol+0x1fb/0x550
[  694.731748][T14435]  alloc_pages_noprof+0x131/0x390
[  694.737353][T14435]  skb_page_frag_refill+0x186/0x5a0
[  694.743806][T14435]  try_fill_recv+0x79c/0x2690
[  694.749059][T14435]  virtnet_poll+0x1e23/0x3c00
[  694.757152][T14435]  __napi_poll.constprop.0+0xb7/0x550
[  694.774962][T14435]  net_rx_action+0xa97/0x1010
[  694.781478][T14435]  handle_softirqs+0x216/0x8e0
[  694.794340][T14435]  __irq_exit_rcu+0x109/0x170
[  694.806465][T14435]  irq_exit_rcu+0x9/0x30
[  694.823196][T14435]  common_interrupt+0xbf/0xe0
[  694.884957][T14435]  asm_common_interrupt+0x26/0x40
[  694.900628][T14435] page last free pid 13158 tgid 13157 stack trace:
[  694.990484][T14435]  __free_frozen_pages+0x69d/0xff0
[  694.996228][T14435]  __folio_put+0x329/0x450
[  695.038172][T14435]  page_to_skb+0xa23/0xc50
[  695.111822][T14435]  receive_buf+0x75e/0x3fe0
[  695.116907][T14435]  virtnet_poll+0x10d6/0x3c00
[  695.251233][T14435]  __napi_poll.constprop.0+0xb7/0x550
[  695.290539][T14435]  net_rx_action+0xa97/0x1010
[  695.310873][T14435]  handle_softirqs+0x216/0x8e0
[  695.319263][T14435]  __irq_exit_rcu+0x109/0x170
[  695.328577][T14435]  irq_exit_rcu+0x9/0x30
[  695.430730][T14435]  common_interrupt+0xbf/0xe0
[  695.435985][T14435]  asm_common_interrupt+0x26/0x40

syzkaller
syzkaller login: [  703.943847][T14565] FAULT_INJECTION: forcing a failure.
[  703.943847][T14565] name failslab, interval 1, probability 0, space 0, times 0
[  703.962126][T14565] CPU: 0 UID: 0 PID: 14565 Comm: syz.1.2157 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  703.962168][T14565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  703.962187][T14565] Call Trace:
[  703.962197][T14565]  <TASK>
[  703.962210][T14565]  dump_stack_lvl+0x16c/0x1f0
[  703.962267][T14565]  should_fail_ex+0x512/0x640
[  703.962318][T14565]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  703.962373][T14565]  should_failslab+0xc2/0x120
[  703.962410][T14565]  __kmalloc_cache_noprof+0x6a/0x3e0
[  703.962461][T14565]  ? copy_net_ns+0x135/0x5f0
[  703.962503][T14565]  copy_net_ns+0x135/0x5f0
[  703.962540][T14565]  ? copy_cgroup_ns+0xa4/0x6f0
[  703.962572][T14565]  create_new_namespaces+0x3ea/0xad0
[  703.962615][T14565]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  703.962652][T14565]  ksys_unshare+0x45b/0xa40
[  703.962695][T14565]  ? __pfx_ksys_unshare+0x10/0x10
[  703.962736][T14565]  ? ksys_write+0x1b9/0x240
[  703.962777][T14565]  __x64_sys_unshare+0x31/0x40
[  703.962818][T14565]  do_syscall_64+0xcd/0x230
[  703.962863][T14565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.962893][T14565] RIP: 0033:0x7f1ad3f8e969
[  703.962916][T14565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  703.962946][T14565] RSP: 002b:00007f1ad4e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  703.962974][T14565] RAX: ffffffffffffffda RBX: 00007f1ad41b5fa0 RCX: 00007f1ad3f8e969
[  703.962994][T14565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  703.963012][T14565] RBP: 00007f1ad4e8a090 R08: 0000000000000000 R09: 0000000000000000
[  703.963030][T14565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.963048][T14565] R13: 0000000000000001 R14: 00007f1ad41b5fa0 R15: 00007ffd463824f8
[  703.963088][T14565]  </TASK>
[  708.114278][T14612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2168'.
[  708.145499][T14612] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2168'.
[  708.641337][T14620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  708.820321][T14620] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  708.829761][T14620] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  708.919962][T14620] page_type: f5(slab)
[  708.924837][T14620] raw: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  708.934520][T14620] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  708.944145][T14620] head: 00fff00000000040 ffff888140408640 dead000000000122 0000000000000000
[  708.954820][T14620] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  708.964949][T14620] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  708.975241][T14620] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  709.057009][T14620] page dumped because: unmovable page
[  709.077625][T14620] page_owner tracks the page as allocated
[  709.200322][T14620] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6122, tgid 6122 (udevd), ts 695678878662, free_ts 693869271158
[  709.461227][T14620]  post_alloc_hook+0x181/0x1b0
[  709.466580][T14620]  get_page_from_freelist+0x135c/0x3920
[  709.540763][T14620]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  709.547359][T14620]  alloc_pages_mpol+0x1fb/0x550
[  709.714397][T14620]  new_slab+0x244/0x340
[  709.719095][T14620]  ___slab_alloc+0xd9c/0x1940
[  709.830591][T14620]  __slab_alloc.constprop.0+0x56/0xb0
[  709.836647][T14620]  kmem_cache_alloc_noprof+0xef/0x3b0
[  709.972802][T14620]  getname_flags.part.0+0x4c/0x550
[  709.978534][T14620]  __x64_sys_unlink+0xb0/0x110
[  710.030520][T14620]  do_syscall_64+0xcd/0x230
[  710.035606][T14620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.112028][T14620] page last free pid 5816 tgid 5816 stack trace:
[  710.180608][T14620]  __free_frozen_pages+0x69d/0xff0
[  710.186376][T14620]  __folio_put+0x329/0x450
[  710.210952][T14620]  skb_release_data+0x618/0x960
[  710.265473][T14620]  __kfree_skb+0x4f/0x70
[  710.296857][T14620]  tcp_ack+0x19b2/0x5c90
[  710.339390][T14620]  tcp_rcv_established+0xcf0/0x2180
[  710.414232][T14620]  tcp_v4_do_rcv+0x5ca/0xa90
[  710.465317][T14620]  __release_sock+0x31b/0x400
[  710.506102][T14620]  release_sock+0x5a/0x220
[  710.550567][T14620]  tcp_sendmsg+0x38/0x50
[  710.555580][T14620]  inet_sendmsg+0xb9/0x140
[  710.635085][T14620]  sock_write_iter+0x4aa/0x5b0
[  710.660401][T14620]  vfs_write+0x5ba/0x1180
[  710.670984][T14620]  ksys_write+0x205/0x240
[  710.678750][T14620]  do_syscall_64+0xcd/0x230
[  710.696217][T14620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.135254][T14669] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2181'.
[  713.530531][T14680] random: crng reseeded on system resumption
[  713.565350][T14680] FAULT_INJECTION: forcing a failure.
[  713.565350][T14680] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  713.619902][T14680] CPU: 1 UID: 0 PID: 14680 Comm: syz.1.2184 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  713.619946][T14680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  713.619966][T14680] Call Trace:
[  713.619976][T14680]  <TASK>
[  713.619987][T14680]  dump_stack_lvl+0x16c/0x1f0
[  713.620032][T14680]  should_fail_ex+0x512/0x640
[  713.620106][T14680]  should_fail_alloc_page+0xe7/0x130
[  713.620144][T14680]  prepare_alloc_pages+0x3c2/0x610
[  713.620193][T14680]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  713.620240][T14680]  ? stack_trace_save+0x8e/0xc0
[  713.620272][T14680]  ? __pfx_stack_trace_save+0x10/0x10
[  713.620305][T14680]  ? stack_depot_save_flags+0x28/0xa50
[  713.620354][T14680]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  713.620403][T14680]  ? kasan_save_stack+0x42/0x60
[  713.620436][T14680]  ? kasan_save_stack+0x33/0x60
[  713.620466][T14680]  ? kasan_save_track+0x14/0x30
[  713.620504][T14680]  ? vfs_open+0x82/0x3f0
[  713.620541][T14680]  ? path_openat+0x1e5e/0x2d40
[  713.620569][T14680]  ? do_filp_open+0x20b/0x470
[  713.620595][T14680]  ? do_sys_openat2+0x11b/0x1d0
[  713.620634][T14680]  ? __x64_sys_openat+0x174/0x210
[  713.620678][T14680]  ? do_syscall_64+0xcd/0x230
[  713.620721][T14680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.620758][T14680]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  713.620803][T14680]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  713.620850][T14680]  ? policy_nodemask+0xea/0x4e0
[  713.620895][T14680]  alloc_pages_mpol+0x1fb/0x550
[  713.620937][T14680]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  713.620990][T14680]  alloc_pages_noprof+0x131/0x390
[  713.621033][T14680]  get_zeroed_page_noprof+0x14/0x50
[  713.621081][T14680]  get_image_page+0x18/0x190
[  713.621136][T14680]  alloc_rtree_node+0x3c/0xb0
[  713.621191][T14680]  memory_bm_create+0x515/0x810
[  713.621271][T14680]  create_basic_memory_bitmaps+0x10f/0x680
[  713.621315][T14680]  snapshot_open+0x235/0x2b0
[  713.621350][T14680]  ? __pfx_snapshot_open+0x10/0x10
[  713.621388][T14680]  misc_open+0x35a/0x420
[  713.621448][T14680]  ? __pfx_misc_open+0x10/0x10
[  713.621495][T14680]  chrdev_open+0x231/0x6a0
[  713.621546][T14680]  ? __pfx_apparmor_file_open+0x10/0x10
[  713.621590][T14680]  ? __pfx_chrdev_open+0x10/0x10
[  713.621628][T14680]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  713.621686][T14680]  do_dentry_open+0x741/0x1c10
[  713.621721][T14680]  ? __pfx_chrdev_open+0x10/0x10
[  713.621766][T14680]  vfs_open+0x82/0x3f0
[  713.621813][T14680]  path_openat+0x1e5e/0x2d40
[  713.621862][T14680]  ? __pfx_path_openat+0x10/0x10
[  713.621907][T14680]  do_filp_open+0x20b/0x470
[  713.621941][T14680]  ? __pfx_do_filp_open+0x10/0x10
[  713.622007][T14680]  ? alloc_fd+0x471/0x7d0
[  713.622072][T14680]  do_sys_openat2+0x11b/0x1d0
[  713.622116][T14680]  ? __pfx_do_sys_openat2+0x10/0x10
[  713.622178][T14680]  __x64_sys_openat+0x174/0x210
[  713.622223][T14680]  ? __pfx___x64_sys_openat+0x10/0x10
[  713.622273][T14680]  ? rcu_is_watching+0x12/0xc0
[  713.622317][T14680]  do_syscall_64+0xcd/0x230
[  713.622365][T14680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.622416][T14680] RIP: 0033:0x7f1ad3f8e969
[  713.622445][T14680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  713.622479][T14680] RSP: 002b:00007f1ad4e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  713.622512][T14680] RAX: ffffffffffffffda RBX: 00007f1ad41b5fa0 RCX: 00007f1ad3f8e969
[  713.622534][T14680] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  713.622556][T14680] RBP: 00007f1ad4010ab1 R08: 0000000000000000 R09: 0000000000000000
[  713.622576][T14680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  713.622594][T14680] R13: 0000000000000000 R14: 00007f1ad41b5fa0 R15: 00007ffd463824f8
[  713.622636][T14680]  </TASK>
[  716.667542][T14705] Invalid ELF header magic: != ELF
[  727.363603][T14819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x556528110 pfn:0x78052
[  727.501190][T14819] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[  727.509832][T14819] raw: 00fff00000000001 ffffea000155d2c8 ffffea00012f3688 0000000000000000
[  727.630345][T14819] raw: 0000000556528110 0000000000000003 00000001ffffffff 0000000000000000
[  727.740400][T14819] page dumped because: unmovable page
[  727.746392][T14819] page_owner tracks the page as allocated
[  727.780480][T14815] program syz.3.2212 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  727.904397][T14819] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 14810, tgid 14809 (syz.3.2212), ts 727130088654, free_ts 725707505809
[  727.949659][T14819]  post_alloc_hook+0x181/0x1b0
[  727.959776][T14819]  get_page_from_freelist+0x135c/0x3920
[  728.002480][T14819]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  728.128405][T14819]  alloc_pages_mpol+0x1fb/0x550
[  728.188874][T14819]  folio_alloc_mpol_noprof+0x36/0x2f0
[  728.310693][T14819]  shmem_alloc_folio+0x135/0x160
[  728.316263][T14819]  shmem_alloc_and_add_folio+0x499/0xc20
[  728.449169][T14819]  shmem_get_folio_gfp+0x687/0x1530
[  728.520486][T14819]  shmem_fault+0x1fe/0xa30
[  728.525464][T14819]  __do_fault+0x10a/0x490
[  728.534847][T14819]  do_pte_missing+0x1a6/0x3fb0
[  728.540171][T14819]  __handle_mm_fault+0x103d/0x2a40
[  728.547628][T14819]  handle_mm_fault+0x3fe/0xad0
[  728.609317][T14819]  do_user_addr_fault+0x7a6/0x1370
[  728.625921][T14819]  exc_page_fault+0x5c/0xc0
[  728.635440][T14819]  asm_exc_page_fault+0x26/0x30
[  728.661949][T14819] page last free pid 14818 tgid 14809 stack trace:
[  728.700653][T14819]  free_unref_folios+0x999/0x1630
[  728.706290][T14819]  folios_put_refs+0x56f/0x740
[  728.772951][T14819]  free_pages_and_swap_cache+0x3f0/0x4a0
[  728.783111][T14819]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  728.880711][T14819]  tlb_finish_mmu+0x168/0x7b0
[  728.885965][T14819]  vms_clear_ptes+0x55e/0x770
[  728.918800][T14819]  vms_complete_munmap_vmas+0x1ca/0x970
[  728.936300][T14819]  do_vmi_align_munmap+0x43b/0x7d0
[  728.975566][T14819]  __do_sys_brk+0x8d3/0xaa0
[  729.161799][T14819]  do_syscall_64+0xcd/0x230
[  729.166867][T14819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.266053][T14819] page has been migrated, last migrate reason: mempolicy_mbind
[  731.471343][T14866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78420
[  731.592425][T14866] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  731.623211][T14866] memcg:ffff88805859e3c1
[  731.627972][T14866] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  731.708504][T14866] page_type: f5(slab)
[  731.725880][T14866] raw: 00fff00000000040 ffff88801b44b500 dead000000000122 0000000000000000
[  731.805449][T14866] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88805859e3c1
[  732.010913][T14866] head: 00fff00000000040 ffff88801b44b500 dead000000000122 0000000000000000
[  732.193203][T14866] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88805859e3c1
[  732.330822][T14866] head: 00fff00000000003 ffffea0001e10801 00000000ffffffff 00000000ffffffff
[  732.460580][T14866] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  732.470209][T14866] page dumped because: unmovable page
[  732.629166][T14866] page_owner tracks the page as allocated
[  732.781740][T14866] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6122, tgid 6122 (udevd), ts 727796792884, free_ts 727044791632
[  732.996154][T14866]  post_alloc_hook+0x181/0x1b0
[  733.060380][T14866]  get_page_from_freelist+0x135c/0x3920
[  733.066594][T14866]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  733.140355][T14866]  alloc_pages_mpol+0x1fb/0x550
[  733.148739][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  733.167599][T14866]  new_slab+0x244/0x340
[  733.210375][T14866]  ___slab_alloc+0xd9c/0x1940
[  733.215664][T14866]  __slab_alloc.constprop.0+0x56/0xb0
[  733.290344][T14866]  __kvmalloc_node_noprof+0x3a6/0x600
[  733.310422][T14866]  seq_read_iter+0x826/0x12c0
[  733.315696][T14866]  kernfs_fop_read_iter+0x40f/0x5a0
[  733.347610][T14866]  vfs_read+0x8c8/0xc70
[  733.370354][T14866]  ksys_read+0x12a/0x240
[  733.375235][T14866]  do_syscall_64+0xcd/0x230
[  733.395498][T14866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.430348][T14866] page last free pid 6122 tgid 6122 stack trace:
[  733.448617][T14866]  __free_frozen_pages+0x69d/0xff0
[  733.472865][T14866]  __put_partials+0x16d/0x1c0
[  733.478111][T14866]  qlist_free_all+0x4e/0x120
[  733.530372][T14866]  kasan_quarantine_reduce+0x195/0x1e0
[  733.536495][T14866]  __kasan_slab_alloc+0x69/0x90
[  733.570377][T14866]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  733.576494][T14866]  getname_flags.part.0+0x4c/0x550
[  733.714286][T14866]  getname_flags+0x93/0xf0
[  733.719282][T14866]  do_sys_openat2+0xb8/0x1d0
[  733.740314][T14866]  __x64_sys_openat+0x174/0x210
[  733.746576][T14866]  do_syscall_64+0xcd/0x230
[  733.770318][T14866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.906168][    C1] vcan0: j1939_tp_rxtimer: 0xffff888062193400: rx timeout, send abort
[  734.091112][T14892] FAULT_INJECTION: forcing a failure.
[  734.091112][T14892] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  734.130501][T14892] CPU: 1 UID: 0 PID: 14892 Comm: syz.3.2230 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  734.130544][T14892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  734.130563][T14892] Call Trace:
[  734.130574][T14892]  <TASK>
[  734.130586][T14892]  dump_stack_lvl+0x16c/0x1f0
[  734.130630][T14892]  should_fail_ex+0x512/0x640
[  734.130681][T14892]  _copy_to_user+0x32/0xd0
[  734.130734][T14892]  simple_read_from_buffer+0xcb/0x170
[  734.130782][T14892]  proc_fail_nth_read+0x197/0x270
[  734.130830][T14892]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  734.130876][T14892]  ? rw_verify_area+0xcf/0x680
[  734.130921][T14892]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  734.130965][T14892]  vfs_read+0x1de/0xc70
[  734.131001][T14892]  ? __pfx___mutex_lock+0x10/0x10
[  734.131044][T14892]  ? __pfx_vfs_read+0x10/0x10
[  734.131096][T14892]  ? __fget_files+0x20e/0x3c0
[  734.131160][T14892]  ksys_read+0x12a/0x240
[  734.131189][T14892]  ? __pfx_ksys_read+0x10/0x10
[  734.131232][T14892]  do_syscall_64+0xcd/0x230
[  734.131279][T14892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.131312][T14892] RIP: 0033:0x7f24a058d37c
[  734.131337][T14892] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  734.131368][T14892] RSP: 002b:00007f24a13bd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  734.131397][T14892] RAX: ffffffffffffffda RBX: 00007f24a07b6080 RCX: 00007f24a058d37c
[  734.131418][T14892] RDX: 000000000000000f RSI: 00007f24a13bd0a0 RDI: 0000000000000003
[  734.131437][T14892] RBP: 00007f24a13bd090 R08: 0000000000000000 R09: 0000000000000000
[  734.131457][T14892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  734.131475][T14892] R13: 0000000000000001 R14: 00007f24a07b6080 R15: 00007ffd090d8818
[  734.131562][T14892]  </TASK>
[  734.416574][    C1] vcan0: j1939_tp_rxtimer: 0xffff888062193400: abort rx timeout. Force session deactivation
[  738.508861][T14947] netlink: 206 bytes leftover after parsing attributes in process `syz.0.2240'.
[  738.553792][T14947] netlink: 206 bytes leftover after parsing attributes in process `syz.0.2240'.
[  738.591073][T14947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2240'.
[  738.704001][T14950] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd
[  741.650730][T14972] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2248'.
[  742.259741][T14985] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582)
[  744.578687][T15014] FAULT_INJECTION: forcing a failure.
[  744.578687][T15014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  744.616162][T15008] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807842e600 pfn:0x78428
[  744.637734][T15014] CPU: 0 UID: 0 PID: 15014 Comm: syz.1.2257 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  744.637780][T15014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  744.637798][T15014] Call Trace:
[  744.637809][T15014]  <TASK>
[  744.637821][T15014]  dump_stack_lvl+0x16c/0x1f0
[  744.637870][T15014]  should_fail_ex+0x512/0x640
[  744.637921][T15014]  _copy_from_user+0x2e/0xd0
[  744.637969][T15014]  copy_msghdr_from_user+0x98/0x160
[  744.638005][T15014]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  744.638060][T15014]  ___sys_sendmsg+0xfe/0x1d0
[  744.638097][T15014]  ? __pfx____sys_sendmsg+0x10/0x10
[  744.638183][T15014]  __sys_sendmsg+0x16d/0x220
[  744.638218][T15014]  ? __pfx___sys_sendmsg+0x10/0x10
[  744.638293][T15014]  ? rcu_is_watching+0x12/0xc0
[  744.638333][T15014]  do_syscall_64+0xcd/0x230
[  744.638378][T15014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.638411][T15014] RIP: 0033:0x7f1ad3f8e969
[  744.638436][T15014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.638467][T15014] RSP: 002b:00007f1ad4e69038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  744.638495][T15014] RAX: ffffffffffffffda RBX: 00007f1ad41b6080 RCX: 00007f1ad3f8e969
[  744.638515][T15014] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: 0000000000000003
[  744.638532][T15014] RBP: 00007f1ad4e69090 R08: 0000000000000000 R09: 0000000000000000
[  744.638550][T15014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.638568][T15014] R13: 0000000000000000 R14: 00007f1ad41b6080 R15: 00007ffd463824f8
[  744.638604][T15014]  </TASK>
[  744.694015][T15017] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2259'.
[  744.765305][    C1] vkms_vblank_simulate: vblank timer overrun
[  744.846926][T15008] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  744.935770][T15008] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  745.034975][T15008] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  745.080940][T15008] raw: ffff88807842e600 0000000000000000 00000016ffffffff 0000000000000000
[  745.114703][T15008] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  745.146971][T15008] head: ffff88807842e600 0000000000000000 00000016ffffffff 0000000000000000
[  745.201164][T15008] head: 00fff00000000003 ffffea0001e10a01 00000000ffffffff 00000000ffffffff
[  745.280340][T15008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  745.372520][T15008] page dumped because: unmovable page
[  745.420351][T15008] page_owner tracks the page as allocated
[  745.426718][T15008] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 13158, tgid 13157 (syz.3.1826), ts 599839305216, free_ts 599839162192
[  745.559207][T15008]  post_alloc_hook+0x181/0x1b0
[  745.598358][T15008]  get_page_from_freelist+0x135c/0x3920
[  745.619663][T15008]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  745.639425][T15008]  alloc_pages_mpol+0x1fb/0x550
[  745.666886][T15008]  alloc_pages_noprof+0x131/0x390
[  745.700751][T15008]  skb_page_frag_refill+0x186/0x5a0
[  745.729706][T15008]  try_fill_recv+0x79c/0x2690
[  745.739332][T15008]  virtnet_poll+0x1e23/0x3c00
[  745.790402][T15008]  __napi_poll.constprop.0+0xb7/0x550
[  745.810537][T15008]  net_rx_action+0xa97/0x1010
[  745.815824][T15008]  handle_softirqs+0x216/0x8e0
[  745.901276][T15008]  __irq_exit_rcu+0x109/0x170
[  745.926290][T15008]  irq_exit_rcu+0x9/0x30
[  745.946362][T15008]  common_interrupt+0xbf/0xe0
[  746.000395][T15008]  asm_common_interrupt+0x26/0x40
[  746.006040][T15008] page last free pid 13158 tgid 13157 stack trace:
[  746.027876][T15008]  __free_frozen_pages+0x69d/0xff0
[  746.044125][T15008]  __folio_put+0x329/0x450
[  746.049113][T15008]  page_to_skb+0xa23/0xc50
[  746.093616][T15008]  receive_buf+0x75e/0x3fe0
[  746.098724][T15008]  virtnet_poll+0x10d6/0x3c00
[  746.130311][T15008]  __napi_poll.constprop.0+0xb7/0x550
[  746.136804][T15008]  net_rx_action+0xa97/0x1010
[  746.170823][T15008]  handle_softirqs+0x216/0x8e0
[  746.176169][T15008]  __irq_exit_rcu+0x109/0x170
[  746.200367][T15008]  irq_exit_rcu+0x9/0x30
[  746.205135][T15008]  common_interrupt+0xbf/0xe0
[  746.230785][T15008]  asm_common_interrupt+0x26/0x40
[  750.412143][T15082] FAULT_INJECTION: forcing a failure.
[  750.412143][T15082] name failslab, interval 1, probability 0, space 0, times 0
[  750.495172][T15082] CPU: 1 UID: 0 PID: 15082 Comm: syz.2.2278 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  750.495215][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  750.495234][T15082] Call Trace:
[  750.495245][T15082]  <TASK>
[  750.495257][T15082]  dump_stack_lvl+0x16c/0x1f0
[  750.495302][T15082]  should_fail_ex+0x512/0x640
[  750.495345][T15082]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  750.495401][T15082]  should_failslab+0xc2/0x120
[  750.495440][T15082]  __kmalloc_cache_noprof+0x6a/0x3e0
[  750.495507][T15082]  ? s_start+0x7b/0x320
[  750.495551][T15082]  s_start+0x7b/0x320
[  750.495595][T15082]  seq_read_iter+0x2be/0x12c0
[  750.495660][T15082]  seq_read+0x39e/0x4e0
[  750.495706][T15082]  ? __pfx_seq_read+0x10/0x10
[  750.495751][T15082]  ? get_pid_task+0xfc/0x250
[  750.495814][T15082]  ? rw_verify_area+0xcf/0x680
[  750.495858][T15082]  ? __pfx_seq_read+0x10/0x10
[  750.495904][T15082]  vfs_read+0x1de/0xc70
[  750.495942][T15082]  ? __pfx_vfs_read+0x10/0x10
[  750.495969][T15082]  ? find_held_lock+0x2b/0x80
[  750.496000][T15082]  ? __fget_files+0x204/0x3c0
[  750.496057][T15082]  ? __fget_files+0x20e/0x3c0
[  750.496102][T15082]  ? __fget_files+0x160/0x3c0
[  750.496163][T15082]  __x64_sys_pread64+0x1f4/0x250
[  750.496203][T15082]  ? __pfx___x64_sys_pread64+0x10/0x10
[  750.496233][T15082]  ? rcu_is_watching+0x12/0xc0
[  750.496274][T15082]  do_syscall_64+0xcd/0x230
[  750.496322][T15082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.496354][T15082] RIP: 0033:0x7f47fef8e969
[  750.496380][T15082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.496411][T15082] RSP: 002b:00007f47ffde6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  750.496441][T15082] RAX: ffffffffffffffda RBX: 00007f47ff1b5fa0 RCX: 00007f47fef8e969
[  750.496490][T15082] RDX: 000000000000c404 RSI: 0000000000000000 RDI: 0000000000000003
[  750.496507][T15082] RBP: 00007f47ffde6090 R08: 0000000000000000 R09: 0000000000000000
[  750.496528][T15082] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001
[  750.496547][T15082] R13: 0000000000000000 R14: 00007f47ff1b5fa0 R15: 00007ffca221bfd8
[  750.496590][T15082]  </TASK>
[  750.740531][T15082] 
[  750.743128][T15082] =====================================
[  750.749252][T15082] WARNING: bad unlock balance detected!
[  750.755371][T15082] 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 Not tainted
[  750.763217][T15082] -------------------------------------
[  750.769335][T15082] syz.2.2278/15082 is trying to release lock (event_mutex) at:
[  750.777680][T15082] [<ffffffff823ceb6d>] seq_read_iter+0x60d/0x12c0
[  750.784819][T15082] but there are no more locks to release!
[  750.791132][T15082] 
[  750.791132][T15082] other info that might help us debug this:
[  750.800024][T15082] 1 lock held by syz.2.2278/15082:
[  750.805681][T15082]  #0: ffff88807d1862f0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[  750.815551][T15082] 
[  750.815551][T15082] stack backtrace:
[  750.822066][T15082] CPU: 1 UID: 0 PID: 15082 Comm: syz.2.2278 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  750.822110][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  750.822129][T15082] Call Trace:
[  750.822140][T15082]  <TASK>
[  750.822152][T15082]  dump_stack_lvl+0x116/0x1f0
[  750.822195][T15082]  ? seq_read_iter+0x60d/0x12c0
[  750.822238][T15082]  print_unlock_imbalance_bug+0x11b/0x130
[  750.822276][T15082]  ? seq_read_iter+0x60d/0x12c0
[  750.822318][T15082]  lock_release+0x242/0x2f0
[  750.822359][T15082]  __mutex_unlock_slowpath+0xa2/0x6a0
[  750.822405][T15082]  ? rcu_is_watching+0x12/0xc0
[  750.822433][T15082]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  750.822476][T15082]  ? __kmalloc_cache_noprof+0x249/0x3e0
[  750.822527][T15082]  ? rcu_is_watching+0x12/0xc0
[  750.822556][T15082]  ? kfree+0x252/0x4d0
[  750.822604][T15082]  ? s_start+0x28c/0x320
[  750.822644][T15082]  seq_read_iter+0x60d/0x12c0
[  750.822704][T15082]  seq_read+0x39e/0x4e0
[  750.822748][T15082]  ? __pfx_seq_read+0x10/0x10
[  750.822792][T15082]  ? get_pid_task+0xfc/0x250
[  750.822842][T15082]  ? rw_verify_area+0xcf/0x680
[  750.822886][T15082]  ? __pfx_seq_read+0x10/0x10
[  750.822931][T15082]  vfs_read+0x1de/0xc70
[  750.822961][T15082]  ? __pfx_vfs_read+0x10/0x10
[  750.822988][T15082]  ? find_held_lock+0x2b/0x80
[  750.823017][T15082]  ? __fget_files+0x204/0x3c0
[  750.823069][T15082]  ? __fget_files+0x20e/0x3c0
[  750.823115][T15082]  ? __fget_files+0x160/0x3c0
[  750.823168][T15082]  __x64_sys_pread64+0x1f4/0x250
[  750.823200][T15082]  ? __pfx___x64_sys_pread64+0x10/0x10
[  750.823231][T15082]  ? rcu_is_watching+0x12/0xc0
[  750.823264][T15082]  do_syscall_64+0xcd/0x230
[  750.823308][T15082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.823340][T15082] RIP: 0033:0x7f47fef8e969
[  750.823364][T15082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.823393][T15082] RSP: 002b:00007f47ffde6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  750.823424][T15082] RAX: ffffffffffffffda RBX: 00007f47ff1b5fa0 RCX: 00007f47fef8e969
[  750.823445][T15082] RDX: 000000000000c404 RSI: 0000000000000000 RDI: 0000000000000003
[  750.823465][T15082] RBP: 00007f47ffde6090 R08: 0000000000000000 R09: 0000000000000000
[  750.823485][T15082] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001
[  750.823504][T15082] R13: 0000000000000000 R14: 00007f47ff1b5fa0 R15: 00007ffca221bfd8
[  750.823535][T15082]  </TASK>
[  752.473496][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  752.480598][ T1297] ieee802154 phy1 wpan1: encryption failed: -22