last executing test programs: 10.651350642s ago: executing program 3 (id=1634): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time\x00') mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, r0, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d, 0x1, [0x0]}) ppoll$auto(&(0x7f0000000140)={r0, 0x4, 0xb}, 0x7f, 0x0, 0x0, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x5, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x5) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0) ioctl$auto_PPPIOCSDEBUG(r4, 0x40047440, 0x0) mmap$auto(0x6, 0x48000a, 0x100002bb, 0x14, r2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 10.215270458s ago: executing program 2 (id=1636): r0 = io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48403, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000140)='0[.[\x00', 0xcd04) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xffffffff, 0xfffff7fffffffffd, 0x3, 0x5, 0x7181, 0x4, 0xc8bffe, 0x709, 0x100000000009, 0x6, 0x80003, 0xfffffffffffffffd, 0x1ffffffffffd, 0x8, 0x1006, 0x7, 0x9, 0x80, 0x7ffffffffffffffc, 0x0, 0xc, 0x2, 0x101, 0x4, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfff]}, 0x1fe, 0x5) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), r4) unshare$auto(0x40000080) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x45, 0x0) fsopen$auto(0x0, 0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x20000}, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex, 0x3, 0x40081, @uprobe_multi={0x81, 0x1ff, 0x8, 0x0, 0x1, 0x4}}, 0x81) bind$auto(0xffffffffffffffff, 0x0, 0x66) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000200)={{0x7, 0x0, 0x6, 0x9, 0x9d49}, "ec402f76290e2f0446ee7daf5171790f142eb532c1d171c8182166e17beb70f0"}) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r3, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x400}, 0x4}, 0xfff, 0xb07e) 7.604089942s ago: executing program 3 (id=1640): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x6, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x4) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r2, r1, 0x0, 0x1000202) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) 7.452654058s ago: executing program 2 (id=1642): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = socket(0xa, 0x1, 0x100) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x200, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004881) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x4d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 6.236479776s ago: executing program 1 (id=1644): r0 = io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48403, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000140)='0[.[\x00', 0xcd04) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xffffffff, 0xfffff7fffffffffd, 0x3, 0x5, 0x7181, 0x4, 0xc8bffe, 0x709, 0x100000000009, 0x6, 0x80003, 0xfffffffffffffffd, 0x1ffffffffffd, 0x8, 0x1006, 0x7, 0x9, 0x80, 0x7ffffffffffffffc, 0x0, 0xc, 0x2, 0x101, 0x4, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfff]}, 0x1fe, 0x5) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), r4) unshare$auto(0x40000080) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x45, 0x0) fsopen$auto(0x0, 0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x20000}, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex, 0x3, 0x40081, @uprobe_multi={0x81, 0x1ff, 0x8, 0x0, 0x1, 0x4}}, 0x81) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x2}, 0x66) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000200)={{0x7, 0x0, 0x6, 0x9, 0x9d49}, "ec402f76290e2f0446ee7daf5171790f142eb532c1d171c8182166e17beb70f0"}) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r3, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x400}, 0x4}, 0xfff, 0xb07e) 6.123589968s ago: executing program 0 (id=1645): socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x2c, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x20007, 0x0, 0xeb4, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) kexec_load$auto(0x5eab, 0x8, &(0x7f0000000580)={@buf=0x0, 0x7, 0x7ff, 0x5}, 0x0) r1 = socket(0x10, 0x2, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1009, 0x5, 0x1f, 0x93f, 0x1ffda, 0x402, 0x6, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0xffffffffffffff17, 0x2, 0x3, 0x205, 0x7, 0x0, 0x3fffb, 0x0, 0x3, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x8, 0x0, 0xf, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x100000000, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x2000000000000000]}, 0x203, 0x7d) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 5.898707112s ago: executing program 3 (id=1646): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x280001, 0x4) pidfd_open$auto(0x1, 0x0) ioctl$auto(0x3, 0x890b, 0x38) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000040)=0x5) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa833e6fc65b6b3cf705001900ffff8eac2cdafc1f64010043eeb0b0530300000000000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7ff, 0x200}, 0x100, 0x6) mmap$auto(0x3, 0x3fe, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(r1, 0x0, r0) mkdirat$auto(r1, &(0x7f0000000040)='./file0\x00', 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r4, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x80) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) 5.618938841s ago: executing program 0 (id=1647): mmap$auto(0x200000, 0x402008, 0x8, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) socket(0x10, 0x4, 0xffffffc0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r3) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') close_range$auto(0x2, 0x8, 0x0) getuid() socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) listen$auto(0x3, 0x81) listen$auto(0x3, 0x0) listen$auto(0x3, 0x81) 5.262301954s ago: executing program 2 (id=1648): mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183042, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x100182, 0x0) socket(0x15, 0x5, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x240000, 0x0) openat$auto_fops_u16_(0xffffffffffffff9c, 0x0, 0x42002, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) r1 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(r1, 0x40106f52, r2) 4.838405353s ago: executing program 3 (id=1649): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time\x00') mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, r0, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d, 0x1, [0x0]}) ppoll$auto(&(0x7f0000000140)={r0, 0x4, 0xb}, 0x7f, 0x0, 0x0, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x5, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x5) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0) ioctl$auto_PPPIOCSDEBUG(r4, 0x40047440, 0x0) mmap$auto(0x6, 0x48000a, 0x100002bb, 0x14, r2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 4.758516101s ago: executing program 2 (id=1650): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6', 0x4, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x6, 0x2, 0x40eb4, r0, 0x6) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) getpid() r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_SCAN(r3, 0x0, 0x4000) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x30, 0x0, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0xec}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x922e}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1000}]}, 0x30}, 0x1, 0x0, 0x0, 0xd0}, 0x20000400) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) fspick$auto(0xffffffffffffffff, 0x0, 0x6) 3.770959338s ago: executing program 1 (id=1651): mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/bridge/bridge-nf-pass-vlan-input-dev\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) connect$auto(0x3, 0x0, 0x55) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x2, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x4, 0xfff, 0x7, 0xb0, 0x9, 0x8001, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ac7, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0x5e87) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_TXSA(0xffffffffffffffff, 0x0, 0x40040) socket(0x1d, 0x4, 0x10001) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3.748569128s ago: executing program 0 (id=1652): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x8000000eb1, 0x401, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/security/tomoyo/profile\x00', 0x20002, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f00000012c0)="0a1b9a3c3e20fd2da3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a1fe65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9918291c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b25230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x106) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vkms/graphics/fb0/modes\x00', 0x129102, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x80202, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='>', 0x1) socket(0x21, 0x2, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd9/queue/max_sectors_kb\x00', 0x2c40, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x2, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x4242, 0x11a) fanotify_mark$auto(0x0, 0x1, 0x3a, r2, 0x0) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) lsm_get_self_attr$auto(0xf, &(0x7f0000000000)={0xfb6f, 0x1, 0xa48, 0x4e, "0f7b25ebb27c24678a9ad72d2c96ac4ff7065c84c6c254dfe7644ffc2aaaaa3dc0be779496b28666c989b4cbc13c9af8539fdca1cbba20ec2bf990d5f5f2cd71eeca3bed9100e3f36a73d7b0b100"}, &(0x7f0000000080)=0x200000, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, r3) 3.445223574s ago: executing program 0 (id=1653): r0 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/tracing/error_log\x00', 0x603, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x88000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x41, 0x7, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0) pidfd_open$auto(0x1, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x7fffffff, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) mq_open$auto(0x0, 0x7e, 0x9, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x81ff, 0x7, 0xaec6, 0x0, 0x948d, 0x3, 0x8800000000000000, 0x3, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0xc, 0x40200000002, 0xfffffffffffffffb]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x100, 0xffffffffffffffff, 0x1000000000006, 0x12, r0, 0x8001) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80, 0x3, 0x8, 0x5, 0x9d78, 0x1ff, r2, [0x7, 0xffdf, 0x7655], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x3}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x7f, 0x8000, 0xfffffffa, 0xc}}) 3.204350092s ago: executing program 2 (id=1654): openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = clone3$auto(0x0, 0x0) ptrace$auto_PTRACE_GETSIGMASK(0x420a, r0, 0x6e3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socketcall$auto_SYS_SOCKET(0x1, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0xfffffffffffff001, 0xffffffffffff0001, 0x1d) socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x102, 0x0) write$auto(r1, &(0x7f0000000340)='3\x00', 0x6) 3.093547119s ago: executing program 1 (id=1655): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0xe0180, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) write$auto(0x3, 0x0, 0xffd8) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6a) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x108800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x10, 0x4, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4044}, 0x20000004) flistxattr$auto(r1, &(0x7f0000000200)=':{\x00', 0x7) setrlimit$auto(0x9, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) mremap$auto(0x110c231000, 0x4, 0x4, 0x7, 0x100000000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto(0x3, 0xae41, 0x38) 2.868898334s ago: executing program 3 (id=1656): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) open(0x0, 0x64842, 0x0) epoll_ctl$auto(0x5, 0x3, 0xffffffffffffffff, 0x0) ioctl$auto(0xc8, 0xffffffff800454dd, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x5, 0x7, 0x8000000000000000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x5f12, 0x3, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d", @raw=0x9}, 0x400005, 0x25, 0x4, @inferred, @reserved="630d530e55f2940f87c5580dd6d03d326858cba1428368e17dd0ceca88463efa0e31cd124fc844bc62fc6fce5ce6dcdea7d8b0aaa17e657c5969b5b494035f33865acc90360b98bd8e36c3b553f3c18172a2579ad612531a4dccc48e8770223069caf4694e9f7759a0d16ffa4780bc3f828dd4a8cc877abd7dc6ae56ff3f0cce", "7a9fc199a16a2311eacf2fc7ae1d8778dc610400000001000f00000000b6debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cb7c0eb32791702b8d7c2d"}) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0x801}, 0x10a, 0x7f4d, 0x0) rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0xf}, 0x7, 0x0, 0x5, 0xe}, 0x5}, 0x1, 0x101) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_percent\x00', 0xbc102, 0x0) close_range$auto(r1, r2, 0x800000b) write$auto_aoe_fops_aoechr(r1, &(0x7f0000000340)="535dabf735937060ced3fc5f97be100087a3c5e8683898a5f1ab9ea5b0c66ab3a03fba1f2c94f53e4c23f01c16d3cb260c7dc6bbb47d4c5d62c948352b8edd68405e9149b467f61aa4f8180cb825bb92bf443dd615364bb826bed41e5646fa821192ca8c40f247ede2a5a87853febde8a86992bdb01bb5206d56bfafca67dd56910375e452bf339cdb9242f4f4c1f061624ab6a76b2e50a0e17dd42c0ca40918688be3f4325165e4f137e4cb394a3032f62ccbff5785028aec1d8b561371ec9f7a99ff7509233de2", 0xc8) 2.179749263s ago: executing program 0 (id=1657): mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x200000000008000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x6}, 0x7, 0x0, 0x0, 0x8) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800009}, 0x1, 0x20000000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) socket(0xa, 0x5, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000440), r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vlan1\x00'}) ioctl$auto_TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/bssid\x00', 0x0, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r1, 0x0, 0x0) writev$auto(r1, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) semget$auto(0x8, 0x3, 0xfffffffe) statmount$auto(0x0, 0x0, 0x1fe, 0xd) setsockopt$auto(0xffffffffffffffff, 0x107, 0x7, 0x0, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 1.923265878s ago: executing program 1 (id=1658): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) fcntl$auto(0x8000000000000001, 0x5, 0x8) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0d, 0xe, 0x3, 0x4, 0x80000033, 0xfff, 0x6d3e, 0x9, 0x8, 0x6]}, 0x0) socket(0x2b, 0x4, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x24000001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(r0, 0x0, 0xa, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) 1.530577731s ago: executing program 3 (id=1659): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time\x00') mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, r0, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d, 0x1, [0x0]}) ppoll$auto(&(0x7f0000000140)={r0, 0x4, 0xb}, 0x7f, 0x0, 0x0, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4044820) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x5, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x5) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0) ioctl$auto_PPPIOCSDEBUG(r4, 0x40047440, 0x0) mmap$auto(0x6, 0x48000a, 0x100002bb, 0x14, r2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 1.491829725s ago: executing program 2 (id=1660): r0 = io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48403, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000140)='0[.[\x00', 0xcd04) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xffffffff, 0xfffff7fffffffffd, 0x3, 0x5, 0x7181, 0x4, 0xc8bffe, 0x709, 0x100000000009, 0x6, 0x80003, 0xfffffffffffffffd, 0x1ffffffffffd, 0x8, 0x1006, 0x7, 0x9, 0x80, 0x7ffffffffffffffc, 0x0, 0xc, 0x2, 0x101, 0x4, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, 0x6, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfff]}, 0x1fe, 0x5) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), r4) unshare$auto(0x40000080) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x45, 0x0) fsopen$auto(0x0, 0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x20000}, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex, 0x3, 0x40081, @uprobe_multi={0x81, 0x1ff, 0x8, 0x0, 0x1, 0x4}}, 0x81) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x2}, 0x66) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000200)={{0x7, 0x0, 0x6, 0x9, 0x9d49}, "ec402f76290e2f0446ee7daf5171790f142eb532c1d171c8182166e17beb70f0"}) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r3, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x400}, 0x4}, 0xfff, 0xb07e) 1.138329583s ago: executing program 0 (id=1661): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) listmount$auto(0x0, 0x0, 0xf4240, 0x1) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000000}, 0x20000800) socket(0x2c, 0x3, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/hugepages-8kB/shmem_enabled\x00', 0x1a1842, 0x0) mmap$auto(0x0, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x800eb0, 0x401, 0x9) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) get_robust_list$auto(0x0, 0x0, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000001040)={0x80, 0x6, 0xf00, 0x1, 0x101, 0x0, 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000000006"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) capset$auto(0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 415.02106ms ago: executing program 1 (id=1662): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40942, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x743b83, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x280, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8042, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/info\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 0s ago: executing program 1 (id=1663): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d06, 0xe3, 0x100000007f}]}) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r4, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048c40}, 0x4) sendmsg$auto_SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000240)={&(0x7f0000000180), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r5, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7f}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000040) pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r6, 0x0) execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=&(0x7f0000000080)=',{\x00', &(0x7f0000000140)=&(0x7f0000000100)='}.\x00') move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) kernel console output (not intermixed with test programs): 00000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 700.923660][T12645] page_type: f5(slab) [ 700.950409][T12645] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 701.033857][T12645] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 701.117141][T12645] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 701.252089][T12645] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 701.388031][T12645] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 701.505746][T12645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 701.573657][T12645] page dumped because: unmovable page [ 701.655490][T12645] page_owner tracks the page as allocated [ 701.771335][T12645] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 702.141089][T12645] post_alloc_hook+0x1c0/0x230 [ 702.230149][T12645] get_page_from_freelist+0x1321/0x3890 [ 702.301703][T12645] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 702.498358][T12645] alloc_pages_mpol+0x1fb/0x550 [ 702.503290][T12645] new_slab+0x23b/0x330 [ 702.560080][T12645] ___slab_alloc+0xd9c/0x1940 [ 702.564843][T12645] __slab_alloc.constprop.0+0x56/0xb0 [ 702.644874][T12645] __kmalloc_noprof+0x2f2/0x510 [ 702.690297][T12645] __register_sysctl_table+0xb3/0x1900 [ 702.747661][T12645] __addrconf_sysctl_register+0x1a2/0x360 [ 702.775737][T12645] addrconf_sysctl_register+0x15f/0x1f0 [ 702.821339][T12645] ipv6_add_dev+0xb39/0x15f0 [ 702.826016][T12645] addrconf_notify+0x53e/0x19e0 [ 702.888694][T12645] notifier_call_chain+0xbc/0x410 [ 702.893803][T12645] call_netdevice_notifiers_info+0xbe/0x140 [ 702.950715][T12645] register_netdevice+0x182e/0x2270 [ 702.979521][T12645] page last free pid 5847 tgid 5847 stack trace: [ 703.023063][T12645] __free_frozen_pages+0x7fe/0x1180 [ 703.047214][T12645] __put_partials+0x16d/0x1c0 [ 703.071613][T12645] qlist_free_all+0x4d/0x120 [ 703.102244][T12645] kasan_quarantine_reduce+0x195/0x1e0 [ 703.130496][T12645] __kasan_slab_alloc+0x69/0x90 [ 703.135440][T12645] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 703.188779][T12645] kset_create_and_add+0x4d/0x190 [ 703.220390][T12645] netdev_register_kobject+0x1c8/0x3a0 [ 703.250614][T12645] register_netdevice+0x13dc/0x2270 [ 703.255950][T12645] veth_newlink+0x446/0xa00 [ 703.308644][T12645] rtnl_newlink+0xc42/0x2000 [ 703.338592][T12645] rtnetlink_rcv_msg+0x95e/0xe90 [ 703.343623][T12645] netlink_rcv_skb+0x155/0x420 [ 703.387567][T12645] netlink_unicast+0x58d/0x850 [ 703.411946][T12645] netlink_sendmsg+0x8d1/0xdd0 [ 703.428413][T12645] __sys_sendto+0x4a0/0x520 [ 705.105082][ T30] audit: type=1326 audit(4294971137.358:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12685 comm="syz.3.1356" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ae6d8e929 code=0x0 [ 705.501118][T12695] sp0: Synchronizing with TNC [ 705.648471][T12698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 705.724130][T12698] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 705.812210][T12698] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 705.935327][T12698] page_type: f5(slab) [ 706.006913][T12698] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 706.195225][T12698] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 706.203936][T12698] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 706.277686][T12706] FAULT_INJECTION: forcing a failure. [ 706.277686][T12706] name failslab, interval 1, probability 0, space 0, times 0 [ 706.350677][T12706] CPU: 0 UID: 0 PID: 12706 Comm: syz.2.1363 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 706.350719][T12706] Tainted: [U]=USER [ 706.350728][T12706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 706.350743][T12706] Call Trace: [ 706.350752][T12706] [ 706.350764][T12706] dump_stack_lvl+0x16c/0x1f0 [ 706.350806][T12706] should_fail_ex+0x512/0x640 [ 706.350842][T12706] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 706.350878][T12706] should_failslab+0xc2/0x120 [ 706.350901][T12706] __kmalloc_cache_noprof+0x6a/0x3e0 [ 706.350934][T12706] ? trace_kmalloc+0x2b/0xd0 [ 706.350958][T12706] ? snd_virmidi_input_open+0xc8/0x4a0 [ 706.350986][T12706] snd_virmidi_input_open+0xc8/0x4a0 [ 706.351016][T12706] open_substream+0x478/0x9b0 [ 706.351045][T12706] rawmidi_open_priv+0x4db/0x6e0 [ 706.351080][T12706] snd_rawmidi_open+0x4cc/0xbf0 [ 706.351117][T12706] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 706.351149][T12706] ? __pfx_default_wake_function+0x10/0x10 [ 706.351178][T12706] ? soundcore_open+0x35a/0x580 [ 706.351216][T12706] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 706.351249][T12706] soundcore_open+0x409/0x580 [ 706.351289][T12706] ? __pfx_soundcore_open+0x10/0x10 [ 706.351326][T12706] chrdev_open+0x234/0x6a0 [ 706.351365][T12706] ? __pfx_chrdev_open+0x10/0x10 [ 706.351406][T12706] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 706.351445][T12706] do_dentry_open+0x741/0x1c10 [ 706.351482][T12706] ? __pfx_chrdev_open+0x10/0x10 [ 706.351549][T12706] vfs_open+0x82/0x3f0 [ 706.351580][T12706] path_openat+0x1de4/0x2cb0 [ 706.351625][T12706] ? __pfx_path_openat+0x10/0x10 [ 706.351663][T12706] ? __lock_acquire+0xb8a/0x1c90 [ 706.351700][T12706] do_filp_open+0x20b/0x470 [ 706.351736][T12706] ? __pfx_do_filp_open+0x10/0x10 [ 706.351795][T12706] ? alloc_fd+0x471/0x7d0 [ 706.351837][T12706] do_sys_openat2+0x11b/0x1d0 [ 706.351864][T12706] ? __pfx_do_sys_openat2+0x10/0x10 [ 706.351903][T12706] __x64_sys_openat+0x174/0x210 [ 706.351931][T12706] ? __pfx___x64_sys_openat+0x10/0x10 [ 706.351972][T12706] do_syscall_64+0xcd/0x490 [ 706.352011][T12706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.352037][T12706] RIP: 0033:0x7faf49b8e929 [ 706.352057][T12706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.352081][T12706] RSP: 002b:00007faf4aa21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 706.352104][T12706] RAX: ffffffffffffffda RBX: 00007faf49db5fa0 RCX: 00007faf49b8e929 [ 706.352121][T12706] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 706.352136][T12706] RBP: 00007faf49c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 706.352151][T12706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 706.352166][T12706] R13: 0000000000000000 R14: 00007faf49db5fa0 R15: 00007ffc03743048 [ 706.352197][T12706] [ 706.635721][ C0] vkms_vblank_simulate: vblank timer overrun [ 707.014840][T12698] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 707.087336][T12698] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 707.209586][T12698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 707.424452][T12698] page dumped because: unmovable page [ 707.544524][T12698] page_owner tracks the page as allocated [ 707.586340][T12698] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 707.900490][T12698] post_alloc_hook+0x1c0/0x230 [ 707.930818][T12698] get_page_from_freelist+0x1321/0x3890 [ 707.977486][T12698] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 708.077689][T12698] alloc_pages_mpol+0x1fb/0x550 [ 708.193794][T12698] new_slab+0x23b/0x330 [ 708.214073][T12698] ___slab_alloc+0xd9c/0x1940 [ 708.218867][T12698] __slab_alloc.constprop.0+0x56/0xb0 [ 708.415175][T12722] netlink: 'syz.2.1366': attribute type 28 has an invalid length. [ 708.448870][T12698] __kmalloc_noprof+0x2f2/0x510 [ 708.462503][T12722] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1366'. [ 708.494514][T12698] __register_sysctl_table+0xb3/0x1900 [ 708.572004][T12698] __addrconf_sysctl_register+0x1a2/0x360 [ 708.614005][T12698] addrconf_sysctl_register+0x15f/0x1f0 [ 708.709473][T12698] ipv6_add_dev+0xb39/0x15f0 [ 708.730393][T12698] addrconf_notify+0x53e/0x19e0 [ 708.779640][T12698] notifier_call_chain+0xbc/0x410 [ 708.831423][T12698] call_netdevice_notifiers_info+0xbe/0x140 [ 708.856822][T12698] register_netdevice+0x182e/0x2270 [ 708.902693][T12698] page last free pid 5847 tgid 5847 stack trace: [ 708.949892][T12698] __free_frozen_pages+0x7fe/0x1180 [ 708.987139][T12698] __put_partials+0x16d/0x1c0 [ 709.012172][T12698] qlist_free_all+0x4d/0x120 [ 709.037910][T12698] kasan_quarantine_reduce+0x195/0x1e0 [ 709.072393][T12698] __kasan_slab_alloc+0x69/0x90 [ 709.097890][T12698] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 709.127262][T12698] kset_create_and_add+0x4d/0x190 [ 709.151293][T12698] netdev_register_kobject+0x1c8/0x3a0 [ 709.179690][T12698] register_netdevice+0x13dc/0x2270 [ 709.205843][T12698] veth_newlink+0x446/0xa00 [ 709.235561][T12698] rtnl_newlink+0xc42/0x2000 [ 709.259294][T12698] rtnetlink_rcv_msg+0x95e/0xe90 [ 709.288127][T12698] netlink_rcv_skb+0x155/0x420 [ 709.313206][T12698] netlink_unicast+0x58d/0x850 [ 709.341060][T12698] netlink_sendmsg+0x8d1/0xdd0 [ 709.366422][T12698] __sys_sendto+0x4a0/0x520 [ 709.798037][T12734] input: f¬ as /devices/virtual/input/input29 [ 710.930579][T12746] FAULT_INJECTION: forcing a failure. [ 710.930579][T12746] name failslab, interval 1, probability 0, space 0, times 0 [ 710.995470][T12743] FAULT_INJECTION: forcing a failure. [ 710.995470][T12743] name failslab, interval 1, probability 0, space 0, times 0 [ 711.058451][T12746] CPU: 0 UID: 0 PID: 12746 Comm: syz.3.1375 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 711.058494][T12746] Tainted: [U]=USER [ 711.058502][T12746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 711.058518][T12746] Call Trace: [ 711.058526][T12746] [ 711.058536][T12746] dump_stack_lvl+0x16c/0x1f0 [ 711.058577][T12746] should_fail_ex+0x512/0x640 [ 711.058613][T12746] ? __kvmalloc_node_noprof+0x124/0x620 [ 711.058652][T12746] should_failslab+0xc2/0x120 [ 711.058675][T12746] __kvmalloc_node_noprof+0x137/0x620 [ 711.058710][T12746] ? lockdep_init_map_type+0x5c/0x280 [ 711.058745][T12746] ? alloc_netdev_mqs+0xcf8/0x1570 [ 711.058789][T12746] ? alloc_netdev_mqs+0xcf8/0x1570 [ 711.058825][T12746] alloc_netdev_mqs+0xcf8/0x1570 [ 711.058869][T12746] internal_dev_create+0x8a/0x520 [ 711.058896][T12746] ovs_vport_add+0x144/0x4d0 [ 711.058936][T12746] new_vport+0x16/0x1d0 [ 711.058968][T12746] ovs_dp_cmd_new+0x6ba/0xe60 [ 711.059015][T12746] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 711.059056][T12746] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 711.059090][T12746] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 711.059128][T12746] genl_family_rcv_msg_doit+0x206/0x2f0 [ 711.059161][T12746] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 711.059191][T12746] ? trace_cap_capable+0x18d/0x200 [ 711.059223][T12746] ? bpf_lsm_capable+0x9/0x10 [ 711.059253][T12746] ? security_capable+0x7e/0x260 [ 711.059277][T12746] ? ns_capable+0xd7/0x110 [ 711.059305][T12746] genl_rcv_msg+0x55c/0x800 [ 711.059338][T12746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 711.059368][T12746] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 711.059412][T12746] netlink_rcv_skb+0x155/0x420 [ 711.059438][T12746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 711.059468][T12746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 711.059508][T12746] ? netlink_deliver_tap+0x1ae/0xd30 [ 711.059552][T12746] genl_rcv+0x28/0x40 [ 711.059577][T12746] netlink_unicast+0x58d/0x850 [ 711.059606][T12746] ? __pfx_netlink_unicast+0x10/0x10 [ 711.059640][T12746] netlink_sendmsg+0x8d1/0xdd0 [ 711.059669][T12746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 711.059706][T12746] ____sys_sendmsg+0xa95/0xc70 [ 711.059733][T12746] ? copy_msghdr_from_user+0x10a/0x160 [ 711.059770][T12746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 711.059803][T12746] ? __pfx_futex_wake_mark+0x10/0x10 [ 711.059844][T12746] ___sys_sendmsg+0x134/0x1d0 [ 711.059881][T12746] ? __pfx____sys_sendmsg+0x10/0x10 [ 711.059915][T12746] ? __lock_acquire+0x622/0x1c90 [ 711.059984][T12746] __sys_sendmsg+0x16d/0x220 [ 711.060032][T12746] ? __pfx___sys_sendmsg+0x10/0x10 [ 711.060068][T12746] ? __x64_sys_futex+0x1e0/0x4c0 [ 711.060117][T12746] do_syscall_64+0xcd/0x490 [ 711.060157][T12746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.060183][T12746] RIP: 0033:0x7f5ae6d8e929 [ 711.060203][T12746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.060227][T12746] RSP: 002b:00007f5ae7b52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 711.060250][T12746] RAX: ffffffffffffffda RBX: 00007f5ae6fb5fa0 RCX: 00007f5ae6d8e929 [ 711.060266][T12746] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 711.060282][T12746] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 711.060297][T12746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.060312][T12746] R13: 0000000000000000 R14: 00007f5ae6fb5fa0 R15: 00007fff75c110e8 [ 711.060343][T12746] [ 711.782342][T12743] CPU: 0 UID: 0 PID: 12743 Comm: syz.0.1374 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 711.782384][T12743] Tainted: [U]=USER [ 711.782393][T12743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 711.782408][T12743] Call Trace: [ 711.782416][T12743] [ 711.782426][T12743] dump_stack_lvl+0x16c/0x1f0 [ 711.782467][T12743] should_fail_ex+0x512/0x640 [ 711.782502][T12743] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 711.782540][T12743] should_failslab+0xc2/0x120 [ 711.782563][T12743] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 711.782599][T12743] ? locks_get_lock_context+0x243/0x410 [ 711.782640][T12743] locks_get_lock_context+0x243/0x410 [ 711.782677][T12743] generic_setlease+0x5e7/0x1300 [ 711.782708][T12743] ? find_held_lock+0x2b/0x80 [ 711.782734][T12743] ? __pfx_generic_setlease+0x10/0x10 [ 711.782768][T12743] kernel_setlease+0x106/0x140 [ 711.782794][T12743] vfs_setlease+0x258/0x2d0 [ 711.782823][T12743] fcntl_setlease+0x3ed/0x5a0 [ 711.782848][T12743] ? __pfx_fcntl_setlease+0x10/0x10 [ 711.782888][T12743] do_fcntl+0x751/0x15a0 [ 711.782912][T12743] ? __pfx_do_fcntl+0x10/0x10 [ 711.782942][T12743] ? tomoyo_file_fcntl+0x6c/0xc0 [ 711.782991][T12743] __x64_sys_fcntl+0x163/0x200 [ 711.783018][T12743] do_syscall_64+0xcd/0x490 [ 711.783056][T12743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.783081][T12743] RIP: 0033:0x7f7615b8e929 [ 711.783100][T12743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.783123][T12743] RSP: 002b:00007f7616a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 711.783145][T12743] RAX: ffffffffffffffda RBX: 00007f7615db5fa0 RCX: 00007f7615b8e929 [ 711.783161][T12743] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000005 [ 711.783175][T12743] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 711.783189][T12743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.783203][T12743] R13: 0000000000000000 R14: 00007f7615db5fa0 R15: 00007ffd8f35d5d8 [ 711.783232][T12743] [ 712.525000][T12701] Process accounting resumed [ 712.532963][T12762] netlink: 'syz.3.1379': attribute type 5 has an invalid length. [ 712.565856][T12762] netlink: 'syz.3.1379': attribute type 1 has an invalid length. [ 712.584856][T12765] netlink: 'syz.3.1379': attribute type 5 has an invalid length. [ 712.601866][T12762] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1379'. [ 712.707902][T12765] netlink: 'syz.3.1379': attribute type 1 has an invalid length. [ 712.761046][T12765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1379'. [ 713.245231][T12777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1381'. [ 714.134992][T12787] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1385'. [ 714.551652][T12795] random: crng reseeded on system resumption [ 715.091271][T12802] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1390'. [ 715.377934][T12810] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1393'. [ 715.439521][T12799] Process accounting paused [ 715.461188][T12810] ima: policy update failed [ 715.519490][ T30] audit: type=1802 audit(4294971147.783:9): pid=12810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1393" res=0 errno=0 [ 716.437797][T12817] Process accounting paused [ 718.882864][T12849] FAULT_INJECTION: forcing a failure. [ 718.882864][T12849] name failslab, interval 1, probability 0, space 0, times 0 [ 718.949493][T12849] CPU: 0 UID: 0 PID: 12849 Comm: syz.1.1403 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 718.949538][T12849] Tainted: [U]=USER [ 718.949548][T12849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.949562][T12849] Call Trace: [ 718.949590][T12849] [ 718.949600][T12849] dump_stack_lvl+0x16c/0x1f0 [ 718.949641][T12849] should_fail_ex+0x512/0x640 [ 718.949676][T12849] ? __kvmalloc_node_noprof+0x124/0x620 [ 718.949715][T12849] should_failslab+0xc2/0x120 [ 718.949738][T12849] __kvmalloc_node_noprof+0x137/0x620 [ 718.949773][T12849] ? lockdep_init_map_type+0x5c/0x280 [ 718.949809][T12849] ? alloc_netdev_mqs+0xcf8/0x1570 [ 718.949852][T12849] ? alloc_netdev_mqs+0xcf8/0x1570 [ 718.949888][T12849] alloc_netdev_mqs+0xcf8/0x1570 [ 718.949932][T12849] internal_dev_create+0x8a/0x520 [ 718.949959][T12849] ovs_vport_add+0x144/0x4d0 [ 718.950000][T12849] new_vport+0x16/0x1d0 [ 718.950031][T12849] ovs_dp_cmd_new+0x6ba/0xe60 [ 718.950072][T12849] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 718.950118][T12849] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 718.950151][T12849] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 718.950190][T12849] genl_family_rcv_msg_doit+0x206/0x2f0 [ 718.950222][T12849] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 718.950252][T12849] ? trace_cap_capable+0x18d/0x200 [ 718.950283][T12849] ? bpf_lsm_capable+0x9/0x10 [ 718.950313][T12849] ? security_capable+0x7e/0x260 [ 718.950337][T12849] ? ns_capable+0xd7/0x110 [ 718.950368][T12849] genl_rcv_msg+0x55c/0x800 [ 718.950401][T12849] ? __pfx_genl_rcv_msg+0x10/0x10 [ 718.950431][T12849] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 718.950475][T12849] netlink_rcv_skb+0x155/0x420 [ 718.950500][T12849] ? __pfx_genl_rcv_msg+0x10/0x10 [ 718.950535][T12849] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 718.950572][T12849] ? netlink_deliver_tap+0x1ae/0xd30 [ 718.950616][T12849] genl_rcv+0x28/0x40 [ 718.950640][T12849] netlink_unicast+0x58d/0x850 [ 718.950671][T12849] ? __pfx_netlink_unicast+0x10/0x10 [ 718.950705][T12849] netlink_sendmsg+0x8d1/0xdd0 [ 718.950735][T12849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 718.950771][T12849] ____sys_sendmsg+0xa95/0xc70 [ 718.950799][T12849] ? copy_msghdr_from_user+0x10a/0x160 [ 718.950835][T12849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 718.950868][T12849] ? try_to_wake_up+0xa2f/0x1680 [ 718.950899][T12849] ___sys_sendmsg+0x134/0x1d0 [ 718.950937][T12849] ? __pfx____sys_sendmsg+0x10/0x10 [ 718.950970][T12849] ? __lock_acquire+0x622/0x1c90 [ 718.951040][T12849] __sys_sendmsg+0x16d/0x220 [ 718.951092][T12849] ? __pfx___sys_sendmsg+0x10/0x10 [ 718.951138][T12849] ? __x64_sys_futex+0x1e0/0x4c0 [ 718.951188][T12849] do_syscall_64+0xcd/0x490 [ 718.951228][T12849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.951254][T12849] RIP: 0033:0x7f585ed8e929 [ 718.951274][T12849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.951298][T12849] RSP: 002b:00007f585fbfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 718.951321][T12849] RAX: ffffffffffffffda RBX: 00007f585efb5fa0 RCX: 00007f585ed8e929 [ 718.951338][T12849] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 718.951354][T12849] RBP: 00007f585ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 718.951369][T12849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.951384][T12849] R13: 0000000000000000 R14: 00007f585efb5fa0 R15: 00007ffd51dfe718 [ 718.951415][T12849] [ 720.335467][T12859] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1406'. [ 720.386719][T12859] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1406'. [ 723.664304][T12892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 723.686568][T12889] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1415'. [ 723.751695][T12900] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1415'. [ 723.828224][T12892] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 723.868714][T12898] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1415'. [ 723.969648][T12892] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 724.058679][T12892] page_type: f5(slab) [ 724.107384][T12892] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 724.270218][T12892] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 724.430697][T12892] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 724.555452][T12892] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 724.742434][T12892] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 724.879862][T12892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 725.045709][T12892] page dumped because: unmovable page [ 725.167772][T12892] page_owner tracks the page as allocated [ 725.286332][T12892] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 725.425892][T12892] post_alloc_hook+0x1c0/0x230 [ 725.447318][T12892] get_page_from_freelist+0x1321/0x3890 [ 725.452960][T12892] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 725.489196][T12892] alloc_pages_mpol+0x1fb/0x550 [ 725.510018][T12892] new_slab+0x23b/0x330 [ 725.514269][T12892] ___slab_alloc+0xd9c/0x1940 [ 725.544103][T12892] __slab_alloc.constprop.0+0x56/0xb0 [ 725.563580][T12892] __kmalloc_noprof+0x2f2/0x510 [ 725.587759][T12892] __register_sysctl_table+0xb3/0x1900 [ 725.607039][T12892] __addrconf_sysctl_register+0x1a2/0x360 [ 725.612856][T12892] addrconf_sysctl_register+0x15f/0x1f0 [ 725.643560][T12892] ipv6_add_dev+0xb39/0x15f0 [ 725.665427][T12892] addrconf_notify+0x53e/0x19e0 [ 725.681721][T12892] notifier_call_chain+0xbc/0x410 [ 725.709416][T12892] call_netdevice_notifiers_info+0xbe/0x140 [ 725.728099][T12892] register_netdevice+0x182e/0x2270 [ 725.747506][T12892] page last free pid 5847 tgid 5847 stack trace: [ 725.771605][T12892] __free_frozen_pages+0x7fe/0x1180 [ 725.789158][T12892] __put_partials+0x16d/0x1c0 [ 725.806943][T12892] qlist_free_all+0x4d/0x120 [ 725.824460][T12892] kasan_quarantine_reduce+0x195/0x1e0 [ 725.850585][T12892] __kasan_slab_alloc+0x69/0x90 [ 725.862851][T12892] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 725.882538][T12892] kset_create_and_add+0x4d/0x190 [ 725.909191][T12892] netdev_register_kobject+0x1c8/0x3a0 [ 725.929220][T12892] register_netdevice+0x13dc/0x2270 [ 725.949770][T12892] veth_newlink+0x446/0xa00 [ 725.954354][T12892] rtnl_newlink+0xc42/0x2000 [ 725.979840][T12892] rtnetlink_rcv_msg+0x95e/0xe90 [ 726.010169][T12892] netlink_rcv_skb+0x155/0x420 [ 726.027616][T12892] netlink_unicast+0x58d/0x850 [ 726.042684][T12892] netlink_sendmsg+0x8d1/0xdd0 [ 726.059124][T12892] __sys_sendto+0x4a0/0x520 [ 726.760762][T12899] Process accounting paused [ 727.045999][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1424'. [ 727.103985][T12921] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1424'. [ 727.410329][T12926] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1425'. [ 727.507862][T12930] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1428'. [ 727.560388][T12929] ima: policy update failed [ 727.608668][ T30] audit: type=1802 audit(4294971159.869:10): pid=12929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1428" res=0 errno=0 [ 727.875698][T12935] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1430'. [ 727.989734][T12935] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1430'. [ 728.054812][T12940] netlink: 290 bytes leftover after parsing attributes in process `syz.0.1430'. [ 728.107515][T12940] veth0_macvtap: left promiscuous mode [ 728.165951][T12935] netlink: 290 bytes leftover after parsing attributes in process `syz.0.1430'. [ 728.216986][T12935] veth0_macvtap: entered promiscuous mode [ 730.561897][T12969] FAULT_INJECTION: forcing a failure. [ 730.561897][T12969] name failslab, interval 1, probability 0, space 0, times 0 [ 730.637957][T12969] CPU: 0 UID: 0 PID: 12969 Comm: syz.0.1440 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 730.637998][T12969] Tainted: [U]=USER [ 730.638006][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 730.638020][T12969] Call Trace: [ 730.638029][T12969] [ 730.638039][T12969] dump_stack_lvl+0x16c/0x1f0 [ 730.638078][T12969] should_fail_ex+0x512/0x640 [ 730.638113][T12969] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 730.638148][T12969] should_failslab+0xc2/0x120 [ 730.638171][T12969] __kmalloc_cache_noprof+0x6a/0x3e0 [ 730.638204][T12969] ? kobject_uevent_env+0x265/0x1870 [ 730.638233][T12969] kobject_uevent_env+0x265/0x1870 [ 730.638258][T12969] ? __pfx_dev_uevent_name+0x10/0x10 [ 730.638292][T12969] ? kfree+0x2b4/0x4d0 [ 730.638319][T12969] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 730.638353][T12969] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 730.638382][T12969] ? __pfx_kvm_vm_release+0x10/0x10 [ 730.638402][T12969] kvm_put_kvm+0xe4/0xb40 [ 730.638421][T12969] ? lockdep_hardirqs_on+0x7c/0x110 [ 730.638459][T12969] ? __pfx_kvm_vm_release+0x10/0x10 [ 730.638480][T12969] kvm_vm_release+0x3c/0x50 [ 730.638500][T12969] __fput+0x402/0xb70 [ 730.638530][T12969] task_work_run+0x150/0x240 [ 730.638569][T12969] ? __pfx_task_work_run+0x10/0x10 [ 730.638606][T12969] ? __pfx___do_sys_close_range+0x10/0x10 [ 730.638648][T12969] exit_to_user_mode_loop+0xeb/0x110 [ 730.638688][T12969] do_syscall_64+0x3f6/0x490 [ 730.638725][T12969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.638770][T12969] RIP: 0033:0x7f7615b8e929 [ 730.638792][T12969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.638825][T12969] RSP: 002b:00007f7616a8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 730.638849][T12969] RAX: 0000000000000000 RBX: 00007f7615db5fa0 RCX: 00007f7615b8e929 [ 730.638865][T12969] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 730.638881][T12969] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 730.638896][T12969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 730.638911][T12969] R13: 0000000000000000 R14: 00007f7615db5fa0 R15: 00007ffd8f35d5d8 [ 730.638941][T12969] [ 732.534518][T12989] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1446'. [ 732.545408][T12990] ptrace attach of "./syz-executor exec"[5848] was attempted by ""[12990] [ 733.089591][T12992] netlink: set zone limit has 8 unknown bytes [ 734.780845][T13027] random: crng reseeded on system resumption [ 736.602276][T13051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 736.712819][T13051] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 736.839799][T13051] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 736.960274][T13051] page_type: f5(slab) [ 737.051765][T13051] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 737.153975][T13051] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 737.272003][T13051] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 737.437564][T13051] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 737.621658][T13051] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 737.785559][T13051] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 737.962052][T13051] page dumped because: unmovable page [ 738.147875][T13051] page_owner tracks the page as allocated [ 738.235532][T13051] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 738.438965][T13051] post_alloc_hook+0x1c0/0x230 [ 738.467364][T13051] get_page_from_freelist+0x1321/0x3890 [ 738.522165][T13051] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 738.587872][T13051] alloc_pages_mpol+0x1fb/0x550 [ 738.636055][T13051] new_slab+0x23b/0x330 [ 738.684462][T13051] ___slab_alloc+0xd9c/0x1940 [ 738.736512][T13051] __slab_alloc.constprop.0+0x56/0xb0 [ 738.792329][T13051] __kmalloc_noprof+0x2f2/0x510 [ 738.870719][T13051] __register_sysctl_table+0xb3/0x1900 [ 738.903060][T13051] __addrconf_sysctl_register+0x1a2/0x360 [ 738.945489][T13051] addrconf_sysctl_register+0x15f/0x1f0 [ 738.993291][T13051] ipv6_add_dev+0xb39/0x15f0 [ 739.068850][T13051] addrconf_notify+0x53e/0x19e0 [ 739.073795][T13051] notifier_call_chain+0xbc/0x410 [ 739.204221][T13051] call_netdevice_notifiers_info+0xbe/0x140 [ 739.224755][T13051] register_netdevice+0x182e/0x2270 [ 739.273756][T13051] page last free pid 5847 tgid 5847 stack trace: [ 739.332001][T13051] __free_frozen_pages+0x7fe/0x1180 [ 739.379560][T13051] __put_partials+0x16d/0x1c0 [ 739.429938][T13051] qlist_free_all+0x4d/0x120 [ 739.452769][T13087] FAULT_INJECTION: forcing a failure. [ 739.452769][T13087] name failslab, interval 1, probability 0, space 0, times 0 [ 739.504097][T13051] kasan_quarantine_reduce+0x195/0x1e0 [ 739.523875][T13087] CPU: 0 UID: 0 PID: 13087 Comm: syz.0.1472 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 739.523918][T13087] Tainted: [U]=USER [ 739.523926][T13087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 739.523943][T13087] Call Trace: [ 739.523951][T13087] [ 739.523961][T13087] dump_stack_lvl+0x16c/0x1f0 [ 739.524003][T13087] should_fail_ex+0x512/0x640 [ 739.524038][T13087] ? fs_reclaim_acquire+0xae/0x150 [ 739.524070][T13087] should_failslab+0xc2/0x120 [ 739.524094][T13087] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 739.524132][T13087] ? security_inode_alloc+0x3b/0x2b0 [ 739.524165][T13087] security_inode_alloc+0x3b/0x2b0 [ 739.524193][T13087] inode_init_always_gfp+0xce4/0x1030 [ 739.524233][T13087] alloc_inode+0x86/0x240 [ 739.524258][T13087] new_inode+0x22/0x1c0 [ 739.524286][T13087] mqueue_get_inode+0x2e/0xdd0 [ 739.524329][T13087] mqueue_create_attr+0x261/0x440 [ 739.524358][T13087] vfs_mkobj+0x3db/0x620 [ 739.524386][T13087] ? __pfx_mqueue_create_attr+0x10/0x10 [ 739.524413][T13087] do_mq_open+0x71e/0x8c0 [ 739.524456][T13087] ? __pfx_do_mq_open+0x10/0x10 [ 739.524503][T13087] __x64_sys_mq_open+0x155/0x1e0 [ 739.524528][T13087] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 739.524567][T13087] do_syscall_64+0xcd/0x490 [ 739.524607][T13087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.524632][T13087] RIP: 0033:0x7f7615b8e929 [ 739.524652][T13087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.524676][T13087] RSP: 002b:00007f7616a6a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 739.524699][T13087] RAX: ffffffffffffffda RBX: 00007f7615db6080 RCX: 00007f7615b8e929 [ 739.524716][T13087] RDX: 0000000000000009 RSI: 000000000000007e RDI: 0000000000000000 [ 739.524731][T13087] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 739.524746][T13087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.524761][T13087] R13: 0000000000000000 R14: 00007f7615db6080 R15: 00007ffd8f35d5d8 [ 739.524791][T13087] [ 740.379602][T13051] __kasan_slab_alloc+0x69/0x90 [ 740.389505][T13051] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 740.405197][T13051] kset_create_and_add+0x4d/0x190 [ 740.428861][T13051] netdev_register_kobject+0x1c8/0x3a0 [ 740.441806][T13051] register_netdevice+0x13dc/0x2270 [ 740.457333][T13051] veth_newlink+0x446/0xa00 [ 740.466390][T13051] rtnl_newlink+0xc42/0x2000 [ 740.480928][T13051] rtnetlink_rcv_msg+0x95e/0xe90 [ 740.493224][T13051] netlink_rcv_skb+0x155/0x420 [ 740.504678][T13051] netlink_unicast+0x58d/0x850 [ 740.516695][T13051] netlink_sendmsg+0x8d1/0xdd0 [ 740.530994][T13051] __sys_sendto+0x4a0/0x520 [ 743.005121][T13106] Process accounting paused [ 744.728295][T13103] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 745.899290][T13128] Process accounting resumed [ 745.993049][T13139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 746.053166][T13139] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 746.224512][T13139] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 746.332471][T13139] page_type: f5(slab) [ 746.355080][T13139] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 746.531430][T13139] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 746.703264][T13139] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 746.828693][T13139] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 746.977223][T13139] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 747.148386][T13139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 747.405013][T13139] page dumped because: unmovable page [ 747.410450][T13139] page_owner tracks the page as allocated [ 747.420899][T13147] Process accounting resumed [ 747.639224][T13139] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 747.974858][T13139] post_alloc_hook+0x1c0/0x230 [ 748.036772][T13139] get_page_from_freelist+0x1321/0x3890 [ 748.088352][T13139] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 748.150563][T13139] alloc_pages_mpol+0x1fb/0x550 [ 748.200587][T13139] new_slab+0x23b/0x330 [ 748.239627][T13139] ___slab_alloc+0xd9c/0x1940 [ 748.275387][T13139] __slab_alloc.constprop.0+0x56/0xb0 [ 748.325057][T13139] __kmalloc_noprof+0x2f2/0x510 [ 748.375690][T13139] __register_sysctl_table+0xb3/0x1900 [ 748.411822][T13173] random: crng reseeded on system resumption [ 748.423946][T13139] __addrconf_sysctl_register+0x1a2/0x360 [ 748.469575][T13139] addrconf_sysctl_register+0x15f/0x1f0 [ 748.504094][T13139] ipv6_add_dev+0xb39/0x15f0 [ 748.522535][T13139] addrconf_notify+0x53e/0x19e0 [ 748.570468][T13139] notifier_call_chain+0xbc/0x410 [ 748.602085][T13139] call_netdevice_notifiers_info+0xbe/0x140 [ 748.657217][T13139] register_netdevice+0x182e/0x2270 [ 748.700427][T13139] page last free pid 5847 tgid 5847 stack trace: [ 748.766154][T13139] __free_frozen_pages+0x7fe/0x1180 [ 748.808121][T13139] __put_partials+0x16d/0x1c0 [ 748.846903][T13139] qlist_free_all+0x4d/0x120 [ 748.889581][T13139] kasan_quarantine_reduce+0x195/0x1e0 [ 748.940830][T13139] __kasan_slab_alloc+0x69/0x90 [ 748.979902][T13139] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 749.028074][T13139] kset_create_and_add+0x4d/0x190 [ 749.073643][T13139] netdev_register_kobject+0x1c8/0x3a0 [ 749.113392][T13139] register_netdevice+0x13dc/0x2270 [ 749.157939][T13139] veth_newlink+0x446/0xa00 [ 749.189592][T13139] rtnl_newlink+0xc42/0x2000 [ 749.218572][T13139] rtnetlink_rcv_msg+0x95e/0xe90 [ 749.252428][T13139] netlink_rcv_skb+0x155/0x420 [ 749.278363][T13139] netlink_unicast+0x58d/0x850 [ 749.320901][T13139] netlink_sendmsg+0x8d1/0xdd0 [ 749.367294][T13139] __sys_sendto+0x4a0/0x520 [ 749.869018][T13184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 749.901493][T13184] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 749.951961][T13184] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 750.000952][T13184] page_type: f5(slab) [ 750.037931][T13184] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 750.119055][T13184] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 750.187113][T13184] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 750.250659][T13184] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 750.327533][T13184] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 750.418022][T13184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 750.496880][T13184] page dumped because: unmovable page [ 750.542184][T13184] page_owner tracks the page as allocated [ 750.691533][T13184] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 750.860935][T13196] FAULT_INJECTION: forcing a failure. [ 750.860935][T13196] name failslab, interval 1, probability 0, space 0, times 0 [ 750.973942][T13184] post_alloc_hook+0x1c0/0x230 [ 750.994148][T13184] get_page_from_freelist+0x1321/0x3890 [ 751.049731][T13196] CPU: 0 UID: 0 PID: 13196 Comm: syz.2.1499 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 751.049773][T13196] Tainted: [U]=USER [ 751.049782][T13196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 751.049797][T13196] Call Trace: [ 751.049806][T13196] [ 751.049816][T13196] dump_stack_lvl+0x16c/0x1f0 [ 751.049858][T13196] should_fail_ex+0x512/0x640 [ 751.049894][T13196] ? __kmalloc_noprof+0xbf/0x510 [ 751.049933][T13196] ? snd_pcm_plugin_build+0x434/0x650 [ 751.049961][T13196] should_failslab+0xc2/0x120 [ 751.049984][T13196] __kmalloc_noprof+0xd2/0x510 [ 751.050021][T13196] ? __mutex_unlock_slowpath+0xe1/0x6a0 [ 751.050063][T13196] snd_pcm_plugin_build+0x434/0x650 [ 751.050095][T13196] snd_pcm_plugin_build_linear+0x29d/0x850 [ 751.050128][T13196] ? wake_up_all_idle_cpus+0x165/0x1e0 [ 751.050169][T13196] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 751.050205][T13196] ? snd_pcm_hw_params+0xcd/0x1b40 [ 751.050239][T13196] snd_pcm_plug_format_plugins+0x7f8/0x1430 [ 751.050273][T13196] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 751.050308][T13196] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 751.050344][T13196] snd_pcm_oss_change_params_locked+0x2dec/0x3a30 [ 751.050385][T13196] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 751.050442][T13196] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 751.050475][T13196] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 751.050504][T13196] ? hook_file_ioctl_common+0x145/0x410 [ 751.050532][T13196] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 751.050562][T13196] ? __fget_files+0x20e/0x3c0 [ 751.050600][T13196] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 751.050629][T13196] __x64_sys_ioctl+0x18e/0x210 [ 751.050661][T13196] do_syscall_64+0xcd/0x490 [ 751.050700][T13196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.050725][T13196] RIP: 0033:0x7faf49b8e929 [ 751.050744][T13196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 751.050773][T13196] RSP: 002b:00007faf4aa00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.050796][T13196] RAX: ffffffffffffffda RBX: 00007faf49db6080 RCX: 00007faf49b8e929 [ 751.050812][T13196] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000007 [ 751.050828][T13196] RBP: 00007faf49c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 751.050843][T13196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.050857][T13196] R13: 0000000000000000 R14: 00007faf49db6080 R15: 00007ffc03743048 [ 751.050888][T13196] [ 751.314510][T13184] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 751.320654][T13184] alloc_pages_mpol+0x1fb/0x550 [ 751.325601][T13184] new_slab+0x23b/0x330 [ 751.329786][T13184] ___slab_alloc+0xd9c/0x1940 [ 751.334584][T13184] __slab_alloc.constprop.0+0x56/0xb0 [ 751.339987][T13184] __kmalloc_noprof+0x2f2/0x510 [ 751.344988][T13184] __register_sysctl_table+0xb3/0x1900 [ 751.350486][T13184] __addrconf_sysctl_register+0x1a2/0x360 [ 751.356340][T13184] addrconf_sysctl_register+0x15f/0x1f0 [ 751.361931][T13184] ipv6_add_dev+0xb39/0x15f0 [ 751.366661][T13184] addrconf_notify+0x53e/0x19e0 [ 751.371565][T13184] notifier_call_chain+0xbc/0x410 [ 751.377493][T13184] call_netdevice_notifiers_info+0xbe/0x140 [ 751.384280][T13184] register_netdevice+0x182e/0x2270 [ 751.389572][T13184] page last free pid 5847 tgid 5847 stack trace: [ 751.395948][T13184] __free_frozen_pages+0x7fe/0x1180 [ 751.401237][T13184] __put_partials+0x16d/0x1c0 [ 751.405995][T13184] qlist_free_all+0x4d/0x120 [ 751.410618][T13184] kasan_quarantine_reduce+0x195/0x1e0 [ 751.416194][T13184] __kasan_slab_alloc+0x69/0x90 [ 751.421080][T13184] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 751.426885][T13184] kset_create_and_add+0x4d/0x190 [ 751.431948][T13184] netdev_register_kobject+0x1c8/0x3a0 [ 751.437524][T13184] register_netdevice+0x13dc/0x2270 [ 751.442781][T13184] veth_newlink+0x446/0xa00 [ 751.447310][T13184] rtnl_newlink+0xc42/0x2000 [ 751.452018][T13184] rtnetlink_rcv_msg+0x95e/0xe90 [ 751.457033][T13184] netlink_rcv_skb+0x155/0x420 [ 751.461817][T13184] netlink_unicast+0x58d/0x850 [ 751.466708][T13184] netlink_sendmsg+0x8d1/0xdd0 [ 751.471493][T13184] __sys_sendto+0x4a0/0x520 [ 752.049194][T13213] bridge0: port 3(dummy0) entered blocking state [ 752.084766][T13213] bridge0: port 3(dummy0) entered disabled state [ 752.110550][T13213] dummy0: entered allmulticast mode [ 752.154649][T13213] dummy0: entered promiscuous mode [ 752.206359][T13213] bridge0: port 3(dummy0) entered blocking state [ 752.212882][T13213] bridge0: port 3(dummy0) entered forwarding state [ 753.413349][T13235] FAULT_INJECTION: forcing a failure. [ 753.413349][T13235] name fail_futex, interval 1, probability 0, space 0, times 0 [ 753.501569][T13235] CPU: 0 UID: 0 PID: 13235 Comm: syz.0.1510 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 753.501612][T13235] Tainted: [U]=USER [ 753.501621][T13235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 753.501635][T13235] Call Trace: [ 753.501644][T13235] [ 753.501654][T13235] dump_stack_lvl+0x16c/0x1f0 [ 753.501696][T13235] should_fail_ex+0x512/0x640 [ 753.501736][T13235] get_futex_key+0x1d0/0x1540 [ 753.501769][T13235] ? __pfx_get_futex_key+0x10/0x10 [ 753.501801][T13235] ? __lock_acquire+0xb8a/0x1c90 [ 753.501839][T13235] futex_wake+0xe7/0x4e0 [ 753.501876][T13235] ? __pfx_futex_wake+0x10/0x10 [ 753.501913][T13235] ? __might_fault+0xe3/0x190 [ 753.501948][T13235] ? __might_fault+0xe3/0x190 [ 753.501981][T13235] ? __might_fault+0x13b/0x190 [ 753.502021][T13235] do_futex+0x1e3/0x350 [ 753.502051][T13235] ? __pfx_do_futex+0x10/0x10 [ 753.502081][T13235] ? __do_sys_listmount+0x307/0xec0 [ 753.502117][T13235] __x64_sys_futex+0x1e0/0x4c0 [ 753.502157][T13235] ? __pfx___do_sys_listmount+0x10/0x10 [ 753.502187][T13235] ? __fget_files+0x20e/0x3c0 [ 753.502220][T13235] ? __pfx___x64_sys_futex+0x10/0x10 [ 753.502263][T13235] do_syscall_64+0xcd/0x490 [ 753.502303][T13235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.502328][T13235] RIP: 0033:0x7f7615b8e929 [ 753.502347][T13235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 753.502372][T13235] RSP: 002b:00007f7616a8b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 753.502396][T13235] RAX: ffffffffffffffda RBX: 00007f7615db5fa8 RCX: 00007f7615b8e929 [ 753.502413][T13235] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7615db5fac [ 753.502428][T13235] RBP: 00007f7615db5fa0 R08: 00007f7616a8c000 R09: 0000000000000000 [ 753.502444][T13235] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f7615db5fac [ 753.502460][T13235] R13: 0000000000000000 R14: 00007ffd8f35d4f0 R15: 00007ffd8f35d5d8 [ 753.502489][T13235] [ 754.796316][T13255] FAULT_INJECTION: forcing a failure. [ 754.796316][T13255] name failslab, interval 1, probability 0, space 0, times 0 [ 754.855130][T13255] CPU: 0 UID: 0 PID: 13255 Comm: syz.3.1517 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 754.855170][T13255] Tainted: [U]=USER [ 754.855177][T13255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 754.855210][T13255] Call Trace: [ 754.855218][T13255] [ 754.855227][T13255] dump_stack_lvl+0x16c/0x1f0 [ 754.855267][T13255] should_fail_ex+0x512/0x640 [ 754.855302][T13255] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 754.855342][T13255] should_failslab+0xc2/0x120 [ 754.855364][T13255] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 754.855401][T13255] ? __d_alloc+0x31/0xaa0 [ 754.855440][T13255] __d_alloc+0x31/0xaa0 [ 754.855479][T13255] __d_obtain_alias+0x119/0x6e0 [ 754.855504][T13255] ? _raw_spin_unlock+0x28/0x50 [ 754.855536][T13255] kernfs_fh_to_dentry+0x106/0x250 [ 754.855566][T13255] exportfs_decode_fh_raw+0x164/0x8b0 [ 754.855600][T13255] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 754.855631][T13255] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 754.855660][T13255] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 754.855728][T13255] do_handle_open+0x75e/0xb70 [ 754.855758][T13255] ? __pfx_do_handle_open+0x10/0x10 [ 754.855784][T13255] ? __x64_sys_futex+0x1e0/0x4c0 [ 754.855819][T13255] ? xfd_validate_state+0x61/0x180 [ 754.855859][T13255] ? do_syscall_64+0xcd/0x490 [ 754.855898][T13255] do_syscall_64+0xcd/0x490 [ 754.855953][T13255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.855978][T13255] RIP: 0033:0x7f5ae6d8e929 [ 754.855998][T13255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 754.856021][T13255] RSP: 002b:00007f5ae7b52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 754.856056][T13255] RAX: ffffffffffffffda RBX: 00007f5ae6fb5fa0 RCX: 00007f5ae6d8e929 [ 754.856077][T13255] RDX: 0000000000000042 RSI: 0000200000000140 RDI: 0000000000000007 [ 754.856094][T13255] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 754.856109][T13255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 754.856124][T13255] R13: 0000000000000000 R14: 00007f5ae6fb5fa0 R15: 00007fff75c110e8 [ 754.856154][T13255] [ 755.323169][T13262] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 756.001057][T13269] FAULT_INJECTION: forcing a failure. [ 756.001057][T13269] name failslab, interval 1, probability 0, space 0, times 0 [ 756.051703][T13269] CPU: 0 UID: 0 PID: 13269 Comm: syz.2.1521 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 756.051747][T13269] Tainted: [U]=USER [ 756.051756][T13269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 756.051771][T13269] Call Trace: [ 756.051779][T13269] [ 756.051789][T13269] dump_stack_lvl+0x16c/0x1f0 [ 756.051831][T13269] should_fail_ex+0x512/0x640 [ 756.051874][T13269] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 756.051915][T13269] should_failslab+0xc2/0x120 [ 756.051939][T13269] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 756.051984][T13269] ? vm_area_dup+0x27/0x8d0 [ 756.052021][T13269] vm_area_dup+0x27/0x8d0 [ 756.052056][T13269] copy_vma+0x4fa/0xaa0 [ 756.052097][T13269] ? __pfx_copy_vma+0x10/0x10 [ 756.052132][T13269] ? lockdep_hardirqs_on+0x7c/0x110 [ 756.052174][T13269] ? __schedule+0x1181/0x5de0 [ 756.052217][T13269] ? __lock_acquire+0x622/0x1c90 [ 756.052260][T13269] copy_vma_and_data+0x1cf/0x750 [ 756.052300][T13269] ? __pfx_copy_vma_and_data+0x10/0x10 [ 756.052343][T13269] ? __vma_enter_locked+0x163/0x3f0 [ 756.052379][T13269] ? find_held_lock+0x2b/0x80 [ 756.052404][T13269] ? move_vma+0x536/0x1740 [ 756.052438][T13269] ? __vm_enough_memory+0x184/0x3f0 [ 756.052469][T13269] move_vma+0x548/0x1740 [ 756.052510][T13269] ? __pfx_move_vma+0x10/0x10 [ 756.052550][T13269] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 756.052579][T13269] ? cap_mmap_addr+0x4b/0x120 [ 756.052601][T13269] ? bpf_lsm_mmap_addr+0x9/0x10 [ 756.052626][T13269] ? security_mmap_addr+0x6c/0x1e0 [ 756.052657][T13269] ? __get_unmapped_area+0x267/0x440 [ 756.052688][T13269] ? vrm_set_new_addr+0x208/0x290 [ 756.052726][T13269] __do_sys_mremap+0xe07/0x1590 [ 756.052766][T13269] ? __pfx___do_sys_mremap+0x10/0x10 [ 756.052811][T13269] ? __do_sys_listmount+0x307/0xec0 [ 756.052847][T13269] ? __x64_sys_futex+0x1e0/0x4c0 [ 756.052902][T13269] do_syscall_64+0xcd/0x490 [ 756.052942][T13269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.052967][T13269] RIP: 0033:0x7faf49b8e929 [ 756.052986][T13269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.053011][T13269] RSP: 002b:00007faf4aa21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 756.053033][T13269] RAX: ffffffffffffffda RBX: 00007faf49db5fa0 RCX: 00007faf49b8e929 [ 756.053049][T13269] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000001000 [ 756.053064][T13269] RBP: 00007faf49c10b39 R08: 0000000100000000 R09: 0000000000000000 [ 756.053080][T13269] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 756.053095][T13269] R13: 0000000000000000 R14: 00007faf49db5fa0 R15: 00007ffc03743048 [ 756.053126][T13269] [ 756.497041][T13267] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1520'. [ 756.507548][T13266] ima: policy update failed [ 756.612362][ T30] audit: type=1802 audit(4294971188.803:11): pid=13266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1520" res=0 errno=0 [ 757.206328][T13268] Process accounting resumed [ 757.394087][T13280] FAULT_INJECTION: forcing a failure. [ 757.394087][T13280] name failslab, interval 1, probability 0, space 0, times 0 [ 757.569784][T13280] CPU: 0 UID: 0 PID: 13280 Comm: syz.0.1523 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 757.569826][T13280] Tainted: [U]=USER [ 757.569833][T13280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 757.569848][T13280] Call Trace: [ 757.569856][T13280] [ 757.569865][T13280] dump_stack_lvl+0x16c/0x1f0 [ 757.569905][T13280] should_fail_ex+0x512/0x640 [ 757.569939][T13280] ? __kmalloc_noprof+0xbf/0x510 [ 757.569977][T13280] ? snd_pcm_plugin_build+0x64/0x650 [ 757.570005][T13280] should_failslab+0xc2/0x120 [ 757.570027][T13280] __kmalloc_noprof+0xd2/0x510 [ 757.570062][T13280] ? __mutex_unlock_slowpath+0xe1/0x6a0 [ 757.570104][T13280] snd_pcm_plugin_build+0x64/0x650 [ 757.570135][T13280] snd_pcm_plugin_build_rate+0x27c/0x760 [ 757.570171][T13280] ? __pfx_snd_pcm_plugin_build_rate+0x10/0x10 [ 757.570211][T13280] ? snd_pcm_hw_params+0xcd/0x1b40 [ 757.570244][T13280] snd_pcm_plug_format_plugins+0x866/0x1430 [ 757.570277][T13280] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 757.570312][T13280] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 757.570347][T13280] snd_pcm_oss_change_params_locked+0x2dec/0x3a30 [ 757.570387][T13280] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 757.570436][T13280] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 757.570467][T13280] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 757.570495][T13280] ? hook_file_ioctl_common+0x145/0x410 [ 757.570522][T13280] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 757.570551][T13280] ? __fget_files+0x20e/0x3c0 [ 757.570587][T13280] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 757.570615][T13280] __x64_sys_ioctl+0x18e/0x210 [ 757.570645][T13280] do_syscall_64+0xcd/0x490 [ 757.570691][T13280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.570734][T13280] RIP: 0033:0x7f7615b8e929 [ 757.570754][T13280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.570778][T13280] RSP: 002b:00007f7616a6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 757.570801][T13280] RAX: ffffffffffffffda RBX: 00007f7615db6080 RCX: 00007f7615b8e929 [ 757.570817][T13280] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000007 [ 757.570832][T13280] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 757.570847][T13280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.570862][T13280] R13: 0000000000000000 R14: 00007f7615db6080 R15: 00007ffd8f35d5d8 [ 757.570892][T13280] [ 758.047385][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 758.053785][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 759.434710][T13319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 759.467086][T13319] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 759.529739][T13319] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 759.634182][T13319] page_type: f5(slab) [ 759.681901][T13319] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 759.776445][T13319] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 759.884364][T13319] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 759.983680][T13319] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 760.091957][T13319] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 760.244534][T13319] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 760.372387][T13319] page dumped because: unmovable page [ 760.441761][T13319] page_owner tracks the page as allocated [ 760.501121][T13319] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 760.551258][T13341] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1537'. [ 760.647409][T13319] post_alloc_hook+0x1c0/0x230 [ 760.683925][T13319] get_page_from_freelist+0x1321/0x3890 [ 760.763320][T13319] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 760.803421][T13319] alloc_pages_mpol+0x1fb/0x550 [ 760.826004][T13319] new_slab+0x23b/0x330 [ 760.846006][T13319] ___slab_alloc+0xd9c/0x1940 [ 760.875058][T13319] __slab_alloc.constprop.0+0x56/0xb0 [ 760.905384][T13319] __kmalloc_noprof+0x2f2/0x510 [ 760.924327][T13319] __register_sysctl_table+0xb3/0x1900 [ 760.942493][T13319] __addrconf_sysctl_register+0x1a2/0x360 [ 760.955572][T13319] addrconf_sysctl_register+0x15f/0x1f0 [ 760.970091][T13319] ipv6_add_dev+0xb39/0x15f0 [ 760.982849][T13319] addrconf_notify+0x53e/0x19e0 [ 761.005380][T13319] notifier_call_chain+0xbc/0x410 [ 761.026117][T13319] call_netdevice_notifiers_info+0xbe/0x140 [ 761.035080][T13348] FAULT_INJECTION: forcing a failure. [ 761.035080][T13348] name failslab, interval 1, probability 0, space 0, times 0 [ 761.057652][T13319] register_netdevice+0x182e/0x2270 [ 761.067434][T13319] page last free pid 5847 tgid 5847 stack trace: [ 761.080281][T13348] CPU: 0 UID: 0 PID: 13348 Comm: syz.3.1539 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 761.080329][T13348] Tainted: [U]=USER [ 761.080337][T13348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 761.080352][T13348] Call Trace: [ 761.080360][T13348] [ 761.080370][T13348] dump_stack_lvl+0x16c/0x1f0 [ 761.080412][T13348] should_fail_ex+0x512/0x640 [ 761.080448][T13348] ? __kmalloc_noprof+0xbf/0x510 [ 761.080487][T13348] ? snd_pcm_plugin_build+0x434/0x650 [ 761.080515][T13348] should_failslab+0xc2/0x120 [ 761.080538][T13348] __kmalloc_noprof+0xd2/0x510 [ 761.080574][T13348] ? __mutex_unlock_slowpath+0xe1/0x6a0 [ 761.080616][T13348] snd_pcm_plugin_build+0x434/0x650 [ 761.080654][T13348] snd_pcm_plugin_build_linear+0x29d/0x850 [ 761.080690][T13348] ? wake_up_all_idle_cpus+0x165/0x1e0 [ 761.080731][T13348] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 761.080768][T13348] ? snd_pcm_hw_params+0xcd/0x1b40 [ 761.080802][T13348] snd_pcm_plug_format_plugins+0x7f8/0x1430 [ 761.080836][T13348] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 761.080871][T13348] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 761.080907][T13348] snd_pcm_oss_change_params_locked+0x2dec/0x3a30 [ 761.080948][T13348] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 761.080999][T13348] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 761.081031][T13348] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 761.081060][T13348] ? hook_file_ioctl_common+0x145/0x410 [ 761.081088][T13348] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 761.081119][T13348] ? __fget_files+0x20e/0x3c0 [ 761.081156][T13348] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 761.081185][T13348] __x64_sys_ioctl+0x18e/0x210 [ 761.081216][T13348] do_syscall_64+0xcd/0x490 [ 761.081255][T13348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.081280][T13348] RIP: 0033:0x7f5ae6d8e929 [ 761.081304][T13348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.081328][T13348] RSP: 002b:00007f5ae7b31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.081351][T13348] RAX: ffffffffffffffda RBX: 00007f5ae6fb6080 RCX: 00007f5ae6d8e929 [ 761.081368][T13348] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000007 [ 761.081383][T13348] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 761.081398][T13348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.081413][T13348] R13: 0000000000000000 R14: 00007f5ae6fb6080 R15: 00007fff75c110e8 [ 761.081444][T13348] [ 761.086986][T13319] __free_frozen_pages+0x7fe/0x1180 [ 761.679461][T13319] __put_partials+0x16d/0x1c0 [ 761.690292][T13319] qlist_free_all+0x4d/0x120 [ 761.702718][T13319] kasan_quarantine_reduce+0x195/0x1e0 [ 761.716380][T13319] __kasan_slab_alloc+0x69/0x90 [ 761.731436][T13319] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 761.745455][T13319] kset_create_and_add+0x4d/0x190 [ 761.759645][T13319] netdev_register_kobject+0x1c8/0x3a0 [ 761.775696][T13319] register_netdevice+0x13dc/0x2270 [ 761.787321][T13319] veth_newlink+0x446/0xa00 [ 761.792000][T13319] rtnl_newlink+0xc42/0x2000 [ 761.814246][T13319] rtnetlink_rcv_msg+0x95e/0xe90 [ 761.822515][T13319] netlink_rcv_skb+0x155/0x420 [ 761.839532][T13319] netlink_unicast+0x58d/0x850 [ 761.847863][T13319] netlink_sendmsg+0x8d1/0xdd0 [ 761.864860][T13319] __sys_sendto+0x4a0/0x520 [ 763.349190][ T30] audit: type=1800 audit(4294971195.637:12): pid=13374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1544" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 763.946290][T13369] kexec: Could not allocate control_code_buffer [ 765.235198][T13395] mkiss: ax0: crc mode is auto. [ 765.842478][ T30] audit: type=1800 audit(4294971198.128:13): pid=13394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1549" name="dbroot" dev="configfs" ino=39840 res=0 errno=0 [ 766.960306][T13413] zram: Removed device: zram0 [ 767.088331][T13414] FAULT_INJECTION: forcing a failure. [ 767.088331][T13414] name failslab, interval 1, probability 0, space 0, times 0 [ 767.181386][T13414] CPU: 0 UID: 0 PID: 13414 Comm: syz.1.1551 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 767.181428][T13414] Tainted: [U]=USER [ 767.181437][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 767.181452][T13414] Call Trace: [ 767.181461][T13414] [ 767.181471][T13414] dump_stack_lvl+0x16c/0x1f0 [ 767.181512][T13414] should_fail_ex+0x512/0x640 [ 767.181547][T13414] ? __kmalloc_noprof+0xbf/0x510 [ 767.181593][T13414] ? snd_pcm_plugin_build+0x434/0x650 [ 767.181622][T13414] should_failslab+0xc2/0x120 [ 767.181645][T13414] __kmalloc_noprof+0xd2/0x510 [ 767.181682][T13414] ? __mutex_unlock_slowpath+0xe1/0x6a0 [ 767.181724][T13414] snd_pcm_plugin_build+0x434/0x650 [ 767.181756][T13414] snd_pcm_plugin_build_linear+0x29d/0x850 [ 767.181794][T13414] ? wake_up_all_idle_cpus+0x165/0x1e0 [ 767.181834][T13414] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 767.181871][T13414] ? snd_pcm_hw_params+0xcd/0x1b40 [ 767.181905][T13414] snd_pcm_plug_format_plugins+0x7f8/0x1430 [ 767.181951][T13414] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 767.181984][T13414] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 767.182019][T13414] snd_pcm_oss_change_params_locked+0x2dec/0x3a30 [ 767.182059][T13414] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 767.182108][T13414] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 767.182139][T13414] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 767.182166][T13414] ? hook_file_ioctl_common+0x145/0x410 [ 767.182193][T13414] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 767.182222][T13414] ? __fget_files+0x20e/0x3c0 [ 767.182258][T13414] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 767.182286][T13414] __x64_sys_ioctl+0x18e/0x210 [ 767.182317][T13414] do_syscall_64+0xcd/0x490 [ 767.182355][T13414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 767.182379][T13414] RIP: 0033:0x7f585ed8e929 [ 767.182397][T13414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 767.182420][T13414] RSP: 002b:00007f585fbdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 767.182442][T13414] RAX: ffffffffffffffda RBX: 00007f585efb6080 RCX: 00007f585ed8e929 [ 767.182458][T13414] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000007 [ 767.182473][T13414] RBP: 00007f585ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 767.182487][T13414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 767.182501][T13414] R13: 0000000000000000 R14: 00007f585efb6080 R15: 00007ffd51dfe718 [ 767.182530][T13414] [ 767.944510][T13424] FAULT_INJECTION: forcing a failure. [ 767.944510][T13424] name failslab, interval 1, probability 0, space 0, times 0 [ 767.994344][T13424] CPU: 0 UID: 0 PID: 13424 Comm: syz.3.1555 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 767.994387][T13424] Tainted: [U]=USER [ 767.994395][T13424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 767.994411][T13424] Call Trace: [ 767.994419][T13424] [ 767.994429][T13424] dump_stack_lvl+0x16c/0x1f0 [ 767.994472][T13424] should_fail_ex+0x512/0x640 [ 767.994518][T13424] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 767.994561][T13424] should_failslab+0xc2/0x120 [ 767.994585][T13424] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 767.994624][T13424] ? sock_alloc_inode+0x25/0x1c0 [ 767.994653][T13424] ? __pfx_sock_alloc_inode+0x10/0x10 [ 767.994677][T13424] sock_alloc_inode+0x25/0x1c0 [ 767.994700][T13424] alloc_inode+0x61/0x240 [ 767.994726][T13424] sock_alloc+0x40/0x280 [ 767.994748][T13424] __sock_create+0xc1/0x8d0 [ 767.994781][T13424] __sys_socket+0x14d/0x260 [ 767.994809][T13424] ? __pfx___sys_socket+0x10/0x10 [ 767.994837][T13424] ? xfd_validate_state+0x61/0x180 [ 767.994869][T13424] ? __pfx_do_writev+0x10/0x10 [ 767.994908][T13424] __x64_sys_socket+0x72/0xb0 [ 767.994935][T13424] ? lockdep_hardirqs_on+0x7c/0x110 [ 767.994969][T13424] do_syscall_64+0xcd/0x490 [ 767.995008][T13424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 767.995033][T13424] RIP: 0033:0x7f5ae6d8e929 [ 767.995052][T13424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 767.995076][T13424] RSP: 002b:00007f5ae7b31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 767.995099][T13424] RAX: ffffffffffffffda RBX: 00007f5ae6fb6080 RCX: 00007f5ae6d8e929 [ 767.995115][T13424] RDX: 0000000000000004 RSI: 0000000000000002 RDI: 0000000000000010 [ 767.995130][T13424] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 767.995145][T13424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 767.995159][T13424] R13: 0000000000000000 R14: 00007f5ae6fb6080 R15: 00007fff75c110e8 [ 767.995189][T13424] [ 767.995221][T13424] socket: no more sockets [ 768.995271][T13422] lo: entered allmulticast mode [ 769.040152][T13422] lo: left allmulticast mode [ 770.975138][T13458] FAULT_INJECTION: forcing a failure. [ 770.975138][T13458] name failslab, interval 1, probability 0, space 0, times 0 [ 771.044513][T13458] CPU: 0 UID: 0 PID: 13458 Comm: syz.3.1564 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 771.044557][T13458] Tainted: [U]=USER [ 771.044565][T13458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 771.044580][T13458] Call Trace: [ 771.044589][T13458] [ 771.044598][T13458] dump_stack_lvl+0x16c/0x1f0 [ 771.044639][T13458] should_fail_ex+0x512/0x640 [ 771.044675][T13458] ? __kmalloc_noprof+0xbf/0x510 [ 771.044714][T13458] ? rfkill_alloc+0xac/0x330 [ 771.044737][T13458] should_failslab+0xc2/0x120 [ 771.044761][T13458] __kmalloc_noprof+0xd2/0x510 [ 771.044803][T13458] rfkill_alloc+0xac/0x330 [ 771.044833][T13458] nfc_register_device+0xe8/0x3c0 [ 771.044875][T13458] nci_register_device+0x7f1/0xb80 [ 771.044909][T13458] ? __pfx_nci_register_device+0x10/0x10 [ 771.044946][T13458] ? lockdep_init_map_type+0x5c/0x280 [ 771.044987][T13458] virtual_ncidev_open+0x141/0x220 [ 771.045019][T13458] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 771.045049][T13458] misc_open+0x35a/0x420 [ 771.045080][T13458] ? __pfx_misc_open+0x10/0x10 [ 771.045109][T13458] chrdev_open+0x234/0x6a0 [ 771.045173][T13458] ? __pfx_apparmor_file_open+0x10/0x10 [ 771.045206][T13458] ? __pfx_chrdev_open+0x10/0x10 [ 771.045251][T13458] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 771.045290][T13458] do_dentry_open+0x741/0x1c10 [ 771.045328][T13458] ? __pfx_chrdev_open+0x10/0x10 [ 771.045372][T13458] vfs_open+0x82/0x3f0 [ 771.045402][T13458] path_openat+0x1de4/0x2cb0 [ 771.045447][T13458] ? __pfx_path_openat+0x10/0x10 [ 771.045485][T13458] ? __lock_acquire+0xb8a/0x1c90 [ 771.045521][T13458] do_filp_open+0x20b/0x470 [ 771.045557][T13458] ? __pfx_do_filp_open+0x10/0x10 [ 771.045614][T13458] ? alloc_fd+0x471/0x7d0 [ 771.045655][T13458] do_sys_openat2+0x11b/0x1d0 [ 771.045682][T13458] ? __pfx_do_sys_openat2+0x10/0x10 [ 771.045721][T13458] __x64_sys_openat+0x174/0x210 [ 771.045749][T13458] ? __pfx___x64_sys_openat+0x10/0x10 [ 771.045790][T13458] do_syscall_64+0xcd/0x490 [ 771.045829][T13458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.045854][T13458] RIP: 0033:0x7f5ae6d8e929 [ 771.045873][T13458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.045896][T13458] RSP: 002b:00007f5ae7b52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 771.045919][T13458] RAX: ffffffffffffffda RBX: 00007f5ae6fb5fa0 RCX: 00007f5ae6d8e929 [ 771.045935][T13458] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 771.045951][T13458] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 771.045966][T13458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.045980][T13458] R13: 0000000000000000 R14: 00007f5ae6fb5fa0 R15: 00007fff75c110e8 [ 771.046010][T13458] [ 771.301691][T13457] can0: slcan on pty233. [ 771.444581][T13466] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1565'. [ 771.477674][T13466] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.595282][T13466] bridge_slave_1 (unregistering): left allmulticast mode [ 771.595340][T13466] bridge_slave_1 (unregistering): left promiscuous mode [ 771.595411][T13466] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.841564][T13450] can0 (unregistered): slcan off pty233. [ 773.310222][T13482] tty tty17: ldisc open failed (-12), clearing slot 16 [ 773.349238][T13480] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 773.593778][T13480] Process accounting resumed [ 773.806581][T13502] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1570'. [ 775.604679][T13522] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 776.027761][T13531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 776.092502][T13531] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 776.158877][T13531] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 776.197211][T13531] page_type: f5(slab) [ 776.263322][T13531] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 776.332848][T10966] Process accounting paused [ 776.394998][T13531] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 776.546366][T13531] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 776.677366][T13545] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1579'. [ 776.710527][T13531] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 776.817216][T13531] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 776.859425][T13554] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 776.866521][T13554] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 776.916514][T13531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 777.055459][T13531] page dumped because: unmovable page [ 777.102728][T13531] page_owner tracks the page as allocated [ 777.108514][T13531] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 777.224031][T13531] post_alloc_hook+0x1c0/0x230 [ 777.236548][T13531] get_page_from_freelist+0x1321/0x3890 [ 777.257226][T13531] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 777.278618][T13531] alloc_pages_mpol+0x1fb/0x550 [ 777.292235][T13531] new_slab+0x23b/0x330 [ 777.323717][T13531] ___slab_alloc+0xd9c/0x1940 [ 777.335806][T13531] __slab_alloc.constprop.0+0x56/0xb0 [ 777.350129][T13531] __kmalloc_noprof+0x2f2/0x510 [ 777.361875][T13531] __register_sysctl_table+0xb3/0x1900 [ 777.376341][T13531] __addrconf_sysctl_register+0x1a2/0x360 [ 777.410480][T13531] addrconf_sysctl_register+0x15f/0x1f0 [ 777.421366][T13531] ipv6_add_dev+0xb39/0x15f0 [ 777.426040][T13531] addrconf_notify+0x53e/0x19e0 [ 777.432742][T13531] notifier_call_chain+0xbc/0x410 [ 777.437834][T13531] call_netdevice_notifiers_info+0xbe/0x140 [ 777.445391][T13531] register_netdevice+0x182e/0x2270 [ 777.452174][T13531] page last free pid 5847 tgid 5847 stack trace: [ 777.458717][T13531] __free_frozen_pages+0x7fe/0x1180 [ 777.465539][T13531] __put_partials+0x16d/0x1c0 [ 777.482295][T13531] qlist_free_all+0x4d/0x120 [ 777.487077][T13531] kasan_quarantine_reduce+0x195/0x1e0 [ 777.508880][T13531] __kasan_slab_alloc+0x69/0x90 [ 777.518048][T13531] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 777.536117][T13531] kset_create_and_add+0x4d/0x190 [ 777.546246][T13531] netdev_register_kobject+0x1c8/0x3a0 [ 777.556355][T13531] register_netdevice+0x13dc/0x2270 [ 777.569742][T13531] veth_newlink+0x446/0xa00 [ 777.582671][T13531] rtnl_newlink+0xc42/0x2000 [ 777.592767][T13531] rtnetlink_rcv_msg+0x95e/0xe90 [ 777.609045][T13531] netlink_rcv_skb+0x155/0x420 [ 777.622555][T13531] netlink_unicast+0x58d/0x850 [ 777.633108][T13531] netlink_sendmsg+0x8d1/0xdd0 [ 777.643739][T13531] __sys_sendto+0x4a0/0x520 [ 777.672609][T13545] hsr_slave_0 (unregistering): left promiscuous mode [ 778.227072][ T5864] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 778.227108][ T5864] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 778.243598][ T5864] Bluetooth: hci1: Dropping invalid advertising data [ 778.251192][ T5864] Bluetooth: hci1: Dropping invalid advertising data [ 778.260163][ T5864] Bluetooth: hci1: Dropping invalid advertising data [ 778.266878][ T5864] Bluetooth: hci1: Malformed LE Event: 0x02 [ 778.498265][T13577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 778.533257][T13577] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 778.573045][T13577] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 778.616199][T13577] page_type: f5(slab) [ 778.645795][T13577] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 778.696663][T13577] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 778.772858][T13570] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 778.790996][T13570] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 778.828922][T13570] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 778.834997][T13577] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 778.869870][T13570] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 778.902364][T13577] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 778.978799][T13577] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 779.050717][T13570] Process accounting paused [ 779.077030][T13577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 779.164887][T13577] page dumped because: unmovable page [ 779.240677][T13591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'. [ 779.253836][T13577] page_owner tracks the page as allocated [ 779.283154][T13591] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1588'. [ 779.307384][T13577] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 779.513314][T13577] post_alloc_hook+0x1c0/0x230 [ 779.543128][T13577] get_page_from_freelist+0x1321/0x3890 [ 779.608371][T13577] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 779.659745][T13577] alloc_pages_mpol+0x1fb/0x550 [ 779.790572][T13577] new_slab+0x23b/0x330 [ 779.794846][T13577] ___slab_alloc+0xd9c/0x1940 [ 779.833430][T13577] __slab_alloc.constprop.0+0x56/0xb0 [ 779.859051][T13577] __kmalloc_noprof+0x2f2/0x510 [ 779.878255][T13577] __register_sysctl_table+0xb3/0x1900 [ 779.898723][T13577] __addrconf_sysctl_register+0x1a2/0x360 [ 779.920160][T13577] addrconf_sysctl_register+0x15f/0x1f0 [ 779.925796][T13577] ipv6_add_dev+0xb39/0x15f0 [ 779.962950][T13577] addrconf_notify+0x53e/0x19e0 [ 779.967888][T13577] notifier_call_chain+0xbc/0x410 [ 780.003582][T13577] call_netdevice_notifiers_info+0xbe/0x140 [ 780.019939][T13577] register_netdevice+0x182e/0x2270 [ 780.039913][T13577] page last free pid 5847 tgid 5847 stack trace: [ 780.064605][T13577] __free_frozen_pages+0x7fe/0x1180 [ 780.082287][T13577] __put_partials+0x16d/0x1c0 [ 780.092391][T13577] qlist_free_all+0x4d/0x120 [ 780.097050][T13577] kasan_quarantine_reduce+0x195/0x1e0 [ 780.116899][T13577] __kasan_slab_alloc+0x69/0x90 [ 780.127550][T13577] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 780.153823][T13577] kset_create_and_add+0x4d/0x190 [ 780.173715][T13602] FAULT_INJECTION: forcing a failure. [ 780.173715][T13602] name failslab, interval 1, probability 0, space 0, times 0 [ 780.189012][T13577] netdev_register_kobject+0x1c8/0x3a0 [ 780.204644][T13577] register_netdevice+0x13dc/0x2270 [ 780.224307][T13577] veth_newlink+0x446/0xa00 [ 780.234466][T13602] CPU: 0 UID: 0 PID: 13602 Comm: syz.1.1589 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 780.234507][T13602] Tainted: [U]=USER [ 780.234516][T13602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 780.234530][T13602] Call Trace: [ 780.234538][T13602] [ 780.234548][T13602] dump_stack_lvl+0x16c/0x1f0 [ 780.234587][T13602] should_fail_ex+0x512/0x640 [ 780.234622][T13602] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 780.234657][T13602] should_failslab+0xc2/0x120 [ 780.234680][T13602] __kmalloc_cache_noprof+0x6a/0x3e0 [ 780.234732][T13602] ? mpi_alloc+0x46/0x230 [ 780.234760][T13602] ? mpi_normalize+0xc9/0x100 [ 780.234787][T13602] mpi_alloc+0x46/0x230 [ 780.234815][T13602] rsa_check_payload+0x3b/0xc0 [ 780.234854][T13602] rsa_enc+0x198/0x3b0 [ 780.234892][T13602] ? __pfx_rsa_enc+0x10/0x10 [ 780.234928][T13602] ? __virt_addr_valid+0x81/0x610 [ 780.234954][T13602] ? __phys_addr+0xe8/0x180 [ 780.234980][T13602] ? sg_init_one+0xf5/0x1b0 [ 780.235013][T13602] rsassa_pkcs1_verify+0x4ff/0xb60 [ 780.235049][T13602] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 780.235098][T13602] ? rsa_max_size+0xd/0x70 [ 780.235133][T13602] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 780.235163][T13602] public_key_verify_signature+0x672/0x970 [ 780.235199][T13602] ? __pfx_public_key_verify_signature+0x10/0x10 [ 780.235233][T13602] ? crypto_destroy_tfm+0x14d/0x2b0 [ 780.235280][T13602] pkcs7_verify+0x32f/0x1b20 [ 780.235327][T13602] verify_pkcs7_message_sig+0xdd/0x250 [ 780.235355][T13602] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 780.235382][T13602] ? kfree+0x2b4/0x4d0 [ 780.235409][T13602] ? public_key_signature_free+0xda/0x110 [ 780.235445][T13602] ? pkcs7_parse_message+0x536/0x720 [ 780.235483][T13602] verify_pkcs7_signature+0x6d/0xa0 [ 780.235516][T13602] valid_regdb+0x215/0x590 [ 780.235541][T13602] ? __pfx___mutex_lock+0x10/0x10 [ 780.235580][T13602] ? __pfx_valid_regdb+0x10/0x10 [ 780.235610][T13602] reg_reload_regdb+0x11e/0x460 [ 780.235640][T13602] ? __pfx_reg_reload_regdb+0x10/0x10 [ 780.235669][T13602] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 780.235704][T13602] ? nl80211_pre_doit+0x1b0/0xb10 [ 780.235743][T13602] genl_family_rcv_msg_doit+0x206/0x2f0 [ 780.235776][T13602] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 780.235805][T13602] ? rcu_is_watching+0x12/0xc0 [ 780.235841][T13602] ? bpf_lsm_capable+0x9/0x10 [ 780.235870][T13602] ? security_capable+0x7e/0x260 [ 780.235899][T13602] genl_rcv_msg+0x55c/0x800 [ 780.235932][T13602] ? __pfx_genl_rcv_msg+0x10/0x10 [ 780.235961][T13602] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 780.235995][T13602] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 780.236021][T13602] ? __pfx_nl80211_post_doit+0x10/0x10 [ 780.236067][T13602] netlink_rcv_skb+0x155/0x420 [ 780.236097][T13602] ? __pfx_genl_rcv_msg+0x10/0x10 [ 780.236127][T13602] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 780.236164][T13602] ? netlink_deliver_tap+0x1ae/0xd30 [ 780.236208][T13602] genl_rcv+0x28/0x40 [ 780.236233][T13602] netlink_unicast+0x58d/0x850 [ 780.236262][T13602] ? __pfx_netlink_unicast+0x10/0x10 [ 780.236297][T13602] netlink_sendmsg+0x8d1/0xdd0 [ 780.236326][T13602] ? __pfx_netlink_sendmsg+0x10/0x10 [ 780.236362][T13602] ____sys_sendmsg+0xa95/0xc70 [ 780.236391][T13602] ? copy_msghdr_from_user+0x10a/0x160 [ 780.236427][T13602] ? __pfx_____sys_sendmsg+0x10/0x10 [ 780.236461][T13602] ? __pfx_futex_wake_mark+0x10/0x10 [ 780.236501][T13602] ___sys_sendmsg+0x134/0x1d0 [ 780.236539][T13602] ? __pfx____sys_sendmsg+0x10/0x10 [ 780.236573][T13602] ? __lock_acquire+0x622/0x1c90 [ 780.236653][T13602] __sys_sendmsg+0x16d/0x220 [ 780.236689][T13602] ? __pfx___sys_sendmsg+0x10/0x10 [ 780.236723][T13602] ? __x64_sys_futex+0x1e0/0x4c0 [ 780.236769][T13602] do_syscall_64+0xcd/0x490 [ 780.236807][T13602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.236851][T13602] RIP: 0033:0x7f585ed8e929 [ 780.236871][T13602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 780.236896][T13602] RSP: 002b:00007f585fbdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 780.236919][T13602] RAX: ffffffffffffffda RBX: 00007f585efb6080 RCX: 00007f585ed8e929 [ 780.236935][T13602] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007 [ 780.236951][T13602] RBP: 00007f585ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 780.236966][T13602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.236981][T13602] R13: 0000000000000000 R14: 00007f585efb6080 R15: 00007ffd51dfe718 [ 780.237011][T13602] [ 780.682010][T13577] rtnl_newlink+0xc42/0x2000 [ 780.686683][T13577] rtnetlink_rcv_msg+0x95e/0xe90 [ 780.691709][T13577] netlink_rcv_skb+0x155/0x420 [ 780.696586][T13577] netlink_unicast+0x58d/0x850 [ 780.701465][T13577] netlink_sendmsg+0x8d1/0xdd0 [ 780.706707][T13577] __sys_sendto+0x4a0/0x520 [ 780.783395][ T5864] Bluetooth: hci0: command 0x0406 tx timeout [ 780.984154][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 780.990283][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 780.996357][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 781.827860][T13611] FAULT_INJECTION: forcing a failure. [ 781.827860][T13611] name failslab, interval 1, probability 0, space 0, times 0 [ 781.840961][T13611] CPU: 0 UID: 0 PID: 13611 Comm: syz.0.1592 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 781.841006][T13611] Tainted: [U]=USER [ 781.841014][T13611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 781.841030][T13611] Call Trace: [ 781.841039][T13611] [ 781.841049][T13611] dump_stack_lvl+0x16c/0x1f0 [ 781.841089][T13611] should_fail_ex+0x512/0x640 [ 781.841131][T13611] should_failslab+0xc2/0x120 [ 781.841158][T13611] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 781.841197][T13611] ? __alloc_skb+0x2b2/0x380 [ 781.841236][T13611] __alloc_skb+0x2b2/0x380 [ 781.841269][T13611] ? __pfx___alloc_skb+0x10/0x10 [ 781.841302][T13611] ? skb_checksum+0x81f/0x980 [ 781.841341][T13611] skb_segment+0x971/0x3e20 [ 781.841395][T13611] __udp_gso_segment+0xef4/0x2a70 [ 781.841427][T13611] ? __pfx_sock_wfree+0x10/0x10 [ 781.841471][T13611] udp4_ufo_fragment+0x51a/0x710 [ 781.841506][T13611] ? __pfx_udp4_ufo_fragment+0x10/0x10 [ 781.841538][T13611] inet_gso_segment+0x570/0x1330 [ 781.841579][T13611] ipip_gso_segment+0xc2/0xf0 [ 781.841610][T13611] ? __pfx_ipip_gso_segment+0x10/0x10 [ 781.841641][T13611] inet_gso_segment+0x570/0x1330 [ 781.841682][T13611] skb_mac_gso_segment+0x2a8/0x650 [ 781.841723][T13611] ? __pfx_inet_gso_segment+0x10/0x10 [ 781.841755][T13611] ? __pfx_skb_mac_gso_segment+0x10/0x10 [ 781.841804][T13611] __skb_gso_segment+0x36e/0x700 [ 781.841848][T13611] validate_xmit_skb+0x662/0x1200 [ 781.841891][T13611] __dev_queue_xmit+0x71b/0x43e0 [ 781.841931][T13611] ? ipt_do_table+0xd78/0x1ae0 [ 781.841963][T13611] ? __pfx___dev_queue_xmit+0x10/0x10 [ 781.842011][T13611] ? lockdep_unlock+0x64/0xe0 [ 781.842036][T13611] ? __lock_acquire+0x1053/0x1c90 [ 781.842082][T13611] ? lock_acquire+0x179/0x350 [ 781.842115][T13611] ? find_held_lock+0x2b/0x80 [ 781.842149][T13611] ip_finish_output2+0xc38/0x21a0 [ 781.842178][T13611] ? ip_skb_dst_mtu+0x463/0xe90 [ 781.842207][T13611] ? __pfx_ip_finish_output2+0x10/0x10 [ 781.842233][T13611] ? ip_skb_dst_mtu+0x496/0xe90 [ 781.842257][T13611] ? skb_gso_transport_seglen+0x1a5/0x3b0 [ 781.842305][T13611] __ip_finish_output+0x49e/0x950 [ 781.842335][T13611] ip_finish_output+0x35/0x380 [ 781.842365][T13611] ip_output+0x13b/0x2a0 [ 781.842388][T13611] ? __pfx_ip_output+0x10/0x10 [ 781.842415][T13611] ip_local_out+0x33e/0x4a0 [ 781.842445][T13611] iptunnel_xmit+0x5d5/0xa00 [ 781.842487][T13611] ip_tunnel_xmit+0x1fcd/0x37b0 [ 781.842532][T13611] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 781.842562][T13611] ? skb_network_protocol+0x126/0x6d0 [ 781.842601][T13611] ? trace_fib_table_lookup+0x19f/0x220 [ 781.842645][T13611] ipip_tunnel_xmit+0x3d2/0x4d0 [ 781.842679][T13611] dev_hard_start_xmit+0x97/0x740 [ 781.842716][T13611] __dev_queue_xmit+0x7eb/0x43e0 [ 781.842760][T13611] ? __pfx___dev_queue_xmit+0x10/0x10 [ 781.842789][T13611] ? look_up_lock_class+0x6b/0x150 [ 781.842828][T13611] ? arp_constructor+0x3ab/0xdc0 [ 781.842867][T13611] ? __lock_acquire+0xb8a/0x1c90 [ 781.842905][T13611] ? ___neigh_create+0x1945/0x28c0 [ 781.842940][T13611] ? find_held_lock+0x2b/0x80 [ 781.842973][T13611] neigh_connected_output+0x3da/0x620 [ 781.843032][T13611] ip_finish_output2+0x7f5/0x21a0 [ 781.843059][T13611] ? ip_skb_dst_mtu+0x487/0xe90 [ 781.843089][T13611] ? __pfx_ip_finish_output2+0x10/0x10 [ 781.843114][T13611] ? ip_skb_dst_mtu+0x496/0xe90 [ 781.843139][T13611] ? skb_gso_transport_seglen+0x1a5/0x3b0 [ 781.843186][T13611] __ip_finish_output+0x49e/0x950 [ 781.843216][T13611] ip_finish_output+0x35/0x380 [ 781.843245][T13611] ip_output+0x13b/0x2a0 [ 781.843269][T13611] ? __pfx_ip_output+0x10/0x10 [ 781.843296][T13611] ip_send_skb+0x3e8/0x560 [ 781.843326][T13611] udp_send_skb+0x71d/0x15b0 [ 781.843360][T13611] udp_sendmsg+0x18f0/0x29f0 [ 781.843389][T13611] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 781.843420][T13611] ? __pfx_udp_sendmsg+0x10/0x10 [ 781.843446][T13611] ? psi_task_switch+0x2c1/0x8e0 [ 781.843488][T13611] ? __lock_acquire+0xb8a/0x1c90 [ 781.843521][T13611] ? __pfx___might_resched+0x10/0x10 [ 781.843555][T13611] ? aa_sk_perm+0x2f4/0xb10 [ 781.843588][T13611] ? __import_iovec+0x1dd/0x650 [ 781.843610][T13611] ? __might_fault+0xe3/0x190 [ 781.843644][T13611] ? __might_fault+0x13b/0x190 [ 781.843680][T13611] ? __pfx_udp_sendmsg+0x10/0x10 [ 781.843706][T13611] inet_sendmsg+0x105/0x140 [ 781.843739][T13611] ____sys_sendmsg+0x973/0xc70 [ 781.843771][T13611] ? copy_msghdr_from_user+0x10a/0x160 [ 781.843809][T13611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 781.843839][T13611] ? find_held_lock+0x2b/0x80 [ 781.843865][T13611] ? futex_unqueue+0x133/0x2c0 [ 781.843917][T13611] ___sys_sendmsg+0x134/0x1d0 [ 781.843957][T13611] ? __pfx____sys_sendmsg+0x10/0x10 [ 781.844016][T13611] ? find_held_lock+0x2b/0x80 [ 781.844061][T13611] __sys_sendmmsg+0x200/0x420 [ 781.844102][T13611] ? __pfx___sys_sendmmsg+0x10/0x10 [ 781.844136][T13611] ? __local_bh_enable_ip+0xa4/0x120 [ 781.844174][T13611] ? __pfx_do_futex+0x10/0x10 [ 781.844203][T13611] ? fput+0x70/0xf0 [ 781.844241][T13611] ? xfd_validate_state+0x61/0x180 [ 781.844273][T13611] ? __sys_setsockopt+0x140/0x1a0 [ 781.844312][T13611] __x64_sys_sendmmsg+0x9c/0x100 [ 781.844348][T13611] ? lockdep_hardirqs_on+0x7c/0x110 [ 781.844382][T13611] do_syscall_64+0xcd/0x490 [ 781.844421][T13611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.844446][T13611] RIP: 0033:0x7f7615b8e929 [ 781.844466][T13611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 781.844491][T13611] RSP: 002b:00007f7616a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 781.844514][T13611] RAX: ffffffffffffffda RBX: 00007f7615db5fa0 RCX: 00007f7615b8e929 [ 781.844530][T13611] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 781.844545][T13611] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 781.844561][T13611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 781.844576][T13611] R13: 0000000000000000 R14: 00007f7615db5fa0 R15: 00007ffd8f35d5d8 [ 781.844607][T13611] [ 782.849474][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1596'. [ 783.961475][T13637] syz.2.1599: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 784.144111][T13637] CPU: 0 UID: 0 PID: 13637 Comm: syz.2.1599 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 784.144157][T13637] Tainted: [U]=USER [ 784.144166][T13637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 784.144181][T13637] Call Trace: [ 784.144189][T13637] [ 784.144199][T13637] dump_stack_lvl+0x16c/0x1f0 [ 784.144242][T13637] warn_alloc+0x248/0x3a0 [ 784.144280][T13637] ? __pfx_warn_alloc+0x10/0x10 [ 784.144319][T13637] ? alloc_pages_mpol+0x25a/0x550 [ 784.144343][T13637] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 784.144378][T13637] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 784.144419][T13637] ? kernel_clone+0xfc/0x960 [ 784.144458][T13637] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 784.144500][T13637] ? kernel_clone+0xfc/0x960 [ 784.144529][T13637] __vmalloc_node_noprof+0xad/0xf0 [ 784.144560][T13637] ? kernel_clone+0xfc/0x960 [ 784.144593][T13637] copy_process+0x2c70/0x7650 [ 784.144624][T13637] ? __pfx___futex_wait+0x10/0x10 [ 784.144660][T13637] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 784.144715][T13637] ? __pfx_copy_process+0x10/0x10 [ 784.144747][T13637] ? find_held_lock+0x2b/0x80 [ 784.144784][T13637] kernel_clone+0xfc/0x960 [ 784.144817][T13637] ? __pfx_kernel_clone+0x10/0x10 [ 784.144865][T13637] __do_sys_clone+0xce/0x120 [ 784.144896][T13637] ? __pfx___do_sys_clone+0x10/0x10 [ 784.144941][T13637] ? xfd_validate_state+0x61/0x180 [ 784.144984][T13637] do_syscall_64+0xcd/0x490 [ 784.145023][T13637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.145047][T13637] RIP: 0033:0x7faf49b8e929 [ 784.145066][T13637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.145094][T13637] RSP: 002b:00007faf4aa00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 784.145117][T13637] RAX: ffffffffffffffda RBX: 00007faf49db6080 RCX: 00007faf49b8e929 [ 784.145134][T13637] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000001 [ 784.145149][T13637] RBP: 00007faf49c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 784.145164][T13637] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000000 [ 784.145184][T13637] R13: 0000000000000000 R14: 00007faf49db6080 R15: 00007ffc03743048 [ 784.145217][T13637] [ 784.658163][T13637] Mem-Info: [ 784.661364][T13637] active_anon:6390 inactive_anon:6500 isolated_anon:0 [ 784.661364][T13637] active_file:24330 inactive_file:36836 isolated_file:0 [ 784.661364][T13637] unevictable:768 dirty:290 writeback:0 [ 784.661364][T13637] slab_reclaimable:10844 slab_unreclaimable:95761 [ 784.661364][T13637] mapped:26442 shmem:5039 pagetables:1612 [ 784.661364][T13637] sec_pagetables:0 bounce:0 [ 784.661364][T13637] kernel_misc_reclaimable:0 [ 784.661364][T13637] free:1053211 free_pcp:6809 free_cma:0 [ 784.726976][T13645] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1601'. [ 784.836526][T13637] Node 0 active_anon:25560kB inactive_anon:26104kB active_file:97276kB inactive_file:147248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105728kB dirty:1316kB writeback:0kB shmem:18620kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10928kB pagetables:5844kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 785.042161][T13637] Node 1 active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 785.144719][T13637] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 785.211900][T13637] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 785.231762][T13637] Node 0 DMA32 free:1334696kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25512kB inactive_anon:30512kB active_file:96032kB inactive_file:147176kB unevictable:1536kB writepending:1368kB present:3129332kB managed:2540344kB mlocked:0kB bounce:0kB free_pcp:22556kB local_pcp:22556kB free_cma:0kB [ 785.313517][T13654] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.1604'. [ 785.440575][T13637] lowmem_reserve[]: 0 0 1 1 1 [ 785.489699][T13637] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:1244kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 785.741876][T13637] lowmem_reserve[]: 0 0 0 0 0 [ 785.764214][T13660] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 785.767764][T13660] ima: policy update failed [ 785.795542][T13637] Node 1 Normal free:2862780kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:916kB local_pcp:916kB free_cma:0kB [ 785.844676][ T30] audit: type=1802 audit(4294971218.138:14): pid=13660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1607" res=0 errno=0 [ 785.929369][T13637] lowmem_reserve[]: 0 0 0 0 0 [ 785.984767][T13637] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 786.092538][T13637] Node 0 DMA32: 2*4kB (UE) 8*8kB (UE) 193*16kB (UME) 785*32kB (UME) 814*64kB (UME) 211*128kB (UME) 139*256kB (UM) 85*512kB (UM) 29*1024kB (UME) 10*2048kB (UM) 267*4096kB (UM) = 1330296kB [ 786.140065][T13637] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 786.217605][T13637] Node 1 Normal: 233*4kB (UE) 51*8kB (UE) 36*16kB (UE) 222*32kB (UE) 112*64kB (UME) 31*128kB (UE) 20*256kB (UM) 6*512kB (UM) 4*1024kB (UME) 4*2048kB (UME) 689*4096kB (UM) = 2862780kB [ 786.325878][T13637] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 786.373634][T13637] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 786.424651][T13637] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=1048576kB [ 786.506645][T13637] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 786.518566][T13668] FAULT_INJECTION: forcing a failure. [ 786.518566][T13668] name failslab, interval 1, probability 0, space 0, times 0 [ 786.547645][T13637] 66756 total pagecache pages [ 786.556990][T13668] CPU: 0 UID: 0 PID: 13668 Comm: syz.3.1609 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 786.557032][T13668] Tainted: [U]=USER [ 786.557043][T13668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 786.557059][T13668] Call Trace: [ 786.557067][T13668] [ 786.557076][T13668] dump_stack_lvl+0x16c/0x1f0 [ 786.557119][T13668] should_fail_ex+0x512/0x640 [ 786.557155][T13668] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 786.557191][T13668] should_failslab+0xc2/0x120 [ 786.557214][T13668] __kmalloc_cache_noprof+0x6a/0x3e0 [ 786.557246][T13668] ? trace_kmem_cache_alloc+0x28/0xc0 [ 786.557271][T13668] ? kmem_cache_alloc_node_noprof+0x225/0x3b0 [ 786.557308][T13668] ? blk_alloc_queue_stats+0x3f/0x110 [ 786.557336][T13668] blk_alloc_queue_stats+0x3f/0x110 [ 786.557359][T13668] blk_alloc_queue+0xda/0x760 [ 786.557399][T13668] blk_mq_alloc_queue+0x175/0x290 [ 786.557434][T13668] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 786.557485][T13668] ? debug_mutex_init+0x37/0x70 [ 786.557512][T13668] ? blk_mq_alloc_tag_set+0xcfe/0x1260 [ 786.557552][T13668] __blk_mq_alloc_disk+0x29/0x120 [ 786.557589][T13668] loop_add+0x49e/0xb70 [ 786.557617][T13668] ? do_vfs_ioctl+0x523/0x1a60 [ 786.557647][T13668] ? __pfx_loop_add+0x10/0x10 [ 786.557672][T13668] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 786.557719][T13668] ? find_held_lock+0x2b/0x80 [ 786.557748][T13668] loop_control_ioctl+0x13e/0x630 [ 786.557777][T13668] ? __pfx_loop_control_ioctl+0x10/0x10 [ 786.557811][T13668] ? __pfx_loop_control_ioctl+0x10/0x10 [ 786.557841][T13668] __x64_sys_ioctl+0x18e/0x210 [ 786.557872][T13668] do_syscall_64+0xcd/0x490 [ 786.557911][T13668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.557936][T13668] RIP: 0033:0x7f5ae6d8e929 [ 786.557956][T13668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 786.557980][T13668] RSP: 002b:00007f5ae7b52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 786.558003][T13668] RAX: ffffffffffffffda RBX: 00007f5ae6fb5fa0 RCX: 00007f5ae6d8e929 [ 786.558020][T13668] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 786.558036][T13668] RBP: 00007f5ae6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 786.558051][T13668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.558084][T13668] R13: 0000000000000000 R14: 00007f5ae6fb5fa0 R15: 00007fff75c110e8 [ 786.558114][T13668] [ 786.558344][T13637] 33 pages in swap cache [ 786.961685][T13670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 786.974441][T13670] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 786.987280][T13670] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 786.997743][T13670] page_type: f5(slab) [ 787.001773][T13670] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 787.042026][T13670] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 787.076540][T13637] Free swap = 124988kB [ 787.091086][T13670] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 787.107547][T13637] Total swap = 124996kB [ 787.116171][T13637] 2097051 pages RAM [ 787.123027][T13637] 0 pages HighMem/MovableOnly [ 787.148992][T13637] 429987 pages reserved [ 787.163419][T13670] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 787.174782][T13637] 0 pages cma reserved [ 787.241017][T13670] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 787.259073][T13637] Process accounting paused [ 787.349161][T13670] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 787.417916][T13670] page dumped because: unmovable page [ 787.436748][T13670] page_owner tracks the page as allocated [ 787.442527][T13670] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 787.564990][T13670] post_alloc_hook+0x1c0/0x230 [ 787.630052][T13670] get_page_from_freelist+0x1321/0x3890 [ 787.668682][T13670] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 787.692280][T13680] FAULT_INJECTION: forcing a failure. [ 787.692280][T13680] name failslab, interval 1, probability 0, space 0, times 0 [ 787.741359][T13670] alloc_pages_mpol+0x1fb/0x550 [ 787.754916][T13680] CPU: 0 UID: 0 PID: 13680 Comm: syz.2.1612 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 787.754959][T13680] Tainted: [U]=USER [ 787.754967][T13680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 787.754983][T13680] Call Trace: [ 787.754991][T13680] [ 787.755001][T13680] dump_stack_lvl+0x16c/0x1f0 [ 787.755043][T13680] should_fail_ex+0x512/0x640 [ 787.755078][T13680] ? __kmalloc_noprof+0xbf/0x510 [ 787.755117][T13680] ? mpi_alloc_limb_space+0x31/0x60 [ 787.755146][T13680] should_failslab+0xc2/0x120 [ 787.755169][T13680] __kmalloc_noprof+0xd2/0x510 [ 787.755215][T13680] mpi_alloc_limb_space+0x31/0x60 [ 787.755245][T13680] mpi_alloc+0x199/0x230 [ 787.755274][T13680] mpi_read_raw_from_sgl+0x222/0x5b0 [ 787.755313][T13680] ? __pfx_mpi_read_raw_from_sgl+0x10/0x10 [ 787.755349][T13680] ? kasan_save_track+0x14/0x30 [ 787.755385][T13680] ? __kasan_kmalloc+0xaa/0xb0 [ 787.755424][T13680] rsa_enc+0x15d/0x3b0 [ 787.755464][T13680] ? __pfx_rsa_enc+0x10/0x10 [ 787.755500][T13680] ? __virt_addr_valid+0x81/0x610 [ 787.755526][T13680] ? __phys_addr+0xe8/0x180 [ 787.755552][T13680] ? sg_init_one+0xf5/0x1b0 [ 787.755586][T13680] rsassa_pkcs1_verify+0x4ff/0xb60 [ 787.755622][T13680] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 787.755663][T13680] ? rsa_max_size+0xd/0x70 [ 787.755697][T13680] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 787.755728][T13680] public_key_verify_signature+0x672/0x970 [ 787.755763][T13680] ? __pfx_public_key_verify_signature+0x10/0x10 [ 787.755796][T13680] ? crypto_destroy_tfm+0x14d/0x2b0 [ 787.755843][T13680] pkcs7_verify+0x32f/0x1b20 [ 787.755890][T13680] verify_pkcs7_message_sig+0xdd/0x250 [ 787.755918][T13680] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 787.755945][T13680] ? kfree+0x2b4/0x4d0 [ 787.755973][T13680] ? public_key_signature_free+0xda/0x110 [ 787.756008][T13680] ? pkcs7_parse_message+0x536/0x720 [ 787.756046][T13680] verify_pkcs7_signature+0x6d/0xa0 [ 787.756075][T13680] valid_regdb+0x215/0x590 [ 787.756100][T13680] ? __pfx___mutex_lock+0x10/0x10 [ 787.756138][T13680] ? __pfx_valid_regdb+0x10/0x10 [ 787.756169][T13680] reg_reload_regdb+0x11e/0x460 [ 787.756198][T13680] ? __pfx_reg_reload_regdb+0x10/0x10 [ 787.756228][T13680] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 787.756267][T13680] ? nl80211_pre_doit+0x1b0/0xb10 [ 787.756312][T13680] genl_family_rcv_msg_doit+0x206/0x2f0 [ 787.756345][T13680] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 787.756374][T13680] ? rcu_is_watching+0x12/0xc0 [ 787.756410][T13680] ? bpf_lsm_capable+0x9/0x10 [ 787.756440][T13680] ? security_capable+0x7e/0x260 [ 787.756469][T13680] genl_rcv_msg+0x55c/0x800 [ 787.756501][T13680] ? __pfx_genl_rcv_msg+0x10/0x10 [ 787.756530][T13680] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 787.756565][T13680] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 787.756590][T13680] ? __pfx_nl80211_post_doit+0x10/0x10 [ 787.756636][T13680] netlink_rcv_skb+0x155/0x420 [ 787.756661][T13680] ? __pfx_genl_rcv_msg+0x10/0x10 [ 787.756691][T13680] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 787.756729][T13680] ? netlink_deliver_tap+0x1ae/0xd30 [ 787.756773][T13680] genl_rcv+0x28/0x40 [ 787.756797][T13680] netlink_unicast+0x58d/0x850 [ 787.756826][T13680] ? __pfx_netlink_unicast+0x10/0x10 [ 787.756859][T13680] netlink_sendmsg+0x8d1/0xdd0 [ 787.756893][T13680] ? __pfx_netlink_sendmsg+0x10/0x10 [ 787.756930][T13680] ____sys_sendmsg+0xa95/0xc70 [ 787.756958][T13680] ? copy_msghdr_from_user+0x10a/0x160 [ 787.756994][T13680] ? __pfx_____sys_sendmsg+0x10/0x10 [ 787.757029][T13680] ? __pfx_futex_wake_mark+0x10/0x10 [ 787.757069][T13680] ___sys_sendmsg+0x134/0x1d0 [ 787.757107][T13680] ? __pfx____sys_sendmsg+0x10/0x10 [ 787.757141][T13680] ? __lock_acquire+0x622/0x1c90 [ 787.757214][T13680] __sys_sendmsg+0x16d/0x220 [ 787.757251][T13680] ? __pfx___sys_sendmsg+0x10/0x10 [ 787.757296][T13680] ? __x64_sys_futex+0x1e0/0x4c0 [ 787.757345][T13680] do_syscall_64+0xcd/0x490 [ 787.757385][T13680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.757410][T13680] RIP: 0033:0x7faf49b8e929 [ 787.757430][T13680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.757455][T13680] RSP: 002b:00007faf4aa21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 787.757478][T13680] RAX: ffffffffffffffda RBX: 00007faf49db5fa0 RCX: 00007faf49b8e929 [ 787.757494][T13680] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007 [ 787.757510][T13680] RBP: 00007faf49c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 787.757526][T13680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.757541][T13680] R13: 0000000000000000 R14: 00007faf49db5fa0 R15: 00007ffc03743048 [ 787.757572][T13680] [ 788.329430][T13670] new_slab+0x23b/0x330 [ 788.333770][T13670] ___slab_alloc+0xd9c/0x1940 [ 788.338590][T13670] __slab_alloc.constprop.0+0x56/0xb0 [ 788.344080][T13670] __kmalloc_noprof+0x2f2/0x510 [ 788.349052][T13670] __register_sysctl_table+0xb3/0x1900 [ 788.354633][T13670] __addrconf_sysctl_register+0x1a2/0x360 [ 788.360492][T13670] addrconf_sysctl_register+0x15f/0x1f0 [ 788.366257][T13670] ipv6_add_dev+0xb39/0x15f0 [ 788.370935][T13670] addrconf_notify+0x53e/0x19e0 [ 788.375883][T13670] notifier_call_chain+0xbc/0x410 [ 788.381024][T13670] call_netdevice_notifiers_info+0xbe/0x140 [ 788.387059][T13670] register_netdevice+0x182e/0x2270 [ 788.392359][T13670] page last free pid 5847 tgid 5847 stack trace: [ 788.398797][T13670] __free_frozen_pages+0x7fe/0x1180 [ 788.404103][T13670] __put_partials+0x16d/0x1c0 [ 788.408907][T13670] qlist_free_all+0x4d/0x120 [ 788.413572][T13670] kasan_quarantine_reduce+0x195/0x1e0 [ 788.419192][T13670] __kasan_slab_alloc+0x69/0x90 [ 788.424127][T13670] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 788.440175][T13670] kset_create_and_add+0x4d/0x190 [ 788.445446][T13670] netdev_register_kobject+0x1c8/0x3a0 [ 788.450951][T13670] register_netdevice+0x13dc/0x2270 [ 788.456302][T13670] veth_newlink+0x446/0xa00 [ 788.460839][T13670] rtnl_newlink+0xc42/0x2000 [ 788.465524][T13670] rtnetlink_rcv_msg+0x95e/0xe90 [ 788.470623][T13670] netlink_rcv_skb+0x155/0x420 [ 788.475484][T13670] netlink_unicast+0x58d/0x850 [ 788.480278][T13670] netlink_sendmsg+0x8d1/0xdd0 [ 788.485156][T13670] __sys_sendto+0x4a0/0x520 [ 788.784773][T13689] netlink: 'syz.0.1621': attribute type 11 has an invalid length. [ 789.835681][T13701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 789.869294][T13701] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 789.915862][T13701] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 789.943279][T13701] page_type: f5(slab) [ 790.008786][T13701] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 790.115702][T13701] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 790.124366][T13701] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 790.289776][T13701] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 790.426716][T13701] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 790.504777][T13701] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 790.634854][T13701] page dumped because: unmovable page [ 790.669434][T13701] page_owner tracks the page as allocated [ 790.775131][T13701] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 790.929270][T13701] post_alloc_hook+0x1c0/0x230 [ 790.934129][T13701] get_page_from_freelist+0x1321/0x3890 [ 791.069888][T13701] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 791.086471][T13701] alloc_pages_mpol+0x1fb/0x550 [ 791.099977][T13701] new_slab+0x23b/0x330 [ 791.122600][T13701] ___slab_alloc+0xd9c/0x1940 [ 791.157757][T13701] __slab_alloc.constprop.0+0x56/0xb0 [ 791.177282][T13701] __kmalloc_noprof+0x2f2/0x510 [ 791.208118][T13701] __register_sysctl_table+0xb3/0x1900 [ 791.229820][T13701] __addrconf_sysctl_register+0x1a2/0x360 [ 791.244342][T13701] addrconf_sysctl_register+0x15f/0x1f0 dev/[ 791.267788][T13701] ipv6_add_dev+0xb39/0x15f0 [ 791.281516][T13701] addrconf_notify+0x53e/0x19e0 [ 791.298759][T13701] notifier_call_chain+0xbc/0x410 [ 791.312786][T13701] call_netdevice_notifiers_info+0xbe/0x140 [ 791.331057][T13701] register_netdevice+0x182e/0x2270 [ 791.346937][T13701] page last free pid 5847 tgid 5847 stack trace: [ 791.364282][T13701] __free_frozen_pages+0x7fe/0x1180 [ 791.381434][T13701] __put_partials+0x16d/0x1c0 [ 791.398216][T13701] qlist_free_all+0x4d/0x120 [ 791.411525][T13701] kasan_quarantine_reduce+0x195/0x1e0 [ 791.428439][T13701] __kasan_slab_alloc+0x69/0x90 [ 791.442231][T13701] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 791.458601][T13701] kset_create_and_add+0x4d/0x190 [ 791.472700][T13701] netdev_register_kobject+0x1c8/0x3a0 [ 791.491583][T13701] register_netdevice+0x13dc/0x2270 [ 791.509511][T13701] veth_newlink+0x446/0xa00 [ 791.521818][T13701] rtnl_newlink+0xc42/0x2000 [ 791.536311][T13701] rtnetlink_rcv_msg+0x95e/0xe90 [ 791.550928][T13701] netlink_rcv_skb+0x155/0x420 [ 791.564284][T13701] netlink_unicast+0x58d/0x850 [ 791.579146][T13701] netlink_sendmsg+0x8d1/0xdd0 [ 791.594678][T13701] __sys_sendto+0x4a0/0x520 [ 792.923393][T13739] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1624'. [ 792.980396][T13739] ipvlan1: entered allmulticast mode [ 793.017655][T13739] veth0_vlan: entered allmulticast mode [ 793.159486][T13739] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1624'. [ 793.848825][T13754] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1627'. [ 794.022639][T13757] nvme_fcloop: unknown parameter or missing value '^/]' [ 794.100730][T13757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1627'. [ 794.498242][T13759] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1628'. [ 794.533649][T13761] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 794.559336][T13759] FAULT_INJECTION: forcing a failure. [ 794.559336][T13759] name failslab, interval 1, probability 0, space 0, times 0 [ 794.597656][T13759] CPU: 0 UID: 0 PID: 13759 Comm: syz.2.1628 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 794.597699][T13759] Tainted: [U]=USER [ 794.597708][T13759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 794.597723][T13759] Call Trace: [ 794.597731][T13759] [ 794.597741][T13759] dump_stack_lvl+0x16c/0x1f0 [ 794.597783][T13759] should_fail_ex+0x512/0x640 [ 794.597818][T13759] ? __kmalloc_noprof+0xbf/0x510 [ 794.597858][T13759] ? tnode_new+0x25a/0x340 [ 794.597892][T13759] should_failslab+0xc2/0x120 [ 794.597915][T13759] __kmalloc_noprof+0xd2/0x510 [ 794.597951][T13759] ? rcu_is_watching+0x12/0xc0 [ 794.597982][T13759] tnode_new+0x25a/0x340 [ 794.598020][T13759] fib_insert_alias+0x6ee/0xe30 [ 794.598059][T13759] ? lockdep_rtnl_is_held+0x26/0x40 [ 794.598095][T13759] fib_trie_unmerge+0x2f9/0xcb0 [ 794.598125][T13759] ? __pfx_fib_trie_unmerge+0x10/0x10 [ 794.598153][T13759] ? __pfx___mutex_lock+0x10/0x10 [ 794.598196][T13759] fib_unmerge+0xf8/0x520 [ 794.598222][T13759] ? __pfx_fib_nl2rule.constprop.0+0x10/0x10 [ 794.598265][T13759] fib4_rule_configure+0x383/0x10c0 [ 794.598306][T13759] fib_newrule+0x359/0x1e60 [ 794.598354][T13759] ? __pfx_fib_newrule+0x10/0x10 [ 794.598391][T13759] ? kfree_skbmem+0x1a4/0x1f0 [ 794.598445][T13759] ? find_held_lock+0x2b/0x80 [ 794.598469][T13759] ? __pfx_fib_nl_newrule+0x10/0x10 [ 794.598516][T13759] ? __pfx_fib_nl_newrule+0x10/0x10 [ 794.598554][T13759] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 794.598593][T13759] ? __pfx_fib_nl_newrule+0x10/0x10 [ 794.598633][T13759] rtnetlink_rcv_msg+0x95e/0xe90 [ 794.598678][T13759] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 794.598725][T13759] ? ref_tracker_free+0x37c/0x830 [ 794.598766][T13759] netlink_rcv_skb+0x155/0x420 [ 794.598791][T13759] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 794.598832][T13759] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 794.598868][T13759] ? netlink_deliver_tap+0x1ae/0xd30 [ 794.598913][T13759] netlink_unicast+0x58d/0x850 [ 794.598942][T13759] ? __pfx_netlink_unicast+0x10/0x10 [ 794.598975][T13759] netlink_sendmsg+0x8d1/0xdd0 [ 794.599005][T13759] ? __pfx_netlink_sendmsg+0x10/0x10 [ 794.599041][T13759] ____sys_sendmsg+0xa95/0xc70 [ 794.599069][T13759] ? copy_msghdr_from_user+0x10a/0x160 [ 794.599105][T13759] ? __pfx_____sys_sendmsg+0x10/0x10 [ 794.599136][T13759] ? kfree+0x24f/0x4d0 [ 794.599166][T13759] ? futex_unqueue+0x133/0x2c0 [ 794.599199][T13759] ___sys_sendmsg+0x134/0x1d0 [ 794.599237][T13759] ? __pfx____sys_sendmsg+0x10/0x10 [ 794.599300][T13759] ? __pfx___might_resched+0x10/0x10 [ 794.599334][T13759] __sys_sendmmsg+0x200/0x420 [ 794.599374][T13759] ? __pfx___sys_sendmmsg+0x10/0x10 [ 794.599419][T13759] ? __pfx_do_futex+0x10/0x10 [ 794.599464][T13759] ? xfd_validate_state+0x61/0x180 [ 794.599508][T13759] __x64_sys_sendmmsg+0x9c/0x100 [ 794.599545][T13759] ? lockdep_hardirqs_on+0x7c/0x110 [ 794.599580][T13759] do_syscall_64+0xcd/0x490 [ 794.599619][T13759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.599646][T13759] RIP: 0033:0x7faf49b8e929 [ 794.599667][T13759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 794.599691][T13759] RSP: 002b:00007faf4aa21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 794.599715][T13759] RAX: ffffffffffffffda RBX: 00007faf49db5fa0 RCX: 00007faf49b8e929 [ 794.599732][T13759] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000005 [ 794.599748][T13759] RBP: 00007faf49c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 794.599763][T13759] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 794.599779][T13759] R13: 0000000000000000 R14: 00007faf49db5fa0 R15: 00007ffc03743048 [ 794.599810][T13759] [ 794.967616][ C0] vkms_vblank_simulate: vblank timer overrun [ 795.879443][T13774] random: crng reseeded on system resumption [ 796.599798][T13786] page: refcount:2 mapcount:1 mapping:0000000000000000 index:0x390 pfn:0x78141 [ 796.643048][T13786] memcg:ffff88807ee38000 [ 796.674936][T13786] anon flags: 0xfff0000002080c(referenced|uptodate|owner_2|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 796.757021][T13786] raw: 00fff0000002080c ffffea000162bb88 ffffea0001bd09c8 ffff88805ba1d661 [ 796.836047][T13786] raw: 0000000000000390 0000000000000000 0000000200000000 ffff88807ee38000 [ 796.844721][T13786] page dumped because: unmovable page [ 797.001717][T13786] page_owner tracks the page as freed [ 797.060810][T13786] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 13791, tgid 13785 (syz.2.1636), ts 797037380725, free_ts 796997797674 [ 797.275425][T13786] post_alloc_hook+0x1c0/0x230 [ 797.304183][T13786] get_page_from_freelist+0x1321/0x3890 [ 797.367498][T13786] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 797.432876][T13786] alloc_pages_mpol+0x1fb/0x550 [ 797.468053][T13786] folio_alloc_mpol_noprof+0x36/0x2f0 [ 797.547028][T13786] vma_alloc_folio_noprof+0xed/0x1e0 [ 797.577228][T13786] __handle_mm_fault+0x2f21/0x5490 [ 797.619837][T13786] handle_mm_fault+0x589/0xd10 [ 797.689171][T13786] __get_user_pages+0x589/0x3b80 [ 797.717716][T13786] populate_vma_page_range+0x278/0x3a0 [ 797.767180][T13786] __mm_populate+0x1d8/0x380 [ 797.818995][T13786] vm_mmap_pgoff+0x362/0x450 [ 797.834022][T13786] ksys_mmap_pgoff+0x7d/0x5c0 [ 797.844181][T13786] __x64_sys_mmap+0x125/0x190 [ 797.861008][T13786] do_syscall_64+0xcd/0x490 [ 797.871758][T13786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.886887][T13786] page last free pid 13794 tgid 13785 stack trace: [ 797.903752][T13786] free_unref_folios+0xa65/0x1800 [ 797.916469][T13786] folios_put_refs+0x56f/0x740 [ 797.928695][T13786] free_pages_and_swap_cache+0x245/0x4a0 [ 797.941707][T13786] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 797.958933][T13786] tlb_finish_mmu+0x168/0x7c0 [ 797.963691][T13786] vms_clear_ptes+0x55e/0x770 [ 797.985362][T13786] __mmap_region+0x572/0x25e0 [ 797.997861][T13786] mmap_region+0x1ab/0x3f0 [ 798.002486][T13786] do_mmap+0xa3e/0x1210 [ 798.013420][T13786] vm_mmap_pgoff+0x281/0x450 [ 798.033085][T13786] ksys_mmap_pgoff+0x7d/0x5c0 [ 798.038432][T13786] __x64_sys_mmap+0x125/0x190 [ 798.051966][T13786] do_syscall_64+0xcd/0x490 [ 798.061904][T13786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.140688][T13800] FAULT_INJECTION: forcing a failure. [ 798.140688][T13800] name failslab, interval 1, probability 0, space 0, times 0 [ 798.198208][T13800] CPU: 0 UID: 0 PID: 13800 Comm: syz.0.1638 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 798.198250][T13800] Tainted: [U]=USER [ 798.198258][T13800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 798.198273][T13800] Call Trace: [ 798.198281][T13800] [ 798.198291][T13800] dump_stack_lvl+0x16c/0x1f0 [ 798.198333][T13800] should_fail_ex+0x512/0x640 [ 798.198368][T13800] ? fs_reclaim_acquire+0xae/0x150 [ 798.198401][T13800] should_failslab+0xc2/0x120 [ 798.198424][T13800] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 798.198462][T13800] ? security_inode_alloc+0x3b/0x2b0 [ 798.198494][T13800] security_inode_alloc+0x3b/0x2b0 [ 798.198522][T13800] inode_init_always_gfp+0xce4/0x1030 [ 798.198561][T13800] alloc_inode+0x86/0x240 [ 798.198587][T13800] new_inode+0x22/0x1c0 [ 798.198614][T13800] debugfs_create_dir+0xdd/0x5f0 [ 798.198649][T13800] kvm_dev_ioctl+0x122b/0x1ad0 [ 798.198678][T13800] ? find_held_lock+0x2b/0x80 [ 798.198704][T13800] ? hook_file_ioctl_common+0x145/0x410 [ 798.198732][T13800] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 798.198767][T13800] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 798.198791][T13800] __x64_sys_ioctl+0x18e/0x210 [ 798.198822][T13800] do_syscall_64+0xcd/0x490 [ 798.198861][T13800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.198886][T13800] RIP: 0033:0x7f7615b8e929 [ 798.198905][T13800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 798.198929][T13800] RSP: 002b:00007f7616a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 798.198952][T13800] RAX: ffffffffffffffda RBX: 00007f7615db5fa0 RCX: 00007f7615b8e929 [ 798.198968][T13800] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 798.198982][T13800] RBP: 00007f7615c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 798.198997][T13800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.199012][T13800] R13: 0000000000000000 R14: 00007f7615db5fa0 R15: 00007ffd8f35d5d8 [ 798.199048][T13800] [ 798.199123][T13800] debugfs: out of free dentries, can not create directory '13800-4' [ 799.086671][T13807] vhci_hcd: invalid port number 16 [ 799.151593][T13807] vhci_hcd: invalid port number 16 [ 800.052435][T13820] sd 0:0:1:0: PR command failed: 1026 [ 800.069588][T13825] sp0: Synchronizing with TNC [ 800.099948][T13820] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 800.124472][T13829] sp0: Found TNC [ 800.155561][T13820] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 800.607027][T13832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 800.652634][T13832] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 800.699640][T13832] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 800.776789][T13836] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1645'. [ 800.835735][T13832] page_type: f5(slab) [ 800.858555][T13832] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 800.988271][T13832] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 801.087099][T13832] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 801.184742][T13832] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 801.299539][T13832] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 801.408357][T13832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 801.550213][T13832] page dumped because: unmovable page [ 801.638232][T13832] page_owner tracks the page as allocated [ 801.694131][T13848] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 801.730178][T13832] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 802.098525][T13832] post_alloc_hook+0x1c0/0x230 [ 802.157595][T13832] get_page_from_freelist+0x1321/0x3890 [ 802.249194][T13832] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 802.277685][T13832] alloc_pages_mpol+0x1fb/0x550 [ 802.308143][T13832] new_slab+0x23b/0x330 [ 802.312387][T13832] ___slab_alloc+0xd9c/0x1940 [ 802.338357][T13832] __slab_alloc.constprop.0+0x56/0xb0 [ 802.358575][T13832] __kmalloc_noprof+0x2f2/0x510 [ 802.363528][T13832] __register_sysctl_table+0xb3/0x1900 [ 802.395911][T13832] __addrconf_sysctl_register+0x1a2/0x360 [ 802.417560][T13832] addrconf_sysctl_register+0x15f/0x1f0 [ 802.443994][T13832] ipv6_add_dev+0xb39/0x15f0 [ 802.458781][T13832] addrconf_notify+0x53e/0x19e0 [ 802.478181][T13832] notifier_call_chain+0xbc/0x410 [ 802.483379][T13832] call_netdevice_notifiers_info+0xbe/0x140 [ 802.520464][T13832] register_netdevice+0x182e/0x2270 [ 802.541769][T13832] page last free pid 5847 tgid 5847 stack trace: [ 802.572342][T13832] __free_frozen_pages+0x7fe/0x1180 [ 802.572388][T13832] __put_partials+0x16d/0x1c0 [ 802.572420][T13832] qlist_free_all+0x4d/0x120 [ 802.572454][T13832] kasan_quarantine_reduce+0x195/0x1e0 [ 802.572489][T13832] __kasan_slab_alloc+0x69/0x90 [ 802.572527][T13832] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 802.572559][T13832] kset_create_and_add+0x4d/0x190 [ 802.572590][T13832] netdev_register_kobject+0x1c8/0x3a0 [ 802.572616][T13832] register_netdevice+0x13dc/0x2270 [ 802.572639][T13832] veth_newlink+0x446/0xa00 [ 802.572668][T13832] rtnl_newlink+0xc42/0x2000 [ 802.572705][T13832] rtnetlink_rcv_msg+0x95e/0xe90 [ 802.572741][T13832] netlink_rcv_skb+0x155/0x420 [ 802.572766][T13832] netlink_unicast+0x58d/0x850 [ 802.572789][T13832] netlink_sendmsg+0x8d1/0xdd0 [ 802.572812][T13832] __sys_sendto+0x4a0/0x520 [ 803.063509][T13869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1651'. [ 804.640834][T13881] Process accounting paused [ 804.909462][T13889] batman_adv: batadv0: adding TT local entry 00:00:03:00:00:00 to non-existent VLAN 3 [ 805.330111][T13902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 805.359598][T13902] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 805.419443][T13902] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 805.459814][T13902] page_type: f5(slab) [ 805.463874][T13902] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 805.549146][T13902] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 805.633348][T13902] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000 [ 805.721753][T13902] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 805.841228][T13902] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 805.925328][T13902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 806.034327][T13902] page dumped because: unmovable page [ 806.104733][T13902] page_owner tracks the page as allocated [ 806.179738][T13902] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 105294058673, free_ts 105233009860 [ 806.282099][T13912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1661'. [ 806.407521][T13902] post_alloc_hook+0x1c0/0x230 [ 806.493246][T13902] get_page_from_freelist+0x1321/0x3890 [ 806.553574][T13902] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 806.615628][T13902] alloc_pages_mpol+0x1fb/0x550 [ 806.699193][T13902] new_slab+0x23b/0x330 [ 806.741875][T13902] ___slab_alloc+0xd9c/0x1940 [ 806.772677][T13902] __slab_alloc.constprop.0+0x56/0xb0 [ 806.816064][T13902] __kmalloc_noprof+0x2f2/0x510 [ 806.821187][T13902] __register_sysctl_table+0xb3/0x1900 [ 806.866116][T13902] __addrconf_sysctl_register+0x1a2/0x360 [ 806.889564][T13902] addrconf_sysctl_register+0x15f/0x1f0 [ 806.923571][T13902] ipv6_add_dev+0xb39/0x15f0 [ 806.931258][T13902] addrconf_notify+0x53e/0x19e0 [ 806.945295][T13902] notifier_call_chain+0xbc/0x410 [ 806.953001][T13902] call_netdevice_notifiers_info+0xbe/0x140 [ 806.976161][T13902] register_netdevice+0x182e/0x2270 [ 806.990822][T13902] page last free pid 5847 tgid 5847 stack trace: [ 807.018895][T13902] __free_frozen_pages+0x7fe/0x1180 [ 807.028833][T13902] __put_partials+0x16d/0x1c0 [ 807.033713][T13902] qlist_free_all+0x4d/0x120 [ 807.038986][T13902] kasan_quarantine_reduce+0x195/0x1e0 [ 807.044663][T13902] __kasan_slab_alloc+0x69/0x90 [ 807.052392][T13902] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 807.058108][T13902] kset_create_and_add+0x4d/0x190 [ 807.067679][T13902] netdev_register_kobject+0x1c8/0x3a0 [ 807.073248][T13902] register_netdevice+0x13dc/0x2270 [ 807.079053][T13902] veth_newlink+0x446/0xa00 [ 807.083666][T13902] rtnl_newlink+0xc42/0x2000 [ 807.091173][T13902] rtnetlink_rcv_msg+0x95e/0xe90 [ 807.096488][T13902] netlink_rcv_skb+0x155/0x420 [ 807.101479][T13902] netlink_unicast+0x58d/0x850 [ 807.110676][T13902] netlink_sendmsg+0x8d1/0xdd0 [ 807.115959][T13902] __sys_sendto+0x4a0/0x520 [ 807.132007][T13912] veth1_macvtap: left promiscuous mode [ 807.147488][T13917] [ 807.149861][T13917] ====================================================== [ 807.156886][T13917] WARNING: possible circular locking dependency detected [ 807.163910][T13917] 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 Tainted: G U [ 807.172586][T13917] ------------------------------------------------------ [ 807.179614][T13917] syz.1.1663/13917 is trying to acquire lock: [ 807.185688][T13917] ffff888142b2e7b0 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 807.195566][T13917] [ 807.195566][T13917] but task is already holding lock: [ 807.202934][T13917] ffff888142b2e278 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 807.214200][T13917] [ 807.214200][T13917] which lock already depends on the new lock. [ 807.214200][T13917] [ 807.224607][T13917] [ 807.224607][T13917] the existing dependency chain (in reverse order) is: [ 807.233625][T13917] [ 807.233625][T13917] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}: [ 807.242257][T13917] blk_alloc_queue+0x619/0x760 [ 807.247579][T13917] blk_mq_alloc_queue+0x175/0x290 [ 807.253149][T13917] __blk_mq_alloc_disk+0x29/0x120 [ 807.258718][T13917] nbd_dev_add+0x4a0/0xbc0 [ 807.263681][T13917] nbd_init+0x181/0x320 [ 807.268378][T13917] do_one_initcall+0x120/0x6e0 [ 807.273678][T13917] kernel_init_freeable+0x5c2/0x900 [ 807.279419][T13917] kernel_init+0x1c/0x2b0 [ 807.284286][T13917] ret_from_fork+0x5d7/0x6f0 [ 807.289418][T13917] ret_from_fork_asm+0x1a/0x30 [ 807.294743][T13917] [ 807.294743][T13917] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 807.301998][T13917] fs_reclaim_acquire+0x102/0x150 [ 807.307568][T13917] prepare_alloc_pages+0x162/0x610 [ 807.313218][T13917] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 807.319658][T13917] __alloc_pages_noprof+0xb/0x1b0 [ 807.325247][T13917] pcpu_populate_chunk+0x110/0xb00 [ 807.330902][T13917] pcpu_alloc_noprof+0x86a/0x1470 [ 807.336473][T13917] xt_percpu_counter_alloc+0x13e/0x1b0 [ 807.342472][T13917] find_check_entry.constprop.0+0xbf/0xa20 [ 807.348819][T13917] translate_table+0xd0b/0x17b0 [ 807.354210][T13917] ip6t_register_table+0x102/0x430 [ 807.359863][T13917] ip6table_nat_table_init+0x4b/0x250 [ 807.365779][T13917] xt_find_table_lock+0x2e1/0x520 [ 807.371346][T13917] xt_request_find_table_lock+0x28/0xf0 [ 807.377432][T13917] get_info+0x190/0x620 [ 807.382155][T13917] do_ip6t_get_ctl+0x169/0xa50 [ 807.387459][T13917] nf_getsockopt+0x7c/0xe0 [ 807.392414][T13917] ipv6_getsockopt+0x1f7/0x280 [ 807.397714][T13917] tcp_getsockopt+0x9e/0x100 [ 807.402849][T13917] do_sock_getsockopt+0x3fc/0x800 [ 807.408413][T13917] __sys_getsockopt+0x123/0x1b0 [ 807.413810][T13917] __x64_sys_getsockopt+0xbd/0x160 [ 807.419470][T13917] do_syscall_64+0xcd/0x490 [ 807.424524][T13917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.430974][T13917] [ 807.430974][T13917] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 807.438735][T13917] __mutex_lock+0x199/0xb90 [ 807.443793][T13917] pcpu_alloc_noprof+0xb4c/0x1470 [ 807.449358][T13917] sbitmap_init_node+0x2fd/0x770 [ 807.454835][T13917] sbitmap_queue_init_node+0x41/0x560 [ 807.460742][T13917] blk_mq_init_tags+0x12d/0x2b0 [ 807.466142][T13917] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 807.472233][T13917] blk_mq_init_sched+0x30c/0x610 [ 807.477715][T13917] elevator_switch+0x1e1/0x7f0 [ 807.483016][T13917] elevator_change+0x2ac/0x400 [ 807.488320][T13917] elevator_set_default+0x292/0x320 [ 807.494063][T13917] blk_register_queue+0x393/0x4f0 [ 807.499619][T13917] __add_disk+0x74a/0xf00 [ 807.504489][T13917] add_disk_fwnode+0x13f/0x5d0 [ 807.509794][T13917] nbd_dev_add+0x791/0xbc0 [ 807.514754][T13917] nbd_init+0x181/0x320 [ 807.519451][T13917] do_one_initcall+0x120/0x6e0 [ 807.524752][T13917] kernel_init_freeable+0x5c2/0x900 [ 807.530494][T13917] kernel_init+0x1c/0x2b0 [ 807.535361][T13917] ret_from_fork+0x5d7/0x6f0 [ 807.540494][T13917] ret_from_fork_asm+0x1a/0x30 [ 807.545795][T13917] [ 807.545795][T13917] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 807.553642][T13917] __lock_acquire+0x126f/0x1c90 [ 807.559039][T13917] lock_acquire+0x179/0x350 [ 807.564083][T13917] __mutex_lock+0x199/0xb90 [ 807.569132][T13917] queue_requests_store+0x1c7/0x310 [ 807.574877][T13917] queue_attr_store+0x276/0x320 [ 807.580279][T13917] sysfs_kf_write+0xef/0x150 [ 807.585406][T13917] kernfs_fop_write_iter+0x354/0x510 [ 807.591227][T13917] iter_file_splice_write+0x91f/0x1150 [ 807.597235][T13917] direct_splice_actor+0x192/0x6c0 [ 807.602886][T13917] splice_direct_to_actor+0x342/0xa30 [ 807.608796][T13917] do_splice_direct+0x174/0x240 [ 807.614187][T13917] do_sendfile+0xb06/0xe50 [ 807.619273][T13917] __x64_sys_sendfile64+0x1d8/0x220 [ 807.625022][T13917] do_syscall_64+0xcd/0x490 [ 807.630086][T13917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.636528][T13917] [ 807.636528][T13917] other info that might help us debug this: [ 807.636528][T13917] [ 807.646766][T13917] Chain exists of: [ 807.646766][T13917] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59 [ 807.646766][T13917] [ 807.660533][T13917] Possible unsafe locking scenario: [ 807.660533][T13917] [ 807.667992][T13917] CPU0 CPU1 [ 807.673360][T13917] ---- ---- [ 807.678729][T13917] lock(&q->q_usage_counter(io)#59); [ 807.684127][T13917] lock(fs_reclaim); [ 807.690644][T13917] lock(&q->q_usage_counter(io)#59); [ 807.698561][T13917] lock(&q->elevator_lock); [ 807.703167][T13917] [ 807.703167][T13917] *** DEADLOCK *** [ 807.703167][T13917] [ 807.711314][T13917] 5 locks held by syz.1.1663/13917: [ 807.716515][T13917] #0: ffff8880364d8428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 807.726572][T13917] #1: ffff888034086888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 807.736348][T13917] #2: ffff888142fa7968 (kn->active#220){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 807.746484][T13917] #3: ffff888142b2e278 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 807.758186][T13917] #4: ffff888142b2e2b0 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 807.770154][T13917] [ 807.770154][T13917] stack backtrace: [ 807.776060][T13917] CPU: 0 UID: 0 PID: 13917 Comm: syz.1.1663 Tainted: G U 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) [ 807.776099][T13917] Tainted: [U]=USER [ 807.776107][T13917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 807.776122][T13917] Call Trace: [ 807.776132][T13917] [ 807.776142][T13917] dump_stack_lvl+0x116/0x1f0 [ 807.776179][T13917] print_circular_bug+0x275/0x350 [ 807.776212][T13917] check_noncircular+0x14c/0x170 [ 807.776248][T13917] __lock_acquire+0x126f/0x1c90 [ 807.776283][T13917] ? __lock_acquire+0xb8a/0x1c90 [ 807.776317][T13917] lock_acquire+0x179/0x350 [ 807.776349][T13917] ? queue_requests_store+0x1c7/0x310 [ 807.776389][T13917] ? __pfx___might_resched+0x10/0x10 [ 807.776416][T13917] ? do_raw_spin_lock+0x12c/0x2b0 [ 807.776456][T13917] __mutex_lock+0x199/0xb90 [ 807.776491][T13917] ? queue_requests_store+0x1c7/0x310 [ 807.776531][T13917] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 807.776563][T13917] ? queue_requests_store+0x1c7/0x310 [ 807.776601][T13917] ? lockdep_hardirqs_on+0x7c/0x110 [ 807.776635][T13917] ? __pfx___mutex_lock+0x10/0x10 [ 807.776675][T13917] ? __pfx_autoremove_wake_function+0x10/0x10 [ 807.776709][T13917] ? queue_requests_store+0x1c7/0x310 [ 807.776747][T13917] queue_requests_store+0x1c7/0x310 [ 807.776787][T13917] ? __pfx_queue_requests_store+0x10/0x10 [ 807.776828][T13917] ? __mutex_trylock_common+0xe9/0x250 [ 807.776863][T13917] ? __pfx_queue_requests_store+0x10/0x10 [ 807.776902][T13917] queue_attr_store+0x276/0x320 [ 807.776939][T13917] ? __pfx_queue_attr_store+0x10/0x10 [ 807.776975][T13917] ? __lock_acquire+0x622/0x1c90 [ 807.777014][T13917] ? find_held_lock+0x2b/0x80 [ 807.777043][T13917] ? sysfs_file_kobj+0xe4/0x290 [ 807.777073][T13917] ? __pfx_queue_attr_store+0x10/0x10 [ 807.777110][T13917] sysfs_kf_write+0xef/0x150 [ 807.777139][T13917] kernfs_fop_write_iter+0x354/0x510 [ 807.777163][T13917] ? __pfx_sysfs_kf_write+0x10/0x10 [ 807.777193][T13917] iter_file_splice_write+0x91f/0x1150 [ 807.777234][T13917] ? __pfx_iter_file_splice_write+0x10/0x10 [ 807.777270][T13917] ? __pfx_copy_splice_read+0x10/0x10 [ 807.777307][T13917] ? __pfx_iter_file_splice_write+0x10/0x10 [ 807.777341][T13917] direct_splice_actor+0x192/0x6c0 [ 807.777374][T13917] splice_direct_to_actor+0x342/0xa30 [ 807.777406][T13917] ? __pfx_direct_splice_actor+0x10/0x10 [ 807.777440][T13917] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 807.777475][T13917] do_splice_direct+0x174/0x240 [ 807.777506][T13917] ? __pfx_do_splice_direct+0x10/0x10 [ 807.777537][T13917] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 807.777569][T13917] ? rw_verify_area+0xcf/0x680 [ 807.777601][T13917] do_sendfile+0xb06/0xe50 [ 807.777634][T13917] ? __pfx_do_sendfile+0x10/0x10 [ 807.777666][T13917] ? handle_mm_fault+0x2ab/0xd10 [ 807.777699][T13917] ? __x64_sys_futex+0x1e0/0x4c0 [ 807.777728][T13917] ? __x64_sys_futex+0x1e9/0x4c0 [ 807.777758][T13917] __x64_sys_sendfile64+0x1d8/0x220 [ 807.777782][T13917] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 807.777809][T13917] do_syscall_64+0xcd/0x490 [ 807.777846][T13917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.777871][T13917] RIP: 0033:0x7f585ed8e929 [ 807.777891][T13917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 807.777915][T13917] RSP: 002b:00007f585fbfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 807.777937][T13917] RAX: ffffffffffffffda RBX: 00007f585efb5fa0 RCX: 00007f585ed8e929 [ 807.777953][T13917] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 807.777968][T13917] RBP: 00007f585ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 807.777983][T13917] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000 [ 807.777997][T13917] R13: 0000000000000000 R14: 00007f585efb5fa0 R15: 00007ffd51dfe718 [ 807.778020][T13917] [ 808.151826][ C0] vkms_vblank_simulate: vblank timer overrun [ 808.549385][T13910] Process accounting resumed