last executing test programs: 8.798845561s ago: executing program 1 (id=1341): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002dc0), 0xffffffffffffffff) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) io_uring_setup$auto(0xa, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r2) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010325bd7040ffdbdf250a0000000c3dd5b0eb0002006e6c38300b84cf0c5a437ed1317bdc0aeba6eaa3805acaee62abdacb16f7e1a10319997c678527ceca7fbf156fb4a4268d25b7cfc3cf6c225018df7c2c2b81b7b0eca5390122d150bd95530300000000000000f1d11f8d412051b0bfeb70a9170f9a9ce57a8eb2fc3326f05f99e0b89a34703c025178844341e6a5c8d3975f6a1212b3aa493b6aee3ea29482f17a427e5338e4f8ab81f1a3ebae6a8c75173cff0cb36358975c826c46494a3e578f6c655cf56a8583961cbc96c7d27dc51bcd0f8b339258742dbb"], 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x20000000000000, 0x100000020009, 0xdf, 0xeb1, 0x40000000000a5, 0x8001) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, 0x0, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) read$auto(0x4, 0x0, 0xfdef) mmap$auto(0x800, 0x800000002020009, 0x4, 0xeb2, r4, 0x8000) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r6, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x85) syz_genetlink_get_family_id$auto_nl80211(0x0, r5) swapon$auto(0x0, 0x7057) socket(0x10, 0x2, 0x14) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) ioctl$auto(0x3, 0x4040ae77, 0x38) sendmsg$auto_OVS_METER_CMD_DEL(r0, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000000180)=ANY=[@ANYBLOB="463d9bba20100000", @ANYRES16=r1, @ANYBLOB="010c26bd7000fbdbdf2503000000040002000800010006000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) 8.56636082s ago: executing program 3 (id=1343): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x1a, 0x5d7, 0x2) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/030/001\x00', 0x20802, 0x0) syz_genetlink_get_family_id$auto_nfc(0x0, r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_DISABLE_SE(r0, 0x0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/cards\x00', 0x2, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000000c0)=""/147, 0x93) sendmmsg$auto(r2, 0x0, 0x9a6, 0x6) r3 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x181240, 0x0) io_setup$auto(0x4, &(0x7f00000001c0)) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_FS_IOC_RESVSP(r3, 0x40305828, 0x3) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x807ff0000000000, 0x0, 0x0) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x3, 0x1000, 0x200009, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r5, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto(0x3, 0xae41, r6) 6.83290871s ago: executing program 1 (id=1347): unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0xa, 0x4, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f2, 0x15) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x14, r1, 0x1, 0x70bd31, 0x25dfdbfd}, 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 6.649097915s ago: executing program 0 (id=1348): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x100102, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x3) (async) r1 = ioctl$auto_TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$auto_BLKRASET(r1, 0x1262, 0x0) (async) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) unshare$auto(0x40000080) (async) close_range$auto(0x2, 0x8, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r2 = socket(0x2b, 0x1, 0x1) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x89a0, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 6.520161621s ago: executing program 2 (id=1349): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r2 = epoll_create$auto(0x3) epoll_ctl$auto(r2, 0x1, r1, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) 5.585563775s ago: executing program 2 (id=1350): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x8, 0xff, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x80002, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_cpumask\x00', 0x688480, 0x0) socketpair$auto(0x1, 0x1, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r2) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000080), r0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c000380080014800400008012000100898771f1c19f17790485908288475100040002"], 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 5.138797914s ago: executing program 0 (id=1351): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x20000000006, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) acct$auto(&(0x7f0000000300)='/proc/thread-self/net/unix\x00') r1 = socket(0x10, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, r1, 0x8000) socket(0xa, 0x5, 0x0) msync$auto(0x1ffff000, 0x8, 0x400000004) open(0x0, 0x163340, 0x7b) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x18, r4, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x48081}, 0x20000080) prctl$auto(0x35, 0x0, 0x8, 0x0, 0x400) sendmsg$auto_VDPA_CMD_DEV_CONFIG_GET(r3, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) prctl$auto(0x34, 0x0, 0x0, 0x0, 0x0) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/037/001\x00', 0xa02, 0x0) ioctl$auto_USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f00000000c0)={0x23, 0x1, 0x2, 0x1, 0x7fa, 0xffff, &(0x7f0000000100)}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/unix\x00', 0x121040, 0x0) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x6, 0x0) 5.080550871s ago: executing program 3 (id=1352): mmap$auto(0x1, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7ffffffffffffffb, 0x3) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0xa08402, 0x0) mmap$auto(0x0, 0x8, 0x0, 0x40eb1, 0x602, 0x20001) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0x40, 0x0) r1 = socket(0x3, 0x6, 0x5) r2 = socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYRESDEC=r0, @ANYBLOB="289a25280554e2e2b6d7fc8517a3ee22e0779d2870f823661c24374c70a7fa2b4808b973c26475f4f3d1ed47a6f3c996bac8155f9524e8f62d7a59964251ac643e59b43bafa799b28e8f300d5fe1ace623f7df5c6ce17a5a2caa"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000050) close_range$auto(r0, r1, 0x65c9) pread64$auto(r0, 0x0, 0x2000fffd, 0x387) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xebf, 0x401, 0x7ffe) mmap$auto(0x0, 0x3000c, 0x4000000000df, 0x4000eb1, 0x401, 0x10000) close_range$auto(0x2, 0x8, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8006, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x10bb41, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/net/bond0/queues/tx-3/xps_cpus\x00', 0x181482, 0x0) read$auto(r3, 0x0, 0x80000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(r1, 0x8, 0x800000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x4080, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd11\x00', 0x133880, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x800000000801d, 0x3, 0x8000) close_range$auto(r0, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) dup2$auto(r0, 0x4) write$auto(0x6, 0x0, 0x100000001) socket(0x1f, 0x4, 0xe) writev$auto(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0x206}, 0x800000000006) 4.937970708s ago: executing program 2 (id=1353): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40, @rand_addr=0x64010101}, 0x6d) r0 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) (async) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) r1 = accept$auto(r0, &(0x7f0000000080)=@xdp={0x2c, 0x2, 0x0, 0x20}, &(0x7f00000000c0)=0x27e5) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x200, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x80) (async) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x200, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x80) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) 4.826703008s ago: executing program 1 (id=1354): waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0x5, 0x98, 0x10, @_timer={0x0, 0x2, @sival_int=0x7, 0x2}}}, 0x3, &(0x7f0000000180)={{0xfffffffffffffff9, 0x80}, {0x2, 0x6}, 0x4, 0x5, 0x1, 0x3, 0x0, 0x8000, 0x80000000, 0x7, 0xb7, 0x5d9, 0x5, 0x7ff, 0x2055}) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6}, 0x6, 0x3, 0xff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="14005bcd78cba9fd94eff06c4d5d69b60000", @ANYRES16, @ANYBLOB="1b0026bd7000ffdbdf2503000000"], 0x14}}, 0x800) socket(0x29, 0x5, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x10b000, 0x0) ioctl$auto_SNDCTL_SEQ_CTRLRATE(r3, 0xc0045103, &(0x7f00000000c0)="ce8d") r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/kcm\x00', 0x480, 0x0) pread64$auto(r4, &(0x7f0000000040)='-#!=\x00', 0xa86, 0x9) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000002c0), 0x141100, 0x0) fcntl$auto_F_UNLCK(r1, 0x5, 0x2) close_range$auto(0x2, 0x8, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r5, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 4.310925867s ago: executing program 2 (id=1355): r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000380)={0x8, 0x1, 0x1ff, 0x7, 0x3f, 0x7, 0x1ffe0, 0x7, 0x3, 0x2, 0xd, 0x3, 0x6, 0x4, 0x8b4, 0x9, 0x4, 0x10003, 0x7, 0x4, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x7, 0x0, 0x0, 0x0, [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe]}, 0x8, 0xd) socket(0xa, 0x5, 0x84) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x101b00, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r2, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fa57844ce79802a0e8e7dbfe74c07a0cd1b4db264d874577"}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c844}, 0x0) ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, 0x0) unshare$auto(0x40000080) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21002, 0xfffffffffffffffb, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r3, 0x0, 0x7) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000f80)={0xffffffffffffffff, 0xa06}, 0x3fa, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_clone(0x40180311, 0x0, 0x0, 0x0, 0x0, 0x0) 4.132184155s ago: executing program 0 (id=1356): socket(0xa, 0x80000, 0x800084) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3a33b0a8d29c2a56f89254340858bdc87db0c51bce0c67b82f0c8dcbe7b44994e1117169d3b7e79cab72c75dc2a28d40a9022f4db4b2fd7531778bf86c7cb5528349", @ANYRES16=r0, @ANYBLOB="250f26bd7000fbdbdf25030000000400080008000a0002000000"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x800) r2 = set_tid_address$auto(&(0x7f00000002c0)=0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) io_uring_setup$auto(0x6, 0x0) ppoll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x692, 0xffa0}, 0x4, 0x0, &(0x7f00000000c0)={0xfffffffffffbfe01}, 0x8) close_range$auto(0x2, 0x8, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) msgctl$auto_MSG_INFO(0x74, 0xc, &(0x7f00000001c0)={{0x80000000, 0xee00, 0xee00, 0x5, 0x2, 0x1, 0x8}, &(0x7f0000000140)=0x5, &(0x7f0000000180)=0x10, 0xd, 0x8000000000000001, 0x4, 0x2, 0x1, 0x5, 0x100, 0x7, @inferred=r2, @raw=0x8}) geteuid() sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x400c0}, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r3 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(0x3, 0x114, 0x8, 0x0, 0x5) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x11, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 4.089692009s ago: executing program 3 (id=1357): mmap$auto(0xa544, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = socket(0x10, 0x2, 0x4) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x7352, 0x3d, 0x65f, 0x1ffde, 0xa, 0x0, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x6, 0x7ff, 0x84, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0xb4, 0x4, 0x0, 0x0, 0x0, 0xfffffff9, [0x7, 0x0, 0x68, 0x0, 0x800000100000000, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000009d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x8, 0x0, 0x4, 0x0, 0x1, 0x0, 0x1, 0x2, 0x9, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x800000000000000, 0x7e30e0be]}, 0x1fe, 0xf) r2 = setfsgid$auto(0xee01) fsconfig$auto(0xffffffffffffffff, 0x175, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', &(0x7f0000000380)="4e39b1701e5f7726e019f92128b1a691fb56d0c3122c633e17643ca2d2bfac4d58baf3545b3b02c7f4a5fa7bf81d072424dffd419253c22b7a7ebf79c1c2c4b128c0ca1a726afcb9f9914b4ccc4f398a7df40f5ab9226a84aa2704711309254cec3aa402e4bc67487e24ea89f109c3072c7a536a2454d1ee2418e654f93e21bfaca3ac155603a4a6721734650c43d223ecc7383884a88c50232f40830ed628d8df76aad2a60c55e1f71668f048b2139430728cb4541f5b9098a0a34df6964292e44b7b36289835baf5a4", r2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004017) syz_genetlink_get_family_id$auto_tipcv2(0x0, r3) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x2b7cb0f0) openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x3aad6dc7}, 0x7, 0x4008) io_submit$auto(0x2, 0x7f, &(0x7f0000000040)=&(0x7f0000000000)={0x2, 0xb, 0x8, 0x3, 0x2, 0x3b, 0xfffffffffffffc00, 0x2, 0x1001, 0x0, 0x6, 0xffffffffffffffff}) ioctl$auto_TUNSETNOCSUM(r4, 0x400454c8, &(0x7f0000000300)=0x7ff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c801) write$auto(r1, 0x0, 0x2fb) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x4282, 0x0) mmap$auto(0x5, 0xf, 0x40000000000002, 0x8012, 0xffffffffffffffff, 0x7fff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) 3.079753251s ago: executing program 0 (id=1358): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f00000002c0), 0x600, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000080004000900000008000200", @ANYRES16=r0, @ANYBLOB="08000400f3"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000300)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_percent\x00', 0x40, 0x0) read$auto(r1, &(0x7f0000000040)=',^{\'\x00', 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/bus/usb/drivers/sunplus/remove_id\x00', 0xa081, 0x0) write$auto(0x3, 0x0, 0x81) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/netdevsim3/sriov_numvfs\x00', 0x10b142, 0x0) getsockopt$auto_SO_DEBUG(r2, 0x200404, 0x1, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) sendfile$auto(r3, r2, 0x0, 0x7) r4 = socket(0x25, 0x2, 0x8045) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}, 0x1, 0x0, 0x0, 0x4004800}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f00000003c0)="b44c9abe2d88405a8050bfdd98cbe4e027871d1c9343269f40ac282c573cf606a794c5366bdd8d0bcb7b718c9bf20574da9cb4583a87ce630154e8c9914bdef5860b163f054503ef014cce6ee4b6424717e30a66609df33df3ea465e582eb21efb50080798ae9664425fc375ff1035cd9c7c08ce46c71c86607158681161a8ab7a8a677fbe7b7685d18848f29937c199058bd4aa787e5c714caa55e4ed75dff9a820ffc99456c8a79d18b6d788d2fd7a6f11d06098aeed41dfc21ef1578bd3c4d5e8807c3e5d32b4389d874451d898e8f3dcab8df79ff1e7883cc20c2ff505f2a5a6bdfd270845a3172736473d2d295d4044f9492e8079eb32552c5782c6b4da53ee7e4eff208d0fd53b5ae8456b04c7af9f9593ce938235fe88dfcc7e63bed4f0ecb7cd7e9fcf12c8fb575ef620356dd556ff6cf36505d1042c75816b443341d90be173acedad0486fb3138f933ef8d4b8a1e417be1183770d1448e15c228d1749b00000000", 0xcb}, 0xc, 0x0, 0x80000000, 0x7}, 0x80010009}, 0x8, 0x200, 0x0) 2.545503581s ago: executing program 3 (id=1359): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10007) open_tree$auto(r0, 0x0, 0x1001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8402, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) unshare$auto(0x21) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x17) listmount$auto(0x0, 0x0, 0x4, 0x101) init_module$auto(0x0, 0xffff9, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0xe32, 0x0) get_mempolicy$auto(0x0, 0x0, 0x400, 0x0, 0x1) getsockopt$auto(0xffffffffffffffff, 0x40000000029, 0x43, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r3, 0x0, 0xfffffdef) 2.47653855s ago: executing program 0 (id=1360): setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) getsockopt$auto_SO_SNDTIMEO_NEW(r0, 0x8, 0x43, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone$auto(0x4, 0x80, 0x0, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/0000:00:02.0/Virtual-2/edid_override\x00', 0x20000, 0x0) mmap$auto(0x0, 0x8, 0xdc, 0x14, r1, 0x2) 1.284674644s ago: executing program 1 (id=1361): openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) (async) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b63, r1) (async) ioctl$auto(r1, 0x4b63, r1) fchmod$auto(r0, 0x9) (async) fchmod$auto(r0, 0x9) setreuid$auto(0x4, 0x8) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(r2, 0xc1205531, 0xffffffffffffffff) mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'hsr0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xd4, r4, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0xfffffffa}, @ETHTOOL_A_CHANNELS_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xff}]}, @ETHTOOL_A_CHANNELS_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x1}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20040}, 0x40000) 1.126673794s ago: executing program 2 (id=1362): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/binderfs/binder0\x00', 0x101441, 0x0) ioctl$auto_BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000b40)) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) unshare$auto(0x40000080) (async) r1 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0x6, 0x10, 0x7, 0x10, 0xffffffffffffffff, 0xfe, "2af051a901800e085bdb76cfc83ae659", 0x0, 0xffffffffffffffff, 0x3, 0x5, 0xe5, 0x3}, 0x18) bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x4, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d6, r1}, 0x92) (async) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) ioctl$auto(0x3, 0x80045438, 0x10000000000402) getsid$auto(0xffffffffffffffff) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/memory.kmem.tcp.limit_in_bytes\x00', 0xc2481, 0x0) (async) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x5e3000, 0x0) (async) mmap$auto(0x0, 0x4000f, 0x7, 0x9b72, 0x7, 0x28000) (async) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/vm/extfrag_threshold\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/007/001\x00', 0x40000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) mkdir$auto(&(0x7f00000001c0)='}[,&*}\x00', 0xc001) (async) statx$auto(0xffffffffffffff9c, &(0x7f0000000000)='}[,&*}\x00', 0x0, 0x45d9, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vbi0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) 1.047101294s ago: executing program 1 (id=1363): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x89e2, 0x91) poll$auto(&(0x7f0000000280)={r1, 0x4, 0x6}, 0x7ff, 0x8) ioctl$auto_KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xea) ioctl$auto(0x3, 0x89e1, 0x91) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004014}, 0x4840) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322df4) r3 = open_by_handle_at$auto(r1, &(0x7f0000001280)={0x8, 0x2, "0200000020000008"}, 0x1006) read$auto(r1, &(0x7f0000000400)='\x00', 0x5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4002}, 0x4004) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000100), r3) sendmsg$auto_NFSD_CMD_RPC_STATUS_GET(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, r4, 0x300, 0x70bd26, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4040000) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r2, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r3, @ANYRES16, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x80) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc1}, 0x1, 0x0, 0x80000000000, 0x9}, 0x7}, 0x100, 0x0) mmap$auto(0x0, 0x40000f, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r5, 0x0, 0x7) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r6, 0x5608, 0x0) r7 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0xffffffffffffffff, 0x4, 0x0) getdents$auto(r7, &(0x7f00000004c0)={0x100, 0x7fffffffffffffff, 0x4}, 0x62d4) r8 = openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) write$auto(r8, &(0x7f0000000180)='1l80211\x00', 0x1) mmap$auto(0x100100000000000, 0x3, 0x8, 0x17, r8, 0x4919daf) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 401.997375ms ago: executing program 3 (id=1364): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2a002, 0x0) read$auto_ep0_operations_inode(r0, &(0x7f0000000280)=""/96, 0x60) close_range$auto(0x2, 0x8, 0x0) 349.444879ms ago: executing program 0 (id=1365): mmap$auto(0x0, 0xffff, 0x4, 0x14, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8ef, 0x0, 0x0, 0xdec, 0x0) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, &(0x7f00000002c0)={0x0, 0x5}, 0xfffffffffffffff8, 0x7fff, 0x9b8) 230.491759ms ago: executing program 2 (id=1366): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x8, 0x7]}, 0x0, 0x0) r0 = socket(0x18, 0x800, 0x2) getpeername$auto(r0, &(0x7f0000000040)=@llc={0x1a, 0x338, 0x7, 0xc, 0x9, 0x8, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x2c, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1021}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c010000", @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf2502000000260109803c00d98008000d00", @ANYRES32=0x0, @ANYBLOB="0400dc800400458004004c806cefb65980c95734bbc10aa57c17d82e5c4d4dcbb5a19454a173742b0e339af787bafa1b1900430024e9adc9d7ec7057a2989c69477391235299fee39a000000efc2747c0e81190020490499f70d39e82d3b298947b3d4e1e382df51aceba079a4f808faa9b24d93e62c3c36eaacfa6cc26f553f9b55a2c08ef39d8d0e5a615e5d2ca3298acd74bdcfd50fe74105f2cfacd8dc73fe723750ef4caa2d7a86bc2076bb1d548ca36bf1c67916e5340d58474d52228f294500bdca2fa6d0a13dda362172ef98ab4487da2bfb7e74b88bd375c79a035b4fc858fa1a3303f20d5c4bb5c0d1e4f7210447d970836ad853a031836c5c1336000926bc51709863ff6760362064adee7fdf8a237b00000d000a002f646576"], 0x16c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8\x11\x00`\x00\x00\x00\x04!\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci3/force_suspend\x00', 0x101000, 0x0) write$auto(r3, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) socket(0x2, 0x1, 0x106) mmap$auto_sg_fops_sg(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x1, 0x6, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xfffffffffffffffb, 0x2, 0x4, 0x400000000003, 0x4000000003, 0x10ba9788, 0xffffffffffffffff, 0x6, 0x80020000003ffffc, 0xfffffffffffffffe, 0x6d3c, 0x3, 0x2, 0x534aed11]}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x40c01, 0x0) r5 = setfsuid$auto(0xee00) setresuid$auto(r5, 0x0, r5) 139.961131ms ago: executing program 3 (id=1367): r0 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/ns/cgroup\x00', 0x20840, 0x0) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, r0, 0x2000000008000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x28003, 0x0) mmap$auto(0x3, 0x4cc, 0x40df, 0x13, r1, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x7, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder0\x00', 0x488401, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0400, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) mmap$auto_vmwgfx_driver_fops_vmwgfx_drv(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x100000c, 0x11, r3, 0x100040000) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, &(0x7f0000000140)="faaea2c5311b350d0428864105a237a2223e38c37244423bf468895c8eefab2d2b671d7a110a4f59885b6af171dab0ac34c7297f74373c1d5f0584c943a409c68f26f3bf5d438a117cca71046b5682d6ba62fac2f7476be1bfe1e2325fb0e97680b88ca8e7f2982010a6e750c40ff6ea1f08c5d14fa9c61c71a98cb2a8126259b01be28f2a0b4be88c40886c4980aa50c352175e072814803e4520f266719f1c592b904fe2c65678b5d1865bcb1e75ebd8316b2cd91a0c965f5da14a34ea719f4d33464a9e0517a880c4635037235aae80f34b5c54e66e11f7fe5f9e3819dd6674a3e2ab1a96a6c7d86ab124c9b3f6024c05b9e86b49adf6c92ace941011fea2276c61ac1415022a35d7c09b150f001db0ed8cfe1f95576f3e0b0a1ecca4e616af9f1c08b42bde05c4bb4842b75a37a2ee1dc33d6bbc01108d5b0b8196adb01da3ef1203b8a3e6227060ccd047cb0ae53c2244959b158251f51f1d1abb0a7986c7f728e1c4e4e710fc613ecc01f7d0cd84fdd251a23d10035710e139777d27e38ce7c49d0bb5eeab82a282ec821778e0d3b969ab60fbb2d3262d3b6a5ef1ff6788671d7a42346a33d610dcb9335c668e194be1caf55747bc378da788b4cd05e4ac28a18aa8a2cb838a36a9a2a598664ed5f8e455e84b8f1f4831ec435afa2d15bda67d358cc1812c79ede9acebc24da9342c40ccf96408cc01b59147685da7839868bebd9e1279aae8b13deed13be078", 0x210) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x422}, 0x7}, 0x3, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x459, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x2183, 0x0) 0s ago: executing program 1 (id=1368): mmap$auto(0x0, 0x40020009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002180)='/dev/tty1\x00', 0x101000, 0x0) r1 = epoll_create1$auto(0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r2) sendmsg$auto_OVS_VPORT_CMD_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x20, r3, 0x1, 0x71b527, 0x25dfdbfe, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r1, 0xc038586a, &(0x7f0000002140)={r2, 0x0, 0x7fff, 0x0, 0x1, &(0x7f00000020c0)="473fa849773c", &(0x7f0000002100)=0x7}) unshare$auto(0x40000080) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r4, 0x0, 0x1) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchmod$auto(r5, 0x7439) fchown$auto(r5, 0x0, 0x400) creat$auto(0x0, 0xcc38) kernel console output (not intermixed with test programs): 1" name="discovery_nqn" dev="configfs" ino=34721 res=0 errno=0 [ 394.786773][T10418] FAULT_INJECTION: forcing a failure. [ 394.786773][T10418] name failslab, interval 1, probability 0, space 0, times 0 [ 394.799720][T10418] CPU: 0 UID: 0 PID: 10418 Comm: syz.3.910 Tainted: G L syzkaller #0 PREEMPT(full) [ 394.799771][T10418] Tainted: [L]=SOFTLOCKUP [ 394.799783][T10418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 394.799803][T10418] Call Trace: [ 394.799813][T10418] [ 394.799825][T10418] dump_stack_lvl+0x16c/0x1f0 [ 394.799881][T10418] should_fail_ex+0x512/0x640 [ 394.799914][T10418] ? kmem_cache_alloc_noprof+0x62/0x770 [ 394.799960][T10418] should_failslab+0xc2/0x120 [ 394.800012][T10418] kmem_cache_alloc_noprof+0x83/0x770 [ 394.800053][T10418] ? security_file_alloc+0x34/0x2b0 [ 394.800102][T10418] ? security_file_alloc+0x34/0x2b0 [ 394.800142][T10418] security_file_alloc+0x34/0x2b0 [ 394.800186][T10418] init_file+0x93/0x4c0 [ 394.800220][T10418] alloc_empty_file+0x73/0x1e0 [ 394.800258][T10418] alloc_file_pseudo+0x13a/0x230 [ 394.800297][T10418] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 394.800336][T10418] ? alloc_fd+0x471/0x7d0 [ 394.800392][T10418] sock_alloc_file+0x50/0x210 [ 394.800450][T10418] __sys_socket+0x1c0/0x260 [ 394.800480][T10418] ? __pfx___sys_socket+0x10/0x10 [ 394.800511][T10418] ? xfd_validate_state+0x61/0x180 [ 394.800552][T10418] __x64_sys_socket+0x72/0xb0 [ 394.800581][T10418] ? lockdep_hardirqs_on+0x7c/0x110 [ 394.800633][T10418] do_syscall_64+0xcd/0xf80 [ 394.800685][T10418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.800719][T10418] RIP: 0033:0x7f18a11916e7 [ 394.800746][T10418] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.800779][T10418] RSP: 002b:00007f18a20abfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 394.800810][T10418] RAX: ffffffffffffffda RBX: 00007f18a13e6180 RCX: 00007f18a11916e7 [ 394.800832][T10418] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 394.800852][T10418] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 394.800873][T10418] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 394.800892][T10418] R13: 00007f18a13e6218 R14: 00007f18a13e6180 R15: 00007ffd4b2dd3c8 [ 394.800936][T10418] [ 395.562023][T10424] : renamed from gre0 (while UP) [ 396.728410][T10436] blktrace: Concurrent blktraces are not allowed on nbd8 [ 397.072881][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.917'. [ 397.188225][T10442] netlink: 13 bytes leftover after parsing attributes in process `syz.2.919'. [ 398.431379][T10479] usbip-vudc usbip-vudc.0: gadget not bound [ 400.160932][T10536] vivid-009: ================= START STATUS ================= [ 400.215996][T10536] vivid-009: Radio HW Seek Mode: Bounded [ 400.222180][T10536] vivid-009: Radio Programmable HW Seek: false [ 400.230660][T10536] vivid-009: RDS Rx I/O Mode: Block I/O [ 400.240864][T10536] vivid-009: Generate RBDS Instead of RDS: false [ 400.251030][T10536] vivid-009: RDS Reception: true [ 400.261186][T10536] vivid-009: RDS Program Type: 0 inactive [ 400.271355][T10536] vivid-009: RDS PS Name: inactive [ 400.277476][T10536] vivid-009: RDS Radio Text: inactive [ 400.306188][T10536] vivid-009: RDS Traffic Announcement: false inactive [ 400.313313][T10536] vivid-009: RDS Traffic Program: false inactive [ 400.331189][T10536] vivid-009: RDS Music: false inactive [ 400.369247][T10536] vivid-009: ================== END STATUS ================== [ 401.053223][T10566] FAULT_INJECTION: forcing a failure. [ 401.053223][T10566] name failslab, interval 1, probability 0, space 0, times 0 [ 401.067137][T10566] CPU: 0 UID: 0 PID: 10566 Comm: syz.0.944 Tainted: G L syzkaller #0 PREEMPT(full) [ 401.067188][T10566] Tainted: [L]=SOFTLOCKUP [ 401.067201][T10566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.067222][T10566] Call Trace: [ 401.067233][T10566] [ 401.067245][T10566] dump_stack_lvl+0x16c/0x1f0 [ 401.067302][T10566] should_fail_ex+0x512/0x640 [ 401.067339][T10566] ? fs_reclaim_acquire+0xae/0x150 [ 401.067397][T10566] should_failslab+0xc2/0x120 [ 401.067449][T10566] __kmalloc_cache_noprof+0x80/0x800 [ 401.067489][T10566] ? tomoyo_init_log+0x197/0x2140 [ 401.067534][T10566] ? format_decode+0x1a7/0xd00 [ 401.067576][T10566] ? tomoyo_init_log+0x197/0x2140 [ 401.067620][T10566] tomoyo_init_log+0x197/0x2140 [ 401.067672][T10566] ? tomoyo_realpath_from_path+0x19f/0x6e0 [ 401.067724][T10566] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.067792][T10566] ? __pfx_tomoyo_init_log+0x10/0x10 [ 401.067837][T10566] ? tomoyo_profile+0x47/0x60 [ 401.067887][T10566] ? tomoyo_domain_quota_is_ok+0x2f6/0x5a0 [ 401.067930][T10566] tomoyo_supervisor+0x302/0x13b0 [ 401.068074][T10566] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 401.068128][T10566] ? __pfx_vsnprintf+0x10/0x10 [ 401.068176][T10566] ? kasan_quarantine_put+0x10a/0x240 [ 401.068242][T10566] ? tomoyo_encode+0x31/0x50 [ 401.068297][T10566] tomoyo_path_number_perm+0x448/0x580 [ 401.068342][T10566] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 401.068425][T10566] ? find_held_lock+0x2b/0x80 [ 401.068466][T10566] ? hook_file_ioctl_common+0x144/0x410 [ 401.068513][T10566] ? __fget_files+0x20e/0x3c0 [ 401.068569][T10566] security_file_ioctl+0x9b/0x240 [ 401.068611][T10566] __x64_sys_ioctl+0xb7/0x210 [ 401.068655][T10566] do_syscall_64+0xcd/0xf80 [ 401.068717][T10566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.068754][T10566] RIP: 0033:0x7f96a058f7c9 [ 401.068781][T10566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.068817][T10566] RSP: 002b:00007f969e7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 401.068849][T10566] RAX: ffffffffffffffda RBX: 00007f96a07e5fa0 RCX: 00007f96a058f7c9 [ 401.068872][T10566] RDX: 0000000000000000 RSI: 0000000050009404 RDI: 0000000000000006 [ 401.068893][T10566] RBP: 00007f96a0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 401.068921][T10566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.068942][T10566] R13: 00007f96a07e6038 R14: 00007f96a07e5fa0 R15: 00007ffc5f15b068 [ 401.068995][T10566] [ 402.455760][T10597] FAULT_INJECTION: forcing a failure. [ 402.455760][T10597] name failslab, interval 1, probability 0, space 0, times 0 [ 402.602481][T10597] CPU: 1 UID: 0 PID: 10597 Comm: syz.3.949 Tainted: G L syzkaller #0 PREEMPT(full) [ 402.602542][T10597] Tainted: [L]=SOFTLOCKUP [ 402.602554][T10597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 402.602573][T10597] Call Trace: [ 402.602585][T10597] [ 402.602598][T10597] dump_stack_lvl+0x16c/0x1f0 [ 402.602665][T10597] should_fail_ex+0x512/0x640 [ 402.602703][T10597] ? __kmalloc_noprof+0xca/0x910 [ 402.602745][T10597] should_failslab+0xc2/0x120 [ 402.602798][T10597] __kmalloc_noprof+0xeb/0x910 [ 402.602836][T10597] ? sk_prot_alloc+0x1a8/0x2a0 [ 402.602894][T10597] ? sk_prot_alloc+0x1a8/0x2a0 [ 402.602944][T10597] sk_prot_alloc+0x1a8/0x2a0 [ 402.603000][T10597] sk_alloc+0x36/0xe30 [ 402.603040][T10597] pppoe_create+0x32/0x360 [ 402.603085][T10597] pppox_create+0x15c/0x2c0 [ 402.603131][T10597] __sock_create+0x339/0x8a0 [ 402.603168][T10597] __sys_socket+0x14d/0x260 [ 402.603197][T10597] ? __fget_files+0x20e/0x3c0 [ 402.603244][T10597] ? __pfx___sys_socket+0x10/0x10 [ 402.603278][T10597] ? xfd_validate_state+0x61/0x180 [ 402.603319][T10597] __x64_sys_socket+0x72/0xb0 [ 402.603350][T10597] ? lockdep_hardirqs_on+0x7c/0x110 [ 402.603401][T10597] do_syscall_64+0xcd/0xf80 [ 402.603456][T10597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.603495][T10597] RIP: 0033:0x7f18a118f7c9 [ 402.603523][T10597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.603557][T10597] RSP: 002b:00007f18a20ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 402.603590][T10597] RAX: ffffffffffffffda RBX: 00007f18a13e6090 RCX: 00007f18a118f7c9 [ 402.603612][T10597] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018 [ 402.603632][T10597] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 402.603662][T10597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.603683][T10597] R13: 00007f18a13e6128 R14: 00007f18a13e6090 R15: 00007ffd4b2dd3c8 [ 402.603727][T10597] [ 403.475405][T10614] netlink: 342 bytes leftover after parsing attributes in process `syz.0.953'. [ 403.520272][T10614] netlink: 342 bytes leftover after parsing attributes in process `syz.0.953'. [ 403.539347][T10614] netlink: 342 bytes leftover after parsing attributes in process `syz.0.953'. [ 403.868054][T10627] futex_wake_op: syz.0.958 tries to shift op by -2048; fix this program [ 403.877157][T10627] futex_wake_op: syz.0.958 tries to shift op by -2048; fix this program [ 403.899298][T10627] ubi1: attaching mtd0 [ 403.908224][T10627] ubi1: scanning is finished [ 403.913404][T10627] ubi1 error: ubi_read_volume_table: the layout volume was not found [ 404.035435][T10621] netlink: 330 bytes leftover after parsing attributes in process `syz.2.956'. [ 404.088080][T10627] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 405.806335][T10667] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 406.810310][T10688] netlink: 16 bytes leftover after parsing attributes in process `syz.2.973'. [ 409.148120][T10711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.978'. [ 409.184165][T10711] netlink: 25 bytes leftover after parsing attributes in process `syz.2.978'. [ 409.905118][T10730] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 410.041194][T10730] syz.2.985: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 410.086369][T10742] can: request_module (can-proto-0) failed. [ 410.088355][T10730] CPU: 1 UID: 0 PID: 10730 Comm: syz.2.985 Tainted: G L syzkaller #0 PREEMPT(full) [ 410.088492][T10730] Tainted: [L]=SOFTLOCKUP [ 410.088523][T10730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 410.088576][T10730] Call Trace: [ 410.088608][T10730] [ 410.088639][T10730] dump_stack_lvl+0x16c/0x1f0 [ 410.088789][T10730] warn_alloc+0x248/0x3a0 [ 410.088901][T10730] ? __pfx_warn_alloc+0x10/0x10 [ 410.089018][T10730] ? __lock_acquire+0x436/0x2890 [ 410.089147][T10730] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 410.089231][T10730] __vmalloc_node_range_noprof+0x12c2/0x16b0 [ 410.089351][T10730] ? __pfx___might_resched+0x10/0x10 [ 410.089505][T10730] ? rcu_is_watching+0x12/0xc0 [ 410.089636][T10730] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 410.089721][T10730] ? find_held_lock+0x2b/0x80 [ 410.089892][T10730] ? dvb_dvr_do_ioctl+0x7e/0x290 [ 410.089970][T10730] ? tomoyo_path_number_perm+0x295/0x580 [ 410.090081][T10730] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 410.090166][T10730] ? __pfx___mutex_lock+0x10/0x10 [ 410.090308][T10730] ? tomoyo_path_number_perm+0x18d/0x580 [ 410.090422][T10730] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 410.090541][T10730] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 410.090623][T10730] __vmalloc_node_noprof+0xad/0xf0 [ 410.090722][T10730] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 410.090842][T10730] dvb_dvr_do_ioctl+0x15d/0x290 [ 410.090948][T10730] dvb_usercopy+0x167/0x340 [ 410.091081][T10730] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 410.091173][T10730] ? __pfx_dvb_usercopy+0x10/0x10 [ 410.091353][T10730] ? __fget_files+0x20e/0x3c0 [ 410.091502][T10730] dvb_dvr_ioctl+0x29/0x40 [ 410.091577][T10730] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 410.091657][T10730] __x64_sys_ioctl+0x18e/0x210 [ 410.091783][T10730] do_syscall_64+0xcd/0xf80 [ 410.091928][T10730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.092020][T10730] RIP: 0033:0x7fc631b8f7c9 [ 410.092088][T10730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.092174][T10730] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 410.092265][T10730] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 410.092312][T10730] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000005 [ 410.092356][T10730] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 410.092375][T10730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.092394][T10730] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 410.092438][T10730] [ 410.129687][T10730] Mem-Info: [ 410.386146][T10730] active_anon:16823 inactive_anon:1 isolated_anon:0 [ 410.386146][T10730] active_file:16018 inactive_file:44591 isolated_file:0 [ 410.386146][T10730] unevictable:768 dirty:226 writeback:0 [ 410.386146][T10730] slab_reclaimable:11981 slab_unreclaimable:95303 [ 410.386146][T10730] mapped:30543 shmem:6100 pagetables:1270 [ 410.386146][T10730] sec_pagetables:0 bounce:0 [ 410.386146][T10730] kernel_misc_reclaimable:0 [ 410.386146][T10730] free:1293210 free_pcp:22936 free_cma:0 [ 410.516697][T10730] Node 0 active_anon:66392kB inactive_anon:4kB active_file:64072kB inactive_file:178228kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124872kB dirty:900kB writeback:0kB shmem:26264kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12380kB pagetables:4832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 410.622542][T10748] FAULT_INJECTION: forcing a failure. [ 410.622542][T10748] name failslab, interval 1, probability 0, space 0, times 0 [ 410.638124][T10730] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 410.646347][T10748] CPU: 0 UID: 0 PID: 10748 Comm: syz.1.986 Tainted: G L syzkaller #0 PREEMPT(full) [ 410.646493][T10748] Tainted: [L]=SOFTLOCKUP [ 410.646524][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 410.646577][T10748] Call Trace: [ 410.646608][T10748] [ 410.646641][T10748] dump_stack_lvl+0x16c/0x1f0 [ 410.646826][T10748] should_fail_ex+0x512/0x640 [ 410.646932][T10748] ? __kmalloc_cache_noprof+0x5f/0x800 [ 410.647054][T10748] should_failslab+0xc2/0x120 [ 410.647195][T10748] __kmalloc_cache_noprof+0x80/0x800 [ 410.647306][T10748] ? trace_pid_list_alloc+0x2fe/0x480 [ 410.647447][T10748] ? trace_pid_list_alloc+0x2fe/0x480 [ 410.647564][T10748] trace_pid_list_alloc+0x2fe/0x480 [ 410.647704][T10748] trace_pid_write+0x10c/0x4b0 [ 410.647807][T10748] ? __pfx_trace_pid_write+0x10/0x10 [ 410.647882][T10748] ? __pfx_aa_file_perm+0x10/0x10 [ 410.648029][T10748] ? update_last_data+0xaa/0x510 [ 410.648213][T10748] event_pid_write.isra.0+0x1e4/0x7f0 [ 410.648348][T10748] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 410.648507][T10748] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 410.648636][T10748] vfs_write+0x2a0/0x11d0 [ 410.648775][T10748] ? __pfx___mutex_lock+0x10/0x10 [ 410.648933][T10748] ? __pfx_vfs_write+0x10/0x10 [ 410.649093][T10748] ? __fget_files+0x20e/0x3c0 [ 410.649258][T10748] ksys_write+0x12a/0x250 [ 410.649450][T10748] ? __pfx_ksys_write+0x10/0x10 [ 410.649646][T10748] do_syscall_64+0xcd/0xf80 [ 410.649787][T10748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.649919][T10748] RIP: 0033:0x7f8936f8f7c9 [ 410.649997][T10748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.650091][T10748] RSP: 002b:00007f8937d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 410.650176][T10748] RAX: ffffffffffffffda RBX: 00007f89371e5fa0 RCX: 00007f8936f8f7c9 [ 410.650225][T10748] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 410.650280][T10748] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 410.650341][T10748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.650387][T10748] R13: 00007f89371e6038 R14: 00007f89371e5fa0 R15: 00007ffd14922df8 [ 410.650508][T10748] [ 410.902348][T10730] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 410.982898][T10730] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 411.016552][T10730] Node 0 DMA32 free:1263728kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:71192kB inactive_anon:4kB active_file:64072kB inactive_file:178228kB unevictable:1536kB writepending:1000kB zspages:0kB present:3129332kB managed:2541016kB mlocked:0kB bounce:0kB free_pcp:73348kB local_pcp:33616kB free_cma:0kB [ 411.088579][T10730] lowmem_reserve[]: 0 0 1 1 1 [ 411.093568][T10730] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 411.128603][T10752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 411.146504][T10752] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 411.155099][T10752] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 411.184849][T10730] lowmem_reserve[]: 0 0 0 0 0 [ 411.211461][T10730] Node 1 Normal free:3892728kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15264kB local_pcp:8836kB free_cma:0kB [ 411.256323][T10752] page_type: f5(slab) [ 411.260421][T10752] raw: 00fff00000000040 ffff88813ff26dc0 dead000000000100 dead000000000122 [ 411.295631][T10730] lowmem_reserve[]: 0 0 0 0 0 [ 411.312621][T10752] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 411.328758][T10730] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 411.406491][T10730] Node 0 DMA32: 1716*4kB (UME) 3757*8kB (UME) 2520*16kB (UME) 1173*32kB (UME) 560*64kB (UME) 555*128kB (UME) 273*256kB (UME) 98*512kB (UME) 54*1024kB (UME) 13*2048kB (UM) 221*4096kB (UM) = 1328856kB [ 411.429080][T10752] head: 00fff00000000040 ffff88813ff26dc0 dead000000000100 dead000000000122 [ 411.505791][T10752] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 411.515958][T10752] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 411.524712][T10752] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 411.543532][T10730] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 411.584824][T10730] Node 1 Normal: 176*4kB (UME) 49*8kB (UME) 45*16kB (UME) 255*32kB (UME) 60*64kB (UME) 12*128kB (UME) 4*256kB (ME) 3*512kB (M) 4*1024kB (UME) 2*2048kB (ME) 944*4096kB (M) = 3892728kB [ 411.757843][T10752] page dumped because: unmovable page [ 411.786561][T10730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.820654][T10730] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 411.830460][T10730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.840697][T10752] page_owner tracks the page as allocated [ 411.845311][T10730] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 411.871258][T10752] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5821, tgid 5821 (udevd), ts 123588162798, free_ts 123573244596 [ 411.955780][T10730] 74357 total pagecache pages [ 411.973367][T10752] post_alloc_hook+0x1af/0x220 [ 411.978467][T10730] 8 pages in swap cache [ 411.982682][T10730] Free swap = 124964kB [ 411.997398][T10730] Total swap = 124996kB [ 412.009510][T10752] get_page_from_freelist+0xd0b/0x31a0 [ 412.035486][T10730] 2097051 pages RAM [ 412.039485][T10752] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 412.046519][T10730] 0 pages HighMem/MovableOnly [ 412.084784][T10752] alloc_pages_mpol+0x1fb/0x550 [ 412.092703][T10730] 429771 pages reserved [ 412.097120][T10752] new_slab+0x2c3/0x430 [ 412.101687][T10730] 0 pages cma reserved [ 412.106762][T10752] ___slab_alloc+0xe18/0x1c90 [ 412.122103][T10752] __slab_alloc.constprop.0+0x63/0x110 [ 412.132171][T10752] __kmalloc_noprof+0x4fc/0x910 [ 412.146511][T10752] ieee802_11_parse_elems_full+0x1db/0x3780 [ 412.163556][T10752] ieee80211_inform_bss+0x15a/0x1150 [ 412.186565][T10752] cfg80211_inform_single_bss_data+0x8e9/0x1d30 [ 412.205264][T10752] cfg80211_inform_bss_data+0x22b/0x3be0 [ 412.225984][T10752] cfg80211_inform_bss_frame_data+0x26f/0x720 [ 412.237896][T10752] ieee80211_bss_info_update+0x310/0xab0 [ 412.243668][T10752] ieee80211_scan_rx+0x4cf/0xb30 [ 412.266225][T10752] ieee80211_rx_list+0x1c40/0x2ed0 [ 412.271451][T10752] page last free pid 5201 tgid 5201 stack trace: [ 412.298482][T10752] __free_frozen_pages+0x7df/0x1170 [ 412.326003][T10752] qlist_free_all+0x4c/0xf0 [ 412.331320][T10777] random: crng reseeded on system resumption [ 412.338393][T10752] kasan_quarantine_reduce+0x195/0x1e0 [ 412.355337][T10752] __kasan_slab_alloc+0x69/0x90 [ 412.374199][T10752] __kmalloc_noprof+0x2f6/0x910 [ 412.391637][T10752] tomoyo_realpath_from_path+0xc2/0x6e0 [ 412.413483][T10752] tomoyo_path_perm+0x274/0x460 [ 412.425955][T10752] security_inode_getattr+0x116/0x290 [ 412.431577][T10752] vfs_fstat+0x4b/0xe0 [ 412.457664][T10752] __do_sys_newfstat+0x87/0x100 [ 412.462927][T10752] do_syscall_64+0xcd/0xf80 [ 412.478283][T10752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.532141][T10755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 412.585331][T10755] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 412.623858][T10755] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 412.676635][T10755] page_type: f5(slab) [ 412.681078][T10755] raw: 00fff00000000040 ffff88813ff26dc0 dead000000000100 dead000000000122 [ 412.774348][T10755] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 412.827211][T10755] head: 00fff00000000040 ffff88813ff26dc0 dead000000000100 dead000000000122 [ 412.878321][T10755] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 412.956662][T10755] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 412.965502][T10755] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 413.049521][T10755] page dumped because: unmovable page [ 413.055015][T10755] page_owner tracks the page as allocated [ 413.105553][T10755] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5821, tgid 5821 (udevd), ts 123588162798, free_ts 123573244596 [ 413.149067][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.1.995'. [ 413.179068][T10755] post_alloc_hook+0x1af/0x220 [ 413.183949][T10755] get_page_from_freelist+0xd0b/0x31a0 [ 413.235942][T10755] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 413.255911][T10755] alloc_pages_mpol+0x1fb/0x550 [ 413.268943][T10755] new_slab+0x2c3/0x430 [ 413.297266][T10755] ___slab_alloc+0xe18/0x1c90 [ 413.302131][T10755] __slab_alloc.constprop.0+0x63/0x110 [ 413.336030][T10755] __kmalloc_noprof+0x4fc/0x910 [ 413.341091][T10755] ieee802_11_parse_elems_full+0x1db/0x3780 [ 413.375901][T10755] ieee80211_inform_bss+0x15a/0x1150 [ 413.396168][T10755] cfg80211_inform_single_bss_data+0x8e9/0x1d30 [ 413.402541][T10755] cfg80211_inform_bss_data+0x22b/0x3be0 [ 413.445923][T10755] cfg80211_inform_bss_frame_data+0x26f/0x720 [ 413.465924][T10755] ieee80211_bss_info_update+0x310/0xab0 [ 413.465983][T10755] ieee80211_scan_rx+0x4cf/0xb30 [ 413.466023][T10755] ieee80211_rx_list+0x1c40/0x2ed0 [ 413.466068][T10755] page last free pid 5201 tgid 5201 stack trace: [ 413.466090][T10755] __free_frozen_pages+0x7df/0x1170 [ 413.466123][T10755] qlist_free_all+0x4c/0xf0 [ 413.466164][T10755] kasan_quarantine_reduce+0x195/0x1e0 [ 413.466208][T10755] __kasan_slab_alloc+0x69/0x90 [ 413.466256][T10755] __kmalloc_noprof+0x2f6/0x910 [ 413.466290][T10755] tomoyo_realpath_from_path+0xc2/0x6e0 [ 413.466346][T10755] tomoyo_path_perm+0x274/0x460 [ 413.466383][T10755] security_inode_getattr+0x116/0x290 [ 413.466422][T10755] vfs_fstat+0x4b/0xe0 [ 413.466450][T10755] __do_sys_newfstat+0x87/0x100 [ 413.466483][T10755] do_syscall_64+0xcd/0xf80 [ 413.466533][T10755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.639212][T10809] ACPI: button: Initial lid state set to 'ignore' [ 420.693151][T10945] FAULT_INJECTION: forcing a failure. [ 420.693151][T10945] name failslab, interval 1, probability 0, space 0, times 0 [ 420.733951][T10945] CPU: 0 UID: 0 PID: 10945 Comm: syz.0.1022 Tainted: P L syzkaller #0 PREEMPT(full) [ 420.734013][T10945] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 420.734028][T10945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 420.734049][T10945] Call Trace: [ 420.734059][T10945] [ 420.734071][T10945] dump_stack_lvl+0x16c/0x1f0 [ 420.734131][T10945] should_fail_ex+0x512/0x640 [ 420.734168][T10945] ? __kmalloc_cache_noprof+0x5f/0x800 [ 420.734212][T10945] should_failslab+0xc2/0x120 [ 420.734266][T10945] __kmalloc_cache_noprof+0x80/0x800 [ 420.734305][T10945] ? trace_pid_list_alloc+0x2fe/0x480 [ 420.734359][T10945] ? trace_pid_list_alloc+0x2fe/0x480 [ 420.734404][T10945] trace_pid_list_alloc+0x2fe/0x480 [ 420.734464][T10945] trace_pid_write+0x10c/0x4b0 [ 420.734503][T10945] ? __pfx_trace_pid_write+0x10/0x10 [ 420.734533][T10945] ? __pfx_aa_file_perm+0x10/0x10 [ 420.734585][T10945] ? update_last_data+0xaa/0x510 [ 420.734642][T10945] event_pid_write.isra.0+0x1e4/0x7f0 [ 420.734697][T10945] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 420.734760][T10945] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 420.734810][T10945] vfs_write+0x2a0/0x11d0 [ 420.734862][T10945] ? __pfx___mutex_lock+0x10/0x10 [ 420.734921][T10945] ? __pfx_vfs_write+0x10/0x10 [ 420.734980][T10945] ? __fget_files+0x20e/0x3c0 [ 420.735042][T10945] ksys_write+0x12a/0x250 [ 420.735092][T10945] ? __pfx_ksys_write+0x10/0x10 [ 420.735153][T10945] do_syscall_64+0xcd/0xf80 [ 420.735208][T10945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.735242][T10945] RIP: 0033:0x7f96a058f7c9 [ 420.735268][T10945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.735302][T10945] RSP: 002b:00007f969e7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 420.735333][T10945] RAX: ffffffffffffffda RBX: 00007f96a07e5fa0 RCX: 00007f96a058f7c9 [ 420.735356][T10945] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 420.735377][T10945] RBP: 00007f96a0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 420.735398][T10945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.735418][T10945] R13: 00007f96a07e6038 R14: 00007f96a07e5fa0 R15: 00007ffc5f15b068 [ 420.735473][T10945] [ 421.785795][T10951] random: crng reseeded on system resumption syzkaller syzkaller login: [ 424.898056][T11027] netlink: 'syz.2.1034': attribute type 32 has an invalid length. [ 424.929256][T11036] ima: Unable to open file: /surit‹¯Ròy/integrity?iqa/policy (-2) [ 425.319140][T11038] ima: policy update failed [ 425.357811][ T31] audit: type=1802 audit(4294985768.779:8): pid=11038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1037" res=0 errno=0 [ 426.096244][T11044] zswap: compressor not available [ 426.619853][T11042] random: crng reseeded on system resumption [ 426.649443][T11042] FAULT_INJECTION: forcing a failure. [ 426.649443][T11042] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 426.713377][T11042] CPU: 0 UID: 0 PID: 11042 Comm: syz.2.1038 Tainted: P L syzkaller #0 PREEMPT(full) [ 426.713434][T11042] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 426.713449][T11042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 426.713470][T11042] Call Trace: [ 426.713481][T11042] [ 426.713493][T11042] dump_stack_lvl+0x16c/0x1f0 [ 426.713552][T11042] should_fail_ex+0x512/0x640 [ 426.713597][T11042] should_fail_alloc_page+0xe7/0x130 [ 426.713651][T11042] prepare_alloc_pages+0x401/0x670 [ 426.713703][T11042] ? rcu_is_watching+0x12/0xc0 [ 426.713755][T11042] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 426.713809][T11042] ? stack_trace_save+0x8e/0xc0 [ 426.713858][T11042] ? __pfx_stack_trace_save+0x10/0x10 [ 426.713914][T11042] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 426.713971][T11042] ? kasan_save_stack+0x42/0x60 [ 426.714015][T11042] ? kasan_save_stack+0x33/0x60 [ 426.714066][T11042] ? do_dentry_open+0x748/0x1590 [ 426.714115][T11042] ? vfs_open+0x82/0x3f0 [ 426.714147][T11042] ? path_openat+0x2078/0x3140 [ 426.714194][T11042] ? do_filp_open+0x20b/0x470 [ 426.714242][T11042] ? do_sys_openat2+0x121/0x290 [ 426.714277][T11042] ? __x64_sys_openat+0x174/0x210 [ 426.714314][T11042] ? do_syscall_64+0xcd/0xf80 [ 426.714362][T11042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.714404][T11042] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 426.714456][T11042] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 426.714509][T11042] ? policy_nodemask+0xea/0x4e0 [ 426.714565][T11042] alloc_pages_mpol+0x1fb/0x550 [ 426.714619][T11042] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 426.714685][T11042] alloc_pages_noprof+0x131/0x390 [ 426.714738][T11042] get_zeroed_page_noprof+0x18/0xb0 [ 426.714791][T11042] get_image_page+0x18/0x190 [ 426.714837][T11042] alloc_rtree_node+0x3c/0xb0 [ 426.714884][T11042] memory_bm_create+0x519/0x810 [ 426.714945][T11042] create_basic_memory_bitmaps+0xbd/0x370 [ 426.715010][T11042] snapshot_open+0x235/0x2b0 [ 426.715064][T11042] ? __pfx_snapshot_open+0x10/0x10 [ 426.715118][T11042] misc_open+0x26d/0x450 [ 426.715157][T11042] ? __pfx_misc_open+0x10/0x10 [ 426.715195][T11042] chrdev_open+0x234/0x6a0 [ 426.715246][T11042] ? __pfx_apparmor_file_open+0x10/0x10 [ 426.715281][T11042] ? __pfx_chrdev_open+0x10/0x10 [ 426.715336][T11042] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 426.715400][T11042] do_dentry_open+0x748/0x1590 [ 426.715447][T11042] ? __pfx_chrdev_open+0x10/0x10 [ 426.715512][T11042] vfs_open+0x82/0x3f0 [ 426.715553][T11042] path_openat+0x2078/0x3140 [ 426.715619][T11042] ? __pfx_path_openat+0x10/0x10 [ 426.715686][T11042] do_filp_open+0x20b/0x470 [ 426.715740][T11042] ? __pfx_do_filp_open+0x10/0x10 [ 426.715822][T11042] ? alloc_fd+0x471/0x7d0 [ 426.715880][T11042] do_sys_openat2+0x121/0x290 [ 426.715917][T11042] ? __pfx_do_sys_openat2+0x10/0x10 [ 426.715964][T11042] ? __sys_sendmsg+0x18c/0x220 [ 426.716019][T11042] __x64_sys_openat+0x174/0x210 [ 426.716059][T11042] ? __pfx___x64_sys_openat+0x10/0x10 [ 426.716116][T11042] do_syscall_64+0xcd/0xf80 [ 426.716168][T11042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.716203][T11042] RIP: 0033:0x7fc631b8f7c9 [ 426.716231][T11042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.716265][T11042] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 426.716297][T11042] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 426.716318][T11042] RDX: 0000000000080201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 426.716340][T11042] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 426.716361][T11042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.716389][T11042] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 426.716438][T11042] [ 428.676466][T11082] FAULT_INJECTION: forcing a failure. [ 428.676466][T11082] name failslab, interval 1, probability 0, space 0, times 0 [ 428.704202][T11082] CPU: 1 UID: 0 PID: 11082 Comm: syz.0.1047 Tainted: P L syzkaller #0 PREEMPT(full) [ 428.704245][T11082] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 428.704256][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 428.704270][T11082] Call Trace: [ 428.704278][T11082] [ 428.704287][T11082] dump_stack_lvl+0x16c/0x1f0 [ 428.704328][T11082] should_fail_ex+0x512/0x640 [ 428.704356][T11082] ? __kmalloc_cache_noprof+0x5f/0x800 [ 428.704388][T11082] should_failslab+0xc2/0x120 [ 428.704426][T11082] __kmalloc_cache_noprof+0x80/0x800 [ 428.704455][T11082] ? rfkill_fop_open+0x1b6/0x750 [ 428.704490][T11082] ? rfkill_fop_open+0x1b6/0x750 [ 428.704520][T11082] rfkill_fop_open+0x1b6/0x750 [ 428.704555][T11082] ? __pfx_rfkill_fop_open+0x10/0x10 [ 428.704587][T11082] misc_open+0x26d/0x450 [ 428.704615][T11082] ? __pfx_misc_open+0x10/0x10 [ 428.704642][T11082] chrdev_open+0x234/0x6a0 [ 428.704679][T11082] ? __pfx_apparmor_file_open+0x10/0x10 [ 428.704704][T11082] ? __pfx_chrdev_open+0x10/0x10 [ 428.704744][T11082] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 428.704789][T11082] do_dentry_open+0x748/0x1590 [ 428.704832][T11082] ? __pfx_chrdev_open+0x10/0x10 [ 428.704877][T11082] vfs_open+0x82/0x3f0 [ 428.704906][T11082] path_openat+0x2078/0x3140 [ 428.704953][T11082] ? __pfx_path_openat+0x10/0x10 [ 428.705001][T11082] do_filp_open+0x20b/0x470 [ 428.705039][T11082] ? __pfx_do_filp_open+0x10/0x10 [ 428.705097][T11082] ? alloc_fd+0x471/0x7d0 [ 428.705141][T11082] do_sys_openat2+0x121/0x290 [ 428.705168][T11082] ? __pfx_do_sys_openat2+0x10/0x10 [ 428.705207][T11082] __x64_sys_openat+0x174/0x210 [ 428.705236][T11082] ? __pfx___x64_sys_openat+0x10/0x10 [ 428.705287][T11082] do_syscall_64+0xcd/0xf80 [ 428.705327][T11082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.705351][T11082] RIP: 0033:0x7f96a058f7c9 [ 428.705370][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.705394][T11082] RSP: 002b:00007f969e7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.705416][T11082] RAX: ffffffffffffffda RBX: 00007f96a07e5fa0 RCX: 00007f96a058f7c9 [ 428.705432][T11082] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 428.705447][T11082] RBP: 00007f96a0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 428.705462][T11082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.705476][T11082] R13: 00007f96a07e6038 R14: 00007f96a07e5fa0 R15: 00007ffc5f15b068 [ 428.705507][T11082] [ 431.026132][T11103] netlink: 'syz.1.1051': attribute type 12 has an invalid length. [ 431.312573][T11112] FAULT_INJECTION: forcing a failure. [ 431.312573][T11112] name failslab, interval 1, probability 0, space 0, times 0 [ 431.410219][T11112] CPU: 1 UID: 0 PID: 11112 Comm: syz.3.1054 Tainted: P L syzkaller #0 PREEMPT(full) [ 431.410279][T11112] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 431.410294][T11112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 431.410314][T11112] Call Trace: [ 431.410324][T11112] [ 431.410337][T11112] dump_stack_lvl+0x16c/0x1f0 [ 431.410395][T11112] should_fail_ex+0x512/0x640 [ 431.410431][T11112] ? __kmalloc_noprof+0xca/0x910 [ 431.410471][T11112] should_failslab+0xc2/0x120 [ 431.410524][T11112] __kmalloc_noprof+0xeb/0x910 [ 431.410561][T11112] ? trace_parser_get_init+0x30/0xc0 [ 431.410624][T11112] ? trace_parser_get_init+0x30/0xc0 [ 431.410688][T11112] trace_parser_get_init+0x30/0xc0 [ 431.410744][T11112] ftrace_event_write+0x177/0x2c0 [ 431.410783][T11112] ? __pfx_ftrace_event_write+0x10/0x10 [ 431.410836][T11112] ? __pfx_ftrace_event_write+0x10/0x10 [ 431.410872][T11112] vfs_writev+0x5df/0xde0 [ 431.410929][T11112] ? __pfx_vfs_writev+0x10/0x10 [ 431.410973][T11112] ? fdget_pos+0x2a2/0x370 [ 431.411053][T11112] ? __fget_files+0x20e/0x3c0 [ 431.411112][T11112] ? do_writev+0x132/0x340 [ 431.411153][T11112] do_writev+0x132/0x340 [ 431.411199][T11112] ? __pfx_do_writev+0x10/0x10 [ 431.411259][T11112] do_syscall_64+0xcd/0xf80 [ 431.411312][T11112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.411346][T11112] RIP: 0033:0x7f18a118f7c9 [ 431.411374][T11112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.411408][T11112] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 431.411441][T11112] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 431.411463][T11112] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 431.411484][T11112] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 431.411505][T11112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.411524][T11112] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 431.411571][T11112] [ 433.112296][T11145] futex_wake_op: syz.2.1057 tries to shift op by -1; fix this program [ 433.298962][T11152] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 433.729126][T11152] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 433.776345][T11152] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 433.782540][T11152] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 433.851857][T11152] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 434.294571][T11170] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 434.301534][T11170] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 434.782642][T11179] Unable to find swap-space signature [ 434.995996][T11192] FAULT_INJECTION: forcing a failure. [ 434.995996][T11192] name failslab, interval 1, probability 0, space 0, times 0 [ 435.070615][T11192] CPU: 1 UID: 0 PID: 11192 Comm: syz.2.1066 Tainted: P L syzkaller #0 PREEMPT(full) [ 435.070673][T11192] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 435.070687][T11192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 435.070707][T11192] Call Trace: [ 435.070719][T11192] [ 435.070738][T11192] dump_stack_lvl+0x16c/0x1f0 [ 435.070797][T11192] should_fail_ex+0x512/0x640 [ 435.070834][T11192] ? __kvmalloc_node_noprof+0x129/0xa40 [ 435.070884][T11192] should_failslab+0xc2/0x120 [ 435.070935][T11192] __kvmalloc_node_noprof+0x14a/0xa40 [ 435.070981][T11192] ? __pfx_futex_wake_mark+0x10/0x10 [ 435.071030][T11192] ? do_semtimedop+0x23a/0x2e0 [ 435.071084][T11192] ? do_semtimedop+0x23a/0x2e0 [ 435.071118][T11192] do_semtimedop+0x23a/0x2e0 [ 435.071158][T11192] ? __pfx_do_semtimedop+0x10/0x10 [ 435.071251][T11192] ? __x64_sys_futex+0x1e0/0x4c0 [ 435.071288][T11192] ? __x64_sys_futex+0x1e9/0x4c0 [ 435.071331][T11192] __x64_sys_semtimedop+0x1b4/0x1f0 [ 435.071369][T11192] ? __pfx___x64_sys_semtimedop+0x10/0x10 [ 435.071418][T11192] do_syscall_64+0xcd/0xf80 [ 435.071472][T11192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.071506][T11192] RIP: 0033:0x7fc631b8f7c9 [ 435.071531][T11192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.071564][T11192] RSP: 002b:00007fc62fdf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dc [ 435.071596][T11192] RAX: ffffffffffffffda RBX: 00007fc631de6090 RCX: 00007fc631b8f7c9 [ 435.071618][T11192] RDX: 00000000000001f4 RSI: 0000000000000000 RDI: 0000000000000000 [ 435.071639][T11192] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 435.071658][T11192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.071676][T11192] R13: 00007fc631de6128 R14: 00007fc631de6090 R15: 00007fff0eeacfb8 [ 435.071718][T11192] [ 435.716595][T11200] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1070'. [ 435.726156][T11200] bond_slave_0: entered allmulticast mode [ 435.757375][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 435.826803][T11202] FAULT_INJECTION: forcing a failure. [ 435.826803][T11202] name failslab, interval 1, probability 0, space 0, times 0 [ 435.837747][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 435.839869][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 435.871705][T11205] nvme_fcloop: unknown parameter or missing value '7' [ 435.919292][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 435.995781][T11200] ALUA lu_gp_id: 393216 exceeds maximum: 0x0000ffff [ 436.010944][ T31] audit: type=1800 audit(4294985779.409:9): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1070" name="lu_gp_id" dev="configfs" ino=37694 res=0 errno=0 [ 436.034941][T11202] CPU: 1 UID: 0 PID: 11202 Comm: syz.2.1072 Tainted: P L syzkaller #0 PREEMPT(full) [ 436.034998][T11202] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 436.035013][T11202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 436.035033][T11202] Call Trace: [ 436.035044][T11202] [ 436.035056][T11202] dump_stack_lvl+0x16c/0x1f0 [ 436.035112][T11202] should_fail_ex+0x512/0x640 [ 436.035149][T11202] ? fs_reclaim_acquire+0xae/0x150 [ 436.035217][T11202] should_failslab+0xc2/0x120 [ 436.035270][T11202] kmem_cache_alloc_noprof+0x83/0x770 [ 436.035309][T11202] ? __pfx_map_id_range_down+0x10/0x10 [ 436.035358][T11202] ? security_inode_alloc+0x3b/0x2b0 [ 436.035402][T11202] ? security_inode_alloc+0x3b/0x2b0 [ 436.035433][T11202] security_inode_alloc+0x3b/0x2b0 [ 436.035470][T11202] inode_init_always_gfp+0xced/0x1040 [ 436.035525][T11202] alloc_inode+0x86/0x240 [ 436.035564][T11202] new_inode+0x22/0x1c0 [ 436.035606][T11202] shmem_get_inode+0x19a/0xfb0 [ 436.035658][T11202] ? __vm_enough_memory+0x184/0x3f0 [ 436.035712][T11202] __shmem_file_setup+0x290/0x350 [ 436.035772][T11202] shmem_zero_setup+0x93/0x1b0 [ 436.035820][T11202] __mmap_region+0x2271/0x2a00 [ 436.035864][T11202] ? __pfx___mmap_region+0x10/0x10 [ 436.035938][T11202] ? rcu_is_watching+0x12/0xc0 [ 436.036063][T11202] ? rcu_is_watching+0x12/0xc0 [ 436.036120][T11202] mmap_region+0x1ab/0x3f0 [ 436.036161][T11202] ? __get_unmapped_area+0x267/0x3f0 [ 436.036225][T11202] do_mmap+0xa3e/0x1210 [ 436.036283][T11202] ? __pfx_do_mmap+0x10/0x10 [ 436.036335][T11202] ? __pfx_down_write_killable+0x10/0x10 [ 436.036370][T11202] ? percpu_counter_add_batch+0xca/0x200 [ 436.036412][T11202] vm_mmap_pgoff+0x29e/0x470 [ 436.036468][T11202] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 436.036514][T11202] ? fd_install+0x223/0x570 [ 436.036570][T11202] ? __x64_sys_futex+0x1e0/0x4c0 [ 436.036607][T11202] ? __x64_sys_futex+0x1e9/0x4c0 [ 436.036652][T11202] ksys_mmap_pgoff+0x7d/0x5c0 [ 436.036698][T11202] ? xfd_validate_state+0x61/0x180 [ 436.036729][T11202] ? __pfx_do_writev+0x10/0x10 [ 436.036779][T11202] __x64_sys_mmap+0x125/0x190 [ 436.036819][T11202] do_syscall_64+0xcd/0xf80 [ 436.036890][T11202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.036933][T11202] RIP: 0033:0x7fc631b8f7c9 [ 436.036959][T11202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.036993][T11202] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 436.037032][T11202] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 436.037056][T11202] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 436.037076][T11202] RBP: 00007fc631c13f91 R08: fffffffffffffffa R09: 0000000000008000 [ 436.037098][T11202] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 436.037119][T11202] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 436.037165][T11202] [ 437.130710][T11235] FAULT_INJECTION: forcing a failure. [ 437.130710][T11235] name failslab, interval 1, probability 0, space 0, times 0 [ 437.186029][T11235] CPU: 1 UID: 0 PID: 11235 Comm: syz.1.1078 Tainted: P L syzkaller #0 PREEMPT(full) [ 437.186088][T11235] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 437.186102][T11235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 437.186121][T11235] Call Trace: [ 437.186139][T11235] [ 437.186151][T11235] dump_stack_lvl+0x16c/0x1f0 [ 437.186206][T11235] should_fail_ex+0x512/0x640 [ 437.186241][T11235] ? __kvmalloc_node_noprof+0x129/0xa40 [ 437.186291][T11235] should_failslab+0xc2/0x120 [ 437.186340][T11235] __kvmalloc_node_noprof+0x14a/0xa40 [ 437.186385][T11235] ? stack_depot_save_flags+0x29/0x9b0 [ 437.186424][T11235] ? v4l2_ctrl_new+0x982/0x2190 [ 437.186472][T11235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 437.186531][T11235] ? v4l2_ctrl_new+0x982/0x2190 [ 437.186578][T11235] v4l2_ctrl_new+0x982/0x2190 [ 437.186632][T11235] ? do_filp_open+0x180/0x470 [ 437.186690][T11235] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 437.186755][T11235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 437.186806][T11235] v4l2_ctrl_new_std+0x1be/0x290 [ 437.186871][T11235] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 437.186930][T11235] ? trace_kmalloc+0x2b/0xb0 [ 437.186988][T11235] ? v4l2_ctrl_handler_init_class+0x201/0x350 [ 437.187045][T11235] ? media_request_object_init+0x100/0x180 [ 437.187092][T11235] vim2m_open+0x140/0x890 [ 437.187155][T11235] v4l2_open+0x1d2/0x5e0 [ 437.187199][T11235] ? __pfx_v4l2_open+0x10/0x10 [ 437.187241][T11235] chrdev_open+0x234/0x6a0 [ 437.187290][T11235] ? __pfx_apparmor_file_open+0x10/0x10 [ 437.187324][T11235] ? __pfx_chrdev_open+0x10/0x10 [ 437.187375][T11235] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 437.187436][T11235] do_dentry_open+0x748/0x1590 [ 437.187482][T11235] ? __pfx_chrdev_open+0x10/0x10 [ 437.187543][T11235] vfs_open+0x82/0x3f0 [ 437.187583][T11235] path_openat+0x2078/0x3140 [ 437.187647][T11235] ? __pfx_path_openat+0x10/0x10 [ 437.187712][T11235] do_filp_open+0x20b/0x470 [ 437.187787][T11235] ? __pfx_do_filp_open+0x10/0x10 [ 437.187869][T11235] ? alloc_fd+0x471/0x7d0 [ 437.187929][T11235] do_sys_openat2+0x121/0x290 [ 437.187966][T11235] ? __pfx_do_sys_openat2+0x10/0x10 [ 437.188018][T11235] __x64_sys_openat+0x174/0x210 [ 437.188055][T11235] ? __pfx___x64_sys_openat+0x10/0x10 [ 437.188109][T11235] do_syscall_64+0xcd/0xf80 [ 437.188170][T11235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.188203][T11235] RIP: 0033:0x7f8936f8f7c9 [ 437.188229][T11235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.188260][T11235] RSP: 002b:00007f8937d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 437.188290][T11235] RAX: ffffffffffffffda RBX: 00007f89371e5fa0 RCX: 00007f8936f8f7c9 [ 437.188311][T11235] RDX: 000000000002aa81 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 437.188333][T11235] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 437.188353][T11235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.188372][T11235] R13: 00007f89371e6038 R14: 00007f89371e5fa0 R15: 00007ffd14922df8 [ 437.188416][T11235] [ 438.275425][T11249] Invalid ELF header magic: != ELF [ 438.882212][T11261] FAULT_INJECTION: forcing a failure. [ 438.882212][T11261] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 438.928211][T11261] CPU: 0 UID: 0 PID: 11261 Comm: syz.0.1084 Tainted: P L syzkaller #0 PREEMPT(full) [ 438.928272][T11261] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 438.928287][T11261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 438.928307][T11261] Call Trace: [ 438.928318][T11261] [ 438.928331][T11261] dump_stack_lvl+0x16c/0x1f0 [ 438.928391][T11261] should_fail_ex+0x512/0x640 [ 438.928436][T11261] should_fail_alloc_page+0xe7/0x130 [ 438.928492][T11261] prepare_alloc_pages+0x401/0x670 [ 438.928553][T11261] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 438.928596][T11261] ? trace_mm_page_alloc+0x11b/0x180 [ 438.928653][T11261] ? kasan_save_stack+0x42/0x60 [ 438.928696][T11261] ? kasan_save_stack+0x33/0x60 [ 438.928739][T11261] ? kasan_save_track+0x14/0x30 [ 438.928811][T11261] ? __kasan_slab_alloc+0x89/0x90 [ 438.928855][T11261] ? kmem_cache_alloc_noprof+0x25e/0x770 [ 438.928892][T11261] ? __pmd_alloc+0xbf/0x9c0 [ 438.928938][T11261] ? __handle_mm_fault+0xbeb/0x2bb0 [ 438.928969][T11261] ? handle_mm_fault+0x3fe/0xad0 [ 438.929000][T11261] ? do_user_addr_fault+0x7a6/0x1370 [ 438.929041][T11261] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 438.929082][T11261] ? _copy_from_user+0x98/0xd0 [ 438.929117][T11261] ? do_sock_setsockopt+0xf3/0x1d0 [ 438.929169][T11261] ? __x64_sys_setsockopt+0xbd/0x160 [ 438.929207][T11261] ? do_syscall_64+0xcd/0xf80 [ 438.929257][T11261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.929312][T11261] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 438.929368][T11261] ? policy_nodemask+0xea/0x4e0 [ 438.929423][T11261] alloc_pages_mpol+0x1fb/0x550 [ 438.929476][T11261] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 438.929540][T11261] alloc_pages_noprof+0x131/0x390 [ 438.929592][T11261] pte_alloc_one+0x1e/0x3d0 [ 438.929639][T11261] do_fault+0x8b8/0x1ad0 [ 438.929688][T11261] ? __pfx_filemap_map_pages+0x10/0x10 [ 438.929728][T11261] ? __pmd_alloc+0x6aa/0x9c0 [ 438.929791][T11261] __handle_mm_fault+0x1919/0x2bb0 [ 438.929840][T11261] ? __pfx___handle_mm_fault+0x10/0x10 [ 438.929902][T11261] ? find_vma+0xbf/0x140 [ 438.929948][T11261] ? __pfx_find_vma+0x10/0x10 [ 438.930000][T11261] handle_mm_fault+0x3fe/0xad0 [ 438.930045][T11261] do_user_addr_fault+0x7a6/0x1370 [ 438.930092][T11261] ? rcu_is_watching+0x12/0xc0 [ 438.930145][T11261] exc_page_fault+0x64/0xc0 [ 438.930197][T11261] asm_exc_page_fault+0x26/0x30 [ 438.930229][T11261] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 438.930270][T11261] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 438.930304][T11261] RSP: 0018:ffffc90003f2fce8 EFLAGS: 00050246 [ 438.930333][T11261] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 438.930353][T11261] RDX: ffffed10052fe569 RSI: 0000000000000000 RDI: ffff8880297f2b40 [ 438.930374][T11261] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed10052fe568 [ 438.930395][T11261] R10: ffff8880297f2b47 R11: ffff88807df066b0 R12: 0000000000000000 [ 438.930416][T11261] R13: ffff8880297f2b40 R14: 0000000000000000 R15: 0000000000000008 [ 438.930460][T11261] _copy_from_user+0x98/0xd0 [ 438.930499][T11261] sctp_setsockopt+0x206e/0xb8c0 [ 438.930538][T11261] ? ksys_write+0x190/0x250 [ 438.930594][T11261] ? __pfx_sctp_setsockopt+0x10/0x10 [ 438.930634][T11261] ? find_held_lock+0x2b/0x80 [ 438.930681][T11261] ? aa_sock_opt_perm+0xfd/0x1b0 [ 438.930735][T11261] ? sock_common_setsockopt+0x2e/0xf0 [ 438.930795][T11261] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 438.930851][T11261] do_sock_setsockopt+0xf3/0x1d0 [ 438.930907][T11261] __sys_setsockopt+0x120/0x1a0 [ 438.930957][T11261] __x64_sys_setsockopt+0xbd/0x160 [ 438.930997][T11261] ? do_syscall_64+0x91/0xf80 [ 438.931048][T11261] ? lockdep_hardirqs_on+0x7c/0x110 [ 438.931099][T11261] do_syscall_64+0xcd/0xf80 [ 438.931153][T11261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.931186][T11261] RIP: 0033:0x7f96a058f7c9 [ 438.931213][T11261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.931248][T11261] RSP: 002b:00007f969e7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 438.931278][T11261] RAX: ffffffffffffffda RBX: 00007f96a07e6090 RCX: 00007f96a058f7c9 [ 438.931300][T11261] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 438.931322][T11261] RBP: 00007f96a0613f91 R08: 0000000000000008 R09: 0000000000000000 [ 438.931342][T11261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.931363][T11261] R13: 00007f96a07e6128 R14: 00007f96a07e6090 R15: 00007ffc5f15b068 [ 438.931408][T11261] [ 440.850705][T11290] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1099'. [ 441.565627][T11314] random: crng reseeded on system resumption [ 444.559400][T11389] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 444.665312][T11389] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1120'. [ 445.765953][ T31] audit: type=1326 audit(4294985789.179:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11408 comm="syz.0.1124" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96a058f7c9 code=0x0 [ 445.998890][T11416] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1126'. [ 446.009547][T11417] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1126'. [ 446.037582][T11416] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 446.056118][T11416] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 446.488394][ T5832] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 446.496006][ T5832] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 446.616652][T11428] random: crng reseeded on system resumption [ 448.214648][T11464] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1137'. [ 448.655069][T11475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1139'. [ 448.677481][T11475] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1139'. [ 448.710898][T11478] FAULT_INJECTION: forcing a failure. [ 448.710898][T11478] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 448.749134][T11478] CPU: 1 UID: 0 PID: 11478 Comm: syz.1.1140 Tainted: P L syzkaller #0 PREEMPT(full) [ 448.749193][T11478] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 448.749207][T11478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 448.749226][T11478] Call Trace: [ 448.749237][T11478] [ 448.749249][T11478] dump_stack_lvl+0x16c/0x1f0 [ 448.749311][T11478] should_fail_ex+0x512/0x640 [ 448.749354][T11478] should_fail_alloc_page+0xe7/0x130 [ 448.749406][T11478] prepare_alloc_pages+0x401/0x670 [ 448.749458][T11478] ? rcu_is_watching+0x12/0xc0 [ 448.749508][T11478] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 448.749554][T11478] ? stack_trace_save+0x8e/0xc0 [ 448.749605][T11478] ? __pfx_stack_trace_save+0x10/0x10 [ 448.749652][T11478] ? stack_depot_save_flags+0x29/0x9b0 [ 448.749685][T11478] ? __kernel_text_address+0xd/0x40 [ 448.749720][T11478] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 448.749760][T11478] ? soundcore_open+0x40c/0x580 [ 448.749799][T11478] ? chrdev_open+0x234/0x6a0 [ 448.749840][T11478] ? do_dentry_open+0x748/0x1590 [ 448.749880][T11478] ? vfs_open+0x82/0x3f0 [ 448.749909][T11478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.749952][T11478] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 448.749997][T11478] ? policy_nodemask+0xea/0x4e0 [ 448.750043][T11478] alloc_pages_mpol+0x1fb/0x550 [ 448.750087][T11478] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 448.750139][T11478] alloc_pages_noprof+0x131/0x390 [ 448.750183][T11478] alloc_pages_exact_noprof+0x37/0xe0 [ 448.750209][T11478] ? __asan_memset+0x23/0x50 [ 448.750242][T11478] snd_pcm_attach_substream+0x4bb/0xd60 [ 448.750292][T11478] snd_pcm_open_substream+0x8d/0x1820 [ 448.750330][T11478] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 448.750374][T11478] snd_pcm_oss_open+0x735/0x1400 [ 448.750433][T11478] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 448.750480][T11478] ? __lock_acquire+0x436/0x2890 [ 448.750507][T11478] ? __pfx_default_wake_function+0x10/0x10 [ 448.750548][T11478] ? __lock_acquire+0x436/0x2890 [ 448.750581][T11478] ? do_raw_spin_lock+0x12c/0x2b0 [ 448.750615][T11478] ? soundcore_open+0x35a/0x580 [ 448.750658][T11478] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 448.750705][T11478] soundcore_open+0x40c/0x580 [ 448.750749][T11478] ? __pfx_soundcore_open+0x10/0x10 [ 448.750790][T11478] chrdev_open+0x234/0x6a0 [ 448.750833][T11478] ? __pfx_apparmor_file_open+0x10/0x10 [ 448.750862][T11478] ? __pfx_chrdev_open+0x10/0x10 [ 448.750906][T11478] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 448.750959][T11478] do_dentry_open+0x748/0x1590 [ 448.750999][T11478] ? __pfx_chrdev_open+0x10/0x10 [ 448.751052][T11478] vfs_open+0x82/0x3f0 [ 448.751085][T11478] path_openat+0x2078/0x3140 [ 448.751138][T11478] ? __pfx_path_openat+0x10/0x10 [ 448.751193][T11478] do_filp_open+0x20b/0x470 [ 448.751237][T11478] ? __pfx_do_filp_open+0x10/0x10 [ 448.751308][T11478] ? alloc_fd+0x471/0x7d0 [ 448.751358][T11478] do_sys_openat2+0x121/0x290 [ 448.751389][T11478] ? __pfx_do_sys_openat2+0x10/0x10 [ 448.751433][T11478] __x64_sys_openat+0x174/0x210 [ 448.751466][T11478] ? __pfx___x64_sys_openat+0x10/0x10 [ 448.751511][T11478] do_syscall_64+0xcd/0xf80 [ 448.751556][T11478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.751583][T11478] RIP: 0033:0x7f8936f8f7c9 [ 448.751604][T11478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.751631][T11478] RSP: 002b:00007f8937d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 448.751658][T11478] RAX: ffffffffffffffda RBX: 00007f89371e6090 RCX: 00007f8936f8f7c9 [ 448.751677][T11478] RDX: 0000000000020342 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 448.751694][T11478] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 448.751711][T11478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.751733][T11478] R13: 00007f89371e6128 R14: 00007f89371e6090 R15: 00007ffd14922df8 [ 448.751770][T11478] [ 450.185486][T11500] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 450.562705][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.578885][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.508613][T11521] hub 1-0:1.0: USB hub found [ 451.542284][T11508] nvme_fabrics: missing parameter 'transport=%s' [ 451.549440][T11521] hub 1-0:1.0: 1 port detected [ 451.554348][T11508] nvme_fabrics: missing parameter 'nqn=%s' [ 452.331214][T11537] capability: warning: `syz.2.1154' uses deprecated v2 capabilities in a way that may be insecure [ 452.387076][T11541] binder: 11540:11541 ioctl c0306201 0 returned -14 [ 452.402979][T11539] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1154'. [ 453.197353][T11553] block ram6: the capability attribute has been deprecated. [ 453.519053][T11561] FAULT_INJECTION: forcing a failure. [ 453.519053][T11561] name failslab, interval 1, probability 0, space 0, times 0 [ 453.574774][T11561] CPU: 1 UID: 0 PID: 11561 Comm: syz.2.1161 Tainted: P L syzkaller #0 PREEMPT(full) [ 453.574841][T11561] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 453.574857][T11561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 453.574877][T11561] Call Trace: [ 453.574888][T11561] [ 453.574901][T11561] dump_stack_lvl+0x16c/0x1f0 [ 453.574961][T11561] should_fail_ex+0x512/0x640 [ 453.574999][T11561] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 453.575046][T11561] should_failslab+0xc2/0x120 [ 453.575098][T11561] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 453.575144][T11561] ? __d_alloc+0x35/0xa80 [ 453.575179][T11561] ? __d_alloc+0x35/0xa80 [ 453.575205][T11561] __d_alloc+0x35/0xa80 [ 453.575239][T11561] d_alloc_parallel+0x111/0x1510 [ 453.575292][T11561] ? find_held_lock+0x2b/0x80 [ 453.575339][T11561] ? __pfx_d_alloc_parallel+0x10/0x10 [ 453.575385][T11561] ? __d_lookup+0x266/0x4a0 [ 453.575436][T11561] lookup_open.isra.0+0x66c/0x1780 [ 453.575490][T11561] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 453.575558][T11561] ? lookup_fast+0x156/0x610 [ 453.575605][T11561] path_openat+0x12bb/0x3140 [ 453.575671][T11561] ? __pfx_path_openat+0x10/0x10 [ 453.575739][T11561] do_filp_open+0x20b/0x470 [ 453.575791][T11561] ? __pfx_do_filp_open+0x10/0x10 [ 453.575888][T11561] ? alloc_fd+0x471/0x7d0 [ 453.575950][T11561] do_sys_openat2+0x121/0x290 [ 453.575989][T11561] ? __pfx_do_sys_openat2+0x10/0x10 [ 453.576043][T11561] __x64_sys_openat+0x174/0x210 [ 453.576089][T11561] ? __pfx___x64_sys_openat+0x10/0x10 [ 453.576146][T11561] do_syscall_64+0xcd/0xf80 [ 453.576201][T11561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.576235][T11561] RIP: 0033:0x7fc631b8f7c9 [ 453.576260][T11561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.576294][T11561] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 453.576326][T11561] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 453.576348][T11561] RDX: 0000000000040c00 RSI: 00002000000007c0 RDI: ffffffffffffff9c [ 453.576368][T11561] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 453.576388][T11561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.576409][T11561] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 453.576455][T11561] [ 454.641271][T11590] FAULT_INJECTION: forcing a failure. [ 454.641271][T11590] name failslab, interval 1, probability 0, space 0, times 0 [ 454.654293][T11590] CPU: 0 UID: 0 PID: 11590 Comm: syz.3.1166 Tainted: P L syzkaller #0 PREEMPT(full) [ 454.654348][T11590] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 454.654362][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 454.654380][T11590] Call Trace: [ 454.654390][T11590] [ 454.654403][T11590] dump_stack_lvl+0x16c/0x1f0 [ 454.654462][T11590] should_fail_ex+0x512/0x640 [ 454.654489][T11590] ? kmem_cache_alloc_noprof+0x62/0x770 [ 454.654524][T11590] should_failslab+0xc2/0x120 [ 454.654561][T11590] kmem_cache_alloc_noprof+0x83/0x770 [ 454.654594][T11590] ? seq_open+0x55/0x170 [ 454.654626][T11590] ? seq_open+0x55/0x170 [ 454.654650][T11590] seq_open+0x55/0x170 [ 454.654677][T11590] __seq_open_private+0x3e/0xd0 [ 454.654708][T11590] pid_maps_open+0x29/0xf0 [ 454.654733][T11590] do_dentry_open+0x748/0x1590 [ 454.654776][T11590] ? __pfx_pid_maps_open+0x10/0x10 [ 454.654807][T11590] vfs_open+0x82/0x3f0 [ 454.654841][T11590] path_openat+0x2078/0x3140 [ 454.654886][T11590] ? __pfx_path_openat+0x10/0x10 [ 454.654932][T11590] do_filp_open+0x20b/0x470 [ 454.654969][T11590] ? __pfx_do_filp_open+0x10/0x10 [ 454.655014][T11590] ? __pfx_kfree_link+0x10/0x10 [ 454.655050][T11590] ? alloc_fd+0x471/0x7d0 [ 454.655092][T11590] do_sys_openat2+0x121/0x290 [ 454.655118][T11590] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.655155][T11590] __x64_sys_openat+0x174/0x210 [ 454.655182][T11590] ? __pfx___x64_sys_openat+0x10/0x10 [ 454.655221][T11590] do_syscall_64+0xcd/0xf80 [ 454.655259][T11590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.655283][T11590] RIP: 0033:0x7f18a118f7c9 [ 454.655301][T11590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.655324][T11590] RSP: 002b:00007f18a20ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 454.655347][T11590] RAX: ffffffffffffffda RBX: 00007f18a13e6090 RCX: 00007f18a118f7c9 [ 454.655362][T11590] RDX: 0000000000000840 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 454.655378][T11590] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 454.655393][T11590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.655407][T11590] R13: 00007f18a13e6128 R14: 00007f18a13e6090 R15: 00007ffd4b2dd3c8 [ 454.655437][T11590] [ 455.873271][T11616] netlink: 'syz.3.1171': attribute type 19 has an invalid length. [ 455.888589][T11616] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1171'. [ 456.660213][T11627] FAULT_INJECTION: forcing a failure. [ 456.660213][T11627] name failslab, interval 1, probability 0, space 0, times 0 [ 456.747847][T11627] CPU: 0 UID: 0 PID: 11627 Comm: syz.2.1173 Tainted: P L syzkaller #0 PREEMPT(full) [ 456.747905][T11627] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 456.747919][T11627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 456.747939][T11627] Call Trace: [ 456.747949][T11627] [ 456.747962][T11627] dump_stack_lvl+0x16c/0x1f0 [ 456.748018][T11627] should_fail_ex+0x512/0x640 [ 456.748054][T11627] ? __kmalloc_noprof+0xca/0x910 [ 456.748094][T11627] should_failslab+0xc2/0x120 [ 456.748146][T11627] __kmalloc_noprof+0xeb/0x910 [ 456.748183][T11627] ? lsm_blob_alloc+0x68/0x90 [ 456.748235][T11627] ? lsm_blob_alloc+0x68/0x90 [ 456.748281][T11627] lsm_blob_alloc+0x68/0x90 [ 456.748333][T11627] security_sk_alloc+0x2f/0x270 [ 456.748370][T11627] sk_prot_alloc+0x1c7/0x2a0 [ 456.748425][T11627] sk_alloc+0x36/0xe30 [ 456.748465][T11627] pppoe_create+0x32/0x360 [ 456.748509][T11627] pppox_create+0x15c/0x2c0 [ 456.748554][T11627] __sock_create+0x339/0x8a0 [ 456.748592][T11627] __sys_socket+0x14d/0x260 [ 456.748621][T11627] ? __fget_files+0x20e/0x3c0 [ 456.748676][T11627] ? __pfx___sys_socket+0x10/0x10 [ 456.748710][T11627] ? xfd_validate_state+0x61/0x180 [ 456.748754][T11627] __x64_sys_socket+0x72/0xb0 [ 456.748784][T11627] ? lockdep_hardirqs_on+0x7c/0x110 [ 456.748837][T11627] do_syscall_64+0xcd/0xf80 [ 456.748891][T11627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.748925][T11627] RIP: 0033:0x7fc631b8f7c9 [ 456.748958][T11627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.748999][T11627] RSP: 002b:00007fc62fdf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 456.749031][T11627] RAX: ffffffffffffffda RBX: 00007fc631de6090 RCX: 00007fc631b8f7c9 [ 456.749055][T11627] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018 [ 456.749080][T11627] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 456.749101][T11627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.749121][T11627] R13: 00007fc631de6128 R14: 00007fc631de6090 R15: 00007fff0eeacfb8 [ 456.749165][T11627] [ 459.117610][T11684] FAULT_INJECTION: forcing a failure. [ 459.117610][T11684] name failslab, interval 1, probability 0, space 0, times 0 [ 459.132546][T11684] CPU: 1 UID: 0 PID: 11684 Comm: syz.3.1185 Tainted: P L syzkaller #0 PREEMPT(full) [ 459.132605][T11684] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 459.132620][T11684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 459.132641][T11684] Call Trace: [ 459.132652][T11684] [ 459.132666][T11684] dump_stack_lvl+0x16c/0x1f0 [ 459.132724][T11684] should_fail_ex+0x512/0x640 [ 459.132764][T11684] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 459.132816][T11684] should_failslab+0xc2/0x120 [ 459.132877][T11684] kmem_cache_alloc_node_noprof+0x86/0x800 [ 459.132919][T11684] ? do_syscall_64+0xcd/0xf80 [ 459.132971][T11684] ? alloc_vmap_area+0x66f/0x2a50 [ 459.133031][T11684] ? alloc_vmap_area+0x66f/0x2a50 [ 459.133085][T11684] alloc_vmap_area+0x66f/0x2a50 [ 459.133156][T11684] ? __pfx_alloc_vmap_area+0x10/0x10 [ 459.133219][T11684] __get_vm_area_node+0x1ca/0x330 [ 459.133280][T11684] __vmalloc_node_range_noprof+0x247/0x16b0 [ 459.133314][T11684] ? n_tty_open+0x1a/0x170 [ 459.133342][T11684] ? do_raw_spin_lock+0x12c/0x2b0 [ 459.133397][T11684] ? n_tty_open+0x1a/0x170 [ 459.133446][T11684] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 459.133480][T11684] ? __ldsem_down_write_nested+0xfd/0x850 [ 459.133512][T11684] ? __ldsem_down_write_nested+0x10e/0x850 [ 459.133545][T11684] ? lockdep_init_map_type+0x5c/0x270 [ 459.133587][T11684] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 459.133629][T11684] ? n_tty_open+0x1a/0x170 [ 459.133659][T11684] __vmalloc_node_noprof+0xad/0xf0 [ 459.133692][T11684] ? n_tty_open+0x1a/0x170 [ 459.133723][T11684] ? __pfx_n_tty_open+0x10/0x10 [ 459.133765][T11684] n_tty_open+0x1a/0x170 [ 459.133797][T11684] ? __pfx_n_tty_open+0x10/0x10 [ 459.133826][T11684] tty_ldisc_open+0x9f/0x120 [ 459.133871][T11684] tty_ldisc_setup+0x40/0x100 [ 459.133917][T11684] tty_init_dev.part.0+0x1ec/0x500 [ 459.133974][T11684] tty_init_dev+0x60/0x80 [ 459.134035][T11684] ptmx_open+0x15e/0x3c0 [ 459.134092][T11684] ? __pfx_ptmx_open+0x10/0x10 [ 459.134134][T11684] chrdev_open+0x234/0x6a0 [ 459.134190][T11684] ? __pfx_apparmor_file_open+0x10/0x10 [ 459.134224][T11684] ? __pfx_chrdev_open+0x10/0x10 [ 459.134285][T11684] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 459.134347][T11684] do_dentry_open+0x748/0x1590 [ 459.134397][T11684] ? __pfx_chrdev_open+0x10/0x10 [ 459.134467][T11684] vfs_open+0x82/0x3f0 [ 459.134510][T11684] path_openat+0x2078/0x3140 [ 459.134571][T11684] ? trace_sched_exit_tp+0xd1/0x110 [ 459.134622][T11684] ? __schedule+0x10b9/0x6150 [ 459.134669][T11684] ? __pfx_path_openat+0x10/0x10 [ 459.134737][T11684] do_filp_open+0x20b/0x470 [ 459.134790][T11684] ? __pfx_do_filp_open+0x10/0x10 [ 459.134839][T11684] ? __pfx___schedule+0x10/0x10 [ 459.134917][T11684] ? alloc_fd+0x471/0x7d0 [ 459.134979][T11684] do_sys_openat2+0x121/0x290 [ 459.135018][T11684] ? __pfx_do_sys_openat2+0x10/0x10 [ 459.135060][T11684] ? __do_sys_capset+0xf9/0x460 [ 459.135114][T11684] __x64_sys_openat+0x174/0x210 [ 459.135154][T11684] ? __pfx___x64_sys_openat+0x10/0x10 [ 459.135212][T11684] do_syscall_64+0xcd/0xf80 [ 459.135267][T11684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.135301][T11684] RIP: 0033:0x7f18a118f7c9 [ 459.135330][T11684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.135364][T11684] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 459.135397][T11684] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 459.135420][T11684] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 459.135450][T11684] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 459.135471][T11684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.135491][T11684] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 459.135537][T11684] [ 459.557837][T11684] syz.3.1185: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 459.574971][T11684] CPU: 0 UID: 0 PID: 11684 Comm: syz.3.1185 Tainted: P L syzkaller #0 PREEMPT(full) [ 459.575027][T11684] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 459.575043][T11684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 459.575063][T11684] Call Trace: [ 459.575074][T11684] [ 459.575088][T11684] dump_stack_lvl+0x16c/0x1f0 [ 459.575146][T11684] warn_alloc+0x248/0x3a0 [ 459.575192][T11684] ? __pfx_warn_alloc+0x10/0x10 [ 459.575238][T11684] ? __get_vm_area_node+0x2cd/0x330 [ 459.575300][T11684] ? __get_vm_area_node+0x2cd/0x330 [ 459.575371][T11684] ? __get_vm_area_node+0x208/0x330 [ 459.575434][T11684] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 459.575490][T11684] ? n_tty_open+0x1a/0x170 [ 459.575534][T11684] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 459.575570][T11684] ? __ldsem_down_write_nested+0xfd/0x850 [ 459.575603][T11684] ? __ldsem_down_write_nested+0x10e/0x850 [ 459.575635][T11684] ? lockdep_init_map_type+0x5c/0x270 [ 459.575677][T11684] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 459.575717][T11684] ? n_tty_open+0x1a/0x170 [ 459.575747][T11684] __vmalloc_node_noprof+0xad/0xf0 [ 459.575780][T11684] ? n_tty_open+0x1a/0x170 [ 459.575820][T11684] ? __pfx_n_tty_open+0x10/0x10 [ 459.575853][T11684] n_tty_open+0x1a/0x170 [ 459.575880][T11684] ? __pfx_n_tty_open+0x10/0x10 [ 459.575911][T11684] tty_ldisc_open+0x9f/0x120 [ 459.575955][T11684] tty_ldisc_setup+0x40/0x100 [ 459.576002][T11684] tty_init_dev.part.0+0x1ec/0x500 [ 459.576060][T11684] tty_init_dev+0x60/0x80 [ 459.576113][T11684] ptmx_open+0x15e/0x3c0 [ 459.576154][T11684] ? __pfx_ptmx_open+0x10/0x10 [ 459.576193][T11684] chrdev_open+0x234/0x6a0 [ 459.576244][T11684] ? __pfx_apparmor_file_open+0x10/0x10 [ 459.576280][T11684] ? __pfx_chrdev_open+0x10/0x10 [ 459.576334][T11684] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 459.576396][T11684] do_dentry_open+0x748/0x1590 [ 459.576445][T11684] ? __pfx_chrdev_open+0x10/0x10 [ 459.576519][T11684] vfs_open+0x82/0x3f0 [ 459.576562][T11684] path_openat+0x2078/0x3140 [ 459.576624][T11684] ? trace_sched_exit_tp+0xd1/0x110 [ 459.576676][T11684] ? __schedule+0x10b9/0x6150 [ 459.576723][T11684] ? __pfx_path_openat+0x10/0x10 [ 459.576793][T11684] do_filp_open+0x20b/0x470 [ 459.576845][T11684] ? __pfx_do_filp_open+0x10/0x10 [ 459.576894][T11684] ? __pfx___schedule+0x10/0x10 [ 459.576972][T11684] ? alloc_fd+0x471/0x7d0 [ 459.577035][T11684] do_sys_openat2+0x121/0x290 [ 459.577073][T11684] ? __pfx_do_sys_openat2+0x10/0x10 [ 459.577116][T11684] ? __do_sys_capset+0xf9/0x460 [ 459.577170][T11684] __x64_sys_openat+0x174/0x210 [ 459.577210][T11684] ? __pfx___x64_sys_openat+0x10/0x10 [ 459.577267][T11684] do_syscall_64+0xcd/0xf80 [ 459.577322][T11684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.577359][T11684] RIP: 0033:0x7f18a118f7c9 [ 459.577388][T11684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.577423][T11684] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 459.577463][T11684] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 459.577486][T11684] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 459.577508][T11684] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 459.577529][T11684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.577551][T11684] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 459.577603][T11684] [ 460.057070][T11684] Mem-Info: [ 460.066684][T11684] active_anon:46342 inactive_anon:49 isolated_anon:0 [ 460.066684][T11684] active_file:16497 inactive_file:44941 isolated_file:0 [ 460.066684][T11684] unevictable:768 dirty:686 writeback:0 [ 460.066684][T11684] slab_reclaimable:12144 slab_unreclaimable:95388 [ 460.066684][T11684] mapped:43488 shmem:35179 pagetables:1449 [ 460.066684][T11684] sec_pagetables:0 bounce:0 [ 460.066684][T11684] kernel_misc_reclaimable:0 [ 460.066684][T11684] free:1278102 free_pcp:7236 free_cma:0 [ 460.154755][T11684] Node 0 active_anon:186068kB inactive_anon:196kB active_file:65988kB inactive_file:181676kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:174652kB dirty:2740kB writeback:0kB shmem:140180kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12452kB pagetables:5648kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 460.187849][T11684] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 460.218108][T11684] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.248207][T11684] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 460.254076][T11684] Node 0 DMA32 free:1185420kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:186116kB inactive_anon:196kB active_file:65988kB inactive_file:181676kB unevictable:1536kB writepending:2740kB zspages:0kB present:3129332kB managed:2541016kB mlocked:0kB bounce:0kB free_pcp:25412kB local_pcp:6128kB free_cma:0kB [ 460.306162][T11684] lowmem_reserve[]: 0 0 1 1 1 [ 460.310961][T11684] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.376519][T11684] lowmem_reserve[]: 0 0 0 0 0 [ 460.382209][T11684] Node 1 Normal free:3906472kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:1500kB local_pcp:0kB free_cma:0kB [ 460.419051][T11684] lowmem_reserve[]: 0 0 0 0 0 [ 460.426223][T11684] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 460.439613][T11684] Node 0 DMA32: 91*4kB (UME) 2300*8kB (UE) 1648*16kB (UME) 460*32kB (UE) 373*64kB (UME) 507*128kB (UME) 274*256kB (UME) 170*512kB (UME) 119*1024kB (UME) 26*2048kB (UM) 171*4096kB (UM) = 1181324kB [ 460.459613][T11684] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 460.515966][T11684] Node 1 Normal: 60*4kB (UME) 48*8kB (UME) 47*16kB (UE) 248*32kB (UE) 103*64kB (UE) 35*128kB (UE) 10*256kB (UME) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (ME) 946*4096kB (M) = 3906464kB [ 460.593371][T11684] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.619816][T11684] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 460.651533][T11684] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.678975][T11684] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 460.714230][T11684] 98537 total pagecache pages [ 460.725144][T11684] 8 pages in swap cache [ 460.755525][T11684] Free swap = 124964kB [ 460.759990][T11684] Total swap = 124996kB [ 460.764304][T11684] 2097051 pages RAM [ 460.768422][T11684] 0 pages HighMem/MovableOnly [ 460.773283][T11684] 429771 pages reserved [ 460.777802][T11684] 0 pages cma reserved [ 460.782298][T11684] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 460.947555][ T5832] Bluetooth: hci3: unexpected event 0x31 length: 19 > 6 [ 463.576574][ T31] audit: type=1326 audit(4294985806.999:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11746 comm="syz.3.1198" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f18a118f7c9 code=0x0 [ 464.790804][T11768] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 464.797282][T11768] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 465.978649][T11791] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1208'. [ 466.147310][T11798] FAULT_INJECTION: forcing a failure. [ 466.147310][T11798] name failslab, interval 1, probability 0, space 0, times 0 [ 466.197485][T11798] CPU: 1 UID: 0 PID: 11798 Comm: syz.1.1208 Tainted: P L syzkaller #0 PREEMPT(full) [ 466.197549][T11798] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 466.197565][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 466.197585][T11798] Call Trace: [ 466.197595][T11798] [ 466.197608][T11798] dump_stack_lvl+0x16c/0x1f0 [ 466.197666][T11798] should_fail_ex+0x512/0x640 [ 466.197705][T11798] ? kmem_cache_alloc_noprof+0x62/0x770 [ 466.197751][T11798] should_failslab+0xc2/0x120 [ 466.197803][T11798] kmem_cache_alloc_noprof+0x83/0x770 [ 466.197843][T11798] ? stack_depot_save_flags+0x29/0x9b0 [ 466.197888][T11798] ? alloc_empty_file+0x55/0x1e0 [ 466.197932][T11798] ? alloc_empty_file+0x55/0x1e0 [ 466.197965][T11798] ? kasan_save_track+0x14/0x30 [ 466.198009][T11798] alloc_empty_file+0x55/0x1e0 [ 466.198046][T11798] path_openat+0xde/0x3140 [ 466.198095][T11798] ? do_syscall_64+0xcd/0xf80 [ 466.198145][T11798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.198193][T11798] ? __pfx_path_openat+0x10/0x10 [ 466.198259][T11798] do_filp_open+0x20b/0x470 [ 466.198312][T11798] ? __pfx_do_filp_open+0x10/0x10 [ 466.198393][T11798] ? alloc_fd+0x471/0x7d0 [ 466.198455][T11798] do_sys_openat2+0x121/0x290 [ 466.198493][T11798] ? __pfx_do_sys_openat2+0x10/0x10 [ 466.198547][T11798] __x64_sys_openat+0x174/0x210 [ 466.198586][T11798] ? __pfx___x64_sys_openat+0x10/0x10 [ 466.198643][T11798] do_syscall_64+0xcd/0xf80 [ 466.198696][T11798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.198730][T11798] RIP: 0033:0x7f8936f8f7c9 [ 466.198757][T11798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.198790][T11798] RSP: 002b:00007f8937d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 466.198821][T11798] RAX: ffffffffffffffda RBX: 00007f89371e6090 RCX: 00007f8936f8f7c9 [ 466.198844][T11798] RDX: 0000000000020800 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 466.198874][T11798] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 466.198894][T11798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 466.198914][T11798] R13: 00007f89371e6128 R14: 00007f89371e6090 R15: 00007ffd14922df8 [ 466.198963][T11798] [ 467.335462][T11821] FAULT_INJECTION: forcing a failure. [ 467.335462][T11821] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 467.356387][T11821] CPU: 1 UID: 0 PID: 11821 Comm: syz.1.1212 Tainted: P L syzkaller #0 PREEMPT(full) [ 467.356447][T11821] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 467.356462][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 467.356482][T11821] Call Trace: [ 467.356493][T11821] [ 467.356506][T11821] dump_stack_lvl+0x16c/0x1f0 [ 467.356563][T11821] should_fail_ex+0x512/0x640 [ 467.356607][T11821] _copy_from_user+0x2e/0xd0 [ 467.356645][T11821] load_msg+0x19e/0x4a0 [ 467.356700][T11821] do_msgrcv+0x202/0x16c0 [ 467.356750][T11821] ? do_futex+0x122/0x350 [ 467.356798][T11821] ? __pfx_do_msg_fill+0x10/0x10 [ 467.356859][T11821] ? __pfx_do_msgrcv+0x10/0x10 [ 467.356909][T11821] ? __x64_sys_futex+0x1e0/0x4c0 [ 467.356955][T11821] ? xfd_validate_state+0x61/0x180 [ 467.356985][T11821] ? __pfx___do_sys_rseq+0x10/0x10 [ 467.357031][T11821] ? do_syscall_64+0xcd/0xf80 [ 467.357080][T11821] do_syscall_64+0xcd/0xf80 [ 467.357134][T11821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.357169][T11821] RIP: 0033:0x7f8936f8f7c9 [ 467.357196][T11821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.357230][T11821] RSP: 002b:00007f8937d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 467.357268][T11821] RAX: ffffffffffffffda RBX: 00007f89371e5fa0 RCX: 00007f8936f8f7c9 [ 467.357291][T11821] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 467.357311][T11821] RBP: 00007f8937013f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 467.357333][T11821] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 467.357352][T11821] R13: 00007f89371e6038 R14: 00007f89371e5fa0 R15: 00007ffd14922df8 [ 467.357397][T11821] [ 469.263743][ T5832] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 469.933012][T11866] random: crng reseeded on system resumption [ 470.863316][T11883] openvswitch: netlink: Message has 4 unknown bytes. [ 471.271467][T11893] FAULT_INJECTION: forcing a failure. [ 471.271467][T11893] name fail_futex, interval 1, probability 0, space 0, times 0 [ 471.350683][T11893] CPU: 0 UID: 0 PID: 11893 Comm: syz.1.1228 Tainted: P L syzkaller #0 PREEMPT(full) [ 471.350737][T11893] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 471.350751][T11893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 471.350770][T11893] Call Trace: [ 471.350781][T11893] [ 471.350793][T11893] dump_stack_lvl+0x16c/0x1f0 [ 471.350847][T11893] should_fail_ex+0x512/0x640 [ 471.350889][T11893] get_futex_key+0x1d0/0x15f0 [ 471.350929][T11893] ? __pfx_get_futex_key+0x10/0x10 [ 471.350966][T11893] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 471.351015][T11893] futex_wake+0xea/0x530 [ 471.351058][T11893] ? __handle_mm_fault+0x5a8/0x2bb0 [ 471.351095][T11893] ? __pfx_futex_wake+0x10/0x10 [ 471.351136][T11893] ? css_rstat_updated+0x1d1/0x590 [ 471.351194][T11893] do_futex+0x1e3/0x350 [ 471.351232][T11893] ? __pfx_do_futex+0x10/0x10 [ 471.351269][T11893] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 471.351322][T11893] ? count_memcg_events+0x122/0x290 [ 471.351372][T11893] __x64_sys_futex+0x1e0/0x4c0 [ 471.351410][T11893] ? exc_page_fault+0x64/0xc0 [ 471.351453][T11893] ? __pfx___x64_sys_futex+0x10/0x10 [ 471.351505][T11893] do_syscall_64+0xcd/0xf80 [ 471.351555][T11893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.351587][T11893] RIP: 0033:0x7f8936f8f7c9 [ 471.351610][T11893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.351641][T11893] RSP: 002b:00007f89351f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 471.351669][T11893] RAX: ffffffffffffffda RBX: 00007f89371e6188 RCX: 00007f8936f8f7c9 [ 471.351689][T11893] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f89371e618c [ 471.351713][T11893] RBP: 00007f89371e6180 R08: 00007f8937d65000 R09: 0000000000000000 [ 471.351732][T11893] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 471.351751][T11893] R13: 00007f89371e6218 R14: 00007ffd14922d10 R15: 00007ffd14922df8 [ 471.351791][T11893] [ 475.744306][T11984] zswap: compressor not available [ 477.126603][T12015] futex_wake_op: syz.0.1246 tries to shift op by -2048; fix this program [ 477.163742][T12015] futex_wake_op: syz.0.1246 tries to shift op by -2048; fix this program [ 477.256577][T12015] 0x000000000001-0x000000020000 : "" [ 477.336878][T12015] ftl_cs: FTL header corrupt! [ 477.914496][T12028] Invalid ELF header magic: != ELF [ 478.560861][T12048] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1254'. [ 478.913416][T12048] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 479.083906][T12057] FAULT_INJECTION: forcing a failure. [ 479.083906][T12057] name failslab, interval 1, probability 0, space 0, times 0 [ 479.108933][T12057] CPU: 1 UID: 0 PID: 12057 Comm: syz.3.1256 Tainted: P L syzkaller #0 PREEMPT(full) [ 479.109000][T12057] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 479.109015][T12057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 479.109035][T12057] Call Trace: [ 479.109046][T12057] [ 479.109059][T12057] dump_stack_lvl+0x16c/0x1f0 [ 479.109120][T12057] should_fail_ex+0x512/0x640 [ 479.109157][T12057] ? __kmalloc_node_noprof+0xcd/0x930 [ 479.109209][T12057] should_failslab+0xc2/0x120 [ 479.109260][T12057] __kmalloc_node_noprof+0xee/0x930 [ 479.109307][T12057] ? load_msg+0x43/0x4a0 [ 479.109359][T12057] ? load_msg+0x43/0x4a0 [ 479.109402][T12057] load_msg+0x43/0x4a0 [ 479.109447][T12057] ? __pfx___sys_sendto+0x10/0x10 [ 479.109488][T12057] do_msgrcv+0x202/0x16c0 [ 479.109536][T12057] ? do_futex+0x122/0x350 [ 479.109573][T12057] ? __pfx_do_msg_fill+0x10/0x10 [ 479.109640][T12057] ? __pfx_do_msgrcv+0x10/0x10 [ 479.109688][T12057] ? __x64_sys_futex+0x1e0/0x4c0 [ 479.109735][T12057] ? xfd_validate_state+0x61/0x180 [ 479.109764][T12057] ? __pfx___do_sys_rseq+0x10/0x10 [ 479.109812][T12057] ? do_syscall_64+0xcd/0xf80 [ 479.109861][T12057] do_syscall_64+0xcd/0xf80 [ 479.109913][T12057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.109947][T12057] RIP: 0033:0x7f18a118f7c9 [ 479.109972][T12057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.110006][T12057] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 479.110040][T12057] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 479.110062][T12057] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 479.110083][T12057] RBP: 00007f18a1213f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 479.110104][T12057] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 479.110124][T12057] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 479.110169][T12057] [ 480.216742][T12097] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1263'. [ 480.241431][T12097] netlink: 'syz.0.1263': attribute type 7 has an invalid length. [ 481.761660][T12127] zswap: compressor not available [ 482.736858][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 482.808639][T12174] Unable to find swap-space signature [ 483.164291][T12174] FAULT_INJECTION: forcing a failure. [ 483.164291][T12174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.268584][T12174] CPU: 0 UID: 0 PID: 12174 Comm: syz.0.1281 Tainted: P L syzkaller #0 PREEMPT(full) [ 483.268638][T12174] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 483.268651][T12174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 483.268670][T12174] Call Trace: [ 483.268679][T12174] [ 483.268691][T12174] dump_stack_lvl+0x16c/0x1f0 [ 483.268746][T12174] should_fail_ex+0x512/0x640 [ 483.268786][T12174] _copy_from_user+0x2e/0xd0 [ 483.268823][T12174] copy_msghdr_from_user+0x98/0x160 [ 483.268866][T12174] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 483.268912][T12174] ? find_held_lock+0x2b/0x80 [ 483.268955][T12174] ? futex_unqueue+0x133/0x2c0 [ 483.268996][T12174] ___sys_sendmsg+0xfe/0x1d0 [ 483.269039][T12174] ? __pfx____sys_sendmsg+0x10/0x10 [ 483.269081][T12174] ? __pfx___futex_wait+0x10/0x10 [ 483.269123][T12174] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 483.269185][T12174] ? find_held_lock+0x2b/0x80 [ 483.269249][T12174] __sys_sendmmsg+0x200/0x420 [ 483.269295][T12174] ? __pfx___sys_sendmmsg+0x10/0x10 [ 483.269347][T12174] ? __pfx_do_futex+0x10/0x10 [ 483.269405][T12174] ? xfd_validate_state+0x61/0x180 [ 483.269433][T12174] ? __pfx___do_sys_prctl+0x10/0x10 [ 483.269475][T12174] __x64_sys_sendmmsg+0x9c/0x100 [ 483.269526][T12174] ? lockdep_hardirqs_on+0x7c/0x110 [ 483.269575][T12174] do_syscall_64+0xcd/0xf80 [ 483.269625][T12174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.269657][T12174] RIP: 0033:0x7f96a058f7c9 [ 483.269682][T12174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.269713][T12174] RSP: 002b:00007f969e7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 483.269742][T12174] RAX: ffffffffffffffda RBX: 00007f96a07e5fa0 RCX: 00007f96a058f7c9 [ 483.269763][T12174] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 483.269782][T12174] RBP: 00007f96a0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 483.269802][T12174] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 483.269821][T12174] R13: 00007f96a07e6038 R14: 00007f96a07e5fa0 R15: 00007ffc5f15b068 [ 483.269865][T12174] [ 484.603652][ T31] audit: type=1804 audit(4294985828.019:12): pid=12223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1287" name="/newroot/309/file0" dev="tmpfs" ino=1636 res=1 errno=0 [ 485.094025][T12235] FAULT_INJECTION: forcing a failure. [ 485.094025][T12235] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 485.094065][T12235] CPU: 0 UID: 0 PID: 12235 Comm: syz.3.1288 Tainted: P L syzkaller #0 PREEMPT(full) [ 485.094102][T12235] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 485.094112][T12235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 485.094134][T12235] Call Trace: [ 485.094142][T12235] [ 485.094150][T12235] dump_stack_lvl+0x16c/0x1f0 [ 485.094191][T12235] should_fail_ex+0x512/0x640 [ 485.094223][T12235] _copy_from_user+0x2e/0xd0 [ 485.094250][T12235] load_msg+0x253/0x4a0 [ 485.094299][T12235] do_msgrcv+0x202/0x16c0 [ 485.094333][T12235] ? do_futex+0x122/0x350 [ 485.094361][T12235] ? __pfx_do_msg_fill+0x10/0x10 [ 485.094404][T12235] ? __pfx_do_msgrcv+0x10/0x10 [ 485.094438][T12235] ? __x64_sys_futex+0x1e0/0x4c0 [ 485.094471][T12235] ? xfd_validate_state+0x61/0x180 [ 485.094492][T12235] ? __pfx_ksys_write+0x10/0x10 [ 485.094534][T12235] ? do_syscall_64+0xcd/0xf80 [ 485.094568][T12235] do_syscall_64+0xcd/0xf80 [ 485.094605][T12235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.094629][T12235] RIP: 0033:0x7f18a118f7c9 [ 485.094648][T12235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.094672][T12235] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 485.094694][T12235] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 485.094710][T12235] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 485.094726][T12235] RBP: 00007f18a1213f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 485.094741][T12235] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 485.094756][T12235] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 485.094787][T12235] [ 485.718374][T12260] futex_wake_op: syz.3.1289 tries to shift op by -2048; fix this program [ 485.718639][T12260] futex_wake_op: syz.3.1289 tries to shift op by -2048; fix this program [ 485.720028][T12260] 0x000000000001-0x000000020000 : "" [ 485.758117][T12260] ftl_cs: FTL header corrupt! [ 487.502332][T12296] FAULT_INJECTION: forcing a failure. [ 487.502332][T12296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.597094][T12296] CPU: 1 UID: 0 PID: 12296 Comm: syz.2.1297 Tainted: P L syzkaller #0 PREEMPT(full) [ 487.597136][T12296] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 487.597146][T12296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 487.597160][T12296] Call Trace: [ 487.597168][T12296] [ 487.597177][T12296] dump_stack_lvl+0x16c/0x1f0 [ 487.597221][T12296] should_fail_ex+0x512/0x640 [ 487.597253][T12296] _copy_from_user+0x2e/0xd0 [ 487.597280][T12296] load_msg+0x253/0x4a0 [ 487.597319][T12296] do_msgrcv+0x202/0x16c0 [ 487.597355][T12296] ? do_futex+0x122/0x350 [ 487.597382][T12296] ? __pfx_do_msg_fill+0x10/0x10 [ 487.597426][T12296] ? __pfx_do_msgrcv+0x10/0x10 [ 487.597461][T12296] ? __x64_sys_futex+0x1e0/0x4c0 [ 487.597494][T12296] ? xfd_validate_state+0x61/0x180 [ 487.597516][T12296] ? __pfx_ksys_write+0x10/0x10 [ 487.597560][T12296] ? do_syscall_64+0xcd/0xf80 [ 487.597596][T12296] do_syscall_64+0xcd/0xf80 [ 487.597634][T12296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.597659][T12296] RIP: 0033:0x7fc631b8f7c9 [ 487.597678][T12296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.597702][T12296] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 487.597725][T12296] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 487.597742][T12296] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 487.597758][T12296] RBP: 00007fc631c13f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 487.597773][T12296] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 487.597788][T12296] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 487.597819][T12296] [ 488.603630][T12334] FAULT_INJECTION: forcing a failure. [ 488.603630][T12334] name failslab, interval 1, probability 0, space 0, times 0 [ 488.668327][T12322] futex_wake_op: syz.2.1302 tries to shift op by -2048; fix this program [ 488.685135][T12322] futex_wake_op: syz.2.1302 tries to shift op by -2048; fix this program [ 488.716465][T12334] CPU: 0 UID: 0 PID: 12334 Comm: syz.1.1305 Tainted: P L syzkaller #0 PREEMPT(full) [ 488.716516][T12334] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 488.716531][T12334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 488.716549][T12334] Call Trace: [ 488.716559][T12334] [ 488.716572][T12334] dump_stack_lvl+0x16c/0x1f0 [ 488.716626][T12334] should_fail_ex+0x512/0x640 [ 488.716662][T12334] ? __kmalloc_cache_noprof+0x5f/0x800 [ 488.716705][T12334] should_failslab+0xc2/0x120 [ 488.716753][T12334] __kmalloc_cache_noprof+0x80/0x800 [ 488.716790][T12334] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 488.716847][T12334] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 488.716895][T12334] ? loopback_open+0x145/0x13f0 [ 488.716944][T12334] ? loopback_open+0x145/0x13f0 [ 488.716986][T12334] loopback_open+0x145/0x13f0 [ 488.717038][T12334] snd_pcm_open_substream+0xa60/0x1820 [ 488.717082][T12334] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 488.717134][T12334] snd_pcm_open+0x29e/0x730 [ 488.717177][T12334] ? __pfx_snd_pcm_open+0x10/0x10 [ 488.717221][T12334] ? __pfx_default_wake_function+0x10/0x10 [ 488.717277][T12334] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 488.717317][T12334] snd_pcm_playback_open+0x86/0xe0 [ 488.717357][T12334] snd_open+0x22d/0x4c0 [ 488.717408][T12334] ? __pfx_snd_open+0x10/0x10 [ 488.717461][T12334] chrdev_open+0x234/0x6a0 [ 488.717512][T12334] ? __pfx_apparmor_file_open+0x10/0x10 [ 488.717546][T12334] ? __pfx_chrdev_open+0x10/0x10 [ 488.717599][T12334] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 488.717659][T12334] do_dentry_open+0x748/0x1590 [ 488.717704][T12334] ? __pfx_chrdev_open+0x10/0x10 [ 488.717765][T12334] vfs_open+0x82/0x3f0 [ 488.717802][T12334] path_openat+0x2078/0x3140 [ 488.717879][T12334] ? __pfx_path_openat+0x10/0x10 [ 488.717944][T12334] do_filp_open+0x20b/0x470 [ 488.717996][T12334] ? __pfx_do_filp_open+0x10/0x10 [ 488.718078][T12334] ? alloc_fd+0x471/0x7d0 [ 488.718136][T12334] do_sys_openat2+0x121/0x290 [ 488.718171][T12334] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.718224][T12334] __x64_sys_openat+0x174/0x210 [ 488.718261][T12334] ? __pfx___x64_sys_openat+0x10/0x10 [ 488.718314][T12334] do_syscall_64+0xcd/0xf80 [ 488.718368][T12334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.718400][T12334] RIP: 0033:0x7f8936f8f7c9 [ 488.718424][T12334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.718454][T12334] RSP: 002b:00007f8937d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 488.718484][T12334] RAX: ffffffffffffffda RBX: 00007f89371e6090 RCX: 00007f8936f8f7c9 [ 488.718505][T12334] RDX: 0000000000080000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 488.718525][T12334] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 488.718545][T12334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.718564][T12334] R13: 00007f89371e6128 R14: 00007f89371e6090 R15: 00007ffd14922df8 [ 488.718608][T12334] [ 489.024260][T12322] 0x000000000001-0x000000020000 : "" [ 489.033423][T12322] ftl_cs: FTL header corrupt! [ 489.222471][T12340] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1306'. [ 489.267229][T12340] FAULT_INJECTION: forcing a failure. [ 489.267229][T12340] name failslab, interval 1, probability 0, space 0, times 0 [ 489.280665][T12340] CPU: 0 UID: 0 PID: 12340 Comm: syz.3.1306 Tainted: P L syzkaller #0 PREEMPT(full) [ 489.280722][T12340] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 489.280738][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 489.280757][T12340] Call Trace: [ 489.280769][T12340] [ 489.280781][T12340] dump_stack_lvl+0x16c/0x1f0 [ 489.280839][T12340] should_fail_ex+0x512/0x640 [ 489.280878][T12340] ? __kmalloc_cache_noprof+0x5f/0x800 [ 489.280920][T12340] should_failslab+0xc2/0x120 [ 489.280971][T12340] __kmalloc_cache_noprof+0x80/0x800 [ 489.281009][T12340] ? percpu_ref_init+0xec/0x410 [ 489.281071][T12340] ? percpu_ref_init+0xec/0x410 [ 489.281117][T12340] ? __pfx_swap_users_ref_free+0x10/0x10 [ 489.281159][T12340] percpu_ref_init+0xec/0x410 [ 489.281211][T12340] __do_sys_swapon+0x11c/0x3b30 [ 489.281254][T12340] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 489.281297][T12340] ? count_memcg_events+0x122/0x290 [ 489.281346][T12340] ? __x64_sys_futex+0x1e0/0x4c0 [ 489.281381][T12340] ? __x64_sys_futex+0x1e9/0x4c0 [ 489.281418][T12340] ? exc_page_fault+0x64/0xc0 [ 489.281463][T12340] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 489.281521][T12340] ? __pfx___do_sys_swapon+0x10/0x10 [ 489.281563][T12340] ? syscall_user_dispatch+0x78/0x140 [ 489.281617][T12340] do_syscall_64+0xcd/0xf80 [ 489.281669][T12340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.281704][T12340] RIP: 0033:0x7f18a118f7c9 [ 489.281731][T12340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.281763][T12340] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 [ 489.281794][T12340] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 489.281817][T12340] RDX: 0000000000000000 RSI: 0000000000007057 RDI: 0000000000000000 [ 489.281837][T12340] RBP: 00007f18a1213f91 R08: 0000000000000000 R09: 0000000000000000 [ 489.281858][T12340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 489.281878][T12340] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 489.281924][T12340] [ 489.930520][T12329] Invalid ELF header magic: != ELF [ 490.356648][T12351] FAULT_INJECTION: forcing a failure. [ 490.356648][T12351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.372233][T12351] CPU: 0 UID: 0 PID: 12351 Comm: syz.3.1309 Tainted: P L syzkaller #0 PREEMPT(full) [ 490.372295][T12351] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 490.372310][T12351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 490.372331][T12351] Call Trace: [ 490.372343][T12351] [ 490.372355][T12351] dump_stack_lvl+0x16c/0x1f0 [ 490.372415][T12351] should_fail_ex+0x512/0x640 [ 490.372459][T12351] _copy_from_user+0x2e/0xd0 [ 490.372497][T12351] load_msg+0x253/0x4a0 [ 490.372551][T12351] do_msgrcv+0x202/0x16c0 [ 490.372601][T12351] ? do_futex+0x122/0x350 [ 490.372639][T12351] ? __pfx_do_msg_fill+0x10/0x10 [ 490.372700][T12351] ? __pfx_do_msgrcv+0x10/0x10 [ 490.372748][T12351] ? __x64_sys_futex+0x1e0/0x4c0 [ 490.372790][T12351] ? fput+0x70/0xf0 [ 490.372824][T12351] ? xfd_validate_state+0x61/0x180 [ 490.372853][T12351] ? __pfx_ksys_write+0x10/0x10 [ 490.372912][T12351] ? do_syscall_64+0xcd/0xf80 [ 490.372972][T12351] do_syscall_64+0xcd/0xf80 [ 490.373027][T12351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.373062][T12351] RIP: 0033:0x7f18a118f7c9 [ 490.373089][T12351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.373122][T12351] RSP: 002b:00007f18a20ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 490.373155][T12351] RAX: ffffffffffffffda RBX: 00007f18a13e5fa0 RCX: 00007f18a118f7c9 [ 490.373178][T12351] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 490.373197][T12351] RBP: 00007f18a1213f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 490.373217][T12351] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 490.373237][T12351] R13: 00007f18a13e6038 R14: 00007f18a13e5fa0 R15: 00007ffd4b2dd3c8 [ 490.373280][T12351] [ 493.888698][T12391] FAULT_INJECTION: forcing a failure. [ 493.888698][T12391] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 493.902192][T12391] CPU: 0 UID: 0 PID: 12391 Comm: syz.2.1319 Tainted: P L syzkaller #0 PREEMPT(full) [ 493.902246][T12391] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 493.902260][T12391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 493.902279][T12391] Call Trace: [ 493.902289][T12391] [ 493.902301][T12391] dump_stack_lvl+0x16c/0x1f0 [ 493.902357][T12391] should_fail_ex+0x512/0x640 [ 493.902400][T12391] should_fail_alloc_page+0xe7/0x130 [ 493.902455][T12391] prepare_alloc_pages+0x401/0x670 [ 493.902513][T12391] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 493.902560][T12391] ? find_held_lock+0x2b/0x80 [ 493.902606][T12391] ? is_bpf_text_address+0x8a/0x1a0 [ 493.902650][T12391] ? bpf_ksym_find+0x124/0x1c0 [ 493.902685][T12391] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 493.902738][T12391] ? is_bpf_text_address+0x94/0x1a0 [ 493.902793][T12391] ? kernel_text_address+0x8d/0x100 [ 493.902830][T12391] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 493.902875][T12391] ? arch_stack_walk+0xa6/0x100 [ 493.902927][T12391] ? __lock_acquire+0x436/0x2890 [ 493.902958][T12391] ? stack_trace_save+0x8e/0xc0 [ 493.903009][T12391] ? __pfx_stack_trace_save+0x10/0x10 [ 493.903061][T12391] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 493.903115][T12391] ? policy_nodemask+0xea/0x4e0 [ 493.903170][T12391] alloc_pages_mpol+0x1fb/0x550 [ 493.903223][T12391] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 493.903304][T12391] folio_alloc_mpol_noprof+0x36/0x2f0 [ 493.903343][T12391] shmem_alloc_folio+0x135/0x160 [ 493.903398][T12391] shmem_alloc_and_add_folio+0x494/0xc20 [ 493.903446][T12391] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 493.903487][T12391] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 493.903533][T12391] shmem_get_folio_gfp+0x67f/0x1610 [ 493.903579][T12391] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 493.903617][T12391] ? filemap_map_pages+0x12dd/0x1e00 [ 493.903663][T12391] shmem_fault+0x1fe/0xa00 [ 493.903704][T12391] ? __pfx_shmem_fault+0x10/0x10 [ 493.903750][T12391] ? __pfx_filemap_map_pages+0x10/0x10 [ 493.903811][T12391] ? __pfx_filemap_map_pages+0x10/0x10 [ 493.903847][T12391] __do_fault+0x10d/0x490 [ 493.903892][T12391] ? __pfx_filemap_map_pages+0x10/0x10 [ 493.903929][T12391] do_fault+0xae4/0x1ad0 [ 493.903978][T12391] ? __pfx_filemap_map_pages+0x10/0x10 [ 493.904023][T12391] __handle_mm_fault+0x1919/0x2bb0 [ 493.904069][T12391] ? __pfx___handle_mm_fault+0x10/0x10 [ 493.904128][T12391] ? find_vma+0xbf/0x140 [ 493.904175][T12391] ? __pfx_find_vma+0x10/0x10 [ 493.904226][T12391] handle_mm_fault+0x3fe/0xad0 [ 493.904270][T12391] do_user_addr_fault+0x7a6/0x1370 [ 493.904315][T12391] ? rcu_is_watching+0x12/0xc0 [ 493.904369][T12391] exc_page_fault+0x64/0xc0 [ 493.904422][T12391] asm_exc_page_fault+0x26/0x30 [ 493.904454][T12391] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 493.904493][T12391] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 493.904527][T12391] RSP: 0018:ffffc90004a8fcf8 EFLAGS: 00050206 [ 493.904560][T12391] RAX: 0000000000000001 RBX: 0000000000000fd0 RCX: 0000000000000fc8 [ 493.904581][T12391] RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff88807aecc038 [ 493.904603][T12391] RBP: 0000000000000ff8 R08: 0000000000000001 R09: ffffed100f5d99ff [ 493.904624][T12391] R10: ffff88807aeccfff R11: 0000000000000000 R12: 0000000000000000 [ 493.904646][T12391] R13: ffff88807aecc008 R14: dffffc0000000000 R15: ffff88805519ac00 [ 493.904691][T12391] _copy_from_user+0x98/0xd0 [ 493.904731][T12391] load_msg+0x253/0x4a0 [ 493.904793][T12391] do_msgrcv+0x202/0x16c0 [ 493.904842][T12391] ? do_futex+0x122/0x350 [ 493.904879][T12391] ? __pfx_do_msg_fill+0x10/0x10 [ 493.904940][T12391] ? __pfx_do_msgrcv+0x10/0x10 [ 493.904990][T12391] ? __x64_sys_futex+0x1e0/0x4c0 [ 493.905032][T12391] ? fput+0x70/0xf0 [ 493.905066][T12391] ? xfd_validate_state+0x61/0x180 [ 493.905096][T12391] ? __pfx_ksys_write+0x10/0x10 [ 493.905155][T12391] ? do_syscall_64+0xcd/0xf80 [ 493.905204][T12391] do_syscall_64+0xcd/0xf80 [ 493.905259][T12391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.905293][T12391] RIP: 0033:0x7fc631b8f7c9 [ 493.905321][T12391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.905355][T12391] RSP: 002b:00007fc63294a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 493.905387][T12391] RAX: ffffffffffffffda RBX: 00007fc631de5fa0 RCX: 00007fc631b8f7c9 [ 493.905409][T12391] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 493.905431][T12391] RBP: 00007fc631c13f91 R08: 000000006bc2cc7d R09: 0000000000000000 [ 493.905452][T12391] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 493.905472][T12391] R13: 00007fc631de6038 R14: 00007fc631de5fa0 R15: 00007fff0eeacfb8 [ 493.905517][T12391] [ 494.485414][T12397] futex_wake_op: syz.1.1317 tries to shift op by -2048; fix this program [ 494.507032][T12397] futex_wake_op: syz.1.1317 tries to shift op by -2048; fix this program [ 494.573690][T12397] 0x000000000001-0x000000020000 : "" [ 494.739236][T12397] ftl_cs: FTL header corrupt! [ 494.814730][T12409] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.2.1321: 7 [ 498.527721][T12465] netlink: 194 bytes leftover after parsing attributes in process `syz.0.1335'. [ 498.875481][T12474] zswap: compressor not available [ 499.265947][T12485] FAULT_INJECTION: forcing a failure. [ 499.265947][T12485] name failslab, interval 1, probability 0, space 0, times 0 [ 499.280760][T12485] CPU: 1 UID: 0 PID: 12485 Comm: syz.0.1342 Tainted: P L syzkaller #0 PREEMPT(full) [ 499.280814][T12485] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 499.280828][T12485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 499.280845][T12485] Call Trace: [ 499.280856][T12485] [ 499.280868][T12485] dump_stack_lvl+0x16c/0x1f0 [ 499.280919][T12485] should_fail_ex+0x512/0x640 [ 499.280954][T12485] ? __kmalloc_noprof+0xca/0x910 [ 499.280991][T12485] should_failslab+0xc2/0x120 [ 499.281042][T12485] __kmalloc_noprof+0xeb/0x910 [ 499.281076][T12485] ? xfrm_hash_alloc+0xd1/0x100 [ 499.281117][T12485] ? xfrm_hash_alloc+0xd1/0x100 [ 499.281148][T12485] xfrm_hash_alloc+0xd1/0x100 [ 499.281182][T12485] xfrm_net_init+0x35f/0xcc0 [ 499.281226][T12485] ? __pfx_xfrm_net_init+0x10/0x10 [ 499.281271][T12485] ops_init+0x1e2/0x5f0 [ 499.281319][T12485] setup_net+0x11d/0x3a0 [ 499.281363][T12485] ? __pfx_setup_net+0x10/0x10 [ 499.281404][T12485] ? lockdep_init_map_type+0x5c/0x270 [ 499.281439][T12485] ? mutex_init_lockep+0x110/0x150 [ 499.281479][T12485] copy_net_ns+0x351/0x7c0 [ 499.281532][T12485] create_new_namespaces+0x3ea/0xab0 [ 499.281585][T12485] copy_namespaces+0x468/0x570 [ 499.281631][T12485] copy_process+0x2a70/0x7430 [ 499.281700][T12485] ? __pfx_copy_process+0x10/0x10 [ 499.281749][T12485] ? find_held_lock+0x2b/0x80 [ 499.281796][T12485] ? futex_private_hash_put+0x160/0x1b0 [ 499.281840][T12485] kernel_clone+0xfc/0x910 [ 499.281892][T12485] ? __pfx_kernel_clone+0x10/0x10 [ 499.281977][T12485] __do_sys_clone+0xce/0x120 [ 499.282026][T12485] ? __pfx___do_sys_clone+0x10/0x10 [ 499.282075][T12485] ? find_held_lock+0x2b/0x80 [ 499.282133][T12485] ? xfd_validate_state+0x61/0x180 [ 499.282178][T12485] do_syscall_64+0xcd/0xf80 [ 499.282227][T12485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.282267][T12485] RIP: 0033:0x7f96a058f7c9 [ 499.282293][T12485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.282323][T12485] RSP: 002b:00007f969e7f5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 499.282354][T12485] RAX: ffffffffffffffda RBX: 00007f96a07e5fa0 RCX: 00007f96a058f7c9 [ 499.282375][T12485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 499.282396][T12485] RBP: 00007f96a0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 499.282416][T12485] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 499.282435][T12485] R13: 00007f96a07e6038 R14: 00007f96a07e5fa0 R15: 00007ffc5f15b068 [ 499.282479][T12485] [ 499.624721][T12491] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1341'. [ 499.647065][T12491] FAULT_INJECTION: forcing a failure. [ 499.647065][T12491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.660364][T12491] CPU: 1 UID: 0 PID: 12491 Comm: syz.1.1341 Tainted: P L syzkaller #0 PREEMPT(full) [ 499.660418][T12491] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 499.660431][T12491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 499.660467][T12491] Call Trace: [ 499.660478][T12491] [ 499.660489][T12491] dump_stack_lvl+0x16c/0x1f0 [ 499.660547][T12491] should_fail_ex+0x512/0x640 [ 499.660594][T12491] strncpy_from_user+0x3b/0x2e0 [ 499.660633][T12491] getname_flags.part.0+0x8f/0x550 [ 499.660677][T12491] getname_flags+0x93/0xf0 [ 499.660724][T12491] __do_sys_swapon+0x742/0x3b30 [ 499.660775][T12491] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 499.660832][T12491] ? __x64_sys_futex+0x1e0/0x4c0 [ 499.660868][T12491] ? __x64_sys_futex+0x1e9/0x4c0 [ 499.660906][T12491] ? exc_page_fault+0x64/0xc0 [ 499.660957][T12491] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 499.661014][T12491] ? __pfx___do_sys_swapon+0x10/0x10 [ 499.661058][T12491] ? syscall_user_dispatch+0x78/0x140 [ 499.661112][T12491] do_syscall_64+0xcd/0xf80 [ 499.661165][T12491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.661199][T12491] RIP: 0033:0x7f8936f8f7c9 [ 499.661235][T12491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.661269][T12491] RSP: 002b:00007f8937d43038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 [ 499.661300][T12491] RAX: ffffffffffffffda RBX: 00007f89371e6090 RCX: 00007f8936f8f7c9 [ 499.661323][T12491] RDX: 0000000000000000 RSI: 0000000000007057 RDI: 0000000000000000 [ 499.661343][T12491] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 499.661364][T12491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 499.661384][T12491] R13: 00007f89371e6128 R14: 00007f89371e6090 R15: 00007ffd14922df8 [ 499.661429][T12491] [ 500.428077][T12505] FAULT_INJECTION: forcing a failure. [ 500.428077][T12505] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 500.444755][T12505] CPU: 1 UID: 0 PID: 12505 Comm: syz.0.1345 Tainted: P L syzkaller #0 PREEMPT(full) [ 500.444812][T12505] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 500.444822][T12505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 500.444837][T12505] Call Trace: [ 500.444844][T12505] [ 500.444853][T12505] dump_stack_lvl+0x16c/0x1f0 [ 500.444895][T12505] should_fail_ex+0x512/0x640 [ 500.444927][T12505] should_fail_alloc_page+0xe7/0x130 [ 500.444969][T12505] prepare_alloc_pages+0x401/0x670 [ 500.445014][T12505] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 500.445048][T12505] ? mas_wr_store_entry+0x102d/0x2550 [ 500.445078][T12505] ? perf_event_mmap+0xba/0xe70 [ 500.445109][T12505] ? mas_store_prealloc+0x924/0x17f0 [ 500.445134][T12505] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 500.445165][T12505] ? __pfx_perf_event_mmap+0x10/0x10 [ 500.445205][T12505] ? vma_wants_writenotify+0x10b/0x390 [ 500.445246][T12505] ? vma_set_page_prot+0xb1/0x120 [ 500.445279][T12505] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 500.445317][T12505] ? policy_nodemask+0xea/0x4e0 [ 500.445360][T12505] alloc_pages_mpol+0x1fb/0x550 [ 500.445399][T12505] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 500.445445][T12505] alloc_pages_noprof+0x131/0x390 [ 500.445485][T12505] __pmd_alloc+0x3b/0x9c0 [ 500.445525][T12505] __handle_mm_fault+0xbeb/0x2bb0 [ 500.445559][T12505] ? __pfx___handle_mm_fault+0x10/0x10 [ 500.445608][T12505] handle_mm_fault+0x3fe/0xad0 [ 500.445640][T12505] __get_user_pages+0x54e/0x3590 [ 500.445689][T12505] ? __pfx___get_user_pages+0x10/0x10 [ 500.445735][T12505] populate_vma_page_range+0x267/0x3f0 [ 500.445777][T12505] ? __pfx_populate_vma_page_range+0x10/0x10 [ 500.445843][T12505] ? __pfx_find_vma_intersection+0x10/0x10 [ 500.445899][T12505] ? do_mmap+0x69c/0x1210 [ 500.445939][T12505] __mm_populate+0x1d8/0x380 [ 500.445980][T12505] ? __pfx___mm_populate+0x10/0x10 [ 500.446021][T12505] ? up_write+0x282/0x4e0 [ 500.446051][T12505] vm_mmap_pgoff+0x37f/0x470 [ 500.446089][T12505] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 500.446130][T12505] ? __x64_sys_futex+0x1e0/0x4c0 [ 500.446157][T12505] ? __x64_sys_futex+0x1e9/0x4c0 [ 500.446200][T12505] ksys_mmap_pgoff+0x7d/0x5c0 [ 500.446234][T12505] ? xfd_validate_state+0x61/0x180 [ 500.446261][T12505] __x64_sys_mmap+0x125/0x190 [ 500.446289][T12505] do_syscall_64+0xcd/0xf80 [ 500.446330][T12505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.446355][T12505] RIP: 0033:0x7f96a058f7c9 [ 500.446373][T12505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.446398][T12505] RSP: 002b:00007f969e7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 500.446420][T12505] RAX: ffffffffffffffda RBX: 00007f96a07e6090 RCX: 00007f96a058f7c9 [ 500.446437][T12505] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 500.446452][T12505] RBP: 00007f96a0613f91 R08: 0000000000000047 R09: 0000000000008000 [ 500.446467][T12505] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 500.446482][T12505] R13: 00007f96a07e6128 R14: 00007f96a07e6090 R15: 00007ffc5f15b068 [ 500.446514][T12505] [ 501.598871][T12521] FAULT_INJECTION: forcing a failure. [ 501.598871][T12521] name fail_futex, interval 1, probability 0, space 0, times 0 [ 501.654938][T12521] CPU: 1 UID: 0 PID: 12521 Comm: syz.0.1348 Tainted: P L syzkaller #0 PREEMPT(full) [ 501.654990][T12521] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 501.655003][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 501.655021][T12521] Call Trace: [ 501.655030][T12521] [ 501.655043][T12521] dump_stack_lvl+0x16c/0x1f0 [ 501.655101][T12521] should_fail_ex+0x512/0x640 [ 501.655139][T12521] get_futex_key+0x1d0/0x15f0 [ 501.655177][T12521] ? __pfx_get_futex_key+0x10/0x10 [ 501.655208][T12521] ? __pfx_css_rstat_updated+0x10/0x10 [ 501.655237][T12521] ? __lock_acquire+0x436/0x2890 [ 501.655277][T12521] futex_wait_setup+0x9d/0x570 [ 501.655333][T12521] __futex_wait+0x193/0x2f0 [ 501.655375][T12521] ? __pfx___futex_wait+0x10/0x10 [ 501.655425][T12521] ? __pfx_futex_wake_mark+0x10/0x10 [ 501.655473][T12521] ? futex_hash+0x2c5/0x380 [ 501.655508][T12521] ? futex_private_hash_put+0x160/0x1b0 [ 501.655543][T12521] futex_wait+0xe8/0x380 [ 501.655583][T12521] ? __pfx_futex_wait+0x10/0x10 [ 501.655623][T12521] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 501.655680][T12521] ? preempt_schedule_thunk+0x16/0x30 [ 501.655718][T12521] do_futex+0x229/0x350 [ 501.655754][T12521] ? __pfx_do_futex+0x10/0x10 [ 501.655796][T12521] ? __pfx_sched_core_share_pid+0x10/0x10 [ 501.655864][T12521] __x64_sys_futex+0x1e0/0x4c0 [ 501.655908][T12521] ? __pfx___x64_sys_futex+0x10/0x10 [ 501.655953][T12521] ? __pfx___do_sys_prctl+0x10/0x10 [ 501.655989][T12521] do_syscall_64+0xcd/0xf80 [ 501.656026][T12521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.656050][T12521] RIP: 0033:0x7f96a058f7c9 [ 501.656068][T12521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.656096][T12521] RSP: 002b:00007f969e7f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 501.656119][T12521] RAX: ffffffffffffffda RBX: 00007f96a07e5fa8 RCX: 00007f96a058f7c9 [ 501.656134][T12521] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f96a07e5fa8 [ 501.656148][T12521] RBP: 00007f96a07e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 501.656162][T12521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.656175][T12521] R13: 00007f96a07e6038 R14: 00007ffc5f15af80 R15: 00007ffc5f15b068 [ 501.656205][T12521] [ 502.710467][T12527] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 502.999007][T12536] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1351'. [ 503.037276][T12536] ipvlan0: entered promiscuous mode [ 503.045899][T12536] ipvlan0: entered allmulticast mode [ 503.102971][T12536] veth0_vlan: entered allmulticast mode [ 503.204628][T10559] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 503.995727][T12547] FAULT_INJECTION: forcing a failure. [ 503.995727][T12547] name failslab, interval 1, probability 0, space 0, times 0 [ 504.067021][T12547] CPU: 0 UID: 0 PID: 12547 Comm: syz.2.1355 Tainted: P L syzkaller #0 PREEMPT(full) [ 504.067081][T12547] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 504.067096][T12547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 504.067116][T12547] Call Trace: [ 504.067126][T12547] [ 504.067139][T12547] dump_stack_lvl+0x16c/0x1f0 [ 504.067198][T12547] should_fail_ex+0x512/0x640 [ 504.067239][T12547] ? __kmalloc_noprof+0xca/0x910 [ 504.067279][T12547] should_failslab+0xc2/0x120 [ 504.067332][T12547] __kmalloc_noprof+0xeb/0x910 [ 504.067369][T12547] ? cache_create_net+0x9d/0x220 [ 504.067426][T12547] ? cache_create_net+0x9d/0x220 [ 504.067473][T12547] cache_create_net+0x9d/0x220 [ 504.067524][T12547] nfsd_idmap_init+0x11f/0x250 [ 504.067565][T12547] ? __pfx_nfsd_net_init+0x10/0x10 [ 504.067616][T12547] nfsd_net_init+0x69/0x3d0 [ 504.067676][T12547] ? __pfx_nfsd_net_init+0x10/0x10 [ 504.067728][T12547] ops_init+0x1e2/0x5f0 [ 504.067778][T12547] setup_net+0x11d/0x3a0 [ 504.067833][T12547] ? __pfx_setup_net+0x10/0x10 [ 504.067878][T12547] ? lockdep_init_map_type+0x5c/0x270 [ 504.067915][T12547] ? mutex_init_lockep+0x110/0x150 [ 504.067958][T12547] copy_net_ns+0x351/0x7c0 [ 504.068012][T12547] create_new_namespaces+0x3ea/0xab0 [ 504.068069][T12547] copy_namespaces+0x468/0x570 [ 504.068118][T12547] copy_process+0x2a70/0x7430 [ 504.068189][T12547] ? __pfx_copy_process+0x10/0x10 [ 504.068249][T12547] ? futex_private_hash_put+0x160/0x1b0 [ 504.068293][T12547] kernel_clone+0xfc/0x910 [ 504.068347][T12547] ? __pfx_kernel_clone+0x10/0x10 [ 504.068424][T12547] __do_sys_clone+0xce/0x120 [ 504.068473][T12547] ? __pfx___do_sys_clone+0x10/0x10 [ 504.068545][T12547] ? xfd_validate_state+0x61/0x180 [ 504.068575][T12547] ? __pfx_do_writev+0x10/0x10 [ 504.068641][T12547] do_syscall_64+0xcd/0xf80 [ 504.068697][T12547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.068731][T12547] RIP: 0033:0x7fc631b8f7c9 [ 504.068759][T12547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.068794][T12547] RSP: 002b:00007fc62fdf5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 504.068827][T12547] RAX: ffffffffffffffda RBX: 00007fc631de6090 RCX: 00007fc631b8f7c9 [ 504.068850][T12547] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 504.068870][T12547] RBP: 00007fc631c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 504.068891][T12547] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 504.068911][T12547] R13: 00007fc631de6128 R14: 00007fc631de6090 R15: 00007fff0eeacfb8 [ 504.068957][T12547] [ 504.478689][T12549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1357'. [ 504.842004][T12558] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1358'. [ 505.004033][T12549] veth1_macvtap (unregistering): left allmulticast mode [ 506.189341][T12570] Invalid ELF header magic: != ELF [ 508.016715][T12628] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1367'. [ 508.070131][ T31] audit: type=1800 audit(4294985851.479:13): pid=12628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1367" name="lu_gp_id" dev="configfs" ino=49210 res=0 errno=0 [ 508.152539][T12626] Console: switching to colour VGA+ 80x25 [ 508.453260][T12626] ================================================================== [ 508.453279][T12626] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 508.453314][T12626] Read of size 256 at addr ffff888027ce6860 by task syz.1.1368/12626 [ 508.453335][T12626] [ 508.453350][T12626] CPU: 1 UID: 0 PID: 12626 Comm: syz.1.1368 Tainted: P L syzkaller #0 PREEMPT(full) [ 508.453387][T12626] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 508.453397][T12626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 508.453413][T12626] Call Trace: [ 508.453421][T12626] [ 508.453430][T12626] dump_stack_lvl+0x116/0x1f0 [ 508.453468][T12626] print_report+0xcd/0x630 [ 508.453505][T12626] ? __virt_addr_valid+0x81/0x610 [ 508.453549][T12626] ? __phys_addr+0xe8/0x180 [ 508.453587][T12626] ? fbcon_prepare_logo+0xa03/0xc70 [ 508.453613][T12626] kasan_report+0xe0/0x110 [ 508.453651][T12626] ? fbcon_prepare_logo+0xa03/0xc70 [ 508.453681][T12626] kasan_check_range+0x100/0x1b0 [ 508.453706][T12626] __asan_memcpy+0x23/0x60 [ 508.453735][T12626] fbcon_prepare_logo+0xa03/0xc70 [ 508.453768][T12626] fbcon_init+0xda0/0x1930 [ 508.453794][T12626] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 508.453825][T12626] visual_init+0x320/0x620 [ 508.453852][T12626] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 508.453891][T12626] store_bind+0x61d/0x760 [ 508.453924][T12626] ? sysfs_file_kobj+0xe4/0x290 [ 508.453948][T12626] ? __pfx_store_bind+0x10/0x10 [ 508.453979][T12626] dev_attr_store+0x58/0x80 [ 508.454011][T12626] ? __pfx_dev_attr_store+0x10/0x10 [ 508.454042][T12626] sysfs_kf_write+0xf2/0x150 [ 508.454066][T12626] kernfs_fop_write_iter+0x3af/0x570 [ 508.454102][T12626] ? __pfx_sysfs_kf_write+0x10/0x10 [ 508.454126][T12626] iter_file_splice_write+0xa24/0x12b0 [ 508.454179][T12626] ? __pfx_iter_file_splice_write+0x10/0x10 [ 508.454221][T12626] ? __pfx_copy_splice_read+0x10/0x10 [ 508.454264][T12626] ? __pfx_iter_file_splice_write+0x10/0x10 [ 508.454303][T12626] direct_splice_actor+0x192/0x6c0 [ 508.454342][T12626] splice_direct_to_actor+0x345/0xa30 [ 508.454379][T12626] ? __pfx_direct_splice_actor+0x10/0x10 [ 508.454419][T12626] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 508.454460][T12626] do_splice_direct+0x174/0x240 [ 508.454496][T12626] ? __pfx_do_splice_direct+0x10/0x10 [ 508.454539][T12626] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 508.454576][T12626] ? rw_verify_area+0xcf/0x6c0 [ 508.454608][T12626] do_sendfile+0xb06/0xe50 [ 508.454644][T12626] ? __pfx_do_sendfile+0x10/0x10 [ 508.454679][T12626] ? __x64_sys_futex+0x1e0/0x4c0 [ 508.454707][T12626] ? __x64_sys_futex+0x1e9/0x4c0 [ 508.454737][T12626] __x64_sys_sendfile64+0x1d8/0x220 [ 508.454761][T12626] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 508.454789][T12626] do_syscall_64+0xcd/0xf80 [ 508.454828][T12626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.454853][T12626] RIP: 0033:0x7f8936f8f7c9 [ 508.454872][T12626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.454897][T12626] RSP: 002b:00007f8937d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 508.454920][T12626] RAX: ffffffffffffffda RBX: 00007f89371e5fa0 RCX: 00007f8936f8f7c9 [ 508.454937][T12626] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 508.454952][T12626] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 508.454968][T12626] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 508.454983][T12626] R13: 00007f89371e6038 R14: 00007f89371e5fa0 R15: 00007ffd14922df8 [ 508.455007][T12626] [ 508.455016][T12626] [ 508.455021][T12626] Allocated by task 1: [ 508.455032][T12626] kasan_save_stack+0x33/0x60 [ 508.455064][T12626] kasan_save_track+0x14/0x30 [ 508.455094][T12626] __kasan_kmalloc+0xaa/0xb0 [ 508.455123][T12626] device_create_groups_vargs+0x8a/0x270 [ 508.455156][T12626] device_create+0xed/0x130 [ 508.455186][T12626] bdi_register_va+0x114/0x7f0 [ 508.455218][T12626] bdi_register+0xc7/0x100 [ 508.455249][T12626] init_mtd+0xcb/0x230 [ 508.455270][T12626] do_one_initcall+0x123/0x680 [ 508.455304][T12626] kernel_init_freeable+0x5c8/0x920 [ 508.455326][T12626] kernel_init+0x1c/0x2b0 [ 508.455351][T12626] ret_from_fork+0x983/0xb10 [ 508.455373][T12626] ret_from_fork_asm+0x1a/0x30 [ 508.455408][T12626] [ 508.455413][T12626] The buggy address belongs to the object at ffff888027ce6000 [ 508.455413][T12626] which belongs to the cache kmalloc-2k of size 2048 [ 508.455433][T12626] The buggy address is located 1008 bytes to the right of [ 508.455433][T12626] allocated 1136-byte region [ffff888027ce6000, ffff888027ce6470) [ 508.455459][T12626] [ 508.455465][T12626] The buggy address belongs to the physical page: [ 508.455475][T12626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27ce0 [ 508.455496][T12626] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 508.455516][T12626] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 508.455544][T12626] page_type: f5(slab) [ 508.455564][T12626] raw: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 508.455587][T12626] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 508.455610][T12626] head: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 508.455632][T12626] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 508.455655][T12626] head: 00fff00000000003 ffffea00009f3801 00000000ffffffff 00000000ffffffff [ 508.455678][T12626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 508.455691][T12626] page dumped because: kasan: bad access detected [ 508.455704][T12626] page_owner tracks the page as allocated [ 508.455712][T12626] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 17187244406, free_ts 0 [ 508.455754][T12626] post_alloc_hook+0x1af/0x220 [ 508.455778][T12626] get_page_from_freelist+0xd0b/0x31a0 [ 508.455840][T12626] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 508.455878][T12626] alloc_pages_mpol+0x1fb/0x550 [ 508.455921][T12626] new_slab+0x2c3/0x430 [ 508.455943][T12626] ___slab_alloc+0xe18/0x1c90 [ 508.455965][T12626] __slab_alloc.constprop.0+0x63/0x110 [ 508.455989][T12626] __kmalloc_noprof+0x4fc/0x910 [ 508.456013][T12626] scsi_alloc_target+0x130/0xc20 [ 508.456037][T12626] __scsi_scan_target+0x120/0x580 [ 508.456062][T12626] scsi_scan_channel+0x149/0x1e0 [ 508.456087][T12626] scsi_scan_host_selected+0x302/0x400 [ 508.456114][T12626] do_scsi_scan_host+0x1ef/0x260 [ 508.456139][T12626] do_scan_async+0x44/0x540 [ 508.456164][T12626] async_run_entry_fn+0x9f/0x590 [ 508.456198][T12626] process_one_work+0x9ba/0x1b20 [ 508.456223][T12626] page_owner free stack trace missing [ 508.456231][T12626] [ 508.456236][T12626] Memory state around the buggy address: [ 508.456248][T12626] ffff888027ce6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 508.456266][T12626] ffff888027ce6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 508.456283][T12626] >ffff888027ce6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 508.456297][T12626] ^ [ 508.456311][T12626] ffff888027ce6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 508.456328][T12626] ffff888027ce6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 508.456342][T12626] ================================================================== [ 508.504096][T12626] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 508.504120][T12626] CPU: 1 UID: 0 PID: 12626 Comm: syz.1.1368 Tainted: P L syzkaller #0 PREEMPT(full) [ 508.504198][T12626] Tainted: [P]=PROPRIETARY_MODULE, [L]=SOFTLOCKUP [ 508.504214][T12626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 508.504234][T12626] Call Trace: [ 508.504246][T12626] [ 508.504264][T12626] dump_stack_lvl+0x3d/0x1f0 [ 508.504307][T12626] vpanic+0x640/0x6f0 [ 508.504332][T12626] panic+0xca/0xd0 [ 508.504354][T12626] ? __pfx_panic+0x10/0x10 [ 508.504378][T12626] ? fbcon_prepare_logo+0xa03/0xc70 [ 508.504406][T12626] ? preempt_schedule_common+0x44/0xc0 [ 508.504444][T12626] ? preempt_schedule_thunk+0x16/0x30 [ 508.504470][T12626] check_panic_on_warn+0xab/0xb0 [ 508.504496][T12626] end_report+0x107/0x160 [ 508.504539][T12626] kasan_report+0xee/0x110 [ 508.504577][T12626] ? fbcon_prepare_logo+0xa03/0xc70 [ 508.504608][T12626] kasan_check_range+0x100/0x1b0 [ 508.504634][T12626] __asan_memcpy+0x23/0x60 [ 508.504663][T12626] fbcon_prepare_logo+0xa03/0xc70 [ 508.504696][T12626] fbcon_init+0xda0/0x1930 [ 508.504723][T12626] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 508.504754][T12626] visual_init+0x320/0x620 [ 508.504783][T12626] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 508.504822][T12626] store_bind+0x61d/0x760 [ 508.504856][T12626] ? sysfs_file_kobj+0xe4/0x290 [ 508.504880][T12626] ? __pfx_store_bind+0x10/0x10 [ 508.504912][T12626] dev_attr_store+0x58/0x80 [ 508.504943][T12626] ? __pfx_dev_attr_store+0x10/0x10 [ 508.504975][T12626] sysfs_kf_write+0xf2/0x150 [ 508.504999][T12626] kernfs_fop_write_iter+0x3af/0x570 [ 508.505035][T12626] ? __pfx_sysfs_kf_write+0x10/0x10 [ 508.505060][T12626] iter_file_splice_write+0xa24/0x12b0 [ 508.505112][T12626] ? __pfx_iter_file_splice_write+0x10/0x10 [ 508.505153][T12626] ? __pfx_copy_splice_read+0x10/0x10 [ 508.505196][T12626] ? __pfx_iter_file_splice_write+0x10/0x10 [ 508.505234][T12626] direct_splice_actor+0x192/0x6c0 [ 508.505294][T12626] splice_direct_to_actor+0x345/0xa30 [ 508.505345][T12626] ? __pfx_direct_splice_actor+0x10/0x10 [ 508.505401][T12626] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 508.505456][T12626] do_splice_direct+0x174/0x240 [ 508.505505][T12626] ? __pfx_do_splice_direct+0x10/0x10 [ 508.505562][T12626] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 508.505608][T12626] ? rw_verify_area+0xcf/0x6c0 [ 508.505648][T12626] do_sendfile+0xb06/0xe50 [ 508.505692][T12626] ? __pfx_do_sendfile+0x10/0x10 [ 508.505740][T12626] ? __x64_sys_futex+0x1e0/0x4c0 [ 508.505780][T12626] ? __x64_sys_futex+0x1e9/0x4c0 [ 508.505820][T12626] __x64_sys_sendfile64+0x1d8/0x220 [ 508.505854][T12626] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 508.505895][T12626] do_syscall_64+0xcd/0xf80 [ 508.505949][T12626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.505983][T12626] RIP: 0033:0x7f8936f8f7c9 [ 508.506009][T12626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.506043][T12626] RSP: 002b:00007f8937d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 508.506075][T12626] RAX: ffffffffffffffda RBX: 00007f89371e5fa0 RCX: 00007f8936f8f7c9 [ 508.506097][T12626] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 508.506117][T12626] RBP: 00007f8937013f91 R08: 0000000000000000 R09: 0000000000000000 [ 508.506138][T12626] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 508.506160][T12626] R13: 00007f89371e6038 R14: 00007f89371e5fa0 R15: 00007ffd14922df8 [ 508.506194][T12626] [ 508.506811][T12626] Kernel Offset: disabled