last executing test programs: 25m58.125883768s ago: executing program 2 (id=2383): open(0x0, 0x82842, 0x12) io_uring_setup$auto(0x55, &(0x7f0000000100)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400c, 0xffffffffffffffff, [], {0x6, 0x3ff, 0x8c48, 0x7, 0x3, 0x83, 0x2, 0x5, 0x40000000}, {0x100, 0xb, 0x53, 0x81, 0x0, 0x1a7b870a, 0x8, 0x1000, 0xffffffff}}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r0 = fanotify_init$auto(0x1f53, 0x2000000000002) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x400007ffff000) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, 0xffffffffffffffff, 0x0) socket(0xa, 0x5, 0x0) prctl$auto(0x41555856, 0x24, 0x2008, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) unlink$auto(&(0x7f00000001c0)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2DW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xea\xa5\xff \xec\xe8\xca\xbf\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\v\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4N\xbb\xc2\xf8\x9c\xd0+t\x87r\x02\x05\xdb\xe4\xde\xed\x02\x00\x00\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00M\x83\xdb\xaf\xc4\xf23l\xae\xc5\x1d\xc4\xb0\x06\xd06\x1dX\x03\xe3\x9e\xd3\xd96\xcf\xd9\xa3\xcb\xd6B\xc3\x0f#\xd2\x1a\xf9L\xf5\x87My\xce\x19*\xde\x8d+#\x13\x15\xd3Y\x98\xe1\xc3@\x0e\x9c\xc2\xf8\b\xaf\x89\xe5\x00\x89-pWD\xb5&\xc9\x8e\x8d,\xb7}1\x84U\x18y\xa90\xf5\x80\x981U\x17\x14]\xc56j\xe7\x0e\xecBr\xa9]\"\xd36^m\x12\xb6\xbc\x80\xa4h{\xde\xcf\xf7d\x87rl\x11\xf7\x15\xcb~\xb9\x01\x0e\xd7O_\x91\xe1\xead\xee\xed]/p\xd6\xff\x17\xe4\aV\"I\xca\x90\xc7i\'\xa3R\x81\xf1}4\xbeU\x00\xa4\x1d\xea!Z\xd4|\xbe\x987\n!\x9b?\xb9l_\xd8$av\xfe%\xa2\xda\x82\x14\xc311;\xa4ob\x87\xdbY\xe2\x00') read$auto_deferred_devs_fops_(r0, &(0x7f00000007c0)=""/154, 0x9a) 25m58.003739654s ago: executing program 2 (id=2384): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video9\x00', 0x8a240, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000140)=""/26, 0x1a) mmap$auto(0x7, 0x400007, 0xdf, 0x15, r0, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/vlan/vlan1\x00', 0x212a00, 0x0) r1 = getpid() syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0x20000001005}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) rename$auto(0x0, 0x0) r4 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r4, &(0x7f0000000440)="110000000600"/17, 0x11) 25m57.432308824s ago: executing program 2 (id=2388): r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x10202, 0x0) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0xad) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/acpi/wakeup\x00', 0x101200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) writev$auto(r1, &(0x7f00000002c0)={0x0, 0x5}, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.9/usb27/product\x00', 0x1ff903, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya6\x00', 0x40001, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fstat$auto(r2, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r5) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto(r3, 0x89f3, r3) kexec_load$auto(0x6, 0x10000, &(0x7f0000000080)={@buf=&(0x7f0000000140)="315c589fe2f373c4aa4e8c81430a555cb13d9048749c8ebcd2f12e3a9514ec684b", 0x7, 0x3b, 0x6}, 0x401) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) close_range$auto(0x2, r2, 0x0) bind$auto(0x3, 0x0, 0x6a) io_uring_setup$auto(0x8, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) memfd_create$auto(0x0, 0xe) r6 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fcntl$auto(r6, 0x400, 0x1) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x100000001) close_range$auto(0x2, 0x8, 0x0) 25m57.082378855s ago: executing program 2 (id=2392): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) chdir$auto(&(0x7f0000000180)='}[,&*}\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchown$auto(r1, 0x0, 0x400) mprotect$auto(0x1ffffffff000, 0x1000000000004, 0xa) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000040)={"55f25ef31b638c2ec2a1c0ca3e78c4ad8379d61da81c28faa3e4adca90305567", 0x8001, 0x0, 0x4, 0x1, 0x9, 0x0}) fcntl$auto(r1, 0x22c, r2) syz_clone(0x40028080, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)="2d195782b4ad8117d2b8") 25m56.64422132s ago: executing program 2 (id=2393): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x801, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) madvise$auto(0x0, 0x2003f0, 0x17) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) ioctl$auto(0xffffffffffffffff, 0x80845663, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto(0x3, 0xffffff77, r2) 25m56.31741073s ago: executing program 2 (id=2395): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000000)="2dc2f4", 0x3) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) ioctl$auto(0x1, 0x8983, 0x4) 25m55.813958174s ago: executing program 32 (id=2395): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000000)="2dc2f4", 0x3) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) ioctl$auto(0x1, 0x8983, 0x4) 3.782036062s ago: executing program 4 (id=7433): r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) io_uring_setup$auto(0x401, 0x0) read$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x2, 0x2020009, 0x3, 0x9000004eb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x5, 0x10) write$auto_ftrace_subsystem_filter_fops_trace_events(r0, 0x0, 0x0) prctl$auto(0x9, 0x3, 0x0, 0x6, 0x100000001) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r2 = timerfd_create$auto(0xfffffffd, 0x8) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRES16=0x0, @ANYBLOB="010029bd7000fedbdf2505000000"], 0x34}, 0x1, 0x0, 0x0, 0x404d011}, 0x24000802) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYRES64=r1], 0x1ac}}, 0x4000010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0xfffffffffffffffe, 0x9}, 0x7}, 0x3, 0x5) fallocate$auto(r1, 0x1, 0x2, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4ea02, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)="fc5ea5f1401a03cd7d362456adda0cf384c0e2d7bd3d31e409957ab6bd240c4af9373f9691253b947acf08619bf87d27ebc9b1fff0ce71c342980e157ce4c431437e") mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_receive_size\x00', 0x400, 0x0) bpf$auto(0x5, &(0x7f0000000200)=@info={0xffffffffffffffff, 0x8, 0x9}, 0x1) unshare$auto(0x40000080) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x539580, 0x0) 3.694438037s ago: executing program 1 (id=7434): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x40080, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40014) kexec_load$auto(0xffffffff, 0x2, &(0x7f0000000080)={@buf=0x0, 0x3e0000000000, 0x8000, 0x403000}, 0x4) 2.986709412s ago: executing program 1 (id=7435): shmctl$auto_SHM_INFO(0x7fff, 0xe, &(0x7f00000003c0)={{0x6, 0xffffffffffffffff, 0xee01, 0x0, 0x1, 0x4c, 0xf}, 0x400, 0x6, 0x0, 0x7, @raw=0xfff, @raw=0x7, 0x5, 0x0, &(0x7f0000000200)="0032d76642b1ac9a62b7ccc1b3f0dabce5214b5616645945e570c107cccbf6bbc2b6047c45175cff6b666f89d1ef62d229171def", 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') timerfd_create$auto(0x7, 0x0) timerfd_gettime$auto(0x4, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) futex$auto(0x0, 0xa, 0xf, 0x0, 0x0, 0x8) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b50b0b3c7da1361fef8e0e23a77846b", 0x4a) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x1000008}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x339140, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000780)={0xf, 0x0, 0x2b8, 0x100000001, 0x6, 0xffffffffffffffff, 0x2, 0x0, 0xe, 0x0, 0x5, {0x2fa}, 0x7fffffffffffffff, 0x4, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x9, 0x5, 0x1}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x2, 0xffffffffffffffff, 0xa0c, 0x0, 0x3ffbffffffffff, 0x9536, 0x4007, {0x200, 0x4}, 0x80, 0x80, 0x5, 0x5, 0x0, 0x100000000, 0x21, 0x18d, 0x200, 0xa, 0x2015}) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) 2.898030408s ago: executing program 3 (id=7436): openat$auto_stats_fops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000001240)='\t', 0x1) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x41040, 0x0) write$auto(r1, &(0x7f0000000200)='7\x00\\\xa0\x04|\x03\'\x00\xc9\n\xbf\xb9\x12\xfa\x00\x00\xcfk', 0xb7f) r2 = ioctl$auto_TUNSETOFFLOAD2(0xffffffffffffffff, 0x400454d0, 0x0) io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x80000001, 0x10, 0x2, 0x6, 0x7, 0x8, r2, [], {0x6, 0x8, 0xd, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x6, 0x2001, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) 2.894189729s ago: executing program 0 (id=7437): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) acct$auto(&(0x7f0000000000)='/sys//block/nbd3/que\xd6D\xf0\xfa^!\"B\xf9\xd2\x0f]r\xd4\xed\xf9ue/rotational\x00\xda\xc8\x83\x8b\x82;\xf4\n\xcfn\thz\x8f\x17\xfc\x1aK^\xb1\x8b\x96\xfdPw\xa4M@.(\xa6[\xc2\xfcn\x115\xfbHX\x83\xbf\x021\xd6s\xa8\xb1\a-HG\xae\x03\xc3\x1f`\x84\x1b\x81\xda2r{$3dr\xfd\f\xae\x96u\x91\x11ru\xa5\x9f\xec\xe7\x99\xbe\xcb\bN:\xe9\xf0KFJ\aD\xb4(\x03h\xa0%\xf6N\xeb3\x1c\xdcQ+\xa2\xc1wM\xde)J[\xe6O%\xa1\xda\xa9\x9c \x18pD\xb0P\xa3\x86\xfd[\x05\xdb\xcc\xb4d\xab\xc4\a#3.\xfb>\xb0\xf7\x8cp\xab\xd1\xaa\x9d\x8djz\xb2\xcf\xa5\xb5lS\xd7\x80\x8eI\"eH\x9f+o\x8d\xff\x7f!\x9f0\xd2n\xb8/Gy9\x9f\x85EP\x99\xf4\xfcN\xfe\x1e\b\x84G\x8a\x0f\xab\x14vVy*\x1f\xe6\xdf\xe6^\b\x1ecm\xc5\xfe+\x8d\xd5\x17\'oQb\xc1\x89l\xd2\x9d7C\xbf\tdB(\xb6\x93\xdfj~`\x94\xc2\x99t\xbf)|A\x05\x1b\xf7^\xd9\xa1\xee\xfb\'\xaa\x13\xb33\xe7\xc3G!}\x18\a\xbd@\xea\xfd>f\xb7\xb9\xe4\xb1\x1b\x1b\x95\x01\xe4i\x82\xda\x82~1cT\xdb\x92Q\xbd\xc1z\xc0\xf8\x88~\xe3id\xceg\x98\x8a\xa0Rq\x0f^\x11r:\xe1\xd1a\x15\xbb\xd6]\xc6\xfb\xbf`\xd1\\\xfd\xeeW\xc4\x0f\x10bv5\xa2\xde|&\xee\xaf\xa9Y\xc1\x1d\x8a$\xd61Uq\xe3\x94\x9e;8\x7f\x18J\xaf\xbd\xf6\x950W\x03\xdbrf\xe6\xfb\xe5\xf1\xc4a8\xcfo#R\xaa\xfb\xbc\x00') fanotify_init$auto(0x1f53, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fanotify_mark$auto(0x0, 0x401, 0x4, 0x4, 0x0) fanotify_mark$auto(0x400000000000, 0x6, 0x9, 0x4, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/ip6_flowlabel\x00', 0x42000, 0x0) r1 = openat$auto_hwsim_fops_rx_rssi_(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/ieee80211/phy3/hwsim/rx_rssi\x00', 0x40000, 0x0) getdents64$auto(r1, &(0x7f00000005c0)={0x0, 0x0, 0x9, 0x6}, 0x7) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x2c, 0x3, 0x10000) setuid$auto(0xe) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000002100)=""/15, 0xf) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000000), 0x844100, 0x0) ioctl$auto_NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) r3 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000400), 0x275ea528b348aa0f, 0x0) write$auto(r3, &(0x7f0000000440)='\x00', 0x800) syz_clone3(&(0x7f0000000380)={0x40000000, &(0x7f00000000c0)=0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140), {0x29}, &(0x7f0000000180)=""/80, 0x50, &(0x7f0000000240)=""/213, &(0x7f0000000340)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58) process_mrelease$auto(r4, 0x1ff) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000000480)='/proc/thread-self/fail-nth\x00', &(0x7f00000004c0)=':\x00', &(0x7f0000000500)="6301496f1e6cfe512bb8580c3dc8527d0a6d12e4922e0b222add69ed79fb74db9e16aad0d00fef0bbf4eed15b7927a751aaca44a48922876dd4a1349d52ba7cdc1cec7008f", 0x2, 0xfffffffffffffffc) 2.378337819s ago: executing program 4 (id=7438): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x700, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) 2.308229839s ago: executing program 4 (id=7439): mmap$auto(0x7ffffffffffffffd, 0xb3b7, 0x4000000000e1, 0x2000000001a, 0x401, 0x7ffe) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x59, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mount$auto(0x0, 0x0, 0x0, 0x5, 0x0) 2.15722041s ago: executing program 3 (id=7440): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) mlock$auto(0xfbea, 0x10004) madvise$auto(0x8000, 0x87fff, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setuid$auto(0xe) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000040)='/dev/kvm\x00', 0xfffffffc) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) r0 = setfsuid$auto(0x0) setuid$auto(r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) kcmp$auto(0x0, 0x0, 0x7, 0xffffffffffffffff, r1) sendmsg$auto_NFC_CMD_STOP_POLL(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x80c0) mkdir$auto(0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000002100)=""/15, 0xf) 2.044071151s ago: executing program 1 (id=7442): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x141f02, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r5, 0x0, 0x3}, 0xc) readv$auto(0x6, &(0x7f00000000c0)={0x0, 0x1}, 0x1) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)='1', 0x1) socket(0x29, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 1.918606917s ago: executing program 4 (id=7443): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x0) setreuid$auto(0x7, 0x806) r0 = getpgid(0x0) prlimit64$auto(r0, 0xa3d, 0x0, 0x0) 1.712269837s ago: executing program 1 (id=7444): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162f21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="f320f820c75c20d9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x1e) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/smps\x00', 0x40140, 0x0) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x408040, 0x0) r3 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/smaps\x00', 0x100, 0x0) read$auto_proc_pid_smaps_operations_internal(r3, &(0x7f00000002c0)=""/190, 0xfffffe39) close_range$auto(r3, 0xfffffffffffff000, 0x8) unshare$auto(0x40000080) unshare$auto(0x40000080) unshare$auto(0x4a7) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pwritev$auto(0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffff274, 0x6) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) listen$auto(r2, 0x4) read$auto_debugfs_full_proxy_file_operations_internal(r1, 0x0, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r1, &(0x7f0000000300)=""/4096, 0x1000) 1.586898865s ago: executing program 4 (id=7445): socket(0x10, 0x2, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x50400, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x29, 0x2, 0x0) socket(0x21, 0x2, 0x2) listen$auto(0x3, 0x81) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x88) socket(0x22, 0x3, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r0) 1.473483772s ago: executing program 0 (id=7446): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/ip6_flowlabel\x00', 0x42000, 0x0) socket(0xa, 0x802, 0x3a) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket(0x2000000000000021, 0x2, 0x10000000000002) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x5, 0x84) r0 = socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r0, 0x0, 0x9a6, 0xe000) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "3d64dc400201007f610000000024"}, 0x55) 1.443924134s ago: executing program 3 (id=7447): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/dev\x00', 0x40100, 0x0) pread64$auto(r0, 0x0, 0x10005, 0x830) 1.220126314s ago: executing program 0 (id=7448): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd4\x00', 0x2800, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x101000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fdfffff, 0xf0ee, 0x40020009, 0x3, "790eaa833e6fc65b6b3cf705001900ffff8eac2cdafc1f64010043eeb0b0530300000000000e00"}, 0x4, 0x966, 0x3, @inferred, @integer={0x100000000, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) fanotify_init$auto(0x9, 0x3) pwrite64$auto(r1, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x8, 0x7069, 0x0, 0x19, 0x401, 0x2) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x4b, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) 1.129678108s ago: executing program 3 (id=7449): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r0 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x4, &(0x7f0000000280)={0x0, 0xc3}, 0x1, 0x0, 0x0, 0xa}, 0x7}, 0x3, 0x0) 902.546354ms ago: executing program 3 (id=7450): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/dev\x00', 0x40100, 0x0) pread64$auto(r0, 0x0, 0x10005, 0x830) (fail_nth: 2) 900.18451ms ago: executing program 4 (id=7451): shmctl$auto_SHM_INFO(0x7fff, 0xe, &(0x7f00000003c0)={{0x6, 0xffffffffffffffff, 0xee01, 0x0, 0x1, 0x4c, 0xf}, 0x400, 0x6, 0x0, 0x7, @raw=0xfff, @raw=0x7, 0x5, 0x0, &(0x7f0000000200)="0032d76642b1ac9a62b7ccc1b3f0dabce5214b5616645945e570c107cccbf6bbc2b6047c45175cff6b666f89d1ef62d229171def", 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') timerfd_create$auto(0x7, 0x0) timerfd_gettime$auto(0x4, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) futex$auto(0x0, 0xa, 0xf, 0x0, 0x0, 0x8) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b50b0b3c7da1361fef8e0e23a77846b", 0x4a) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x1000008}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x339140, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000780)={0xf, 0x0, 0x2b8, 0x100000001, 0x6, 0xffffffffffffffff, 0x2, 0x0, 0xe, 0x0, 0x5, {0x2fa}, 0x7fffffffffffffff, 0x4, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x9, 0x5, 0x1}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x2, 0xffffffffffffffff, 0xa0c, 0x0, 0x3ffbffffffffff, 0x9536, 0x4007, {0x200, 0x4}, 0x80, 0x80, 0x5, 0x5, 0x0, 0x100000000, 0x21, 0x18d, 0x200, 0xa, 0x2015}) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) 722.580895ms ago: executing program 0 (id=7452): mmap$auto(0x7ffffffffffffffd, 0xb3b7, 0x4000000000e1, 0x2000000001a, 0x401, 0x7ffe) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x59, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mount$auto(0x0, 0x0, 0x0, 0x5, 0x0) 259.958713ms ago: executing program 0 (id=7453): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x141f02, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) readv$auto(0x6, &(0x7f00000000c0)={0x0, 0x1}, 0x1) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)='1', 0x1) socket(0x29, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 257.002675ms ago: executing program 1 (id=7454): io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x0) setreuid$auto(0x7, 0x806) r0 = getpgid(0x0) prlimit64$auto(r0, 0xa3d, 0x0, 0x0) 228.81425ms ago: executing program 1 (id=7455): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) bind$auto(r0, &(0x7f00000000c0)=@l2tp={0x2, 0x0, @multicast2, 0x3}, 0x7) listen$auto(0x3, 0x81) r1 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x24, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0xa}, 0x5, 0x108) 110.553816ms ago: executing program 0 (id=7456): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_SET(r0, &(0x7f00000079c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r1, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}}, 0x4002) 0s ago: executing program 3 (id=7457): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/ip6_flowlabel\x00', 0x42000, 0x0) socket(0xa, 0x802, 0x3a) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket(0x2000000000000021, 0x2, 0x10000000000002) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "3d64dc400201007f610000000024"}, 0x55) kernel console output (not intermixed with test programs): [ 2059.387229][ T6668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2059.387244][ T6668] RSP: 002b:00007fbf088fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2059.387259][ T6668] RAX: ffffffffffffffda RBX: 00007fbf07c15fa0 RCX: 00007fbf0799c799 [ 2059.387270][ T6668] RDX: 0000000000000004 RSI: 0000000000005761 RDI: 0000000000000000 [ 2059.387279][ T6668] RBP: 00007fbf088fe090 R08: 0000000000000000 R09: 0000000000000000 [ 2059.387288][ T6668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2059.387297][ T6668] R13: 00007fbf07c16038 R14: 00007fbf07c15fa0 R15: 00007ffdc1edbd48 [ 2059.387318][ T6668] [ 2059.387343][ T6668] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2061.004458][ T6700] FAULT_INJECTION: forcing a failure. [ 2061.004458][ T6700] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2061.182748][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.4.7122 Tainted: G U L syzkaller #0 PREEMPT(full) [ 2061.182778][ T6700] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2061.182784][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2061.182793][ T6700] Call Trace: [ 2061.182799][ T6700] [ 2061.182806][ T6700] dump_stack_lvl+0x100/0x190 [ 2061.182835][ T6700] should_fail_ex.cold+0x5/0xa [ 2061.182851][ T6700] ? prepare_alloc_pages+0x16d/0x5f0 [ 2061.182870][ T6700] should_fail_alloc_page+0xeb/0x140 [ 2061.182896][ T6700] prepare_alloc_pages+0x1f0/0x5f0 [ 2061.182913][ T6700] ? workingset_test_recent+0x42d/0xe90 [ 2061.182940][ T6700] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2061.182964][ T6700] ? workingset_test_recent+0x143/0xe90 [ 2061.182991][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183018][ T6700] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2061.183040][ T6700] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2061.183065][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183085][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183110][ T6700] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2061.183136][ T6700] ? policy_nodemask+0xed/0x4f0 [ 2061.183153][ T6700] alloc_pages_mpol+0x1fb/0x550 [ 2061.183171][ T6700] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2061.183190][ T6700] ? swap_entry_swapped+0x1ff/0x2b0 [ 2061.183205][ T6700] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2061.183222][ T6700] folio_alloc_mpol_noprof+0x36/0x340 [ 2061.183242][ T6700] swap_cache_alloc_folio+0x1a8/0x300 [ 2061.183264][ T6700] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2061.183286][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183307][ T6700] swap_cluster_readahead+0x411/0x770 [ 2061.183332][ T6700] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2061.183354][ T6700] ? __pfx_find_held_lock+0x10/0x10 [ 2061.183369][ T6700] ? is_bpf_text_address+0x8a/0x1a0 [ 2061.183391][ T6700] ? bpf_ksym_find+0x124/0x1c0 [ 2061.183412][ T6700] ? kernel_text_address+0x8d/0x100 [ 2061.183435][ T6700] ? get_vma_policy+0x23f/0x3b0 [ 2061.183453][ T6700] swapin_readahead+0x160/0x12c0 [ 2061.183480][ T6700] ? __pfx_swapin_readahead+0x10/0x10 [ 2061.183499][ T6700] ? find_held_lock+0x2b/0x80 [ 2061.183512][ T6700] ? swap_table_get+0x103/0x2c0 [ 2061.183530][ T6700] ? swap_table_get+0x103/0x2c0 [ 2061.183552][ T6700] ? swap_table_get+0x10d/0x2c0 [ 2061.183571][ T6700] ? swap_cache_get_folio+0x1ae/0x600 [ 2061.183591][ T6700] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2061.183610][ T6700] ? __pfx_get_swap_device+0x10/0x10 [ 2061.183637][ T6700] ? do_swap_page+0xb2e/0x68e0 [ 2061.183656][ T6700] do_swap_page+0xb2e/0x68e0 [ 2061.183676][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183701][ T6700] ? __pfx_do_swap_page+0x10/0x10 [ 2061.183722][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 2061.183742][ T6700] ? rcu_is_watching+0x12/0xc0 [ 2061.183764][ T6700] ? __pte_offset_map+0x179/0x310 [ 2061.183794][ T6700] __handle_mm_fault+0x18c1/0x2b60 [ 2061.183818][ T6700] ? __pfx___handle_mm_fault+0x10/0x10 [ 2061.183839][ T6700] ? pte_offset_map_lock+0x174/0x320 [ 2061.183854][ T6700] ? find_held_lock+0x2b/0x80 [ 2061.183896][ T6700] ? follow_page_pte+0x5b3/0x1400 [ 2061.183918][ T6700] handle_mm_fault+0x36d/0xa20 [ 2061.183943][ T6700] __get_user_pages+0xf9c/0x34d0 [ 2061.183965][ T6700] ? down_read_killable+0x30e/0x4c0 [ 2061.183988][ T6700] ? __pfx___get_user_pages+0x10/0x10 [ 2061.184009][ T6700] __gup_longterm_locked+0x87d/0x16f0 [ 2061.184032][ T6700] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2061.184053][ T6700] ? find_held_lock+0x2b/0x80 [ 2061.184067][ T6700] ? gup_fast_fallback+0x7e5/0x2460 [ 2061.184089][ T6700] gup_fast_fallback+0x18c6/0x2460 [ 2061.184120][ T6700] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2061.184137][ T6700] ? lock_acquire+0x1cf/0x380 [ 2061.184155][ T6700] ? find_held_lock+0x2b/0x80 [ 2061.184168][ T6700] ? finish_task_switch.isra.0+0x200/0xb80 [ 2061.184184][ T6700] ? finish_task_switch.isra.0+0x200/0xb80 [ 2061.184201][ T6700] ? rcu_is_watching+0x12/0xc0 [ 2061.184224][ T6700] get_user_pages_fast+0xa7/0xf0 [ 2061.184241][ T6700] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2061.184257][ T6700] ? rcu_is_watching+0x12/0xc0 [ 2061.184278][ T6700] ? trace_sched_exit_tp+0x13a/0x180 [ 2061.184296][ T6700] ? __schedule+0x1000/0x6120 [ 2061.184312][ T6700] get_futex_key+0x2c8/0x1620 [ 2061.184333][ T6700] ? __pfx_get_futex_key+0x10/0x10 [ 2061.184358][ T6700] futex_wait_requeue_pi+0x1f5/0x870 [ 2061.184382][ T6700] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2061.184403][ T6700] ? preempt_schedule_common+0x42/0xc0 [ 2061.184429][ T6700] ? __pfx_try_to_wake_up+0x10/0x10 [ 2061.184449][ T6700] ? futex_private_hash_put+0x107/0x1c0 [ 2061.184470][ T6700] ? __pfx_futex_wake_mark+0x10/0x10 [ 2061.184497][ T6700] ? ksys_write+0x190/0x250 [ 2061.184519][ T6700] ? ksys_write+0x190/0x250 [ 2061.184545][ T6700] do_futex+0x24f/0x350 [ 2061.184564][ T6700] ? __pfx_do_futex+0x10/0x10 [ 2061.184588][ T6700] __x64_sys_futex+0x34f/0x4d0 [ 2061.184610][ T6700] ? __pfx___x64_sys_futex+0x10/0x10 [ 2061.184637][ T6700] do_syscall_64+0x106/0xf80 [ 2061.184654][ T6700] ? clear_bhb_loop+0x40/0x90 [ 2061.184674][ T6700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2061.184690][ T6700] RIP: 0033:0x7efd26f9c799 [ 2061.184704][ T6700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2061.184719][ T6700] RSP: 002b:00007efd27e45028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2061.184735][ T6700] RAX: ffffffffffffffda RBX: 00007efd27216090 RCX: 00007efd26f9c799 [ 2061.184746][ T6700] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2061.184756][ T6700] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2061.184766][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2061.184775][ T6700] R13: 00007efd27216128 R14: 00007efd27216090 R15: 00007ffe35532628 [ 2061.184796][ T6700] [ 2065.052063][ T6816] netlink: 122 bytes leftover after parsing attributes in process `syz.4.7130'. [ 2069.839748][ T7080] netlink: 122 bytes leftover after parsing attributes in process `syz.4.7143'. [ 2070.204863][ T7107] FAULT_INJECTION: forcing a failure. [ 2070.204863][ T7107] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2070.296154][ T7107] CPU: 0 UID: 0 PID: 7107 Comm: syz.0.7147 Tainted: G U L syzkaller #0 PREEMPT(full) [ 2070.296185][ T7107] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2070.296191][ T7107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2070.296202][ T7107] Call Trace: [ 2070.296208][ T7107] [ 2070.296214][ T7107] dump_stack_lvl+0x100/0x190 [ 2070.296244][ T7107] should_fail_ex.cold+0x5/0xa [ 2070.296260][ T7107] ? prepare_alloc_pages+0x16d/0x5f0 [ 2070.296279][ T7107] should_fail_alloc_page+0xeb/0x140 [ 2070.296296][ T7107] prepare_alloc_pages+0x1f0/0x5f0 [ 2070.296316][ T7107] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2070.296341][ T7107] ? get_page_from_freelist+0x111d/0x3140 [ 2070.296367][ T7107] ? __pfx___might_resched+0x10/0x10 [ 2070.296388][ T7107] ? prepare_alloc_pages+0x16d/0x5f0 [ 2070.296405][ T7107] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2070.296428][ T7107] ? rcu_is_watching+0x12/0xc0 [ 2070.296451][ T7107] ? trace_mm_page_alloc+0x17a/0x1d0 [ 2070.296470][ T7107] ? is_bpf_text_address+0x8a/0x1a0 [ 2070.296491][ T7107] ? is_bpf_text_address+0x8a/0x1a0 [ 2070.296513][ T7107] ? bpf_ksym_find+0x124/0x1c0 [ 2070.296530][ T7107] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2070.296547][ T7107] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2070.296572][ T7107] ? policy_nodemask+0xed/0x4f0 [ 2070.296589][ T7107] alloc_pages_mpol+0x1fb/0x550 [ 2070.296605][ T7107] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2070.296626][ T7107] alloc_pages_noprof+0x131/0x390 [ 2070.296643][ T7107] kimage_alloc_pages+0x72/0x380 [ 2070.296669][ T7107] kimage_alloc_control_pages+0x157/0xa20 [ 2070.296684][ T7107] ? weighted_interleave_nid+0x5a0/0x5a0 [ 2070.296704][ T7107] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2070.296719][ T7107] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2070.296739][ T7107] alloc_pgt_page+0x17/0xb0 [ 2070.296758][ T7107] machine_kexec_prepare+0x1a7/0x14d0 [ 2070.296783][ T7107] ? __pfx_machine_kexec_prepare+0x10/0x10 [ 2070.296804][ T7107] ? __pfx_alloc_pgt_page+0x10/0x10 [ 2070.296824][ T7107] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2070.296846][ T7107] do_kexec_load+0x32c/0x810 [ 2070.296863][ T7107] ? __pfx_do_kexec_load+0x10/0x10 [ 2070.296881][ T7107] ? _copy_from_user+0x59/0xd0 [ 2070.296908][ T7107] __x64_sys_kexec_load+0x1bf/0x230 [ 2070.296927][ T7107] do_syscall_64+0x106/0xf80 [ 2070.296946][ T7107] ? clear_bhb_loop+0x40/0x90 [ 2070.296965][ T7107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2070.296981][ T7107] RIP: 0033:0x7fbf0799c799 [ 2070.296996][ T7107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2070.297011][ T7107] RSP: 002b:00007fbf088fe028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 2070.297027][ T7107] RAX: ffffffffffffffda RBX: 00007fbf07c15fa0 RCX: 00007fbf0799c799 [ 2070.297038][ T7107] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 2070.297055][ T7107] RBP: 00007fbf07a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2070.297065][ T7107] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 2070.297075][ T7107] R13: 00007fbf07c16038 R14: 00007fbf07c15fa0 R15: 00007ffdc1edbd48 [ 2070.297095][ T7107] [ 2076.063226][ T7327] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7169'. [ 2076.326332][ T7327] ipvlan1: entered promiscuous mode [ 2076.354788][ T7327] ipvlan1: entered allmulticast mode [ 2076.398987][ T7327] veth0_vlan: entered allmulticast mode [ 2077.168893][ T7378] FAULT_INJECTION: forcing a failure. [ 2077.168893][ T7378] name failslab, interval 1, probability 0, space 0, times 0 [ 2077.230375][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.4.7170 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2077.230411][ T7378] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2077.230420][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2077.230430][ T7378] Call Trace: [ 2077.230436][ T7378] [ 2077.230443][ T7378] dump_stack_lvl+0x100/0x190 [ 2077.230472][ T7378] should_fail_ex.cold+0x5/0xa [ 2077.230492][ T7378] should_failslab+0xc2/0x120 [ 2077.230508][ T7378] __kmalloc_cache_noprof+0x7a/0x6f0 [ 2077.230528][ T7378] ? single_open+0x4d/0x1d0 [ 2077.230547][ T7378] ? __pfx___debugfs_file_get+0x10/0x10 [ 2077.230575][ T7378] ? find_held_lock+0x2b/0x80 [ 2077.230592][ T7378] ? __pfx_edid_show+0x10/0x10 [ 2077.230621][ T7378] ? __pfx_edid_open+0x10/0x10 [ 2077.230640][ T7378] single_open+0x4d/0x1d0 [ 2077.230660][ T7378] full_proxy_open_regular+0x1b6/0x370 [ 2077.230682][ T7378] do_dentry_open+0x6d8/0x1660 [ 2077.230696][ T7378] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 2077.230721][ T7378] vfs_open+0x82/0x3f0 [ 2077.230741][ T7378] path_openat+0x208c/0x31a0 [ 2077.230763][ T7378] ? __pfx_path_openat+0x10/0x10 [ 2077.230785][ T7378] do_file_open+0x20e/0x430 [ 2077.230801][ T7378] ? __pfx_do_file_open+0x10/0x10 [ 2077.230829][ T7378] ? alloc_fd+0x476/0x790 [ 2077.230846][ T7378] ? do_getname+0x191/0x390 [ 2077.230865][ T7378] do_sys_openat2+0x10d/0x1e0 [ 2077.230884][ T7378] ? __pfx_do_sys_openat2+0x10/0x10 [ 2077.230904][ T7378] ? do_raw_spin_lock+0x128/0x260 [ 2077.230929][ T7378] __x64_sys_openat+0x12d/0x210 [ 2077.230949][ T7378] ? __pfx___x64_sys_openat+0x10/0x10 [ 2077.230975][ T7378] do_syscall_64+0x106/0xf80 [ 2077.230992][ T7378] ? clear_bhb_loop+0x40/0x90 [ 2077.231011][ T7378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2077.231027][ T7378] RIP: 0033:0x7efd26f9c799 [ 2077.231041][ T7378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2077.231055][ T7378] RSP: 002b:00007efd27e24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2077.231070][ T7378] RAX: ffffffffffffffda RBX: 00007efd27216180 RCX: 00007efd26f9c799 [ 2077.231081][ T7378] RDX: 0000000000002082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 2077.231091][ T7378] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2077.231100][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2077.231109][ T7378] R13: 00007efd27216218 R14: 00007efd27216180 R15: 00007ffe35532628 [ 2077.231129][ T7378] [ 2079.399621][ T7538] netlink: 122 bytes leftover after parsing attributes in process `syz.4.7176'. [ 2079.523068][ T7532] FAULT_INJECTION: forcing a failure. [ 2079.523068][ T7532] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.557830][ T7523] FAULT_INJECTION: forcing a failure. [ 2079.557830][ T7523] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.619268][ T7532] CPU: 0 UID: 0 PID: 7532 Comm: syz.0.7174 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2079.619306][ T7532] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2079.619315][ T7532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2079.619324][ T7532] Call Trace: [ 2079.619330][ T7532] [ 2079.619338][ T7532] dump_stack_lvl+0x100/0x190 [ 2079.619366][ T7532] should_fail_ex.cold+0x5/0xa [ 2079.619385][ T7532] ? prepare_alloc_pages+0x16d/0x5f0 [ 2079.619405][ T7532] should_fail_alloc_page+0xeb/0x140 [ 2079.619423][ T7532] prepare_alloc_pages+0x1f0/0x5f0 [ 2079.619440][ T7532] ? workingset_test_recent+0x42d/0xe90 [ 2079.619465][ T7532] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2079.619489][ T7532] ? workingset_test_recent+0x143/0xe90 [ 2079.619515][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.619534][ T7532] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2079.619557][ T7532] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2079.619582][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.619602][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.619626][ T7532] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2079.619651][ T7532] ? policy_nodemask+0xed/0x4f0 [ 2079.619668][ T7532] alloc_pages_mpol+0x1fb/0x550 [ 2079.619685][ T7532] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2079.619701][ T7532] ? swap_entry_swapped+0x1ff/0x2b0 [ 2079.619716][ T7532] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2079.619734][ T7532] folio_alloc_mpol_noprof+0x36/0x340 [ 2079.619753][ T7532] swap_cache_alloc_folio+0x1a8/0x300 [ 2079.619776][ T7532] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2079.619798][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.619819][ T7532] swap_cluster_readahead+0x411/0x770 [ 2079.619845][ T7532] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2079.619866][ T7532] ? __pfx_find_held_lock+0x10/0x10 [ 2079.619881][ T7532] ? is_bpf_text_address+0x8a/0x1a0 [ 2079.619903][ T7532] ? bpf_ksym_find+0x124/0x1c0 [ 2079.619923][ T7532] ? kernel_text_address+0x8d/0x100 [ 2079.619946][ T7532] ? get_vma_policy+0x23f/0x3b0 [ 2079.619964][ T7532] swapin_readahead+0x160/0x12c0 [ 2079.619991][ T7532] ? __pfx_swapin_readahead+0x10/0x10 [ 2079.620010][ T7532] ? find_held_lock+0x2b/0x80 [ 2079.620023][ T7532] ? swap_table_get+0x103/0x2c0 [ 2079.620041][ T7532] ? swap_table_get+0x103/0x2c0 [ 2079.620063][ T7532] ? swap_table_get+0x10d/0x2c0 [ 2079.620082][ T7532] ? swap_cache_get_folio+0x1ae/0x600 [ 2079.620102][ T7532] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2079.620120][ T7532] ? __pfx_get_swap_device+0x10/0x10 [ 2079.620147][ T7532] ? do_swap_page+0xb2e/0x68e0 [ 2079.620165][ T7532] do_swap_page+0xb2e/0x68e0 [ 2079.620186][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.620211][ T7532] ? __pfx_do_swap_page+0x10/0x10 [ 2079.620238][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.620259][ T7532] ? rcu_is_watching+0x12/0xc0 [ 2079.620282][ T7532] ? __pte_offset_map+0x179/0x310 [ 2079.620310][ T7532] __handle_mm_fault+0x18c1/0x2b60 [ 2079.620336][ T7532] ? __pfx___handle_mm_fault+0x10/0x10 [ 2079.620357][ T7532] ? pte_offset_map_lock+0x174/0x320 [ 2079.620372][ T7532] ? find_held_lock+0x2b/0x80 [ 2079.620392][ T7532] ? follow_page_pte+0x5b3/0x1400 [ 2079.620412][ T7532] handle_mm_fault+0x36d/0xa20 [ 2079.620436][ T7532] __get_user_pages+0xf9c/0x34d0 [ 2079.620458][ T7532] ? down_read_killable+0x30e/0x4c0 [ 2079.620480][ T7532] ? __pfx___get_user_pages+0x10/0x10 [ 2079.620502][ T7532] __gup_longterm_locked+0x87d/0x16f0 [ 2079.620519][ T7532] ? trace_pelt_se_tp+0x101/0x1b0 [ 2079.620544][ T7532] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2079.620565][ T7532] ? find_held_lock+0x2b/0x80 [ 2079.620579][ T7532] ? gup_fast_fallback+0x7e5/0x2460 [ 2079.620600][ T7532] gup_fast_fallback+0x18c6/0x2460 [ 2079.620631][ T7532] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2079.620648][ T7532] ? finish_task_switch.isra.0+0x200/0xb80 [ 2079.620667][ T7532] ? finish_task_switch.isra.0+0x205/0xb80 [ 2079.620682][ T7532] ? lockdep_hardirqs_on+0x78/0x100 [ 2079.620699][ T7532] ? finish_task_switch.isra.0+0x205/0xb80 [ 2079.620717][ T7532] get_user_pages_fast+0xa7/0xf0 [ 2079.620734][ T7532] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2079.620753][ T7532] ? __lock_acquire+0x4a5/0x2630 [ 2079.620774][ T7532] get_futex_key+0x2c8/0x1620 [ 2079.620795][ T7532] ? __pfx_get_futex_key+0x10/0x10 [ 2079.620813][ T7532] ? find_held_lock+0x2b/0x80 [ 2079.620827][ T7532] ? futex_unqueue+0x133/0x2c0 [ 2079.620843][ T7532] ? futex_unqueue+0x133/0x2c0 [ 2079.620863][ T7532] futex_wait_requeue_pi+0x1f5/0x870 [ 2079.620887][ T7532] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2079.620911][ T7532] ? __pfx___futex_wait+0x10/0x10 [ 2079.620950][ T7532] ? __pfx_futex_wake_mark+0x10/0x10 [ 2079.620976][ T7532] ? ksys_write+0x190/0x250 [ 2079.620999][ T7532] ? ksys_write+0x190/0x250 [ 2079.621024][ T7532] do_futex+0x24f/0x350 [ 2079.621043][ T7532] ? __pfx_do_futex+0x10/0x10 [ 2079.621068][ T7532] __x64_sys_futex+0x34f/0x4d0 [ 2079.621089][ T7532] ? __pfx___x64_sys_futex+0x10/0x10 [ 2079.621116][ T7532] do_syscall_64+0x106/0xf80 [ 2079.621133][ T7532] ? clear_bhb_loop+0x40/0x90 [ 2079.621152][ T7532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2079.621169][ T7532] RIP: 0033:0x7fbf0799c799 [ 2079.621183][ T7532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2079.621199][ T7532] RSP: 002b:00007fbf088dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2079.621214][ T7532] RAX: ffffffffffffffda RBX: 00007fbf07c16090 RCX: 00007fbf0799c799 [ 2079.621233][ T7532] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2079.621243][ T7532] RBP: 00007fbf07a32bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2079.621253][ T7532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2079.621263][ T7532] R13: 00007fbf07c16128 R14: 00007fbf07c16090 R15: 00007ffdc1edbd48 [ 2079.621285][ T7532] [ 2080.194303][ T7545] netlink: 122 bytes leftover after parsing attributes in process `syz.3.7177'. [ 2080.207863][ T7523] CPU: 0 UID: 0 PID: 7523 Comm: syz.1.7175 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2080.207900][ T7523] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2080.207910][ T7523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2080.207920][ T7523] Call Trace: [ 2080.207926][ T7523] [ 2080.207933][ T7523] dump_stack_lvl+0x100/0x190 [ 2080.207962][ T7523] should_fail_ex.cold+0x5/0xa [ 2080.207978][ T7523] ? prepare_alloc_pages+0x16d/0x5f0 [ 2080.207997][ T7523] should_fail_alloc_page+0xeb/0x140 [ 2080.208014][ T7523] prepare_alloc_pages+0x1f0/0x5f0 [ 2080.208031][ T7523] ? workingset_test_recent+0x42d/0xe90 [ 2080.208057][ T7523] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2080.208081][ T7523] ? workingset_test_recent+0x143/0xe90 [ 2080.208108][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208127][ T7523] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2080.208150][ T7523] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2080.208175][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208194][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208230][ T7523] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2080.208257][ T7523] ? policy_nodemask+0xed/0x4f0 [ 2080.208275][ T7523] alloc_pages_mpol+0x1fb/0x550 [ 2080.208292][ T7523] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2080.208308][ T7523] ? swap_entry_swapped+0x1ff/0x2b0 [ 2080.208323][ T7523] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2080.208341][ T7523] folio_alloc_mpol_noprof+0x36/0x340 [ 2080.208360][ T7523] swap_cache_alloc_folio+0x1a8/0x300 [ 2080.208382][ T7523] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2080.208405][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208425][ T7523] swap_cluster_readahead+0x411/0x770 [ 2080.208451][ T7523] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2080.208473][ T7523] ? __pfx_find_held_lock+0x10/0x10 [ 2080.208487][ T7523] ? is_bpf_text_address+0x8a/0x1a0 [ 2080.208510][ T7523] ? bpf_ksym_find+0x124/0x1c0 [ 2080.208530][ T7523] ? kernel_text_address+0x8d/0x100 [ 2080.208553][ T7523] ? get_vma_policy+0x23f/0x3b0 [ 2080.208571][ T7523] swapin_readahead+0x160/0x12c0 [ 2080.208598][ T7523] ? __pfx_swapin_readahead+0x10/0x10 [ 2080.208617][ T7523] ? find_held_lock+0x2b/0x80 [ 2080.208630][ T7523] ? swap_table_get+0x103/0x2c0 [ 2080.208648][ T7523] ? swap_table_get+0x103/0x2c0 [ 2080.208670][ T7523] ? swap_table_get+0x10d/0x2c0 [ 2080.208689][ T7523] ? swap_cache_get_folio+0x1ae/0x600 [ 2080.208709][ T7523] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2080.208728][ T7523] ? __pfx_get_swap_device+0x10/0x10 [ 2080.208756][ T7523] ? do_swap_page+0xb2e/0x68e0 [ 2080.208774][ T7523] do_swap_page+0xb2e/0x68e0 [ 2080.208795][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208821][ T7523] ? __pfx_do_swap_page+0x10/0x10 [ 2080.208841][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.208861][ T7523] ? rcu_is_watching+0x12/0xc0 [ 2080.208883][ T7523] ? __pte_offset_map+0x179/0x310 [ 2080.208909][ T7523] __handle_mm_fault+0x18c1/0x2b60 [ 2080.208934][ T7523] ? __pfx___handle_mm_fault+0x10/0x10 [ 2080.208955][ T7523] ? pte_offset_map_lock+0x174/0x320 [ 2080.208970][ T7523] ? find_held_lock+0x2b/0x80 [ 2080.208990][ T7523] ? follow_page_pte+0x5b3/0x1400 [ 2080.209011][ T7523] handle_mm_fault+0x36d/0xa20 [ 2080.209034][ T7523] __get_user_pages+0xf9c/0x34d0 [ 2080.209056][ T7523] ? down_read_killable+0x30e/0x4c0 [ 2080.209079][ T7523] ? __pfx___get_user_pages+0x10/0x10 [ 2080.209101][ T7523] __gup_longterm_locked+0x87d/0x16f0 [ 2080.209117][ T7523] ? trace_pelt_se_tp+0x101/0x1b0 [ 2080.209143][ T7523] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2080.209164][ T7523] ? find_held_lock+0x2b/0x80 [ 2080.209179][ T7523] ? gup_fast_fallback+0x7e5/0x2460 [ 2080.209201][ T7523] gup_fast_fallback+0x18c6/0x2460 [ 2080.209239][ T7523] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2080.209256][ T7523] ? finish_task_switch.isra.0+0x200/0xb80 [ 2080.209276][ T7523] ? finish_task_switch.isra.0+0x205/0xb80 [ 2080.209293][ T7523] ? lockdep_hardirqs_on+0x78/0x100 [ 2080.209310][ T7523] ? finish_task_switch.isra.0+0x205/0xb80 [ 2080.209330][ T7523] get_user_pages_fast+0xa7/0xf0 [ 2080.209347][ T7523] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2080.209365][ T7523] ? __lock_acquire+0x4a5/0x2630 [ 2080.209386][ T7523] get_futex_key+0x2c8/0x1620 [ 2080.209406][ T7523] ? __pfx_get_futex_key+0x10/0x10 [ 2080.209425][ T7523] ? find_held_lock+0x2b/0x80 [ 2080.209439][ T7523] ? futex_unqueue+0x133/0x2c0 [ 2080.209456][ T7523] ? futex_unqueue+0x133/0x2c0 [ 2080.209476][ T7523] futex_wait_requeue_pi+0x1f5/0x870 [ 2080.209500][ T7523] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2080.209524][ T7523] ? __pfx___futex_wait+0x10/0x10 [ 2080.209544][ T7523] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 2080.209574][ T7523] ? lockdep_hardirqs_on+0x78/0x100 [ 2080.209610][ T7523] ? __pfx_futex_wake_mark+0x10/0x10 [ 2080.209638][ T7523] ? ksys_write+0x190/0x250 [ 2080.209661][ T7523] ? ksys_write+0x190/0x250 [ 2080.209688][ T7523] do_futex+0x24f/0x350 [ 2080.209707][ T7523] ? __pfx_do_futex+0x10/0x10 [ 2080.209731][ T7523] __x64_sys_futex+0x34f/0x4d0 [ 2080.209753][ T7523] ? __pfx___x64_sys_futex+0x10/0x10 [ 2080.209780][ T7523] do_syscall_64+0x106/0xf80 [ 2080.209796][ T7523] ? clear_bhb_loop+0x40/0x90 [ 2080.209816][ T7523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2080.209832][ T7523] RIP: 0033:0x7f194219c799 [ 2080.209848][ T7523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2080.209863][ T7523] RSP: 002b:00007f19403d5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2080.209879][ T7523] RAX: ffffffffffffffda RBX: 00007f1942416090 RCX: 00007f194219c799 [ 2080.209889][ T7523] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2080.209899][ T7523] RBP: 00007f1942232bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2080.209909][ T7523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2080.209918][ T7523] R13: 00007f1942416128 R14: 00007f1942416090 R15: 00007fffa8707138 [ 2080.209940][ T7523] [ 2083.932515][ T7624] FAULT_INJECTION: forcing a failure. [ 2083.932515][ T7624] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2084.066911][ T7624] CPU: 0 UID: 0 PID: 7624 Comm: syz.0.7178 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2084.066949][ T7624] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2084.066958][ T7624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2084.066971][ T7624] Call Trace: [ 2084.066977][ T7624] [ 2084.066983][ T7624] dump_stack_lvl+0x100/0x190 [ 2084.067012][ T7624] should_fail_ex.cold+0x5/0xa [ 2084.067028][ T7624] ? prepare_alloc_pages+0x16d/0x5f0 [ 2084.067048][ T7624] should_fail_alloc_page+0xeb/0x140 [ 2084.067065][ T7624] prepare_alloc_pages+0x1f0/0x5f0 [ 2084.067082][ T7624] ? workingset_test_recent+0x42d/0xe90 [ 2084.067109][ T7624] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2084.067132][ T7624] ? workingset_test_recent+0x143/0xe90 [ 2084.067160][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.067179][ T7624] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2084.067203][ T7624] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2084.067227][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.067247][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.067272][ T7624] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2084.067297][ T7624] ? policy_nodemask+0xed/0x4f0 [ 2084.067315][ T7624] alloc_pages_mpol+0x1fb/0x550 [ 2084.067331][ T7624] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2084.067347][ T7624] ? swap_entry_swapped+0x1ff/0x2b0 [ 2084.067362][ T7624] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2084.067379][ T7624] folio_alloc_mpol_noprof+0x36/0x340 [ 2084.067399][ T7624] swap_cache_alloc_folio+0x1a8/0x300 [ 2084.067421][ T7624] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2084.067444][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.067465][ T7624] swap_cluster_readahead+0x411/0x770 [ 2084.067490][ T7624] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2084.067511][ T7624] ? __pfx_find_held_lock+0x10/0x10 [ 2084.067526][ T7624] ? is_bpf_text_address+0x8a/0x1a0 [ 2084.067548][ T7624] ? bpf_ksym_find+0x124/0x1c0 [ 2084.067568][ T7624] ? kernel_text_address+0x8d/0x100 [ 2084.067592][ T7624] ? get_vma_policy+0x23f/0x3b0 [ 2084.067609][ T7624] swapin_readahead+0x160/0x12c0 [ 2084.067636][ T7624] ? __pfx_swapin_readahead+0x10/0x10 [ 2084.067655][ T7624] ? find_held_lock+0x2b/0x80 [ 2084.067669][ T7624] ? swap_table_get+0x103/0x2c0 [ 2084.067694][ T7624] ? swap_table_get+0x103/0x2c0 [ 2084.067718][ T7624] ? swap_table_get+0x10d/0x2c0 [ 2084.067738][ T7624] ? swap_cache_get_folio+0x1ae/0x600 [ 2084.067760][ T7624] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2084.067779][ T7624] ? __pfx_get_swap_device+0x10/0x10 [ 2084.067806][ T7624] ? do_swap_page+0xb2e/0x68e0 [ 2084.067824][ T7624] do_swap_page+0xb2e/0x68e0 [ 2084.067853][ T7624] ? __pfx_do_swap_page+0x10/0x10 [ 2084.067874][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.067894][ T7624] ? rcu_is_watching+0x12/0xc0 [ 2084.067916][ T7624] ? __pte_offset_map+0x179/0x310 [ 2084.067942][ T7624] __handle_mm_fault+0x18c1/0x2b60 [ 2084.067967][ T7624] ? __pfx___handle_mm_fault+0x10/0x10 [ 2084.067994][ T7624] ? pte_offset_map_lock+0x174/0x320 [ 2084.068009][ T7624] ? find_held_lock+0x2b/0x80 [ 2084.068029][ T7624] ? follow_page_pte+0x5b3/0x1400 [ 2084.068050][ T7624] handle_mm_fault+0x36d/0xa20 [ 2084.068073][ T7624] __get_user_pages+0xf9c/0x34d0 [ 2084.068095][ T7624] ? down_read_killable+0x30e/0x4c0 [ 2084.068118][ T7624] ? __pfx___get_user_pages+0x10/0x10 [ 2084.068140][ T7624] __gup_longterm_locked+0x87d/0x16f0 [ 2084.068163][ T7624] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2084.068184][ T7624] ? find_held_lock+0x2b/0x80 [ 2084.068199][ T7624] ? gup_fast_fallback+0x7e5/0x2460 [ 2084.068220][ T7624] gup_fast_fallback+0x18c6/0x2460 [ 2084.068250][ T7624] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2084.068266][ T7624] ? finish_task_switch.isra.0+0x200/0xb80 [ 2084.068285][ T7624] ? finish_task_switch.isra.0+0x205/0xb80 [ 2084.068300][ T7624] ? lockdep_hardirqs_on+0x78/0x100 [ 2084.068317][ T7624] ? finish_task_switch.isra.0+0x205/0xb80 [ 2084.068336][ T7624] get_user_pages_fast+0xa7/0xf0 [ 2084.068353][ T7624] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2084.068370][ T7624] ? __lock_acquire+0x4a5/0x2630 [ 2084.068392][ T7624] get_futex_key+0x2c8/0x1620 [ 2084.068412][ T7624] ? __pfx_get_futex_key+0x10/0x10 [ 2084.068431][ T7624] ? find_held_lock+0x2b/0x80 [ 2084.068444][ T7624] ? futex_unqueue+0x133/0x2c0 [ 2084.068461][ T7624] ? futex_unqueue+0x133/0x2c0 [ 2084.068481][ T7624] futex_wait_requeue_pi+0x1f5/0x870 [ 2084.068505][ T7624] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2084.068529][ T7624] ? __pfx___futex_wait+0x10/0x10 [ 2084.068569][ T7624] ? __pfx_futex_wake_mark+0x10/0x10 [ 2084.068595][ T7624] ? ksys_write+0x190/0x250 [ 2084.068617][ T7624] ? ksys_write+0x190/0x250 [ 2084.068643][ T7624] do_futex+0x24f/0x350 [ 2084.068662][ T7624] ? __pfx_do_futex+0x10/0x10 [ 2084.068693][ T7624] __x64_sys_futex+0x34f/0x4d0 [ 2084.068716][ T7624] ? __pfx___x64_sys_futex+0x10/0x10 [ 2084.068744][ T7624] do_syscall_64+0x106/0xf80 [ 2084.068762][ T7624] ? clear_bhb_loop+0x40/0x90 [ 2084.068781][ T7624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2084.068797][ T7624] RIP: 0033:0x7fbf0799c799 [ 2084.068811][ T7624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2084.068826][ T7624] RSP: 002b:00007fbf088dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2084.068843][ T7624] RAX: ffffffffffffffda RBX: 00007fbf07c16090 RCX: 00007fbf0799c799 [ 2084.068854][ T7624] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2084.068864][ T7624] RBP: 00007fbf07a32bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2084.068874][ T7624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2084.068883][ T7624] R13: 00007fbf07c16128 R14: 00007fbf07c16090 R15: 00007ffdc1edbd48 [ 2084.068905][ T7624] [ 2084.686602][ T7683] FAULT_INJECTION: forcing a failure. [ 2084.686602][ T7683] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2084.699905][ T7683] CPU: 0 UID: 0 PID: 7683 Comm: syz.4.7180 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2084.699942][ T7683] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2084.699951][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2084.699962][ T7683] Call Trace: [ 2084.699969][ T7683] [ 2084.699976][ T7683] dump_stack_lvl+0x100/0x190 [ 2084.700004][ T7683] should_fail_ex.cold+0x5/0xa [ 2084.700020][ T7683] ? prepare_alloc_pages+0x16d/0x5f0 [ 2084.700040][ T7683] should_fail_alloc_page+0xeb/0x140 [ 2084.700058][ T7683] prepare_alloc_pages+0x1f0/0x5f0 [ 2084.700076][ T7683] ? workingset_test_recent+0x42d/0xe90 [ 2084.700102][ T7683] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2084.700125][ T7683] ? workingset_test_recent+0x143/0xe90 [ 2084.700152][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700171][ T7683] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2084.700195][ T7683] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2084.700219][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700239][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700263][ T7683] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2084.700289][ T7683] ? policy_nodemask+0xed/0x4f0 [ 2084.700306][ T7683] alloc_pages_mpol+0x1fb/0x550 [ 2084.700323][ T7683] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2084.700338][ T7683] ? swap_entry_swapped+0x1ff/0x2b0 [ 2084.700353][ T7683] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2084.700371][ T7683] folio_alloc_mpol_noprof+0x36/0x340 [ 2084.700390][ T7683] swap_cache_alloc_folio+0x1a8/0x300 [ 2084.700412][ T7683] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2084.700435][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700455][ T7683] swap_cluster_readahead+0x411/0x770 [ 2084.700481][ T7683] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2084.700502][ T7683] ? __pfx_find_held_lock+0x10/0x10 [ 2084.700517][ T7683] ? is_bpf_text_address+0x8a/0x1a0 [ 2084.700539][ T7683] ? bpf_ksym_find+0x124/0x1c0 [ 2084.700559][ T7683] ? kernel_text_address+0x8d/0x100 [ 2084.700582][ T7683] ? get_vma_policy+0x23f/0x3b0 [ 2084.700600][ T7683] swapin_readahead+0x160/0x12c0 [ 2084.700627][ T7683] ? __pfx_swapin_readahead+0x10/0x10 [ 2084.700646][ T7683] ? find_held_lock+0x2b/0x80 [ 2084.700659][ T7683] ? swap_table_get+0x103/0x2c0 [ 2084.700677][ T7683] ? swap_table_get+0x103/0x2c0 [ 2084.700699][ T7683] ? swap_table_get+0x10d/0x2c0 [ 2084.700718][ T7683] ? swap_cache_get_folio+0x1ae/0x600 [ 2084.700738][ T7683] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2084.700757][ T7683] ? __pfx_get_swap_device+0x10/0x10 [ 2084.700792][ T7683] ? do_swap_page+0xb2e/0x68e0 [ 2084.700812][ T7683] do_swap_page+0xb2e/0x68e0 [ 2084.700834][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700859][ T7683] ? __pfx_do_swap_page+0x10/0x10 [ 2084.700881][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.700901][ T7683] ? rcu_is_watching+0x12/0xc0 [ 2084.700923][ T7683] ? __pte_offset_map+0x179/0x310 [ 2084.700949][ T7683] __handle_mm_fault+0x18c1/0x2b60 [ 2084.700974][ T7683] ? __pfx___handle_mm_fault+0x10/0x10 [ 2084.700995][ T7683] ? pte_offset_map_lock+0x174/0x320 [ 2084.701010][ T7683] ? find_held_lock+0x2b/0x80 [ 2084.701030][ T7683] ? follow_page_pte+0x5b3/0x1400 [ 2084.701051][ T7683] handle_mm_fault+0x36d/0xa20 [ 2084.701074][ T7683] __get_user_pages+0xf9c/0x34d0 [ 2084.701096][ T7683] ? down_read_killable+0x30e/0x4c0 [ 2084.701118][ T7683] ? __pfx___get_user_pages+0x10/0x10 [ 2084.701140][ T7683] __gup_longterm_locked+0x87d/0x16f0 [ 2084.701163][ T7683] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2084.701184][ T7683] ? find_held_lock+0x2b/0x80 [ 2084.701198][ T7683] ? gup_fast_fallback+0x7e5/0x2460 [ 2084.701220][ T7683] gup_fast_fallback+0x18c6/0x2460 [ 2084.701255][ T7683] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2084.701271][ T7683] ? finish_task_switch.isra.0+0x200/0xb80 [ 2084.701290][ T7683] ? finish_task_switch.isra.0+0x205/0xb80 [ 2084.701305][ T7683] ? lockdep_hardirqs_on+0x78/0x100 [ 2084.701323][ T7683] ? finish_task_switch.isra.0+0x205/0xb80 [ 2084.701342][ T7683] get_user_pages_fast+0xa7/0xf0 [ 2084.701359][ T7683] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2084.701377][ T7683] ? __lock_acquire+0x4a5/0x2630 [ 2084.701398][ T7683] get_futex_key+0x2c8/0x1620 [ 2084.701419][ T7683] ? __pfx_get_futex_key+0x10/0x10 [ 2084.701437][ T7683] ? find_held_lock+0x2b/0x80 [ 2084.701450][ T7683] ? futex_unqueue+0x133/0x2c0 [ 2084.701467][ T7683] ? futex_unqueue+0x133/0x2c0 [ 2084.701487][ T7683] futex_wait_requeue_pi+0x1f5/0x870 [ 2084.701511][ T7683] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2084.701535][ T7683] ? __pfx___futex_wait+0x10/0x10 [ 2084.701555][ T7683] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 2084.701571][ T7683] ? lockdep_hardirqs_on+0x78/0x100 [ 2084.701621][ T7683] ? __pfx_futex_wake_mark+0x10/0x10 [ 2084.701650][ T7683] ? ksys_write+0x190/0x250 [ 2084.701673][ T7683] ? ksys_write+0x190/0x250 [ 2084.701700][ T7683] do_futex+0x24f/0x350 [ 2084.701720][ T7683] ? __pfx_do_futex+0x10/0x10 [ 2084.701744][ T7683] __x64_sys_futex+0x34f/0x4d0 [ 2084.701771][ T7683] ? __pfx___x64_sys_futex+0x10/0x10 [ 2084.701799][ T7683] do_syscall_64+0x106/0xf80 [ 2084.701817][ T7683] ? clear_bhb_loop+0x40/0x90 [ 2084.701836][ T7683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2084.701852][ T7683] RIP: 0033:0x7efd26f9c799 [ 2084.701867][ T7683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2084.701882][ T7683] RSP: 002b:00007efd27e24028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2084.701898][ T7683] RAX: ffffffffffffffda RBX: 00007efd27216180 RCX: 00007efd26f9c799 [ 2084.701909][ T7683] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2084.701918][ T7683] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2084.701929][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2084.701939][ T7683] R13: 00007efd27216218 R14: 00007efd27216180 R15: 00007ffe35532628 [ 2084.701959][ T7683] [ 2089.764791][ T7853] FAULT_INJECTION: forcing a failure. [ 2089.764791][ T7853] name fail_futex, interval 1, probability 0, space 0, times 0 [ 2089.997976][ T7853] CPU: 0 UID: 0 PID: 7853 Comm: syz.3.7191 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2089.998016][ T7853] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2089.998026][ T7853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2089.998036][ T7853] Call Trace: [ 2089.998042][ T7853] [ 2089.998048][ T7853] dump_stack_lvl+0x100/0x190 [ 2089.998079][ T7853] should_fail_ex.cold+0x5/0xa [ 2089.998099][ T7853] get_futex_key+0x1d2/0x1620 [ 2089.998120][ T7853] ? __pfx_get_futex_key+0x10/0x10 [ 2089.998145][ T7853] futex_wake+0xea/0x530 [ 2089.998169][ T7853] ? __pfx_futex_wake+0x10/0x10 [ 2089.998193][ T7853] ? putname+0xb1/0x110 [ 2089.998207][ T7853] ? kmem_cache_free+0x124/0x6a0 [ 2089.998230][ T7853] do_futex+0x32b/0x350 [ 2089.998250][ T7853] ? __pfx_do_futex+0x10/0x10 [ 2089.998276][ T7853] ? __pfx_do_sys_openat2+0x10/0x10 [ 2089.998302][ T7853] __x64_sys_futex+0x34f/0x4d0 [ 2089.998323][ T7853] ? __x64_sys_openat+0x12d/0x210 [ 2089.998343][ T7853] ? __pfx___x64_sys_futex+0x10/0x10 [ 2089.998371][ T7853] do_syscall_64+0x106/0xf80 [ 2089.998388][ T7853] ? clear_bhb_loop+0x40/0x90 [ 2089.998407][ T7853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2089.998423][ T7853] RIP: 0033:0x7f179199c799 [ 2089.998436][ T7853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2089.998451][ T7853] RSP: 002b:00007f17927b60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2089.998466][ T7853] RAX: ffffffffffffffda RBX: 00007f1791c16098 RCX: 00007f179199c799 [ 2089.998476][ T7853] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1791c1609c [ 2089.998486][ T7853] RBP: 00007f1791c16090 R08: 0000000000000000 R09: 0000000000000000 [ 2089.998495][ T7853] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000000 [ 2089.998504][ T7853] R13: 00007f1791c16128 R14: 00007ffc4ffea970 R15: 00007ffc4ffeaa58 [ 2089.998525][ T7853] [ 2090.275802][ T7847] bond0: invalid ARP target specified [ 2093.262327][ T8055] netlink: 122 bytes leftover after parsing attributes in process `syz.0.7198'. [ 2094.762283][ T8161] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 2094.769240][ T8161] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 2094.961989][ T8161] FAULT_INJECTION: forcing a failure. [ 2094.961989][ T8161] name failslab, interval 1, probability 0, space 0, times 0 [ 2094.991167][ T8167] netlink: 326 bytes leftover after parsing attributes in process `syz.4.7208'. [ 2095.063101][ T8161] CPU: 0 UID: 0 PID: 8161 Comm: syz.3.7206 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2095.063138][ T8161] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2095.063147][ T8161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2095.063157][ T8161] Call Trace: [ 2095.063164][ T8161] [ 2095.063170][ T8161] dump_stack_lvl+0x100/0x190 [ 2095.063199][ T8161] should_fail_ex.cold+0x5/0xa [ 2095.063218][ T8161] should_failslab+0xc2/0x120 [ 2095.063236][ T8161] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2095.063258][ T8161] ? security_inode_alloc+0x3b/0x2c0 [ 2095.063281][ T8161] ? lockdep_init_map_type+0x5c/0x250 [ 2095.063304][ T8161] security_inode_alloc+0x3b/0x2c0 [ 2095.063326][ T8161] inode_init_always_gfp+0xced/0x1040 [ 2095.063354][ T8161] alloc_inode+0x8e/0x250 [ 2095.063373][ T8161] new_inode+0x22/0x1c0 [ 2095.063390][ T8161] ? trace_kmem_cache_alloc+0xf3/0x120 [ 2095.063408][ T8161] shmem_get_inode+0x212/0x1040 [ 2095.063429][ T8161] ? __pfx_shmem_get_inode+0x10/0x10 [ 2095.063458][ T8161] ? rcu_is_watching+0x12/0xc0 [ 2095.063480][ T8161] ? percpu_counter_add_batch+0xb9/0x230 [ 2095.063510][ T8161] __shmem_file_setup+0x3ac/0x490 [ 2095.063530][ T8161] ? __pfx___shmem_file_setup+0x10/0x10 [ 2095.063553][ T8161] ? vm_area_alloc+0x1f/0x160 [ 2095.063575][ T8161] shmem_zero_setup+0x96/0x1b0 [ 2095.063598][ T8161] __mmap_region+0x2198/0x29e0 [ 2095.063620][ T8161] ? rcu_is_watching+0x12/0xc0 [ 2095.063642][ T8161] ? __pfx___mmap_region+0x10/0x10 [ 2095.063704][ T8161] ? lockdep_hardirqs_on+0x78/0x100 [ 2095.063724][ T8161] ? finish_task_switch.isra.0+0x205/0xb80 [ 2095.063742][ T8161] ? rcu_is_watching+0x12/0xc0 [ 2095.063788][ T8161] ? rcu_is_watching+0x12/0xc0 [ 2095.063811][ T8161] ? cap_capable+0x107/0x460 [ 2095.063835][ T8161] mmap_region+0x180/0x3e0 [ 2095.063860][ T8161] do_mmap+0xc63/0x12f0 [ 2095.063880][ T8161] ? __pfx_do_mmap+0x10/0x10 [ 2095.063896][ T8161] ? __pfx_down_write_killable+0x10/0x10 [ 2095.063921][ T8161] vm_mmap_pgoff+0x29e/0x470 [ 2095.063941][ T8161] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2095.063959][ T8161] ? do_futex+0x192/0x350 [ 2095.063978][ T8161] ? __pfx_do_futex+0x10/0x10 [ 2095.063996][ T8161] ? fdget+0x18b/0x210 [ 2095.064012][ T8161] ksys_mmap_pgoff+0xe1/0x650 [ 2095.064027][ T8161] ? __x64_sys_futex+0x34f/0x4d0 [ 2095.064045][ T8161] ? __x64_sys_futex+0x358/0x4d0 [ 2095.064064][ T8161] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 2095.064080][ T8161] ? xfd_validate_state+0x129/0x190 [ 2095.064105][ T8161] __x64_sys_mmap+0x125/0x190 [ 2095.064129][ T8161] do_syscall_64+0x106/0xf80 [ 2095.064146][ T8161] ? clear_bhb_loop+0x40/0x90 [ 2095.064165][ T8161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2095.064180][ T8161] RIP: 0033:0x7f179199c799 [ 2095.064195][ T8161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2095.064211][ T8161] RSP: 002b:00007f17927d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2095.064226][ T8161] RAX: ffffffffffffffda RBX: 00007f1791c15fa0 RCX: 00007f179199c799 [ 2095.064237][ T8161] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 2095.064247][ T8161] RBP: 00007f1791a32bd9 R08: 0000000000000401 R09: 0000000000008000 [ 2095.064257][ T8161] R10: 0040000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 2095.064267][ T8161] R13: 00007f1791c16038 R14: 00007f1791c15fa0 R15: 00007ffc4ffeaa58 [ 2095.064288][ T8161] [ 2095.479517][ T8169] netlink: 122 bytes leftover after parsing attributes in process `syz.1.7207'. [ 2095.696038][ T8196] perf: Dynamic interrupt throttling disabled, can hang your system! [ 2095.759263][ T8198] FAULT_INJECTION: forcing a failure. [ 2095.759263][ T8198] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.774734][ T8198] CPU: 0 UID: 0 PID: 8198 Comm: syz.1.7211 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2095.774772][ T8198] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2095.774780][ T8198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2095.774790][ T8198] Call Trace: [ 2095.774796][ T8198] [ 2095.774803][ T8198] dump_stack_lvl+0x100/0x190 [ 2095.774831][ T8198] should_fail_ex.cold+0x5/0xa [ 2095.774851][ T8198] ? constrain_params_by_rules+0x175/0xcc0 [ 2095.774961][ T8198] should_failslab+0xc2/0x120 [ 2095.774979][ T8198] __kmalloc_noprof+0xe0/0x850 [ 2095.775000][ T8198] ? unwind_get_return_address+0x59/0xa0 [ 2095.775022][ T8198] constrain_params_by_rules+0x175/0xcc0 [ 2095.775043][ T8198] ? stack_trace_save+0x8e/0xc0 [ 2095.775061][ T8198] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 2095.775082][ T8198] ? __kasan_kmalloc+0xaa/0xb0 [ 2095.775103][ T8198] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 2095.775155][ T8198] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 2095.775178][ T8198] ? snd_pcm_oss_sync+0x265/0x840 [ 2095.775206][ T8198] ? rcu_is_watching+0x12/0xc0 [ 2095.775229][ T8198] ? snd_interval_refine+0x2d0/0x580 [ 2095.775250][ T8198] snd_pcm_hw_refine+0x7e7/0xad0 [ 2095.775270][ T8198] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 2095.775293][ T8198] ? __asan_memset+0x23/0x50 [ 2095.775312][ T8198] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 2095.775337][ T8198] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 2095.775369][ T8198] ? snd_pcm_oss_sync+0x243/0x840 [ 2095.775391][ T8198] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 2095.775418][ T8198] ? __pfx___mutex_lock+0x10/0x10 [ 2095.775448][ T8198] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 2095.775473][ T8198] snd_pcm_oss_sync+0x265/0x840 [ 2095.775500][ T8198] snd_pcm_oss_release+0x238/0x300 [ 2095.775523][ T8198] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 2095.775547][ T8198] __fput+0x3ff/0xb40 [ 2095.775577][ T8198] task_work_run+0x150/0x240 [ 2095.775601][ T8198] ? __pfx_task_work_run+0x10/0x10 [ 2095.775630][ T8198] exit_to_user_mode_loop+0x100/0x4a0 [ 2095.775652][ T8198] do_syscall_64+0x668/0xf80 [ 2095.775669][ T8198] ? clear_bhb_loop+0x40/0x90 [ 2095.775688][ T8198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2095.775704][ T8198] RIP: 0033:0x7f194219c799 [ 2095.775718][ T8198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2095.775733][ T8198] RSP: 002b:00007f19403f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 2095.775748][ T8198] RAX: 0000000000000000 RBX: 00007f1942415fa0 RCX: 00007f194219c799 [ 2095.775759][ T8198] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 2095.775769][ T8198] RBP: 00007f1942232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2095.775779][ T8198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2095.775789][ T8198] R13: 00007f1942416038 R14: 00007f1942415fa0 R15: 00007fffa8707138 [ 2095.775810][ T8198] [ 2096.145304][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 2096.152945][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 2097.370144][ T8231] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 2097.617292][ T8230] netlink: 122 bytes leftover after parsing attributes in process `syz.4.7215'. [ 2102.423398][ T8525] FAULT_INJECTION: forcing a failure. [ 2102.423398][ T8525] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2102.497276][ T8525] CPU: 0 UID: 0 PID: 8525 Comm: syz.4.7228 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2102.497314][ T8525] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2102.497323][ T8525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2102.497333][ T8525] Call Trace: [ 2102.497340][ T8525] [ 2102.497346][ T8525] dump_stack_lvl+0x100/0x190 [ 2102.497375][ T8525] should_fail_ex.cold+0x5/0xa [ 2102.497391][ T8525] ? prepare_alloc_pages+0x16d/0x5f0 [ 2102.497411][ T8525] should_fail_alloc_page+0xeb/0x140 [ 2102.497429][ T8525] prepare_alloc_pages+0x1f0/0x5f0 [ 2102.497446][ T8525] ? workingset_test_recent+0x42d/0xe90 [ 2102.497472][ T8525] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2102.497496][ T8525] ? workingset_test_recent+0x143/0xe90 [ 2102.497523][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.497542][ T8525] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 2102.497565][ T8525] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2102.497589][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.497609][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.497634][ T8525] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2102.497659][ T8525] ? policy_nodemask+0xed/0x4f0 [ 2102.497677][ T8525] alloc_pages_mpol+0x1fb/0x550 [ 2102.497693][ T8525] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2102.497709][ T8525] ? swap_entry_swapped+0x1ff/0x2b0 [ 2102.497723][ T8525] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2102.497741][ T8525] folio_alloc_mpol_noprof+0x36/0x340 [ 2102.497761][ T8525] swap_cache_alloc_folio+0x1a8/0x300 [ 2102.497783][ T8525] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2102.497806][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.497826][ T8525] swap_cluster_readahead+0x411/0x770 [ 2102.497852][ T8525] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2102.497873][ T8525] ? __pfx_find_held_lock+0x10/0x10 [ 2102.497888][ T8525] ? is_bpf_text_address+0x8a/0x1a0 [ 2102.497909][ T8525] ? bpf_ksym_find+0x124/0x1c0 [ 2102.497930][ T8525] ? kernel_text_address+0x8d/0x100 [ 2102.497953][ T8525] ? get_vma_policy+0x23f/0x3b0 [ 2102.497971][ T8525] swapin_readahead+0x160/0x12c0 [ 2102.498008][ T8525] ? __pfx_swapin_readahead+0x10/0x10 [ 2102.498028][ T8525] ? find_held_lock+0x2b/0x80 [ 2102.498042][ T8525] ? swap_table_get+0x103/0x2c0 [ 2102.498061][ T8525] ? swap_table_get+0x103/0x2c0 [ 2102.498082][ T8525] ? swap_table_get+0x10d/0x2c0 [ 2102.498101][ T8525] ? swap_cache_get_folio+0x1ae/0x600 [ 2102.498122][ T8525] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2102.498140][ T8525] ? __pfx_get_swap_device+0x10/0x10 [ 2102.498168][ T8525] ? do_swap_page+0xb2e/0x68e0 [ 2102.498186][ T8525] do_swap_page+0xb2e/0x68e0 [ 2102.498206][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.498232][ T8525] ? __pfx_do_swap_page+0x10/0x10 [ 2102.498252][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.498272][ T8525] ? rcu_is_watching+0x12/0xc0 [ 2102.498294][ T8525] ? __pte_offset_map+0x179/0x310 [ 2102.498320][ T8525] __handle_mm_fault+0x18c1/0x2b60 [ 2102.498345][ T8525] ? __pfx___handle_mm_fault+0x10/0x10 [ 2102.498365][ T8525] ? pte_offset_map_lock+0x174/0x320 [ 2102.498381][ T8525] ? find_held_lock+0x2b/0x80 [ 2102.498401][ T8525] ? follow_page_pte+0x5b3/0x1400 [ 2102.498421][ T8525] handle_mm_fault+0x36d/0xa20 [ 2102.498447][ T8525] __get_user_pages+0xf9c/0x34d0 [ 2102.498470][ T8525] ? down_read_killable+0x30e/0x4c0 [ 2102.498492][ T8525] ? __pfx___get_user_pages+0x10/0x10 [ 2102.498514][ T8525] __gup_longterm_locked+0x87d/0x16f0 [ 2102.498537][ T8525] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2102.498557][ T8525] ? find_held_lock+0x2b/0x80 [ 2102.498571][ T8525] ? gup_fast_fallback+0x7e5/0x2460 [ 2102.498593][ T8525] gup_fast_fallback+0x18c6/0x2460 [ 2102.498625][ T8525] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2102.498641][ T8525] ? finish_task_switch.isra.0+0x200/0xb80 [ 2102.498660][ T8525] ? finish_task_switch.isra.0+0x205/0xb80 [ 2102.498676][ T8525] ? lockdep_hardirqs_on+0x78/0x100 [ 2102.498694][ T8525] ? finish_task_switch.isra.0+0x205/0xb80 [ 2102.498713][ T8525] get_user_pages_fast+0xa7/0xf0 [ 2102.498730][ T8525] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2102.498748][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 2102.498769][ T8525] get_futex_key+0x2c8/0x1620 [ 2102.498789][ T8525] ? __pfx_get_futex_key+0x10/0x10 [ 2102.498808][ T8525] ? find_held_lock+0x2b/0x80 [ 2102.498822][ T8525] ? futex_unqueue+0x133/0x2c0 [ 2102.498839][ T8525] ? futex_unqueue+0x133/0x2c0 [ 2102.498858][ T8525] futex_wait_requeue_pi+0x1f5/0x870 [ 2102.498882][ T8525] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2102.498906][ T8525] ? __pfx___futex_wait+0x10/0x10 [ 2102.498945][ T8525] ? __pfx_futex_wake_mark+0x10/0x10 [ 2102.498972][ T8525] ? ksys_write+0x190/0x250 [ 2102.499001][ T8525] ? ksys_write+0x190/0x250 [ 2102.499028][ T8525] do_futex+0x24f/0x350 [ 2102.499047][ T8525] ? __pfx_do_futex+0x10/0x10 [ 2102.499073][ T8525] __x64_sys_futex+0x34f/0x4d0 [ 2102.499094][ T8525] ? __pfx___x64_sys_futex+0x10/0x10 [ 2102.499121][ T8525] do_syscall_64+0x106/0xf80 [ 2102.499138][ T8525] ? clear_bhb_loop+0x40/0x90 [ 2102.499157][ T8525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2102.499172][ T8525] RIP: 0033:0x7efd26f9c799 [ 2102.499187][ T8525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2102.499201][ T8525] RSP: 002b:00007efd27e45028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2102.499217][ T8525] RAX: ffffffffffffffda RBX: 00007efd27216090 RCX: 00007efd26f9c799 [ 2102.499228][ T8525] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2102.499238][ T8525] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2102.499248][ T8525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2102.499257][ T8525] R13: 00007efd27216128 R14: 00007efd27216090 R15: 00007ffe35532628 [ 2102.499279][ T8525] [ 2107.664463][T32543] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 2109.414677][ T8736] FAULT_INJECTION: forcing a failure. [ 2109.414677][ T8736] name failslab, interval 1, probability 0, space 0, times 0 [ 2109.427891][ T8721] FAULT_INJECTION: forcing a failure. [ 2109.427891][ T8721] name fail_futex, interval 1, probability 0, space 0, times 0 [ 2109.490853][ T8736] CPU: 0 UID: 0 PID: 8736 Comm: syz.0.7236 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2109.490890][ T8736] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2109.490899][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2109.490909][ T8736] Call Trace: [ 2109.490915][ T8736] [ 2109.490922][ T8736] dump_stack_lvl+0x100/0x190 [ 2109.490951][ T8736] should_fail_ex.cold+0x5/0xa [ 2109.490971][ T8736] should_failslab+0xc2/0x120 [ 2109.490988][ T8736] __kmalloc_cache_noprof+0x7a/0x6f0 [ 2109.491007][ T8736] ? single_open+0x4d/0x1d0 [ 2109.491026][ T8736] ? __pfx___debugfs_file_get+0x10/0x10 [ 2109.491044][ T8736] ? find_held_lock+0x2b/0x80 [ 2109.491059][ T8736] ? __pfx_edid_show+0x10/0x10 [ 2109.491081][ T8736] ? __pfx_edid_open+0x10/0x10 [ 2109.491101][ T8736] single_open+0x4d/0x1d0 [ 2109.491121][ T8736] full_proxy_open_regular+0x1b6/0x370 [ 2109.491143][ T8736] do_dentry_open+0x6d8/0x1660 [ 2109.491158][ T8736] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 2109.491183][ T8736] vfs_open+0x82/0x3f0 [ 2109.491203][ T8736] path_openat+0x208c/0x31a0 [ 2109.491225][ T8736] ? __pfx_path_openat+0x10/0x10 [ 2109.491253][ T8736] do_file_open+0x20e/0x430 [ 2109.491271][ T8736] ? __pfx_do_file_open+0x10/0x10 [ 2109.491301][ T8736] ? alloc_fd+0x476/0x790 [ 2109.491318][ T8736] ? do_getname+0x191/0x390 [ 2109.491339][ T8736] do_sys_openat2+0x10d/0x1e0 [ 2109.491359][ T8736] ? __pfx_do_sys_openat2+0x10/0x10 [ 2109.491379][ T8736] ? do_raw_spin_lock+0x128/0x260 [ 2109.491405][ T8736] __x64_sys_openat+0x12d/0x210 [ 2109.491425][ T8736] ? __pfx___x64_sys_openat+0x10/0x10 [ 2109.491452][ T8736] do_syscall_64+0x106/0xf80 [ 2109.491469][ T8736] ? clear_bhb_loop+0x40/0x90 [ 2109.491488][ T8736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2109.491504][ T8736] RIP: 0033:0x7fbf0799c799 [ 2109.491519][ T8736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2109.491534][ T8736] RSP: 002b:00007fbf088bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2109.491549][ T8736] RAX: ffffffffffffffda RBX: 00007fbf07c16180 RCX: 00007fbf0799c799 [ 2109.491559][ T8736] RDX: 0000000000002082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 2109.491569][ T8736] RBP: 00007fbf07a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2109.491578][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2109.491587][ T8736] R13: 00007fbf07c16218 R14: 00007fbf07c16180 R15: 00007ffdc1edbd48 [ 2109.491607][ T8736] [ 2109.760925][ T8721] CPU: 0 UID: 0 PID: 8721 Comm: syz.4.7237 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2109.760962][ T8721] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2109.760971][ T8721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2109.760981][ T8721] Call Trace: [ 2109.760988][ T8721] [ 2109.760995][ T8721] dump_stack_lvl+0x100/0x190 [ 2109.761024][ T8721] should_fail_ex.cold+0x5/0xa [ 2109.761044][ T8721] get_futex_key+0x106f/0x1620 [ 2109.761065][ T8721] ? __pfx_get_futex_key+0x10/0x10 [ 2109.761084][ T8721] ? find_held_lock+0x2b/0x80 [ 2109.761099][ T8721] ? futex_unqueue+0x133/0x2c0 [ 2109.761116][ T8721] ? futex_unqueue+0x133/0x2c0 [ 2109.761136][ T8721] futex_wait_requeue_pi+0x1f5/0x870 [ 2109.761161][ T8721] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2109.761185][ T8721] ? __pfx___futex_wait+0x10/0x10 [ 2109.761223][ T8721] ? __pfx_futex_wake_mark+0x10/0x10 [ 2109.761256][ T8721] ? ksys_write+0x190/0x250 [ 2109.761278][ T8721] ? ksys_write+0x190/0x250 [ 2109.761311][ T8721] do_futex+0x24f/0x350 [ 2109.761331][ T8721] ? __pfx_do_futex+0x10/0x10 [ 2109.761355][ T8721] __x64_sys_futex+0x34f/0x4d0 [ 2109.761378][ T8721] ? __pfx___x64_sys_futex+0x10/0x10 [ 2109.761405][ T8721] do_syscall_64+0x106/0xf80 [ 2109.761422][ T8721] ? clear_bhb_loop+0x40/0x90 [ 2109.761441][ T8721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2109.761457][ T8721] RIP: 0033:0x7efd26f9c799 [ 2109.761470][ T8721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2109.761486][ T8721] RSP: 002b:00007efd27e45028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2109.761501][ T8721] RAX: ffffffffffffffda RBX: 00007efd27216090 RCX: 00007efd26f9c799 [ 2109.761512][ T8721] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2109.761522][ T8721] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2109.761531][ T8721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2109.761540][ T8721] R13: 00007efd27216128 R14: 00007efd27216090 R15: 00007ffe35532628 [ 2109.761561][ T8721] [ 2110.919345][ T8873] netlink: 122 bytes leftover after parsing attributes in process `syz.1.7240'. [ 2111.043364][ T8880] netlink: 122 bytes leftover after parsing attributes in process `syz.0.7242'. [ 2113.251834][ T8950] FAULT_INJECTION: forcing a failure. [ 2113.251834][ T8950] name failslab, interval 1, probability 0, space 0, times 0 [ 2113.378874][ T8950] CPU: 0 UID: 0 PID: 8950 Comm: syz.1.7245 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2113.378917][ T8950] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2113.378927][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2113.378937][ T8950] Call Trace: [ 2113.378943][ T8950] [ 2113.378949][ T8950] dump_stack_lvl+0x100/0x190 [ 2113.378977][ T8950] should_fail_ex.cold+0x5/0xa [ 2113.378996][ T8950] should_failslab+0xc2/0x120 [ 2113.379013][ T8950] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2113.379034][ T8950] ? security_inode_alloc+0x3b/0x2c0 [ 2113.379057][ T8950] ? lockdep_init_map_type+0x5c/0x250 [ 2113.379080][ T8950] security_inode_alloc+0x3b/0x2c0 [ 2113.379102][ T8950] inode_init_always_gfp+0xced/0x1040 [ 2113.379130][ T8950] alloc_inode+0x8e/0x250 [ 2113.379149][ T8950] new_inode+0x22/0x1c0 [ 2113.379169][ T8950] hugetlbfs_get_inode+0x313/0x750 [ 2113.379217][ T8950] hugetlb_file_setup+0x3cc/0x5b0 [ 2113.379235][ T8950] newseg+0xabb/0xed0 [ 2113.379256][ T8950] ? __pfx_newseg+0x10/0x10 [ 2113.379271][ T8950] ? down_write+0x146/0x1f0 [ 2113.379293][ T8950] ? ksys_write+0x190/0x250 [ 2113.379315][ T8950] ? ksys_write+0x190/0x250 [ 2113.379340][ T8950] ipcget+0xee/0xf50 [ 2113.379356][ T8950] ? do_futex+0x192/0x350 [ 2113.379376][ T8950] ? __pfx_do_futex+0x10/0x10 [ 2113.379398][ T8950] ? __pfx_ipcget+0x10/0x10 [ 2113.379414][ T8950] ? __x64_sys_futex+0x34f/0x4d0 [ 2113.379432][ T8950] ? __x64_sys_futex+0x358/0x4d0 [ 2113.379454][ T8950] __x64_sys_shmget+0x13b/0x1b0 [ 2113.379471][ T8950] ? __pfx___x64_sys_shmget+0x10/0x10 [ 2113.379492][ T8950] do_syscall_64+0x106/0xf80 [ 2113.379509][ T8950] ? clear_bhb_loop+0x40/0x90 [ 2113.379528][ T8950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2113.379544][ T8950] RIP: 0033:0x7f194219c799 [ 2113.379558][ T8950] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2113.379573][ T8950] RSP: 002b:00007f19403f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 2113.379589][ T8950] RAX: ffffffffffffffda RBX: 00007f1942415fa0 RCX: 00007f194219c799 [ 2113.379599][ T8950] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 2113.379608][ T8950] RBP: 00007f1942232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2113.379617][ T8950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2113.379627][ T8950] R13: 00007f1942416038 R14: 00007f1942415fa0 R15: 00007fffa8707138 [ 2113.379647][ T8950] [ 2114.320718][ T9071] misc userio: Invalid payload size [ 2114.351961][ T9071] ubi31: attaching mtd0 [ 2114.599895][ T9071] ubi31: scanning is finished [ 2114.604619][ T9071] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 2115.565407][ T9071] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2116.268470][ T9128] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7255'. [ 2116.293537][ T9132] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7257'. [ 2116.369721][ T9138] netlink: 122 bytes leftover after parsing attributes in process `syz.0.7256'. [ 2116.422065][ T30] audit: type=1800 audit(4294967298.397:84): pid=9139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.7255" name="dbroot" dev="configfs" ino=784787 res=0 errno=0 [ 2117.668152][ T9204] netlink: 122 bytes leftover after parsing attributes in process `syz.3.7259'. [ 2119.096718][ T30] audit: type=1800 audit(4294967301.081:85): pid=9255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.7263" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 2120.227898][ T9291] FAULT_INJECTION: forcing a failure. [ 2120.227898][ T9291] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2120.331050][ T9291] CPU: 0 UID: 0 PID: 9291 Comm: syz.3.7269 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2120.331088][ T9291] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2120.331097][ T9291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2120.331107][ T9291] Call Trace: [ 2120.331113][ T9291] [ 2120.331120][ T9291] dump_stack_lvl+0x100/0x190 [ 2120.331148][ T9291] should_fail_ex.cold+0x5/0xa [ 2120.331165][ T9291] ? prepare_alloc_pages+0x16d/0x5f0 [ 2120.331184][ T9291] should_fail_alloc_page+0xeb/0x140 [ 2120.331201][ T9291] prepare_alloc_pages+0x1f0/0x5f0 [ 2120.331221][ T9291] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2120.331254][ T9291] ? get_page_from_freelist+0x111d/0x3140 [ 2120.331280][ T9291] ? __pfx___might_resched+0x10/0x10 [ 2120.331311][ T9291] ? prepare_alloc_pages+0x16d/0x5f0 [ 2120.331328][ T9291] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2120.331353][ T9291] ? rcu_is_watching+0x12/0xc0 [ 2120.331376][ T9291] ? trace_mm_page_alloc+0x17a/0x1d0 [ 2120.331395][ T9291] ? is_bpf_text_address+0x8a/0x1a0 [ 2120.331417][ T9291] ? is_bpf_text_address+0x8a/0x1a0 [ 2120.331439][ T9291] ? bpf_ksym_find+0x124/0x1c0 [ 2120.331456][ T9291] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2120.331473][ T9291] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2120.331498][ T9291] ? policy_nodemask+0xed/0x4f0 [ 2120.331514][ T9291] alloc_pages_mpol+0x1fb/0x550 [ 2120.331531][ T9291] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2120.331551][ T9291] alloc_pages_noprof+0x131/0x390 [ 2120.331568][ T9291] kimage_alloc_pages+0x72/0x380 [ 2120.331594][ T9291] kimage_alloc_control_pages+0x157/0xa20 [ 2120.331609][ T9291] ? weighted_interleave_nid+0x5a0/0x5a0 [ 2120.331628][ T9291] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2120.331643][ T9291] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2120.331663][ T9291] alloc_pgt_page+0x17/0xb0 [ 2120.331682][ T9291] machine_kexec_prepare+0x1a7/0x14d0 [ 2120.331707][ T9291] ? __pfx_machine_kexec_prepare+0x10/0x10 [ 2120.331728][ T9291] ? __pfx_alloc_pgt_page+0x10/0x10 [ 2120.331748][ T9291] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2120.331770][ T9291] do_kexec_load+0x32c/0x810 [ 2120.331788][ T9291] ? __pfx_do_kexec_load+0x10/0x10 [ 2120.331805][ T9291] ? _copy_from_user+0x59/0xd0 [ 2120.331831][ T9291] __x64_sys_kexec_load+0x1bf/0x230 [ 2120.331850][ T9291] do_syscall_64+0x106/0xf80 [ 2120.331868][ T9291] ? clear_bhb_loop+0x40/0x90 [ 2120.331887][ T9291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2120.331904][ T9291] RIP: 0033:0x7f179199c799 [ 2120.331918][ T9291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2120.331934][ T9291] RSP: 002b:00007f17927d7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 2120.331950][ T9291] RAX: ffffffffffffffda RBX: 00007f1791c15fa0 RCX: 00007f179199c799 [ 2120.331960][ T9291] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 2120.331971][ T9291] RBP: 00007f1791a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2120.331980][ T9291] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 2120.331989][ T9291] R13: 00007f1791c16038 R14: 00007f1791c15fa0 R15: 00007ffc4ffeaa58 [ 2120.332010][ T9291] [ 2121.003546][ T9295] FAULT_INJECTION: forcing a failure. [ 2121.003546][ T9295] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2121.016969][ T9295] CPU: 0 UID: 0 PID: 9295 Comm: syz.3.7272 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2121.017005][ T9295] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2121.017014][ T9295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2121.017024][ T9295] Call Trace: [ 2121.017031][ T9295] [ 2121.017038][ T9295] dump_stack_lvl+0x100/0x190 [ 2121.017068][ T9295] should_fail_ex.cold+0x5/0xa [ 2121.017084][ T9295] ? prepare_alloc_pages+0x16d/0x5f0 [ 2121.017103][ T9295] should_fail_alloc_page+0xeb/0x140 [ 2121.017120][ T9295] prepare_alloc_pages+0x1f0/0x5f0 [ 2121.017140][ T9295] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2121.017169][ T9295] ? stack_trace_save+0x8e/0xc0 [ 2121.017185][ T9295] ? __pfx_stack_trace_save+0x10/0x10 [ 2121.017201][ T9295] ? stack_depot_save_flags+0x27/0x9d0 [ 2121.017220][ T9295] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2121.017242][ T9295] ? kasan_save_stack+0x3f/0x50 [ 2121.017270][ T9295] ? kasan_save_track+0x14/0x30 [ 2121.017293][ T9295] ? alloc_ldt_struct+0x5d/0x1b0 [ 2121.017317][ T9295] ? write_ldt+0x62b/0xd40 [ 2121.017330][ T9295] ? __x64_sys_modify_ldt+0xb1/0x170 [ 2121.017345][ T9295] ? do_syscall_64+0x106/0xf80 [ 2121.017362][ T9295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2121.017388][ T9295] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2121.017413][ T9295] ? policy_nodemask+0xed/0x4f0 [ 2121.017432][ T9295] alloc_pages_mpol+0x1fb/0x550 [ 2121.017449][ T9295] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2121.017470][ T9295] alloc_pages_noprof+0x131/0x390 [ 2121.017487][ T9295] get_zeroed_page_noprof+0x18/0xb0 [ 2121.017503][ T9295] alloc_ldt_struct+0x9f/0x1b0 [ 2121.017527][ T9295] write_ldt+0x62b/0xd40 [ 2121.017545][ T9295] ? __pfx_write_ldt+0x10/0x10 [ 2121.017561][ T9295] ? xfd_validate_state+0x129/0x190 [ 2121.017588][ T9295] __x64_sys_modify_ldt+0xb1/0x170 [ 2121.017604][ T9295] do_syscall_64+0x106/0xf80 [ 2121.017621][ T9295] ? clear_bhb_loop+0x40/0x90 [ 2121.017640][ T9295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2121.017655][ T9295] RIP: 0033:0x7f179199c799 [ 2121.017670][ T9295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2121.017685][ T9295] RSP: 002b:00007f17927d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 2121.017700][ T9295] RAX: ffffffffffffffda RBX: 00007f1791c15fa0 RCX: 00007f179199c799 [ 2121.017711][ T9295] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 2121.017720][ T9295] RBP: 00007f1791a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2121.017731][ T9295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2121.017740][ T9295] R13: 00007f1791c16038 R14: 00007f1791c15fa0 R15: 00007ffc4ffeaa58 [ 2121.017761][ T9295] [ 2121.378638][ T9300] netlink: 122 bytes leftover after parsing attributes in process `syz.0.7270'. [ 2121.433140][ T9299] can: request_module (can-proto-0) failed. [ 2122.246632][ T9344] mkiss: ax0: crc mode is auto. [ 2122.766427][ T9382] netlink: 122 bytes leftover after parsing attributes in process `syz.3.7275'. [ 2123.504730][T32543] Bluetooth: hci3: command 0x0406 tx timeout [ 2123.580067][ T9436] netlink: 122 bytes leftover after parsing attributes in process `syz.1.7279'. [ 2124.465199][ T9395] kexec: Could not allocate control_code_buffer [ 2127.116012][ T9599] FAULT_INJECTION: forcing a failure. [ 2127.116012][ T9599] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2127.221149][ T9599] CPU: 0 UID: 0 PID: 9599 Comm: syz.1.7286 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2127.221187][ T9599] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2127.221196][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2127.221206][ T9599] Call Trace: [ 2127.221212][ T9599] [ 2127.221219][ T9599] dump_stack_lvl+0x100/0x190 [ 2127.221257][ T9599] should_fail_ex.cold+0x5/0xa [ 2127.221274][ T9599] ? prepare_alloc_pages+0x16d/0x5f0 [ 2127.221293][ T9599] should_fail_alloc_page+0xeb/0x140 [ 2127.221312][ T9599] prepare_alloc_pages+0x1f0/0x5f0 [ 2127.221332][ T9599] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2127.221358][ T9599] ? get_page_from_freelist+0x111d/0x3140 [ 2127.221384][ T9599] ? __pfx___might_resched+0x10/0x10 [ 2127.221405][ T9599] ? prepare_alloc_pages+0x16d/0x5f0 [ 2127.221422][ T9599] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2127.221446][ T9599] ? rcu_is_watching+0x12/0xc0 [ 2127.221468][ T9599] ? trace_mm_page_alloc+0x17a/0x1d0 [ 2127.221486][ T9599] ? is_bpf_text_address+0x8a/0x1a0 [ 2127.221508][ T9599] ? is_bpf_text_address+0x8a/0x1a0 [ 2127.221529][ T9599] ? bpf_ksym_find+0x124/0x1c0 [ 2127.221546][ T9599] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2127.221563][ T9599] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2127.221588][ T9599] ? policy_nodemask+0xed/0x4f0 [ 2127.221605][ T9599] alloc_pages_mpol+0x1fb/0x550 [ 2127.221621][ T9599] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2127.221642][ T9599] alloc_pages_noprof+0x131/0x390 [ 2127.221658][ T9599] kimage_alloc_pages+0x72/0x380 [ 2127.221684][ T9599] kimage_alloc_control_pages+0x157/0xa20 [ 2127.221699][ T9599] ? weighted_interleave_nid+0x5a0/0x5a0 [ 2127.221719][ T9599] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2127.221734][ T9599] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2127.221756][ T9599] alloc_pgt_page+0x17/0xb0 [ 2127.221775][ T9599] machine_kexec_prepare+0x1a7/0x14d0 [ 2127.221800][ T9599] ? __pfx_machine_kexec_prepare+0x10/0x10 [ 2127.221822][ T9599] ? __pfx_alloc_pgt_page+0x10/0x10 [ 2127.221842][ T9599] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 2127.221864][ T9599] do_kexec_load+0x32c/0x810 [ 2127.221882][ T9599] ? __pfx_do_kexec_load+0x10/0x10 [ 2127.221904][ T9599] ? _copy_from_user+0x59/0xd0 [ 2127.221933][ T9599] __x64_sys_kexec_load+0x1bf/0x230 [ 2127.221952][ T9599] do_syscall_64+0x106/0xf80 [ 2127.221970][ T9599] ? clear_bhb_loop+0x40/0x90 [ 2127.221988][ T9599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2127.222005][ T9599] RIP: 0033:0x7f194219c799 [ 2127.222019][ T9599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2127.222034][ T9599] RSP: 002b:00007f19403f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 2127.222050][ T9599] RAX: ffffffffffffffda RBX: 00007f1942415fa0 RCX: 00007f194219c799 [ 2127.222061][ T9599] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 2127.222070][ T9599] RBP: 00007f1942232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2127.222080][ T9599] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 2127.222089][ T9599] R13: 00007f1942416038 R14: 00007f1942415fa0 R15: 00007fffa8707138 [ 2127.222110][ T9599] [ 2128.397068][ T30] audit: type=1800 audit(4294967310.379:86): pid=9646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7287" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 2129.704114][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7293'. [ 2132.415819][T32543] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 2132.685412][ T8556] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2132.699565][ T8556] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2132.708305][ T8556] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2132.716145][ T8556] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2132.723675][ T8556] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2134.272790][ T9825] chnl_net:caif_netlink_parms(): no params data found [ 2134.725354][ T9994] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 2134.803324][ T8556] Bluetooth: hci5: command tx timeout [ 2134.911000][ T6410] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2134.981698][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state [ 2135.010526][ T9825] bridge0: port 1(bridge_slave_0) entered disabled state [ 2135.034478][ T9825] bridge_slave_0: entered allmulticast mode [ 2135.051711][ T9825] bridge_slave_0: entered promiscuous mode [ 2135.075790][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state [ 2135.105313][ T9825] bridge0: port 2(bridge_slave_1) entered disabled state [ 2135.127122][ T9825] bridge_slave_1: entered allmulticast mode [ 2135.152741][ T9825] bridge_slave_1: entered promiscuous mode [ 2135.217445][ T6410] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2135.385751][ T6410] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2135.505987][ T6410] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2135.554349][ T9825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2135.615878][ T9825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2135.929691][ T9825] team0: Port device team_slave_0 added [ 2135.998991][ T9825] team0: Port device team_slave_1 added [ 2136.091872][ T6410] bridge_slave_1: left allmulticast mode [ 2136.117197][ T6410] bridge_slave_1: left promiscuous mode [ 2136.126852][T10130] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7312'. [ 2136.146432][ T6410] bridge0: port 2(bridge_slave_1) entered disabled state [ 2136.184313][ T6410] bridge_slave_0: left allmulticast mode [ 2136.196240][T10118] FAULT_INJECTION: forcing a failure. [ 2136.196240][T10118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2136.216503][ T6410] bridge_slave_0: left promiscuous mode [ 2136.222384][ T6410] bridge0: port 1(bridge_slave_0) entered disabled state [ 2136.235033][T10132] FAULT_INJECTION: forcing a failure. [ 2136.235033][T10132] name failslab, interval 1, probability 0, space 0, times 0 [ 2136.251926][T10118] CPU: 0 UID: 0 PID: 10118 Comm: syz.4.7311 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2136.251963][T10118] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2136.251972][T10118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2136.251982][T10118] Call Trace: [ 2136.251988][T10118] [ 2136.251995][T10118] dump_stack_lvl+0x100/0x190 [ 2136.252023][T10118] should_fail_ex.cold+0x5/0xa [ 2136.252039][T10118] ? prepare_alloc_pages+0x16d/0x5f0 [ 2136.252058][T10118] should_fail_alloc_page+0xeb/0x140 [ 2136.252076][T10118] prepare_alloc_pages+0x1f0/0x5f0 [ 2136.252096][T10118] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 2136.252118][T10118] ? xa_load+0x153/0x2c0 [ 2136.252138][T10118] ? __pfx_xa_load+0x10/0x10 [ 2136.252161][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252180][T10118] ? workingset_refault+0x477/0xf60 [ 2136.252202][T10118] ? workingset_refault+0x477/0xf60 [ 2136.252225][T10118] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2136.252249][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252269][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252294][T10118] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2136.252319][T10118] ? policy_nodemask+0xed/0x4f0 [ 2136.252337][T10118] alloc_pages_mpol+0x1fb/0x550 [ 2136.252353][T10118] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2136.252369][T10118] ? swap_entry_swapped+0x1ff/0x2b0 [ 2136.252384][T10118] ? __pfx_swap_entry_swapped+0x10/0x10 [ 2136.252402][T10118] folio_alloc_mpol_noprof+0x36/0x340 [ 2136.252421][T10118] swap_cache_alloc_folio+0x1a8/0x300 [ 2136.252444][T10118] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 2136.252466][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252488][T10118] swap_cluster_readahead+0x411/0x770 [ 2136.252513][T10118] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2136.252534][T10118] ? __pfx_find_held_lock+0x10/0x10 [ 2136.252549][T10118] ? is_bpf_text_address+0x8a/0x1a0 [ 2136.252571][T10118] ? bpf_ksym_find+0x124/0x1c0 [ 2136.252591][T10118] ? kernel_text_address+0x8d/0x100 [ 2136.252615][T10118] ? get_vma_policy+0x23f/0x3b0 [ 2136.252632][T10118] swapin_readahead+0x160/0x12c0 [ 2136.252654][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252676][T10118] ? __pfx_swapin_readahead+0x10/0x10 [ 2136.252699][T10118] ? find_held_lock+0x2b/0x80 [ 2136.252713][T10118] ? swap_table_get+0x103/0x2c0 [ 2136.252731][T10118] ? swap_table_get+0x103/0x2c0 [ 2136.252755][T10118] ? swap_table_get+0x10d/0x2c0 [ 2136.252775][T10118] ? swap_cache_get_folio+0x1ae/0x600 [ 2136.252803][T10118] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 2136.252823][T10118] ? __pfx_get_swap_device+0x10/0x10 [ 2136.252851][T10118] ? do_swap_page+0xb2e/0x68e0 [ 2136.252871][T10118] do_swap_page+0xb2e/0x68e0 [ 2136.252891][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252916][T10118] ? __pfx_do_swap_page+0x10/0x10 [ 2136.252937][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.252957][T10118] ? rcu_is_watching+0x12/0xc0 [ 2136.252979][T10118] ? __pte_offset_map+0x179/0x310 [ 2136.253005][T10118] __handle_mm_fault+0x18c1/0x2b60 [ 2136.253029][T10118] ? __pfx___handle_mm_fault+0x10/0x10 [ 2136.253050][T10118] ? pte_offset_map_lock+0x174/0x320 [ 2136.253065][T10118] ? find_held_lock+0x2b/0x80 [ 2136.253084][T10118] ? follow_page_pte+0x5b3/0x1400 [ 2136.253105][T10118] handle_mm_fault+0x36d/0xa20 [ 2136.253128][T10118] __get_user_pages+0xf9c/0x34d0 [ 2136.253149][T10118] ? down_read_killable+0x30e/0x4c0 [ 2136.253171][T10118] ? __pfx___get_user_pages+0x10/0x10 [ 2136.253193][T10118] __gup_longterm_locked+0x87d/0x16f0 [ 2136.253209][T10118] ? trace_pelt_se_tp+0x101/0x1b0 [ 2136.253235][T10118] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2136.253255][T10118] ? find_held_lock+0x2b/0x80 [ 2136.253268][T10118] ? gup_fast_fallback+0x7e5/0x2460 [ 2136.253289][T10118] gup_fast_fallback+0x18c6/0x2460 [ 2136.253320][T10118] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2136.253335][T10118] ? finish_task_switch.isra.0+0x200/0xb80 [ 2136.253355][T10118] ? finish_task_switch.isra.0+0x205/0xb80 [ 2136.253370][T10118] ? lockdep_hardirqs_on+0x78/0x100 [ 2136.253388][T10118] ? finish_task_switch.isra.0+0x205/0xb80 [ 2136.253406][T10118] get_user_pages_fast+0xa7/0xf0 [ 2136.253424][T10118] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2136.253442][T10118] ? __lock_acquire+0x4a5/0x2630 [ 2136.253462][T10118] get_futex_key+0x2c8/0x1620 [ 2136.253483][T10118] ? __pfx_get_futex_key+0x10/0x10 [ 2136.253502][T10118] ? find_held_lock+0x2b/0x80 [ 2136.253515][T10118] ? futex_unqueue+0x133/0x2c0 [ 2136.253532][T10118] ? futex_unqueue+0x133/0x2c0 [ 2136.253552][T10118] futex_wait_requeue_pi+0x1f5/0x870 [ 2136.253576][T10118] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 2136.253600][T10118] ? __pfx___futex_wait+0x10/0x10 [ 2136.253639][T10118] ? __pfx_futex_wake_mark+0x10/0x10 [ 2136.253666][T10118] ? ksys_write+0x190/0x250 [ 2136.253689][T10118] ? ksys_write+0x190/0x250 [ 2136.253714][T10118] do_futex+0x24f/0x350 [ 2136.253733][T10118] ? __pfx_do_futex+0x10/0x10 [ 2136.253757][T10118] __x64_sys_futex+0x34f/0x4d0 [ 2136.253779][T10118] ? __pfx___x64_sys_futex+0x10/0x10 [ 2136.253815][T10118] do_syscall_64+0x106/0xf80 [ 2136.253833][T10118] ? clear_bhb_loop+0x40/0x90 [ 2136.253853][T10118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2136.253869][T10118] RIP: 0033:0x7efd26f9c799 [ 2136.253883][T10118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2136.253897][T10118] RSP: 002b:00007efd27e66028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2136.253913][T10118] RAX: ffffffffffffffda RBX: 00007efd27215fa0 RCX: 00007efd26f9c799 [ 2136.253924][T10118] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 2136.253934][T10118] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 2136.253945][T10118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2136.253954][T10118] R13: 00007efd27216038 R14: 00007efd27215fa0 R15: 00007ffe35532628 [ 2136.253976][T10118] [ 2137.057068][T10132] CPU: 0 UID: 0 PID: 10132 Comm: syz.3.7312 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2137.057106][T10132] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2137.057115][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2137.057126][T10132] Call Trace: [ 2137.057132][T10132] [ 2137.057139][T10132] dump_stack_lvl+0x100/0x190 [ 2137.057168][T10132] should_fail_ex.cold+0x5/0xa [ 2137.057188][T10132] should_failslab+0xc2/0x120 [ 2137.057204][T10132] __kmalloc_cache_noprof+0x7a/0x6f0 [ 2137.057224][T10132] ? __request_module+0x2b7/0x6c0 [ 2137.057244][T10132] ? lockdep_hardirqs_on+0x78/0x100 [ 2137.057265][T10132] __request_module+0x2b7/0x6c0 [ 2137.057286][T10132] ? __pfx___request_module+0x10/0x10 [ 2137.057307][T10132] ? __mutex_unlock_slowpath+0x15c/0x790 [ 2137.057338][T10132] snd_timer_open+0xd78/0x1020 [ 2137.057432][T10132] ? snd_timer_instance_new+0x65/0x2e0 [ 2137.057480][T10132] ? __pfx_snd_timer_open+0x10/0x10 [ 2137.057496][T10132] ? kstrdup+0xb3/0xe0 [ 2137.057522][T10132] __snd_timer_user_ioctl.isra.0+0xd6d/0x27c0 [ 2137.057542][T10132] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 2137.057563][T10132] ? rcu_is_watching+0x12/0xc0 [ 2137.057590][T10132] ? snd_timer_user_ioctl+0x4a/0xd0 [ 2137.057605][T10132] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 2137.057627][T10132] ? __pfx___mutex_lock+0x10/0x10 [ 2137.057657][T10132] ? find_held_lock+0x2b/0x80 [ 2137.057683][T10132] snd_timer_user_ioctl+0x76/0xd0 [ 2137.057698][T10132] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 2137.057715][T10132] __x64_sys_ioctl+0x18e/0x210 [ 2137.057738][T10132] do_syscall_64+0x106/0xf80 [ 2137.057755][T10132] ? clear_bhb_loop+0x40/0x90 [ 2137.057775][T10132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2137.057790][T10132] RIP: 0033:0x7f179199c799 [ 2137.057804][T10132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2137.057819][T10132] RSP: 002b:00007f17927b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2137.057834][T10132] RAX: ffffffffffffffda RBX: 00007f1791c16090 RCX: 00007f179199c799 [ 2137.057845][T10132] RDX: 0000200000000080 RSI: 0000000040345410 RDI: 0000000000000008 [ 2137.057855][T10132] RBP: 00007f1791a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2137.057864][T10132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2137.057874][T10132] R13: 00007f1791c16128 R14: 00007f1791c16090 R15: 00007ffc4ffeaa58 [ 2137.057895][T10132] [ 2137.388586][ T8556] Bluetooth: hci5: command tx timeout [ 2137.993390][ T6410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2138.005219][ T6410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2138.028275][ T6410] bond0 (unregistering): Released all slaves [ 2138.178179][ T6410] ovs_: left promiscuous mode [ 2138.236316][ T6410] ovs_: left promiscuous mode [ 2138.303907][ T9825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2138.336835][ T9825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2138.461285][T10163] FAULT_INJECTION: forcing a failure. [ 2138.461285][T10163] name failslab, interval 1, probability 0, space 0, times 0 [ 2138.487399][ T9825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2138.535702][T10163] CPU: 0 UID: 0 PID: 10163 Comm: syz.3.7315 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2138.535737][T10163] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2138.535746][T10163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2138.535755][T10163] Call Trace: [ 2138.535761][T10163] [ 2138.535767][T10163] dump_stack_lvl+0x100/0x190 [ 2138.535795][T10163] should_fail_ex.cold+0x5/0xa [ 2138.535813][T10163] should_failslab+0xc2/0x120 [ 2138.535830][T10163] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2138.535852][T10163] ? taskstats_exit+0x650/0xbd0 [ 2138.535879][T10163] taskstats_exit+0x650/0xbd0 [ 2138.535901][T10163] ? __pfx_acct_update_integrals+0x10/0x10 [ 2138.535925][T10163] ? __pfx_taskstats_exit+0x10/0x10 [ 2138.535949][T10163] ? rcu_read_lock_any_held+0x6a/0xa0 [ 2138.535973][T10163] ? exit_signals+0x395/0xaf0 [ 2138.535990][T10163] do_exit+0x5ca/0x2aa0 [ 2138.536013][T10163] ? __pfx_do_exit+0x10/0x10 [ 2138.536032][T10163] ? do_raw_spin_lock+0x128/0x260 [ 2138.536053][T10163] ? find_held_lock+0x2b/0x80 [ 2138.536066][T10163] ? get_signal+0x7e0/0x21e0 [ 2138.536083][T10163] do_group_exit+0xd5/0x2a0 [ 2138.536104][T10163] get_signal+0x1ec7/0x21e0 [ 2138.536126][T10163] ? __pfx_get_signal+0x10/0x10 [ 2138.536143][T10163] ? do_futex+0x192/0x350 [ 2138.536164][T10163] arch_do_signal_or_restart+0x91/0x770 [ 2138.536184][T10163] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2138.536208][T10163] ? __pfx___x64_sys_futex+0x10/0x10 [ 2138.536226][T10163] ? __x64_sys_kexec_load+0x1c9/0x230 [ 2138.536247][T10163] exit_to_user_mode_loop+0x86/0x4a0 [ 2138.536268][T10163] do_syscall_64+0x668/0xf80 [ 2138.536286][T10163] ? clear_bhb_loop+0x40/0x90 [ 2138.536305][T10163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2138.536321][T10163] RIP: 0033:0x7f179199c799 [ 2138.536334][T10163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2138.536349][T10163] RSP: 002b:00007f17927d70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2138.536365][T10163] RAX: fffffffffffffe00 RBX: 00007f1791c15fa8 RCX: 00007f179199c799 [ 2138.536375][T10163] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1791c15fa8 [ 2138.536385][T10163] RBP: 00007f1791c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 2138.536393][T10163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2138.536402][T10163] R13: 00007f1791c16038 R14: 00007ffc4ffea970 R15: 00007ffc4ffeaa58 [ 2138.536438][T10163] [ 2138.797289][ T9825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2138.805118][ T9825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2138.831040][ T9825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2138.867615][ T9825] hsr_slave_0: entered promiscuous mode [ 2138.874440][ T9825] hsr_slave_1: entered promiscuous mode [ 2138.880944][ T9825] debugfs: 'hsr0' already exists in 'hsr' [ 2138.886739][ T9825] Cannot create hsr debugfs directory [ 2139.138752][ T6410] tipc: Left network mode [ 2139.440438][ T8556] Bluetooth: hci5: command tx timeout [ 2141.491918][ T8556] Bluetooth: hci5: command tx timeout [ 2141.919142][ T6410] hsr_slave_0: left promiscuous mode [ 2141.942526][ T6410] hsr_slave_1: left promiscuous mode [ 2141.960409][T10438] FAULT_INJECTION: forcing a failure. [ 2141.960409][T10438] name failslab, interval 1, probability 0, space 0, times 0 [ 2141.974107][ T6410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2141.990396][ T6410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2142.009608][T10438] CPU: 0 UID: 0 PID: 10438 Comm: syz.3.7324 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2142.009646][T10438] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2142.009656][T10438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2142.009669][T10438] Call Trace: [ 2142.009674][T10438] [ 2142.009681][T10438] dump_stack_lvl+0x100/0x190 [ 2142.009712][T10438] should_fail_ex.cold+0x5/0xa [ 2142.009732][T10438] should_failslab+0xc2/0x120 [ 2142.009748][T10438] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 2142.009771][T10438] ? __d_alloc+0x34/0xa80 [ 2142.009792][T10438] __d_alloc+0x34/0xa80 [ 2142.009811][T10438] d_alloc_pseudo+0x1c/0xc0 [ 2142.009831][T10438] alloc_file_pseudo+0xcf/0x230 [ 2142.009851][T10438] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 2142.009875][T10438] __shmem_file_setup+0x221/0x490 [ 2142.009896][T10438] ? __pfx___shmem_file_setup+0x10/0x10 [ 2142.009919][T10438] ? vm_area_alloc+0x1f/0x160 [ 2142.009941][T10438] shmem_zero_setup+0x96/0x1b0 [ 2142.009964][T10438] __mmap_region+0x2198/0x29e0 [ 2142.009994][T10438] ? __pfx___mmap_region+0x10/0x10 [ 2142.010017][T10438] ? __lock_acquire+0x4a5/0x2630 [ 2142.010038][T10438] ? set_next_entity+0x11e/0x9c0 [ 2142.010064][T10438] ? __lock_acquire+0x4a5/0x2630 [ 2142.010082][T10438] ? find_held_lock+0x2b/0x80 [ 2142.010104][T10438] ? find_held_lock+0x2b/0x80 [ 2142.010118][T10438] ? finish_task_switch.isra.0+0x200/0xb80 [ 2142.010134][T10438] ? finish_task_switch.isra.0+0x200/0xb80 [ 2142.010158][T10438] ? trace_sched_exit_tp+0x13a/0x180 [ 2142.010175][T10438] ? __schedule+0x1000/0x6120 [ 2142.010223][T10438] ? rcu_is_watching+0x12/0xc0 [ 2142.010247][T10438] ? cap_capable+0x107/0x460 [ 2142.010271][T10438] mmap_region+0x180/0x3e0 [ 2142.010296][T10438] do_mmap+0xc63/0x12f0 [ 2142.010316][T10438] ? __pfx_do_mmap+0x10/0x10 [ 2142.010331][T10438] ? __pfx_down_write_killable+0x10/0x10 [ 2142.010355][T10438] vm_mmap_pgoff+0x29e/0x470 [ 2142.010375][T10438] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2142.010393][T10438] ? do_futex+0x192/0x350 [ 2142.010412][T10438] ? __pfx_do_futex+0x10/0x10 [ 2142.010435][T10438] ksys_mmap_pgoff+0xe1/0x650 [ 2142.010450][T10438] ? __x64_sys_futex+0x34f/0x4d0 [ 2142.010467][T10438] ? __x64_sys_futex+0x358/0x4d0 [ 2142.010486][T10438] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 2142.010502][T10438] ? xfd_validate_state+0x129/0x190 [ 2142.010527][T10438] __x64_sys_mmap+0x125/0x190 [ 2142.010551][T10438] do_syscall_64+0x106/0xf80 [ 2142.010568][T10438] ? clear_bhb_loop+0x40/0x90 [ 2142.010586][T10438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2142.010602][T10438] RIP: 0033:0x7f179199c799 [ 2142.010617][T10438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2142.010632][T10438] RSP: 002b:00007f17927d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2142.010647][T10438] RAX: ffffffffffffffda RBX: 00007f1791c15fa0 RCX: 00007f179199c799 [ 2142.010659][T10438] RDX: 0000000000000004 RSI: 0000000002020009 RDI: 0000000000000000 [ 2142.010668][T10438] RBP: 00007f1791a32bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 2142.010678][T10438] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 2142.010688][T10438] R13: 00007f1791c16038 R14: 00007f1791c15fa0 R15: 00007ffc4ffeaa58 [ 2142.010710][T10438] [ 2142.012132][ T6410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2142.787336][ T6410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2142.809761][ T6410] veth0_macvtap: left promiscuous mode [ 2142.821170][ T6410] veth1_vlan: left promiscuous mode [ 2142.834454][ T6410] veth0_vlan: left promiscuous mode [ 2142.926549][ T8556] Bluetooth: hci2: unexpected event 0x03 length: 123 > 11 [ 2143.193657][ T6410] team0 (unregistering): Port device team_slave_0 removed [ 2144.105596][ T9825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2144.145177][ T9825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2144.269281][ T9825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2144.365835][ T9825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2145.404553][ T9825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2145.537119][ T9825] 8021q: adding VLAN 0 to HW filter on device team0 [ 2145.665945][T10554] netlink: 326 bytes leftover after parsing attributes in process `syz.3.7328'. [ 2145.687358][ T6413] bridge0: port 1(bridge_slave_0) entered blocking state [ 2145.694494][ T6413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2145.764773][ T6413] bridge0: port 2(bridge_slave_1) entered blocking state [ 2145.772028][ T6413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2146.966210][T10641] random: crng reseeded on system resumption [ 2147.016615][T10641] Restarting kernel threads ... [ 2147.033525][T10641] Done restarting kernel threads. [ 2147.149027][ T9825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2147.728362][ T9825] veth0_vlan: entered promiscuous mode [ 2147.957062][ T9825] veth1_vlan: entered promiscuous mode [ 2148.046526][T10724] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7337'. [ 2148.218769][ T9825] veth0_macvtap: entered promiscuous mode [ 2148.382488][ T9825] veth1_macvtap: entered promiscuous mode [ 2148.476645][ T9825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2148.533895][ T9825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2148.628431][ T6413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2148.659338][ T6413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2148.715337][ T6413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2148.758232][ T6413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2149.195339][T10766] wlan1: mtu less than device minimum [ 2149.323318][ T6410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2149.384234][ T6410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2149.434350][T11797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2149.487934][T11797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2149.967382][T10805] FAULT_INJECTION: forcing a failure. [ 2149.967382][T10805] name failslab, interval 1, probability 0, space 0, times 0 [ 2150.038228][T10805] CPU: 0 UID: 0 PID: 10805 Comm: syz.0.7347 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2150.038263][T10805] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2150.038272][T10805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2150.038281][T10805] Call Trace: [ 2150.038287][T10805] [ 2150.038293][T10805] dump_stack_lvl+0x100/0x190 [ 2150.038321][T10805] should_fail_ex.cold+0x5/0xa [ 2150.038343][T10805] should_failslab+0xc2/0x120 [ 2150.038359][T10805] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2150.038380][T10805] ? vm_area_dup+0x27/0x8e0 [ 2150.038404][T10805] vm_area_dup+0x27/0x8e0 [ 2150.038424][T10805] copy_vma+0x643/0xac0 [ 2150.038455][T10805] ? __pfx_copy_vma+0x10/0x10 [ 2150.038483][T10805] ? __lock_acquire+0x4a5/0x2630 [ 2150.038514][T10805] ? finish_task_switch.isra.0+0x200/0xb80 [ 2150.038533][T10805] copy_vma_and_data+0x1cf/0x7c0 [ 2150.038556][T10805] ? __pfx_copy_vma_and_data+0x10/0x10 [ 2150.038585][T10805] ? __vma_start_write+0x17f/0x280 [ 2150.038603][T10805] ? __pfx___vma_start_write+0x10/0x10 [ 2150.038627][T10805] move_vma+0x51b/0x1890 [ 2150.038651][T10805] ? __pfx_move_vma+0x10/0x10 [ 2150.038673][T10805] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 2150.038690][T10805] ? cap_mmap_addr+0x4b/0x120 [ 2150.038710][T10805] ? bpf_lsm_mmap_addr+0x9/0x30 [ 2150.038732][T10805] ? security_mmap_addr+0x71/0x1e0 [ 2150.038748][T10805] ? __get_unmapped_area+0x255/0x3e0 [ 2150.038766][T10805] ? vrm_set_new_addr+0x204/0x290 [ 2150.038788][T10805] mremap_to+0x1b7/0x450 [ 2150.038810][T10805] do_mremap+0xb76/0x2130 [ 2150.038839][T10805] ? __pfx_do_mremap+0x10/0x10 [ 2150.038870][T10805] __do_sys_mremap+0x126/0x170 [ 2150.038891][T10805] ? __pfx___do_sys_mremap+0x10/0x10 [ 2150.038913][T10805] ? __sys_connect+0xe4/0x170 [ 2150.038933][T10805] ? __x64_sys_futex+0x34f/0x4d0 [ 2150.038964][T10805] do_syscall_64+0x106/0xf80 [ 2150.038982][T10805] ? clear_bhb_loop+0x40/0x90 [ 2150.039000][T10805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2150.039016][T10805] RIP: 0033:0x7fd06759c799 [ 2150.039029][T10805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2150.039043][T10805] RSP: 002b:00007fd068531028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 2150.039059][T10805] RAX: ffffffffffffffda RBX: 00007fd067815fa0 RCX: 00007fd06759c799 [ 2150.039069][T10805] RDX: 0000000000000013 RSI: 0000000000000004 RDI: 0000200000000000 [ 2150.039078][T10805] RBP: 00007fd067632bd9 R08: 0000000100000000 R09: 0000000000000000 [ 2150.039088][T10805] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 2150.039097][T10805] R13: 00007fd067816038 R14: 00007fd067815fa0 R15: 00007ffef60c2058 [ 2150.039116][T10805] [ 2151.522882][T10894] netlink: 'syz.4.7358': attribute type 2 has an invalid length. [ 2153.759726][T32543] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2153.775677][T32543] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2153.792180][T32543] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2153.814422][T32543] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2153.826115][T32543] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2154.525746][T11128] FAULT_INJECTION: forcing a failure. [ 2154.525746][T11128] name failslab, interval 1, probability 0, space 0, times 0 [ 2154.562030][T11128] CPU: 0 UID: 0 PID: 11128 Comm: syz.3.7369 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2154.562068][T11128] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2154.562077][T11128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2154.562088][T11128] Call Trace: [ 2154.562094][T11128] [ 2154.562101][T11128] dump_stack_lvl+0x100/0x190 [ 2154.562129][T11128] should_fail_ex.cold+0x5/0xa [ 2154.562149][T11128] should_failslab+0xc2/0x120 [ 2154.562165][T11128] __kmalloc_cache_noprof+0x7a/0x6f0 [ 2154.562185][T11128] ? single_open+0x4d/0x1d0 [ 2154.562205][T11128] ? __pfx___debugfs_file_get+0x10/0x10 [ 2154.562222][T11128] ? find_held_lock+0x2b/0x80 [ 2154.562238][T11128] ? __pfx_edid_show+0x10/0x10 [ 2154.562261][T11128] ? __pfx_edid_open+0x10/0x10 [ 2154.562281][T11128] single_open+0x4d/0x1d0 [ 2154.562301][T11128] full_proxy_open_regular+0x1b6/0x370 [ 2154.562323][T11128] do_dentry_open+0x6d8/0x1660 [ 2154.562338][T11128] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 2154.562362][T11128] vfs_open+0x82/0x3f0 [ 2154.562382][T11128] path_openat+0x208c/0x31a0 [ 2154.562404][T11128] ? __pfx_path_openat+0x10/0x10 [ 2154.562425][T11128] do_file_open+0x20e/0x430 [ 2154.562442][T11128] ? __pfx_do_file_open+0x10/0x10 [ 2154.562470][T11128] ? alloc_fd+0x476/0x790 [ 2154.562487][T11128] ? do_getname+0x191/0x390 [ 2154.562506][T11128] do_sys_openat2+0x10d/0x1e0 [ 2154.562525][T11128] ? __pfx_do_sys_openat2+0x10/0x10 [ 2154.562544][T11128] ? do_raw_spin_lock+0x128/0x260 [ 2154.562570][T11128] __x64_sys_openat+0x12d/0x210 [ 2154.562590][T11128] ? __pfx___x64_sys_openat+0x10/0x10 [ 2154.562616][T11128] do_syscall_64+0x106/0xf80 [ 2154.562633][T11128] ? clear_bhb_loop+0x40/0x90 [ 2154.562652][T11128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2154.562668][T11128] RIP: 0033:0x7f179199c799 [ 2154.562682][T11128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2154.562697][T11128] RSP: 002b:00007f1792795028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2154.562712][T11128] RAX: ffffffffffffffda RBX: 00007f1791c16180 RCX: 00007f179199c799 [ 2154.562723][T11128] RDX: 0000000000002082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 2154.562732][T11128] RBP: 00007f1791a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2154.562741][T11128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2154.562750][T11128] R13: 00007f1791c16218 R14: 00007f1791c16180 R15: 00007ffc4ffeaa58 [ 2154.562771][T11128] [ 2154.965331][T11169] FAULT_INJECTION: forcing a failure. [ 2154.965331][T11169] name failslab, interval 1, probability 0, space 0, times 0 [ 2154.979091][T11169] CPU: 0 UID: 0 PID: 11169 Comm: syz.4.7373 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2154.979129][T11169] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2154.979138][T11169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2154.979147][T11169] Call Trace: [ 2154.979153][T11169] [ 2154.979160][T11169] dump_stack_lvl+0x100/0x190 [ 2154.979190][T11169] should_fail_ex.cold+0x5/0xa [ 2154.979209][T11169] should_failslab+0xc2/0x120 [ 2154.979226][T11169] __kvmalloc_node_noprof+0xfa/0xa00 [ 2154.979248][T11169] ? __do_sys_swapon+0xf9/0x3800 [ 2154.979271][T11169] ? bpf_lsm_capable+0x9/0x10 [ 2154.979287][T11169] ? security_capable+0x80/0x260 [ 2154.979310][T11169] __do_sys_swapon+0xf9/0x3800 [ 2154.979331][T11169] ? __pfx_do_futex+0x1/0x10 [ 2154.979353][T11169] ? find_held_lock+0x2b/0x80 [ 2154.979370][T11169] ? __x64_sys_futex+0x34f/0x4d0 [ 2154.979388][T11169] ? __x64_sys_futex+0x358/0x4d0 [ 2154.979408][T11169] ? xfd_validate_state+0x129/0x190 [ 2154.979429][T11169] ? __pfx___do_sys_swapon+0x10/0x10 [ 2154.979456][T11169] do_syscall_64+0x106/0xf80 [ 2154.979474][T11169] ? clear_bhb_loop+0x40/0x90 [ 2154.979492][T11169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2154.979508][T11169] RIP: 0033:0x7efd26f9c799 [ 2154.979523][T11169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2154.979537][T11169] RSP: 002b:00007efd27e24028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 [ 2154.979553][T11169] RAX: ffffffffffffffda RBX: 00007efd27216180 RCX: 00007efd26f9c799 [ 2154.979563][T11169] RDX: 0000000000000000 RSI: 00000000000000d1 RDI: 0000000000000000 [ 2154.979572][T11169] RBP: 00007efd27032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2154.979581][T11169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2154.979591][T11169] R13: 00007efd27216218 R14: 00007efd27216180 R15: 00007ffe35532628 [ 2154.979612][T11169] [ 2155.265639][T11171] FAULT_INJECTION: forcing a failure. [ 2155.265639][T11171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2155.278802][T11171] CPU: 0 UID: 0 PID: 11171 Comm: syz.0.7374 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2155.278835][T11171] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2155.278844][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2155.278853][T11171] Call Trace: [ 2155.278864][T11171] [ 2155.278871][T11171] dump_stack_lvl+0x100/0x190 [ 2155.278899][T11171] should_fail_ex.cold+0x5/0xa [ 2155.278918][T11171] _copy_from_user+0x2e/0xd0 [ 2155.278943][T11171] kstrtouint_from_user+0xd6/0x1d0 [ 2155.278978][T11171] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2155.278996][T11171] ? __lock_acquire+0x4a5/0x2630 [ 2155.279018][T11171] ? lock_acquire+0x1cf/0x380 [ 2155.279040][T11171] proc_fail_nth_write+0x83/0x220 [ 2155.279059][T11171] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2155.279082][T11171] vfs_write+0x2aa/0x1070 [ 2155.279106][T11171] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2155.279126][T11171] ? __pfx_vfs_write+0x10/0x10 [ 2155.279148][T11171] ? __fget_files+0x215/0x3d0 [ 2155.279176][T11171] ? __fget_files+0x21f/0x3d0 [ 2155.279204][T11171] ksys_write+0x12a/0x250 [ 2155.279231][T11171] ? __pfx_ksys_write+0x10/0x10 [ 2155.279260][T11171] do_syscall_64+0x106/0xf80 [ 2155.279277][T11171] ? clear_bhb_loop+0x40/0x90 [ 2155.279296][T11171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2155.279311][T11171] RIP: 0033:0x7fd06755cfce [ 2155.279325][T11171] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 2155.279340][T11171] RSP: 002b:00007fd068530fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2155.279355][T11171] RAX: ffffffffffffffda RBX: 00007fd0685316c0 RCX: 00007fd06755cfce [ 2155.279365][T11171] RDX: 0000000000000001 RSI: 00007fd0685310a0 RDI: 0000000000000003 [ 2155.279375][T11171] RBP: 00007fd068531090 R08: 0000000000000000 R09: 0000000000000000 [ 2155.279384][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2155.279393][T11171] R13: 00007fd067816038 R14: 00007fd067815fa0 R15: 00007ffef60c2058 [ 2155.279413][T11171] [ 2155.595214][T11186] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 2155.908977][ T8556] Bluetooth: hci0: command tx timeout [ 2155.933730][T11077] chnl_net:caif_netlink_parms(): no params data found [ 2156.316536][T11077] bridge0: port 1(bridge_slave_0) entered blocking state [ 2156.365027][T11077] bridge0: port 1(bridge_slave_0) entered disabled state [ 2156.389445][T11077] bridge_slave_0: entered allmulticast mode [ 2156.398970][T11293] FAULT_INJECTION: forcing a failure. [ 2156.398970][T11293] name failslab, interval 1, probability 0, space 0, times 0 [ 2156.428314][T11077] bridge_slave_0: entered promiscuous mode [ 2156.453622][T11077] bridge0: port 2(bridge_slave_1) entered blocking state [ 2156.476661][T11293] CPU: 0 UID: 0 PID: 11293 Comm: syz.0.7381 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2156.476696][T11293] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2156.476705][T11293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2156.476715][T11293] Call Trace: [ 2156.476720][T11293] [ 2156.476726][T11293] dump_stack_lvl+0x100/0x190 [ 2156.476754][T11293] should_fail_ex.cold+0x5/0xa [ 2156.476773][T11293] should_failslab+0xc2/0x120 [ 2156.476789][T11293] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2156.476811][T11293] ? taskstats_exit+0x650/0xbd0 [ 2156.476846][T11293] taskstats_exit+0x650/0xbd0 [ 2156.476869][T11293] ? __pfx_acct_update_integrals+0x10/0x10 [ 2156.476893][T11293] ? __pfx_taskstats_exit+0x10/0x10 [ 2156.476917][T11293] ? rcu_read_lock_any_held+0x6a/0xa0 [ 2156.476941][T11293] ? exit_signals+0x395/0xaf0 [ 2156.476958][T11293] do_exit+0x5ca/0x2aa0 [ 2156.476981][T11293] ? __pfx_do_exit+0x10/0x10 [ 2156.477000][T11293] ? do_raw_spin_lock+0x128/0x260 [ 2156.477021][T11293] ? find_held_lock+0x2b/0x80 [ 2156.477034][T11293] ? get_signal+0x7e0/0x21e0 [ 2156.477052][T11293] do_group_exit+0xd5/0x2a0 [ 2156.477072][T11293] get_signal+0x1ec7/0x21e0 [ 2156.477095][T11293] ? __pfx_get_signal+0x10/0x10 [ 2156.477111][T11293] ? do_futex+0x192/0x350 [ 2156.477132][T11293] arch_do_signal_or_restart+0x91/0x770 [ 2156.477152][T11293] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2156.477176][T11293] ? __pfx___x64_sys_futex+0x10/0x10 [ 2156.477194][T11293] ? __x64_sys_kexec_load+0x1c9/0x230 [ 2156.477214][T11293] exit_to_user_mode_loop+0x86/0x4a0 [ 2156.477235][T11293] do_syscall_64+0x668/0xf80 [ 2156.477253][T11293] ? clear_bhb_loop+0x40/0x90 [ 2156.477272][T11293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2156.477287][T11293] RIP: 0033:0x7fd06759c799 [ 2156.477301][T11293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2156.477315][T11293] RSP: 002b:00007fd0685310e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2156.477330][T11293] RAX: fffffffffffffe00 RBX: 00007fd067815fa8 RCX: 00007fd06759c799 [ 2156.477340][T11293] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd067815fa8 [ 2156.477350][T11293] RBP: 00007fd067815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 2156.477359][T11293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2156.477367][T11293] R13: 00007fd067816038 R14: 00007ffef60c1f70 R15: 00007ffef60c2058 [ 2156.477387][T11293] [ 2156.794012][T11077] bridge0: port 2(bridge_slave_1) entered disabled state [ 2156.801273][T11077] bridge_slave_1: entered allmulticast mode [ 2156.808242][T11077] bridge_slave_1: entered promiscuous mode [ 2156.832664][T11077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2156.844240][T11077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2156.870574][T11077] team0: Port device team_slave_0 added [ 2156.878186][T11077] team0: Port device team_slave_1 added [ 2156.901465][T11077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2156.908481][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2156.935157][T11077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2156.947472][T11077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2156.954467][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2156.980387][T11077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2157.011763][ T30] audit: type=1800 audit(4294967301.875:87): pid=11300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.7383" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 2157.046930][T11077] hsr_slave_0: entered promiscuous mode [ 2157.075248][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 2157.087306][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 2157.096999][T11077] hsr_slave_1: entered promiscuous mode [ 2157.103170][T11077] debugfs: 'hsr0' already exists in 'hsr' [ 2157.138358][T11077] Cannot create hsr debugfs directory [ 2157.963625][ T8556] Bluetooth: hci0: command tx timeout [ 2158.144253][T11494] FAULT_INJECTION: forcing a failure. [ 2158.144253][T11494] name failslab, interval 1, probability 0, space 0, times 0 [ 2158.165532][T11077] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2158.205345][T11494] CPU: 0 UID: 0 PID: 11494 Comm: syz.4.7388 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2158.205380][T11494] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2158.205389][T11494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2158.205398][T11494] Call Trace: [ 2158.205404][T11494] [ 2158.205411][T11494] dump_stack_lvl+0x100/0x190 [ 2158.205439][T11494] should_fail_ex.cold+0x5/0xa [ 2158.205458][T11494] should_failslab+0xc2/0x120 [ 2158.205474][T11494] __kvmalloc_node_noprof+0xfa/0xa00 [ 2158.205497][T11494] ? traverse.part.0.constprop.0+0x397/0x650 [ 2158.205525][T11494] traverse.part.0.constprop.0+0x397/0x650 [ 2158.205554][T11494] seq_read_iter+0x93f/0x1270 [ 2158.205577][T11494] ? aa_file_perm+0x7f3/0x14d0 [ 2158.205600][T11494] seq_read+0x33b/0x4c0 [ 2158.205622][T11494] ? __pfx_seq_read+0x10/0x10 [ 2158.205656][T11494] ? __pfx_seq_read+0x10/0x10 [ 2158.205683][T11494] proc_reg_read+0x240/0x330 [ 2158.205705][T11494] ? __pfx_proc_reg_read+0x10/0x10 [ 2158.205727][T11494] vfs_read+0x1e4/0xb30 [ 2158.205753][T11494] ? __pfx_vfs_read+0x10/0x10 [ 2158.205774][T11494] ? find_held_lock+0x2b/0x80 [ 2158.205788][T11494] ? __fget_files+0x215/0x3d0 [ 2158.205811][T11494] ? __fget_files+0x215/0x3d0 [ 2158.205837][T11494] ? __fget_files+0x21f/0x3d0 [ 2158.205864][T11494] __x64_sys_pread64+0x1eb/0x250 [ 2158.205880][T11494] ? __pfx___x64_sys_pread64+0x10/0x10 [ 2158.205909][T11494] do_syscall_64+0x106/0xf80 [ 2158.205927][T11494] ? clear_bhb_loop+0x40/0x90 [ 2158.205946][T11494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2158.205961][T11494] RIP: 0033:0x7efd26f9c799 [ 2158.205975][T11494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2158.205989][T11494] RSP: 002b:00007efd27e66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 2158.206004][T11494] RAX: ffffffffffffffda RBX: 00007efd27215fa0 RCX: 00007efd26f9c799 [ 2158.206015][T11494] RDX: 0000000000010005 RSI: 0000000000000000 RDI: 0000000000000003 [ 2158.206024][T11494] RBP: 00007efd27e66090 R08: 0000000000000000 R09: 0000000000000000 [ 2158.206033][T11494] R10: 0000000000000830 R11: 0000000000000246 R12: 0000000000000001 [ 2158.206042][T11494] R13: 00007efd27216038 R14: 00007efd27215fa0 R15: 00007ffe35532628 [ 2158.206062][T11494] [ 2159.150017][T11077] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.368153][T11077] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.534063][T11077] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2160.032636][ T8556] Bluetooth: hci0: command tx timeout [ 2160.184030][T11077] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2160.235650][T11077] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2160.322524][T11077] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2160.375993][T11077] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2160.893575][T11077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2160.980615][T11077] 8021q: adding VLAN 0 to HW filter on device team0 [ 2161.016736][T11797] bridge0: port 1(bridge_slave_0) entered blocking state [ 2161.023891][T11797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2161.075027][T11797] bridge0: port 2(bridge_slave_1) entered blocking state [ 2161.082212][T11797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2161.472944][T11077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2161.834086][T11077] veth0_vlan: entered promiscuous mode [ 2161.937574][T11077] veth1_vlan: entered promiscuous mode [ 2162.088023][T11077] veth0_macvtap: entered promiscuous mode [ 2162.103355][ T8556] Bluetooth: hci0: command tx timeout [ 2162.156188][T11077] veth1_macvtap: entered promiscuous mode [ 2162.274902][T11077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2162.344003][T11077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2162.423706][ T6410] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2162.496509][ T6410] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2162.610627][ T6410] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2162.680931][ T6410] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2162.772430][T11660] netlink: 338 bytes leftover after parsing attributes in process `syz.0.7405'. [ 2163.069699][ T6410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2163.148416][ T6410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2163.256003][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2163.304704][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2163.637845][T11700] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 2165.043247][T11719] bond0: invalid ARP target specified [ 2165.084225][T11719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7414'. [ 2165.118246][T11719] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2165.147223][T11719] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2165.163407][T11719] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2165.172494][T11719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2165.973763][T11766] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.0.7424: 7 [ 2168.256269][T11864] FAULT_INJECTION: forcing a failure. [ 2168.256269][T11864] name failslab, interval 1, probability 0, space 0, times 0 [ 2168.300695][T11864] CPU: 0 UID: 0 PID: 11864 Comm: syz.1.7434 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2168.300730][T11864] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2168.300739][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2168.300748][T11864] Call Trace: [ 2168.300753][T11864] [ 2168.300760][T11864] dump_stack_lvl+0x100/0x190 [ 2168.300788][T11864] should_fail_ex.cold+0x5/0xa [ 2168.300806][T11864] should_failslab+0xc2/0x120 [ 2168.300822][T11864] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2168.300844][T11864] ? taskstats_exit+0x650/0xbd0 [ 2168.300871][T11864] taskstats_exit+0x650/0xbd0 [ 2168.300893][T11864] ? __pfx_acct_update_integrals+0x10/0x10 [ 2168.300917][T11864] ? __pfx_taskstats_exit+0x10/0x10 [ 2168.300941][T11864] ? rcu_read_lock_any_held+0x6a/0xa0 [ 2168.300965][T11864] ? exit_signals+0x395/0xaf0 [ 2168.300983][T11864] do_exit+0x5ca/0x2aa0 [ 2168.301006][T11864] ? __pfx_do_exit+0x10/0x10 [ 2168.301024][T11864] ? do_raw_spin_lock+0x128/0x260 [ 2168.301045][T11864] ? find_held_lock+0x2b/0x80 [ 2168.301059][T11864] ? get_signal+0x7e0/0x21e0 [ 2168.301076][T11864] do_group_exit+0xd5/0x2a0 [ 2168.301097][T11864] get_signal+0x1ec7/0x21e0 [ 2168.301119][T11864] ? __pfx_get_signal+0x10/0x10 [ 2168.301135][T11864] ? do_futex+0x192/0x350 [ 2168.301157][T11864] arch_do_signal_or_restart+0x91/0x770 [ 2168.301177][T11864] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2168.301201][T11864] ? __pfx___x64_sys_futex+0x10/0x10 [ 2168.301219][T11864] ? __x64_sys_kexec_load+0x1c9/0x230 [ 2168.301243][T11864] exit_to_user_mode_loop+0x86/0x4a0 [ 2168.301265][T11864] do_syscall_64+0x668/0xf80 [ 2168.301283][T11864] ? clear_bhb_loop+0x40/0x90 [ 2168.301305][T11864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2168.301320][T11864] RIP: 0033:0x7f343e79c799 [ 2168.301334][T11864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2168.301350][T11864] RSP: 002b:00007f343f5c80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2168.301365][T11864] RAX: fffffffffffffe00 RBX: 00007f343ea15fa8 RCX: 00007f343e79c799 [ 2168.301376][T11864] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f343ea15fa8 [ 2168.301385][T11864] RBP: 00007f343ea15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 2168.301395][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2168.301404][T11864] R13: 00007f343ea16038 R14: 00007ffd3eb5cad0 R15: 00007ffd3eb5cbb8 [ 2168.301423][T11864] [ 2169.067866][T11894] FAULT_INJECTION: forcing a failure. [ 2169.067866][T11894] name failslab, interval 1, probability 0, space 0, times 0 [ 2169.102769][T11894] CPU: 0 UID: 0 PID: 11894 Comm: syz.0.7437 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2169.102808][T11894] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2169.102817][T11894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2169.102827][T11894] Call Trace: [ 2169.102834][T11894] [ 2169.102841][T11894] dump_stack_lvl+0x100/0x190 [ 2169.102870][T11894] should_fail_ex.cold+0x5/0xa [ 2169.102890][T11894] should_failslab+0xc2/0x120 [ 2169.102906][T11894] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 2169.102929][T11894] ? prepare_creds+0x2c/0x950 [ 2169.102951][T11894] ? __sys_socket+0xac/0x260 [ 2169.102979][T11894] prepare_creds+0x2c/0x950 [ 2169.103002][T11894] __sys_setuid+0x9c/0x440 [ 2169.103018][T11894] do_syscall_64+0x106/0xf80 [ 2169.103036][T11894] ? clear_bhb_loop+0x40/0x90 [ 2169.103055][T11894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2169.103071][T11894] RIP: 0033:0x7fd06759c799 [ 2169.103085][T11894] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2169.103100][T11894] RSP: 002b:00007fd068531028 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 2169.103115][T11894] RAX: ffffffffffffffda RBX: 00007fd067815fa0 RCX: 00007fd06759c799 [ 2169.103126][T11894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 2169.103135][T11894] RBP: 00007fd067632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 2169.103144][T11894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2169.103152][T11894] R13: 00007fd067816038 R14: 00007fd067815fa0 R15: 00007ffef60c2058 [ 2169.103172][T11894] [ 2170.571427][T11955] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7445'. [ 2171.105511][T12013] FAULT_INJECTION: forcing a failure. [ 2171.105511][T12013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2171.185362][T12013] CPU: 0 UID: 0 PID: 12013 Comm: syz.3.7450 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2171.185397][T12013] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2171.185406][T12013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2171.185415][T12013] Call Trace: [ 2171.185421][T12013] [ 2171.185428][T12013] dump_stack_lvl+0x100/0x190 [ 2171.185456][T12013] should_fail_ex.cold+0x5/0xa [ 2171.185475][T12013] _copy_to_iter+0x5a4/0x1720 [ 2171.185501][T12013] ? dev_seq_stop+0x31/0xb0 [ 2171.185598][T12013] ? __pfx__copy_to_iter+0x10/0x10 [ 2171.185623][T12013] ? traverse.part.0.constprop.0+0x2c5/0x650 [ 2171.185652][T12013] seq_read_iter+0x691/0x1270 [ 2171.185676][T12013] ? aa_file_perm+0x7f3/0x14d0 [ 2171.185698][T12013] seq_read+0x33b/0x4c0 [ 2171.185720][T12013] ? __pfx_seq_read+0x10/0x10 [ 2171.185754][T12013] ? __pfx_seq_read+0x10/0x10 [ 2171.185775][T12013] proc_reg_read+0x240/0x330 [ 2171.185796][T12013] ? __pfx_proc_reg_read+0x10/0x10 [ 2171.185818][T12013] vfs_read+0x1e4/0xb30 [ 2171.185844][T12013] ? __pfx_vfs_read+0x10/0x10 [ 2171.185864][T12013] ? find_held_lock+0x2b/0x80 [ 2171.185878][T12013] ? __fget_files+0x215/0x3d0 [ 2171.185901][T12013] ? __fget_files+0x215/0x3d0 [ 2171.185926][T12013] ? __fget_files+0x21f/0x3d0 [ 2171.185954][T12013] __x64_sys_pread64+0x1eb/0x250 [ 2171.185969][T12013] ? __pfx___x64_sys_pread64+0x10/0x10 [ 2171.185998][T12013] do_syscall_64+0x106/0xf80 [ 2171.186016][T12013] ? clear_bhb_loop+0x40/0x90 [ 2171.186035][T12013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2171.186050][T12013] RIP: 0033:0x7f179199c799 [ 2171.186064][T12013] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2171.186079][T12013] RSP: 002b:00007f17927d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 2171.186094][T12013] RAX: ffffffffffffffda RBX: 00007f1791c15fa0 RCX: 00007f179199c799 [ 2171.186104][T12013] RDX: 0000000000010005 RSI: 0000000000000000 RDI: 0000000000000003 [ 2171.186114][T12013] RBP: 00007f17927d7090 R08: 0000000000000000 R09: 0000000000000000 [ 2171.186122][T12013] R10: 0000000000000830 R11: 0000000000000246 R12: 0000000000000001 [ 2171.186131][T12013] R13: 00007f1791c16038 R14: 00007f1791c15fa0 R15: 00007ffc4ffeaa58 [ 2171.186151][T12013] [ 2171.921992][T12023] [ 2171.924360][T12023] ====================================================== [ 2171.931424][T12023] WARNING: possible circular locking dependency detected [ 2171.938420][T12023] syzkaller #0 Tainted: G U W L XTNJ [ 2171.944374][T12023] ------------------------------------------------------ [ 2171.951365][T12023] syz.1.7455/12023 is trying to acquire lock: [ 2171.957408][T12023] ffff8880334b8a68 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 2171.968899][T12023] [ 2171.968899][T12023] but task is already holding lock: [ 2171.976258][T12023] ffff8880877d8ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 2171.985232][T12023] [ 2171.985232][T12023] which lock already depends on the new lock. [ 2171.985232][T12023] [ 2171.995612][T12023] [ 2171.995612][T12023] the existing dependency chain (in reverse order) is: [ 2172.004602][T12023] [ 2172.004602][T12023] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 2172.012324][T12023] lock_sock_nested+0x41/0xf0 [ 2172.017507][T12023] smc_listen_out+0x1f5/0x4b0 [ 2172.022686][T12023] smc_listen_work+0x4c2/0x50e0 [ 2172.028036][T12023] process_one_work+0x9d7/0x1920 [ 2172.033483][T12023] worker_thread+0x5da/0xe40 [ 2172.038581][T12023] kthread+0x370/0x450 [ 2172.043157][T12023] ret_from_fork+0x754/0xd80 [ 2172.048350][T12023] ret_from_fork_asm+0x1a/0x30 [ 2172.053702][T12023] [ 2172.053702][T12023] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 2172.063846][T12023] __lock_acquire+0x14b8/0x2630 [ 2172.069206][T12023] lock_acquire+0x1cf/0x380 [ 2172.074214][T12023] __flush_work+0x4de/0xcb0 [ 2172.079224][T12023] cancel_work_sync+0xd1/0xf0 [ 2172.084402][T12023] smc_clcsock_release+0x5f/0xe0 [ 2172.089875][T12023] __smc_release+0x5c2/0x880 [ 2172.094974][T12023] smc_close_non_accepted+0xda/0x200 [ 2172.100761][T12023] smc_close_active+0x4ff/0x1070 [ 2172.106202][T12023] __smc_release+0x634/0x880 [ 2172.111300][T12023] smc_release+0x1fc/0x620 [ 2172.116223][T12023] __sock_release+0xb3/0x260 [ 2172.121315][T12023] sock_close+0x1c/0x30 [ 2172.125973][T12023] __fput+0x3ff/0xb40 [ 2172.130459][T12023] task_work_run+0x150/0x240 [ 2172.135556][T12023] exit_to_user_mode_loop+0x100/0x4a0 [ 2172.141432][T12023] do_syscall_64+0x668/0xf80 [ 2172.146540][T12023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2172.153026][T12023] [ 2172.153026][T12023] other info that might help us debug this: [ 2172.153026][T12023] [ 2172.163321][T12023] Possible unsafe locking scenario: [ 2172.163321][T12023] [ 2172.170745][T12023] CPU0 CPU1 [ 2172.176085][T12023] ---- ---- [ 2172.181427][T12023] lock(sk_lock-AF_SMC/1); [ 2172.185918][T12023] lock((work_completion)(&new_smc->smc_listen_work)); [ 2172.195351][T12023] lock(sk_lock-AF_SMC/1); [ 2172.202380][T12023] lock((work_completion)(&new_smc->smc_listen_work)); [ 2172.209314][T12023] [ 2172.209314][T12023] *** DEADLOCK *** [ 2172.209314][T12023] [ 2172.217441][T12023] 3 locks held by syz.1.7455/12023: [ 2172.222621][T12023] #0: ffff8880420b9908 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 2172.233155][T12023] #1: ffff8880877d8ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 2172.242579][T12023] #2: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 2172.251704][T12023] [ 2172.251704][T12023] stack backtrace: [ 2172.257574][T12023] CPU: 0 UID: 0 PID: 12023 Comm: syz.1.7455 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 2172.257606][T12023] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 2172.257614][T12023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2172.257623][T12023] Call Trace: [ 2172.257630][T12023] [ 2172.257637][T12023] dump_stack_lvl+0x100/0x190 [ 2172.257660][T12023] print_circular_bug.cold+0x178/0x1c7 [ 2172.257685][T12023] check_noncircular+0x146/0x160 [ 2172.257704][T12023] __lock_acquire+0x14b8/0x2630 [ 2172.257725][T12023] lock_acquire+0x1cf/0x380 [ 2172.257742][T12023] ? __flush_work+0x4ca/0xcb0 [ 2172.257763][T12023] ? mark_held_locks+0x40/0x70 [ 2172.257780][T12023] ? __flush_work+0x4ca/0xcb0 [ 2172.257800][T12023] __flush_work+0x4de/0xcb0 [ 2172.257820][T12023] ? __flush_work+0x4ca/0xcb0 [ 2172.257841][T12023] ? __pfx___flush_work+0x10/0x10 [ 2172.257862][T12023] ? __pfx_wq_barrier_func+0x10/0x10 [ 2172.257886][T12023] ? __pfx___might_resched+0x10/0x10 [ 2172.257909][T12023] cancel_work_sync+0xd1/0xf0 [ 2172.257923][T12023] smc_clcsock_release+0x5f/0xe0 [ 2172.257939][T12023] __smc_release+0x5c2/0x880 [ 2172.257961][T12023] ? __pfx_sock_def_readable+0x10/0x10 [ 2172.257977][T12023] smc_close_non_accepted+0xda/0x200 [ 2172.257992][T12023] smc_close_active+0x4ff/0x1070 [ 2172.258008][T12023] __smc_release+0x634/0x880 [ 2172.258030][T12023] smc_release+0x1fc/0x620 [ 2172.258052][T12023] __sock_release+0xb3/0x260 [ 2172.258070][T12023] ? __pfx_sock_close+0x10/0x10 [ 2172.258087][T12023] sock_close+0x1c/0x30 [ 2172.258103][T12023] __fput+0x3ff/0xb40 [ 2172.258127][T12023] task_work_run+0x150/0x240 [ 2172.258147][T12023] ? __pfx_task_work_run+0x10/0x10 [ 2172.258174][T12023] exit_to_user_mode_loop+0x100/0x4a0 [ 2172.258194][T12023] do_syscall_64+0x668/0xf80 [ 2172.258212][T12023] ? clear_bhb_loop+0x40/0x90 [ 2172.258229][T12023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2172.258244][T12023] RIP: 0033:0x7f343e79c799 [ 2172.258258][T12023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2172.258273][T12023] RSP: 002b:00007ffd3eb5cd18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 2172.258287][T12023] RAX: 0000000000000000 RBX: 00007f343ea17da0 RCX: 00007f343e79c799 [ 2172.258297][T12023] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 2172.258306][T12023] RBP: 00007f343ea17da0 R08: 00007f343ea16038 R09: 0000000000000000 [ 2172.258315][T12023] R10: 00000000003ea4d0 R11: 0000000000000246 R12: 000000000021340c [ 2172.258324][T12023] R13: 00007f343ea15fac R14: 0000000000213109 R15: 00007ffd3eb5ce20 [ 2172.258338][T12023] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2173.041476][ T6413] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2173.092422][ T6413] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2173.157259][ T6413] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2173.211602][ T6413] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2173.322638][ T6413] bridge_slave_1: left allmulticast mode [ 2173.328297][ T6413] bridge_slave_1: left promiscuous mode [ 2173.393364][ T6413] bridge0: port 2(bridge_slave_1) entered disabled state [ 2173.421104][ T6413] bridge_slave_0: left allmulticast mode [ 2173.438829][ T6413] bridge_slave_0: left promiscuous mode [ 2173.459626][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state [ 2173.595761][ T6413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2173.610784][ T6413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2173.628148][ T6413] bond0 (unregistering): Released all slaves [ 2173.760109][ T6413] hsr_slave_0: left promiscuous mode [ 2173.772581][ T6413] hsr_slave_1: left promiscuous mode [ 2173.782200][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2173.789580][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2173.841365][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2173.866220][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2173.883183][ T6413] veth1_macvtap: left promiscuous mode [ 2173.888658][ T6413] veth0_macvtap: left promiscuous mode [ 2173.909657][ T6413] veth1_vlan: left promiscuous mode [ 2173.914891][ T6413] veth0_vlan: left promiscuous mode [ 2174.061911][ T6413] team0 (unregistering): Port device team_slave_1 removed [ 2174.085660][ T6413] team0 (unregistering): Port device team_slave_0 removed [ 2174.273658][ T6413] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.321779][ T6413] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.372704][ T6413] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.430926][ T6413] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.531937][ T6413] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.579710][ T6413] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.629818][ T6413] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.669925][ T6413] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.766336][ T6413] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.818464][ T6413] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.868592][ T6413] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.920622][ T6413] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2175.006522][ T6413] bridge_slave_1: left allmulticast mode [ 2175.012177][ T6413] bridge_slave_1: left promiscuous mode [ 2175.030339][ T6413] bridge0: port 2(bridge_slave_1) entered disabled state [ 2175.045804][ T6413] bridge_slave_0: left allmulticast mode [ 2175.051458][ T6413] bridge_slave_0: left promiscuous mode [ 2175.074017][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.082503][ T6413] bridge_slave_1: left allmulticast mode [ 2175.094097][ T6413] bridge_slave_1: left promiscuous mode [ 2175.099738][ T6413] bridge0: port 2(bridge_slave_1) entered disabled state [ 2175.108929][ T6413] bridge_slave_0: left allmulticast mode [ 2175.115001][ T6413] bridge_slave_0: left promiscuous mode [ 2175.121015][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.130086][ T6413] bridge_slave_1: left allmulticast mode [ 2175.135962][ T6413] bridge_slave_1: left promiscuous mode [ 2175.141582][ T6413] bridge0: port 2(bridge_slave_1) entered disabled state [ 2175.150509][ T6413] bridge_slave_0: left allmulticast mode [ 2175.156369][ T6413] bridge_slave_0: left promiscuous mode [ 2175.162126][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.248741][ T6413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2175.260227][ T6413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2175.270746][ T6413] bond0 (unregistering): Released all slaves [ 2175.316821][ T6413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2175.326828][ T6413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2175.337458][ T6413] bond0 (unregistering): Released all slaves [ 2175.375665][ T6413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2175.385326][ T6413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2175.395918][ T6413] bond0 (unregistering): Released all slaves [ 2175.659950][ T6413] hsr_slave_0: left promiscuous mode [ 2175.680664][ T6413] hsr_slave_1: left promiscuous mode [ 2175.686429][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2175.702979][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2175.721456][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2175.728842][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2175.752359][ T6413] hsr_slave_0: left promiscuous mode [ 2175.770603][ T6413] hsr_slave_1: left promiscuous mode [ 2175.781315][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2175.788700][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2175.823278][ T6413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2175.840074][ T6413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2175.856057][ T6413] hsr_slave_0: left promiscuous mode [ 2175.862897][ T6413] hsr_slave_1: left promiscuous mode [ 2175.874937][ T6413] veth1_macvtap: left promiscuous mode [ 2175.881367][ T6413] veth0_macvtap: left promiscuous mode [ 2175.886867][ T6413] veth1_vlan: left promiscuous mode [ 2175.893402][ T6413] veth0_vlan: left promiscuous mode [ 2175.898982][ T6413] veth1_macvtap: left promiscuous mode [ 2175.904877][ T6413] veth0_macvtap: left promiscuous mode [ 2175.910551][ T6413] veth1_vlan: left promiscuous mode [ 2175.915761][ T6413] veth0_vlan: left promiscuous mode [ 2175.921693][ T6413] veth1_macvtap: left promiscuous mode [ 2175.927147][ T6413] veth0_macvtap: left promiscuous mode [ 2175.933037][ T6413] veth1_vlan: left promiscuous mode [ 2175.938243][ T6413] veth0_vlan: left promiscuous mode [ 2176.089836][ T6413] team0 (unregistering): Port device team_slave_1 removed [ 2176.102643][ T6413] team0 (unregistering): Port device team_slave_0 removed [ 2176.195709][ T6413] team0 (unregistering): Port device team_slave_1 removed [ 2176.209977][ T6413] team0 (unregistering): Port device team_slave_0 removed [ 2176.303204][ T6413] team0 (unregistering): Port device team_slave_1 removed [ 2176.316675][ T6413] team0 (unregistering): Port device team_slave_0 removed