last executing test programs: 15.700752039s ago: executing program 2 (id=1654): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8=r1, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x6) write$auto(0xffffffffffffffff, 0x0, 0x100082) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 15.183423579s ago: executing program 1 (id=1656): close_range$auto(0x2, 0x8, 0x0) 14.967647738s ago: executing program 1 (id=1658): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000580)="0fa2b7f22be8f2c020e6cc2ded47f7c6cc91027b7f50b3c4f476e0c4d3dd6dc1e948f3d6793f99e804d32d9e11a17eed5bad09ce0c1a2e2831a503a7d0c968d0992c4952559e4a73ede0d9325def91578860c2f79dcf9ee77cc2899b9c1d43bc8e84e9201e9372358607794031a9c1d4da3fd801b428c0444e81fc106d229f88a70c5549717ddcf0cdaa5fd3f010c0b3f09ff4295d2197e5bfe3a4d8be85cd049aebf4295f5d2d16940dcf4e816f2c3e4398590629577883cf426528c378dca7da7a237e2e9241d56cd5868e8169a0fe0b9d1458514afef7ddd6c4b299e9f55333f1a88220b7ac8e142e0e6a64cbc4e69163755e7e0231f4c74b60fe6b1c2d3ffb22c30c7ed6ec8e007f984eee7708531f9e8dfed2ccef69b40b8bc2505f550b0cd49daf95ce458c9d1348165b68beb3cef1744d55ef6205a9ab22194d9590f9ea75cfb33e286d53830f1156c844b6dfb508f18b4a6440b802f8d1c5eba0c21745affd97a6858176053a4defd21411a5765ec08d629513215f5bdfdbb90ac4cd4c85e64b0bbd7aec5dc5639f57c02d15cc37226c14d53f1ea8ee0e6f90bdccccec062a000d6b7429cf767714b0c3a93b0bb9be2effb610bdff878063a58e36e35b44478b1facdc27888ca5c2d4dedcd96965d8075fbc24abc4478ed2122221aae5b0c88046641a303d77a5f5d7fd969d2d621b90f46a5f259d209f235007365953f17b25bf12d536c4b4088569b090903ef6b0c52e5b2caf57278de8c5e6821c058381de684c60945b79afe62dadea54571d62046e960588180c2e2d0649072fdd32503f8529d42d260abd6e3ea0563d76c25f543ceea323f72d5d4191c35dc5826dfb1d743d24619fcf26be0de3678ea8482b7ce7594975ece5ff20cd3fd5faee6a3539cdfb7d18f48cfaf07c38f7207b5654f36539e5ab91606c3468c090c642168a780b5f492cfe82206b5e2114552daffec8cfac53f0eb58121331f47f37bff4dadcc171ec96c578c7b20c666310233446fcb4e0f02aa8849d12e4746684e6bfae49843cacf155241a7fe2d2d6124ad9da25a2de4ada14e150637ba4023088228c7bed2180f3326c6e21927d4579f1adf8a47d3796a5792addccfd45576b0b6174df576f309885deb60e5165e58eb91adbd22866433e6b202c49cf22001d45009f82bb1a241ab6267792f9cb2f98935390cf42b71d9c788608288a6cdf525f3acede2b287ca4a38f7c4cb999177d630f6bcde963a6d96c2b91761d62ef736345f7c14a2ce5e68835fc5b898bf3a4eb62b78b282f0027c316a647860c32e1954b0a921bd38c69bba3b635791f9f46cf33a1d4dc4b184c25cf480c0c20385a052a46a44d5023582b3848e428429af6967f823c72d4924bf2a45481bcd034b095097f51b92ecc4def0c24f4d3118a33bc092bc31fc35a55e06393aa3caf9fc21875d9e890160719508bf5012625df0eea46508b31fedf807bb2cf13b0c860a1be38381850595f1e311fecb2abda1fc1d0e368d49b7b1af5df13b0c8317310ca3e829b2237439781b61015034665bf2e80619093ed1b40c13b564ac79a2f2482890e7950e217eee251810b72d91bfc1e4910fffc3a58d7d4cb307841323cb61d00e5eed31a4af702531c11be2407b74690c649665750b5fef3b76302a490bbd0d73ca23db4fd5d26318185e4e7dc4aa9a3f5a04681bff7849619e548f8d6e422b4ca51151101acb71b4b8d56ef73afe0a331a72dfe97c6103e2a591524fe3c8860cbb94f37f0ec87d8ec95d0bab3f0b006eafce58b9fda5ead5b408db563d7cc494681372269f059d701cff1cb5105cc71173ea895e407f372639e27f6a65d9f02c42311fd1e95a4f94265dc7a14d983d50435ecf8418307a3cf32d026125e05807f2ded11476d7019fa92939a07855aa319a73d00811dab63067391a7499648500ddc7eb56e0f722ea978dc44e0a8153082b3f68778bd670c2e4e09b73186087fbdef576c6af15db2813fc9a617ca7038dbb8163a5d8963227f65e0e12525fd462f4905807c6b6c256a4a5ccdd3284e24670be4f4d299d5ad3aaa1050c72fa9e372d3cc6efd639a1312659ee2105348321f983a79b8db19e2adc1abb9dee613259af2f25ae47d4f453a85e3a117a228eb1757e17f3817b09e7e331bddec9586fc107c18b9180895016490b9ac55aaa700eb1b5e823ab516291f0edb1204ac0bf7b7bc8cf9b93c322cba48c669909cf31e850195e6906987494dc421adafc46f8d5556ee1bc58e7214c7c405e1b0451b0eac424db16b9c4ed4ada4cf433aca9ed07d023853079b6d37590799b68757808ea0990e7c94ee8a25fdbd28a5a581674e689a044fe697ee87f8e0f9e3d7f356ece8928ad38760d070634a703cb6e209f2d3feef5ad2df3f733882ac46a153a65ed7c33621c03da6c26f32e48bf256b25d9db7eefce2b5eb57b9ac842b4de578b9e36e0d2446d12fca8b5398da992d532e20f3b28570ba2e36f46ce5b3702577d96f004a4310e27007a93c29735ce87a648d550bdedc5f483223631bf82796387b9d57fdd7b09c9fafe7ad899090775e7151012c5f2ff2d161b775fd4ec2e44f3c9ee5ba23c0c97a5c85d06cc4a618fcbfd7d43985d2174273de1d7ed59e60cb598a3ae18ef6233cce54547969b97c8f618fe364b6a2c5734fa39f702048063cb60e25971c5afa0dd0d580fe4013265a45b1b1962c1138e8cd8ada383d7f29566b83559245d2ee3abeb9c8070b41dc74d519d6a3d140f87acb03f6e477c21185229a10fe71777d4246e7c92af6dce9a3b33a5578a530336b503b4c77c43407863411933f66b94ac119a5c264b6b2556536a83bdb7815a384b10a55fab0a509662fe6372e0f0ed3dcae9cd44d0ad86d6ca7227481c7ae7c08db51050afd9cab0de1707249de78b20d83dc34b3e227d17aaa4e69c5fb3b4ab0b214858f9ae4d9a97d098c7ae43a49d57e23622edc35d50ae92f91409ea00f0fb4e269718467cf041416b954719c83b5c0a7f9fb6b6a245cdcd6a3f3f9978c25a15f0e01ce13607c7b7ced669f6cb8ee935d7fb274cc54fdf3729a1f50598c27c8199cea8edc0745df474798269699813592ab87e801eeb7acc1727157d445020282beaab7515dea201867870f6d8ecc276fd23a1e4260e10224d364060de5b49b4e8180b14e5d78434d49d10c94bb58690e63f21c469b56efcf16e326fea8d2bafa9ea53ba909414dc8330e63d9e613e7fb7a92b192aefc392ed69100ef4e471430491aef5e7fcb436a59964104553f780d3690fc534f09aa995e6e2c936309c630616001c89f8b5d195c8e0ccc6b153c06ac6028c83807ca71bb11ea9f697fc9ea08159f02acae79ea7ad450811116b8f10bddce6de1339169229830d1e5b5d923c3f12301a39ff933d37aa496363b0c4ee89f914671d1ce7ca94d96913d19a5095bce74591b909bd92cbddf1ad4e9ad98856190a7d9c61db480cc6a3ed80d5f5311812548cd4842e6a301677b11145757fb286334e1be7a047d1e2ad4e1de70c7e0f283257e17f028bcf0be011bb68a1b4cc194d7a8a329f5e375e3457c89e24446a171469d07da45615cb61538668b8301aae7181ddf5b246b044f5b53b117dee0f255c217d0974a2c48087e31942ede5b3ff7d901330699e3fec67570a67ac484fac404d9841a3ed9c52877557dae88941712562dd53498f5d5a4b0511c1f91005c05322e68ee019fcb20be7b171b9e3813ee0c6f54d0ee6b4183cc89ec67bdfc087a797ac3a403b30010e3de69920dd7a619f47b4eee63f9cfb6ee46e84f92dd83836bf0efdb5af68e88df67bc3d08373803496305c02d19cb5eef2988cb160a0ac95fabedddd609f169eef499b4594e7ceb4aa5a91ee5da9d98f3a1b2736658ca3bc4b05c3b686b1c8ae3c3753cf07955bed72271898a480c494b28e3cf2706da9d9b1d88ea718d0a0b7cc6b11b8ecb2fa360fe49c84db6b930fc183be94a2db9fc44033ef7c2ab7b72de287b21e919ff34b6a41af56aae3355ee33cde3af5e0c8d545145804f6bef9282cddab4deb7a141605bc9533021ffc4d14910784d2ed0c01b987b9e67a759ae8ac439189a24b1efb32e6796c492a0ba6e06904864b928716dd8b3be2984ad46d80b01f99e4ef85cc982255d0372e09474eca599f36dd86eb980d9684bf1059c210482effcf2054bbb72ba61976ce12df25e30a7461dd73ab0f7ddf03a01694c6f05e27ad7f3d878ab933d57ff6f3ac34ea3cdbd774b717e8fea9edcf2607e33ce2eae015c05ea10ad967fd8e5b601aec8fd697e97beedaeda68be4bb64827261d35d57c5589968276623a3d6a3df849e48926052c0ff17770a8402f6c4e1e3542107092e57291edde037d4275e1d65054bc994202db9c24b2cd9443b15a6c3471a4bee92f70f2e436f77b3b64c54e340f0bb01efb7f28e7de67350eb58cd814fc38d5947af816e8defaf49f0a6cf6b4013cdb17f98c79740684c5b1c30d9b1eec03346ea3a4b00173a0df4ca2284b22b77e86c67d9813fd364e9d6336c99a57eaf19b2e2d0b802f9b8fb4725e2095b5ed3e2414ef59f838792361bb00628ca0a9097acfdf590ce3aa04c8cc5c7b8436d65c6d9f76e06d52f26f38400a00801da1b836da941d6466faded901d5c1166d79b77e40dedf8955009c71d9cf733fe015853a72b6d0c13611e028eb6481a71650a601eb865f52f62e643f10465ca7e63d7d3e7f53a9fb3b1c19c7260909e612d7f483d6eaafae559e3a3fe6ae926bb914c9f989bb579a734724561f8bbea3b85c5474e5ef0a0e8e01bfe1ecc96fd0cbfbc0273fea2a2289e6273083c56fbdd42c38211fc233f55beb1cf2b74b85dfd5dd7d5ec430f8c12f19217a3060f6638952bae6e4ccb0320552b8202eb792bacef09133647d1fda7358ffa1cd85368d6ca1fb6ae85cfecc9cc8172d1c1ab7cf20792657be38a148ac66e1b9264ea11dfba63952df8807cb79bc5dc3f1510ac15d41d7550bee6f3d37d517cc3cb3ea95f40947512a486d8c1ee7d44624f3db5d3871fca67a33e42a44c8bafd0846b0a0313f462c808f8d0b722eeed162edcece171c3221d8df5fd7fd8a6bbb3e7f811ff68a0a3ab6cbc5288b26bbf5b986883cb54185f5dfdcd4bf5beb1d13249caf4034b67d489047a90575db05700c68b3e5c1ed32d0c96e868c85f03bfc4c2ac1b8b55521c5544fdca2923126579cd1e3a4ffe49cca06925321d35e695f679821d5339177bf609fcd1d74fcae652c8acd2ad42e10a31655bf9569fdcdf384f405c6cadaa0b02fe4a606b8da8e0d575a5d4b8aa4768fe4e173e6aa96bcb63788116bd15c543e504bb2164f312c937c33e9c00afedba7f58439093e1a9ba9651a9c2c78dcc89ed3a4016c7385727b03054e4280e6a5757f35c89c28ad9b47a44588914b77961096d42b1ca4682976fe6bd250493bba150cda9b70b576f6bb2ddd7104a5738ad298b94db1ca6dc3acc63f009ec1aec0e5ced4302c2369ffbccb7b9df5b66dbfc5d4bf6529c0f85df7e297db9056b9f0effe6109df175604f1d48e10ca3567ee1e5729c17dbaea2f4c43a8d1a8f53294a119fe4b18beabf84d61a5b8f67bf46773b5b640a9bf0d9e4f0df903dbeafd8b007bb83a40649852cef1ea2e858728a2f69320634d9628dfbabdf3c5d1c28a01e09b59072feddf0a11d2c6183177c2c5955117d6ced2c6897301bd67e6494ebb196f490de12f70ab5cf373967312c4e5c074a6b63f5bf73aca60f7d46b1d0a0f2d1cf27e75c5722740", 0xfffffffd, &(0x7f0000000140)="8ed27d0165643fdab8615b14a80a71ce5449381cd78386214fc4a089cef7838d999d14a5152d123ae80c379fce467dc995c107f68487e239ff5fb1d4f4a808ffea2e3b614e13f8b023b0a6d8d666b214", 0x2, &(0x7f0000001580)="7af6663d93380dcf9de6717f8b6c7b0d062766dea35d27e76888c7fdb601bf0826a56eccc4c7c732006c4a6ddf27d63e79a1b2d3e9e26e3700ea475089759b95dd21c2ecbd3a389267451c4824bdaf1c6a085f36a5d0f073b9f96c6519ade93ed2252be47eac7a26e350562f77fb9a611437a6e3b66a1716148dcc28a539aa2c3b26f00b23939b78c00e1bb83c6681deddd6d8e7c09d6aa22368fb15343b203c29ebbfbe66be9e45bebb3e11c3f9374f53807e9b5d841d5e590b346f4563abfb21f5124072c7e6055fb01ea0fb4f6b09b0199e83ae6094cdd32b821ed71de42fc8bca002a86418aa0e1b9c3ac274690af95d3c04adf454da4d7d7e1ff7d889fbaf3f55693837234dfcc2ab0e25d68e121bf1f4d110e482488ab2f24b1bfc21f204c1544450a7029a713b20804a68cb2ccbd26caecc638875f3e63b1f9d0c4a403d366c2d71de98dbf7c6be07b5b33693f2d4035ac84d90f28357437d5204d406205cddee466f055762d75195269768d36e1f69d4b627a2acba856a547a90ba455961984c9bace60c7e874282684ff9b7cb8b33e90ffe7d9803c189d4f37dcb1a30acc7c216462493451afb1c7982d2481ce3a8b383388029469e569818f3e6165a655344b38ffcdf24ef5d4c461335728494f7cfa8581134c0781f67aedc7edcb40d0d1119227358b2939f28d41678db6a921d98d6148123ba3b388fb9373adc313a5d769767d7d02bdb4ffb215c3dc8d667a1b17de142951c510ce32bfd5a14336bb5955bdedb05d5245006f03129342deccd8ce41eed7f6307fc2876cff0ad66ca311d82c10c9175dd147780eb1f43f060e6130548444aef31c078f160a6b08958129693d61d2ed8f4d7cfe9cd12da2d873a804b6e576ee029d50796e69f8e79dceb2e9b7d5aa21905f24a7b50ce33e70b35812e09e3e7f6c5d7ccf804e4d6d98d78f0244891e5dd1f09ae91a39a352390e36d9306b9de8db17f15c962c0a46e48c82760fd5e647a9ccdce94b254fa4d014809afcaa5106cf1180285f040719875a01b6343d0d242dc315cce2fba5cb28cf4cdaf84c496c0aea8d364f553a2c72a50845675593fdef94dfb89f0878d5cafd5bbfbb4c631db604b945fcd575ebee8a8137964e6a2453af2073396060a2ed2ee64f5efacaf3058422724d560f1f1cdee76f0fcc9fc9b0041be9de0d9ea0aa2cfdf11d79c590ef4fd0b500ae7cf8245ca1e4a2996410d9b40e54e8072c2a17e2a227a151ea7e0cb3ff3cb0bc0169c81cb8a284d08c8a901aa207062126b60e58ab89124f34d8954259056c6910b6a5439a75fc7e5dbaeb5cd8d802e97d7abdce8413eb53a143c219c5bb266a9bb92017e2adc985e1cb6de47a6ac31352ec3d81c7e4f02a919eae5f1475f4ef8ae5ce64de4b696d62398af7480527ea80bfdcc5fb01ae0dcd393ccb025da994aeb087a4f0b14d3180ab0bcca2155363e6f856fded3bcd79f9fdd359266ef7007e2f2aff4884af794eb2138ac91a7953fdcf3b6b8506c8a98a61a65a2a0e4b173ba173be4088669485e42d081163e9cb1cb840e65c58a721f8438d390faf6d7bc0a2468196647e9a7c7355ef01f678dd2bd3623f747008dbeb2931a7f6be2a894a62d57138601561bf3cb31d23024f540ed02690dafa916cd6ccfa52921ef600f783591030d799eb5692b9dcca67b7509816c50673eefa411d50c6e2dbeed26df2130be737b175be3130814f08529c541d642cc82ca9834073e468be6dd8c4cc0af0aaf06b8fca9a5c31fdd2f6d982d82e0ba91677cee9a7dcde9707b6c853755819875bd83f8abc5baf29d7a42c874cf6d7cebe7e211ceb2a6bb30d1948316daacb84d973ed11b3c1a3caa042619436b55e33bb9a453ef0800dd393b3281e707d85194d11b943c5ddb824cc171d09f0e26470c09938d4b00090deaa4e50c913e78f6d493bc3be3b1fe7e85cf1aeb7e6518baf923141b0d1b832780f350ecbfec91a6de3770ace62f04ed8521b202e8b3c3781cbb0975ad054b4c0d59f60585e631bbf1dffeac7312686d1164c701c84a1a1b057015e515f7c45d29a81cb063458cc7366fb26885e61f704d547c3e5fe881a05ae0ee903503c3df4707bc91eadcdd580e57aa17a1fcb03ff0ab57409fb72095956898dceff72e17456d85332939ec34f338c743d3752c82b6fefb9b1c0e005d81b6fb3832bf02db8ff92da87230616efb16c47b6fea688502d67ec6b9449e84d4cce6417a3527002ef2637512f2c73b311f6f3a2a13a1b051ba8db029f304a4b044ebfc7110f0a832719c0b1a8b17a097171d66a555b0c5d80cfa1b4a01c4e8d4a84f94da838f3310ebbe8af26058c8af826e0baff93cbbd4129ae52c9cdf475e2fa3fb448d4a698f26066475a3cafe5c244272bd0c481ccd249793b6506a4020b66a70ccf84a3bfe0c5b9ebdd36f83346cb7ff8cdd2d234e4810a983207bafbe7e6f3f2637793aefb93625d30616d8b3e0e245ab29cff5b2772bb1d1d8df4766be01c1e50dcc5669129ab85018edb298a3e136925922cbe4ebe9fb3daba63d9b32276b55a9829aaf74ec227a3e3ebed1fcce571b46c717cc1523f3ea49732ef0c5aef883ae31f36be063ca86694f4e8b8cc88fe63d54042f9b8b90f7f2ad58a2ad0d0ab7f7fc112bbe3fc405aa8b7961333c96c22b038d22753a10da870703887a29eb194b10e1976d9010f6f6b9127f13796bd1f5c03a37370501f54744938253d55e14b0d676f7069382ec04ee74197ac3e058200f962b01f6a5729bead707efb18d72c61a33c0b23029d22e463fd3ddf14d22ca76d00a18f7d903d68e69a74987c51a1005ae169e35d09614c65ae62f2a566e2b24ff5ba1bb1fd8967f3294bd568f4af775dc4ea87db0980393d026656b74d34d7bddba301363026a33f223ae88f72e57b64c74009b4c40c972ddac4d9aac527519cfee2bb34b0bfbde999fbf8d035adf250f1e88a60dcfc8a182869bdd4ff533ee219ec3200281a6fee5b62369b88615559972b5cfb4cae426a09069f1e17fe479b21027595cd306080c305d6c6f56c5079287501eac413cf602194df699d681d013b715334a54957b8ede6554f4a0f8f5ee2d9bac17f4bc8275b2f28d0071b560273084b7bd75f1a99eb8057634f148c84208c70c10318a3c82ef245657e3238cf23fbace7a2a96161be82371ccd1b2fd87bcc8a2e93a5b9f3eeb155537be56cbd9c0b183616c765c25898a2a6fe3b894b426620530c2a395db56d630139c92134301e63c33010343b48691d5376c1e8879e916cfd13772ee685edaad15d55b7a049485aa1e6dbc79315b1c8dc1e4ccaf09882551865221d492798204382d29d4d7874a3978e5ae0f0840875cc25dc18a5734397b701b6e599788985afc11a9e13a855bb10d5f7021c2d2b8d5468a027e2927fc4ad49a11c5da09ffb487b61ddcd3a8aa4308f5b46be7c8c746794707743cf41bdfb9b3a4e3071ba7f53b32f5fd258ab82ba409a1152523c0fc45f76dc78ce57049bc67016b0bd2f59c3860f4d6ebb742d8e798398dc5fc181070a2f405235fcfcac571e4a9962e618e43c291ec35bec1ca98307eee2291c17369e895cdc2e0543470665aea769f4d6a838ff24fc0b51d0878ccad7a9ccb0764a3dab6c5d4f5320f0e624842179177def801e3ef9291e1efd2a7c6db95b2e6a0c725da0a90a3ca554133341660618672fbec09cc0baa4444291dd1536950d0124f30a306238004fad17c797e366dabfb300fd89f4588479d7edb4e607c45108f8853c8f5553b20a8f2d7d24dce106d6527bba3d16d55da4855d079aa659996020f66dc2dfa5c4eb712d19736f182a5173bad35291300141e6160b1899a2b845f7c50888f6fdb5a6cf6893041a68f14a17c297020d7b43fcc1cc3700e9b683f65f2fd67875d3bd5ee19238f3ca612f2b2e6f17307bc39931a1f5aed7287fc83552e3cb88019d06bd9be55b3f4a1141fc1e41f49bcfd479711aa610ff9a37b16815bcc58355787c22e3902082f69c1225f47c767a9058ec4ad3aa579632a3a0344afaaff6aab5b34ca2a2e4704c7aa071e5f1ef1b4ca41262bc2b78f59a0ea8cf655b481bdf26db07406ccb2ada93f80e4aee244e60809bd37fcd4bf2e04c743e3684f9751895b5718d4f0c9b7bf56f22665e4cdcd8adbe63e15ae5004a9eb9d2f4af36bac5a93a6609a76a40b24e79ecf30383bb4b44496c79dc0e09f7778df6774fd378d5d4d7b8539cfb94812328581702631c214cb8c68cc66abf3145f645b2b7ea89a47d4ff13672d894a179a1dc61b10d93b2f087edee4ce8f76046e586bf9ed66b0fbd8194ccdc33ef48e2ef2be882439dd0ad2fc10e2606ad817611165b951e7d5a26d905479abcc1bcc98184ee250a243ed9960a9c6728fcd2c82d192013bcc8a09d559891f1e4e0f918cc84706419734286d25ccfba81d6995881d7106f4ebb3941e7697911da106f9ed540f86480341730f752840b4474e78b1a324be65a818dc3b18cb9a4417d7bf7ca63ce44b3f2ae36a4b2ac09acc5e69a6f7b94b3fee5e705431277249c5b0662f5e991b53bf76579ed7cf7e6bc90d5cf4f9eeffd33f5e34b83f6843173e170d237410764c9d7c16a4eaf9608830358d22c20ed4391b87fd35737f3f9fb3790382c48c17cf5016ef211c54e3e0d8eee4ae9d2c2df73dd4987ebf91af7b0480f9a98594182f1679b010f67aad7f4dd81f128e6e0f10b4a9b9653ef29913a211682c038d8f2a72bf8ae13aad17e9ba68840bfd0a4c49d7007ec38879cd55ae36df1e34b784754389c49cef79e40d91d60c14e2f783bec1b1059346e421ae9cbf7eb54a02904fb1e9fb2b3020f8a11744810f6fb0dbde7e5ac9363dae2b49e3b1109b10ebeb260eada7a0e8527113a74211c3c056e6e3b5ea8617357559089e930971c556d83cf4b9a0977ff4de01a3659bf226b34d9d11b2e30813de9c3018734ddcd8a8d044b94767f1f03b3d034543df5106dc5f0e9e26d76ebdbeea2a3ff08c804927f2a206a663e474892d8fa35c65a0b10e80827cabaa9582b7cb88ecfcd6827dce6568abf2192e455d51901b7cf8d811fa9250bc73c72c952f4967c85f0aa594fe9440d2c87545cd0b594406b770cc872f0c38c4b99389f5a1dba133d203a1d2191b26850708fda16c485cccb3a5388a2ea5ea263e61dde9bd3d22011f04fed36a1cbc9ccc8301a429458b87b4218f1a0354782554578c7fa9ccc5bce4dd9a5e51007e216bf429df0421ba161033e12e1226b8b01883012a0871bf2339ceda0ac7977d18de58abe3301d7672341c26e2cb4bc3f088d8162e111180089d52ef02acfc51df84c158315493e37f9125f101970e795c968380bd8a8054da05c0858deb289e39819122987e59b689a996843a9467e10176fa940be6d3f340098cc339cd6140f8d44a82650022949648f0d0717da1a4c6e0aa5896897590a8299f6de988462fccd318b125f6b77a9d5682cdb36838b0c8d0fde8c40caa0cbe0a3934599fff5c4eb3dab0ded882b3901780a1ceff1059fa1d85c88e51e84ddcc55c2acda35dbb64d74f5857963c8afa2132926de27ad0665531c1f43d3de79cefe0241da92dc637b03591399792862e40f0daa4ab9bd87fa02e7da3ac5ad0f1f62e6899b288694175b4727a0f1502952f4eb1d18d85582e1d729e9005dfba36f0e96728731bfcacebb4083627b229c489acc19fde8a7aaca9baff075c9d77948f2d36dcecbd1c2704366bd32e9d2797ecc980db73cede89bf99c698f286f84a92", &(0x7f0000000280)=0x8}) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x3, &(0x7f0000000380)="e87658dcfcb277876a73f3dcdc5d6101313b08e325c97941c15bec2ed29b94d48dbad4877aa6494896e456a441d5701021f76a2ad6cbf4a60b3e562cb47172f29c4e6923abea43da217c07f8495d67a9616faf669afe6f3368bc4b144ccb26e0e204c9d59e6e2560f31a2f2b03e487a1fd04ea05c6c69102234d99db9bffcd4d81449e0dbc685429e1f17fca392a331438c65931e2c2f4c0d120df889dd0e9eb092683962fb9963e9dafa8a2529d30b73117219a2e211bed4a2125b21f16c8d591666e5780046a7deb4151037733b102ed6f0da2240b13a05dace6a0d39a032916b487c8715c4903a46e") bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) open(0x0, 0x4201, 0x64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES16, @ANYBLOB="40e69b4f1e1687c66719fe617c2694c23ab975"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000340), 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) ioctl$auto(0x3, 0x402c542b, 0x38) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x0) 13.651544274s ago: executing program 1 (id=1662): syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, 0xd, 0x10000002, 0x0) semctl$auto(0x2, 0x9, 0x939, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x1000000000, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000080) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, 0x0, 0x400500, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x39b8) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) 12.01863964s ago: executing program 2 (id=1665): socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x80805, 0x0) setsockopt$auto(r0, 0x10000000084, 0x64, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) msgrcv$auto(0xff, 0x0, 0x2400000000, 0x7, 0x6bc2cc7d) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0) ppoll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) mmap$auto(0x470000000, 0xd, 0x4000000000000df, 0x109b72, 0xffffffffffffffff, 0x8000) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(0x0, 0x8001, 0x0, 0x7) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) mlock$auto(0x2ca, 0x80000001) munlock$auto(0xffff, 0x1) 9.228994962s ago: executing program 1 (id=1668): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1c8740, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)={0x4c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_PMSR_SUPPORT={0x8, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x4}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(r0, 0x0, 0x4000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, 0x0, 0x22202, 0x0) pread64$auto(r2, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 6.474382643s ago: executing program 2 (id=1674): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptye6\x00', 0x40202, 0x0) mmap$auto(0xffffffffffffff80, 0x20000a00004, 0x400002, 0x15, 0x602, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) socket(0x2b, 0x800, 0x76) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0x80100, 0x0) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000b00), r2) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)=""/122, 0x7a) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000002c0), r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/net/ip_vs_conn\x00', 0x121040, 0x0) 5.731162679s ago: executing program 3 (id=1676): madvise$auto(0x0, 0x2000040080000004, 0xe) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2000c800) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/offline\x00', 0x800, 0x0) read$auto(r0, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.7/usb23/23-0:1.0/ep_81/interval\x00', 0x3) poll$auto(0x0, 0x7f, 0x9) sendfile$auto(r0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd) r1 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r1, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop4/queue/wbt_lat_usec\x00', 0x10b142, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2602, 0x0) sendfile$auto(r4, r5, 0x0, 0x2ee) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0xa13c2, 0x0) r6 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim1/ports/2/udp_ports_table0\x00', 0x408680, 0x0) writev$auto(r6, 0x0, 0x2) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x165702, 0x0) write$auto(r7, &(0x7f0000000040)='//\xf2\x00', 0x80000000) sendfile$auto(r3, r3, 0x0, 0x3) 5.226916283s ago: executing program 2 (id=1677): syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, 0xd, 0x10000002, 0x0) semctl$auto(0x2, 0x9, 0x939, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x1000000000, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000080) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, 0x0, 0x400500, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000340)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) read$auto(0xffffffffffffffff, 0x0, 0x39b8) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) 4.564895286s ago: executing program 1 (id=1680): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x14, r1, 0x1, 0x70bd31, 0x25dfdbfd}, 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 2.875119175s ago: executing program 3 (id=1681): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x4, 0x40000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xa) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x84) socket(0x28, 0x5, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) r0 = io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) write$auto_evdev_fops_evdev(r0, &(0x7f0000000080)="3ed7cd474d53da2b896696cc431df505873914dce98b5be8777949692e91488a01249b0f18d9a38790f51695b14ce7b0e6a83b694f5d5486cc4c03c2816f0eefa5c6452c44cd22846cf2c5a8f403a8cfba", 0x51) socket(0x2, 0x3, 0xa) 2.359431938s ago: executing program 0 (id=1682): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x1f, 0x0) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) prlimit64$auto(0x1, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(0x0, 0x591083, 0x408) getcwd$auto(0x0, 0xffffffffffffffff) io_uring_register$auto_IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_marker\x00', 0x341, 0x0) socketpair$auto(0xa018, 0x100, 0x4, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe\x00', 0x20a02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xbff) fsopen$auto(0x0, 0x1) 2.33912733s ago: executing program 3 (id=1683): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x88202, 0x0) socket(0x21, 0x2, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/reboot/cpu\x00', 0x4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r1 = socketcall$auto(0x7, &(0x7f0000000080)=0x9) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0x18, 0x3, 0x0) accept$auto(0x3, 0x0, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(r1, 0x8004b709, &(0x7f00000000c0)=0x2) socket(0xf, 0x3, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003f00)=""/46, 0x2e) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x3882873f, 0xeb) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/bpf_stats_enabled\x00', 0x20200, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/overcommit_ratio\x00', 0x202, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)=""/209, 0xd1) 1.760343699s ago: executing program 3 (id=1684): getcwd$auto(0x0, 0x7) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty51\x00', 0x80, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyp6\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) read$auto(r0, 0x0, 0x6) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x400c040}, 0x10000040) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2404c800) 1.426573758s ago: executing program 0 (id=1685): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x6600, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x84) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x2a, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x4, 0x7fff, 0x1a000, 0x80000948c, 0x0, 0x8, 0x400000006, 0x100000000003, 0xc, 0x9, 0x3, 0x6, 0x400005, 0x5]}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_MPATH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1cf5", @ANYBLOB="01002dbd7000fcdbdf251600000008000300", @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x800) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 1.054246569s ago: executing program 0 (id=1686): socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket(0x2, 0x1, 0x106) open_tree_attr$auto(0xffffffffffffffff, 0x0, 0x3000, 0x0, 0x7ff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xffffffff, 0x0, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sysfs$auto(0x2, 0x23, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x4) rseq$auto(0x0, 0x8000, 0x0, 0x6) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r0, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 803.792441ms ago: executing program 3 (id=1687): syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x8080000001) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x0, 0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, 0x0, 0x40084) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x340000000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kcore\x00', 0x40000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x71e57747e2f51d7f, 0x0) close_range$auto(0x2, 0x8, 0x0) listen$auto(0x3, 0x81) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x2) 590.64594ms ago: executing program 2 (id=1688): bind$auto(0x3, 0x0, 0x6a) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb5f0, 0x7352, 0x38, 0x663, 0x80000001, 0x7, 0x9, 0x2, 0x7, 0x7, 0x0, 0x4, 0xb4, 0x7, 0x9, 0x10003, 0x80, 0x8, 0x0, 0x7, 0x2000, 0x3, 0x0, 0x0, 0xbe, 0x2, 0x0, 0x0, 0x0, [0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x801, 0x84) socket(0x2, 0x3, 0x1) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) sendfile$auto(r1, 0x3, 0x0, 0x7ffff000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto(0x3, 0x404c534a, 0x38) 521.590201ms ago: executing program 0 (id=1689): r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) clock_settime$auto(0x10, &(0x7f0000002d80)={0x9, 0x2}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x580, 0x0) sendfile$auto(0x1, r1, 0x0, 0x1f) 498.743987ms ago: executing program 1 (id=1690): mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x409, 0x5, 0xffffffff, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc048aeca, 0x0) r2 = semctl$auto_GETPID(0x6, 0x6, 0xb, 0x6) prctl$auto(0x3e, 0x1, r2, 0x2000000000000001, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r3, 0x7ffc) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x802, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006) 158.396157ms ago: executing program 2 (id=1691): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r1, 0x29, 0x43, &(0x7f0000000040)='\xa1\x00', 0x4) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r3, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) mmap$auto(0x0, 0x4120008, 0x46, 0xeb1, 0x401, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) ioctl$auto(r4, 0x5609, r4) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r0, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 102.537437ms ago: executing program 0 (id=1692): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) sysinfo$auto(0x0) socket(0xa, 0x801, 0x100) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) openat$auto_supply_map_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/downdelay\x00', 0x303140, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3b) socketpair$auto(0x202, 0x3, 0x2a9, &(0x7f0000000000)=0x1e00) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, 0x0, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 42.762628ms ago: executing program 3 (id=1693): io_uring_register$auto_IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x3) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xad6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) read$auto_vhci_fops_hci_vhci(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) landlock_create_ruleset$auto(0x0, 0x18, 0x0) bpf$auto(0x0, 0x0, 0x6f4) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) write$auto(r3, 0x0, 0x6) unshare$auto(0x40000080) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r5, 0x0, 0x1) 0s ago: executing program 0 (id=1694): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x7fffffff, 0x9, 0x8, 0xffffffff, 0xfffffffffffffffe, 0x1, 0xfc2, 0x26f, @inferred, @raw=0x9}) setresgid$auto(0x0, 0xffffffffffffffff, r1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x1004, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) mmap$auto(0x0, 0xeb80, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) kernel console output (not intermixed with test programs): inted: [L]=SOFTLOCKUP [ 462.604354][T10079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 462.604363][T10079] Call Trace: [ 462.604370][T10079] [ 462.604376][T10079] dump_stack_lvl+0x16c/0x1f0 [ 462.604407][T10079] should_fail_ex+0x512/0x640 [ 462.604427][T10079] ? __kmalloc_noprof+0xca/0x910 [ 462.604455][T10079] should_failslab+0xc2/0x120 [ 462.604489][T10079] __kmalloc_noprof+0xeb/0x910 [ 462.604517][T10079] ? __register_sysctl_table+0xb3/0x1900 [ 462.604561][T10079] ? __register_sysctl_table+0xb3/0x1900 [ 462.604594][T10079] __register_sysctl_table+0xb3/0x1900 [ 462.604627][T10079] ? is_module_address+0x5f/0xf0 [ 462.604663][T10079] ? __pfx___register_sysctl_table+0x10/0x10 [ 462.604696][T10079] ? is_module_address+0x69/0xf0 [ 462.604727][T10079] ? register_net_sysctl_sz+0x222/0x450 [ 462.604770][T10079] ? __asan_memcpy+0x3c/0x60 [ 462.604806][T10079] __ip_vs_lblc_init+0x159/0x340 [ 462.604847][T10079] ? __pfx___ip_vs_lblc_init+0x10/0x10 [ 462.604884][T10079] ops_init+0x1e2/0x5f0 [ 462.604929][T10079] setup_net+0x11d/0x3a0 [ 462.604969][T10079] ? __pfx_setup_net+0x10/0x10 [ 462.605006][T10079] ? lockdep_init_map_type+0x5c/0x270 [ 462.605033][T10079] ? mutex_init_lockep+0x110/0x150 [ 462.605067][T10079] copy_net_ns+0x351/0x7c0 [ 462.605115][T10079] create_new_namespaces+0x3ea/0xab0 [ 462.605164][T10079] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 462.605207][T10079] ksys_unshare+0x45b/0xa40 [ 462.605249][T10079] ? __pfx_ksys_unshare+0x10/0x10 [ 462.605288][T10079] ? xfd_validate_state+0x61/0x180 [ 462.605324][T10079] __x64_sys_unshare+0x31/0x40 [ 462.605349][T10079] do_syscall_64+0xcd/0xf80 [ 462.605376][T10079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.605405][T10079] RIP: 0033:0x7f48c8b8f7c9 [ 462.605430][T10079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.605456][T10079] RSP: 002b:00007f48c9a4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 462.605485][T10079] RAX: ffffffffffffffda RBX: 00007f48c8de5fa0 RCX: 00007f48c8b8f7c9 [ 462.605504][T10079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 462.605520][T10079] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 462.605536][T10079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.605553][T10079] R13: 00007f48c8de6038 R14: 00007f48c8de5fa0 R15: 00007ffc2169e4e8 [ 462.605591][T10079] [ 463.130440][T10085] FAULT_INJECTION: forcing a failure. [ 463.130440][T10085] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 463.152584][T10085] CPU: 1 UID: 0 PID: 10085 Comm: syz.1.1002 Tainted: G L syzkaller #0 PREEMPT(full) [ 463.152630][T10085] Tainted: [L]=SOFTLOCKUP [ 463.152638][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.152653][T10085] Call Trace: [ 463.152663][T10085] [ 463.152674][T10085] dump_stack_lvl+0x16c/0x1f0 [ 463.152735][T10085] should_fail_ex+0x512/0x640 [ 463.152774][T10085] should_fail_alloc_page+0xe7/0x130 [ 463.152830][T10085] prepare_alloc_pages+0x401/0x670 [ 463.152876][T10085] ? rcu_is_watching+0x12/0xc0 [ 463.152923][T10085] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 463.152967][T10085] ? should_fail_alloc_page+0xee/0x130 [ 463.153015][T10085] ? rcu_is_watching+0x12/0xc0 [ 463.153055][T10085] ? trace_mm_page_alloc+0x11b/0x180 [ 463.153107][T10085] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 463.153141][T10085] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 463.153187][T10085] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 463.153230][T10085] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 463.153276][T10085] ? kasan_save_stack+0x42/0x60 [ 463.153319][T10085] ? __get_vm_area_node+0x1ca/0x330 [ 463.153362][T10085] ? __vmalloc_node_noprof+0xad/0xf0 [ 463.153388][T10085] ? snd_dma_alloc_dir_pages+0x151/0x240 [ 463.153426][T10085] ? do_alloc_pages+0x136/0x2d0 [ 463.153456][T10085] ? snd_pcm_lib_malloc_pages+0x3df/0x9a0 [ 463.153484][T10085] ? snd_pcm_hw_params+0x1656/0x1ba0 [ 463.153510][T10085] ? snd_pcm_kernel_ioctl+0x147/0x2e0 [ 463.153537][T10085] ? snd_pcm_oss_change_params_locked+0x15ab/0x3ab0 [ 463.153562][T10085] ? snd_pcm_oss_make_ready+0xe6/0x1b0 [ 463.153593][T10085] ? do_syscall_64+0x4ee/0xf80 [ 463.153618][T10085] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.153656][T10085] alloc_pages_bulk_noprof+0x77a/0x1410 [ 463.153712][T10085] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 463.153760][T10085] ? policy_nodemask+0xea/0x4e0 [ 463.153811][T10085] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 463.153849][T10085] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 463.153914][T10085] __kasan_populate_vmalloc+0xfb/0x220 [ 463.153962][T10085] alloc_vmap_area+0x98d/0x2a50 [ 463.154030][T10085] ? __pfx_alloc_vmap_area+0x10/0x10 [ 463.154084][T10085] __get_vm_area_node+0x1ca/0x330 [ 463.154138][T10085] __vmalloc_node_range_noprof+0x247/0x16b0 [ 463.154167][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.154206][T10085] ? __pfx___might_resched+0x10/0x10 [ 463.154241][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.154278][T10085] ? trace_contention_end+0xdd/0x110 [ 463.154307][T10085] ? do_syscall_64+0x4ee/0xf80 [ 463.154332][T10085] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 463.154360][T10085] ? do_alloc_pages+0xf8/0x2d0 [ 463.154397][T10085] ? __mutex_unlock_slowpath+0x161/0x790 [ 463.154431][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.154465][T10085] __vmalloc_node_noprof+0xad/0xf0 [ 463.154497][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.154528][T10085] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 463.154565][T10085] __snd_dma_alloc_pages+0x53/0x90 [ 463.154601][T10085] snd_dma_alloc_dir_pages+0x151/0x240 [ 463.154641][T10085] do_alloc_pages+0x136/0x2d0 [ 463.154683][T10085] snd_pcm_lib_malloc_pages+0x3df/0x9a0 [ 463.154737][T10085] snd_pcm_hw_params+0x1656/0x1ba0 [ 463.154783][T10085] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 463.154829][T10085] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 463.154867][T10085] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 463.154901][T10085] ? __asan_memset+0x23/0x50 [ 463.154941][T10085] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 463.154982][T10085] snd_pcm_oss_change_params_locked+0x15ab/0x3ab0 [ 463.155040][T10085] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 463.155072][T10085] ? __pfx___mutex_lock+0x10/0x10 [ 463.155137][T10085] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 463.155178][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.155207][T10085] snd_pcm_oss_sync+0x1de/0x840 [ 463.155236][T10085] ? kmem_cache_free+0x171/0x770 [ 463.155277][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.155307][T10085] snd_pcm_oss_release+0x28b/0x310 [ 463.155342][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.155371][T10085] __fput+0x402/0xb70 [ 463.155418][T10085] task_work_run+0x150/0x240 [ 463.155453][T10085] ? __pfx_task_work_run+0x10/0x10 [ 463.155479][T10085] ? __do_sys_close_range+0x278/0x730 [ 463.155534][T10085] exit_to_user_mode_loop+0xfb/0x540 [ 463.155576][T10085] do_syscall_64+0x4ee/0xf80 [ 463.155606][T10085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.155633][T10085] RIP: 0033:0x7f51f3f8f7c9 [ 463.155659][T10085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.155689][T10085] RSP: 002b:00007f51f4e61038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 463.155725][T10085] RAX: 0000000000000000 RBX: 00007f51f41e6090 RCX: 00007f51f3f8f7c9 [ 463.155744][T10085] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 463.155762][T10085] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 463.155780][T10085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.155798][T10085] R13: 00007f51f41e6128 R14: 00007f51f41e6090 R15: 00007ffeb62cb398 [ 463.155841][T10085] [ 463.754390][T10085] syz.1.1002: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 463.768992][T10085] CPU: 1 UID: 0 PID: 10085 Comm: syz.1.1002 Tainted: G L syzkaller #0 PREEMPT(full) [ 463.769037][T10085] Tainted: [L]=SOFTLOCKUP [ 463.769049][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.769064][T10085] Call Trace: [ 463.769074][T10085] [ 463.769085][T10085] dump_stack_lvl+0x16c/0x1f0 [ 463.769132][T10085] warn_alloc+0x248/0x3a0 [ 463.769169][T10085] ? __pfx_warn_alloc+0x10/0x10 [ 463.769208][T10085] ? __get_vm_area_node+0x2cd/0x330 [ 463.769259][T10085] ? __get_vm_area_node+0x2cd/0x330 [ 463.769302][T10085] ? __get_vm_area_node+0x208/0x330 [ 463.769355][T10085] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 463.769395][T10085] ? __pfx___might_resched+0x10/0x10 [ 463.769436][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.769476][T10085] ? trace_contention_end+0xdd/0x110 [ 463.769508][T10085] ? do_syscall_64+0x4ee/0xf80 [ 463.769536][T10085] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 463.769597][T10085] ? do_alloc_pages+0xf8/0x2d0 [ 463.769640][T10085] ? __mutex_unlock_slowpath+0x161/0x790 [ 463.769675][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.769711][T10085] __vmalloc_node_noprof+0xad/0xf0 [ 463.769741][T10085] ? __snd_dma_alloc_pages+0x53/0x90 [ 463.769777][T10085] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 463.769818][T10085] __snd_dma_alloc_pages+0x53/0x90 [ 463.769857][T10085] snd_dma_alloc_dir_pages+0x151/0x240 [ 463.769899][T10085] do_alloc_pages+0x136/0x2d0 [ 463.769942][T10085] snd_pcm_lib_malloc_pages+0x3df/0x9a0 [ 463.769983][T10085] snd_pcm_hw_params+0x1656/0x1ba0 [ 463.770025][T10085] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 463.770059][T10085] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 463.770093][T10085] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 463.770124][T10085] ? __asan_memset+0x23/0x50 [ 463.770149][T10085] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 463.770171][T10085] snd_pcm_oss_change_params_locked+0x15ab/0x3ab0 [ 463.770200][T10085] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 463.770218][T10085] ? __pfx___mutex_lock+0x10/0x10 [ 463.770250][T10085] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 463.770269][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.770285][T10085] snd_pcm_oss_sync+0x1de/0x840 [ 463.770301][T10085] ? kmem_cache_free+0x171/0x770 [ 463.770324][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.770341][T10085] snd_pcm_oss_release+0x28b/0x310 [ 463.770360][T10085] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 463.770377][T10085] __fput+0x402/0xb70 [ 463.770399][T10085] task_work_run+0x150/0x240 [ 463.770418][T10085] ? __pfx_task_work_run+0x10/0x10 [ 463.770434][T10085] ? __do_sys_close_range+0x278/0x730 [ 463.770465][T10085] exit_to_user_mode_loop+0xfb/0x540 [ 463.770488][T10085] do_syscall_64+0x4ee/0xf80 [ 463.770505][T10085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.770522][T10085] RIP: 0033:0x7f51f3f8f7c9 [ 463.770536][T10085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.770560][T10085] RSP: 002b:00007f51f4e61038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 463.770577][T10085] RAX: 0000000000000000 RBX: 00007f51f41e6090 RCX: 00007f51f3f8f7c9 [ 463.770587][T10085] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 463.770596][T10085] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 463.770605][T10085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.770615][T10085] R13: 00007f51f41e6128 R14: 00007f51f41e6090 R15: 00007ffeb62cb398 [ 463.770637][T10085] [ 463.770651][T10085] Mem-Info: [ 464.164699][T10085] active_anon:15159 inactive_anon:4 isolated_anon:0 [ 464.164699][T10085] active_file:13677 inactive_file:40814 isolated_file:0 [ 464.164699][T10085] unevictable:768 dirty:499 writeback:0 [ 464.164699][T10085] slab_reclaimable:11263 slab_unreclaimable:95769 [ 464.164699][T10085] mapped:25481 shmem:5379 pagetables:975 [ 464.164699][T10085] sec_pagetables:0 bounce:0 [ 464.164699][T10085] kernel_misc_reclaimable:0 [ 464.164699][T10085] free:1191415 free_pcp:11794 free_cma:0 [ 464.262023][T10085] Node 0 active_anon:61936kB inactive_anon:16kB active_file:54708kB inactive_file:163120kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101924kB dirty:1996kB writeback:0kB shmem:19980kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11256kB pagetables:3964kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 464.332531][T10085] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 464.375017][T10085] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.405357][T10085] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 464.411179][T10085] Node 0 DMA32 free:1082996kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60904kB inactive_anon:2116kB active_file:54708kB inactive_file:163120kB unevictable:1536kB writepending:2056kB zspages:0kB present:3129332kB managed:2541020kB mlocked:0kB bounce:0kB free_pcp:39172kB local_pcp:19996kB free_cma:0kB [ 464.466631][T10085] lowmem_reserve[]: 0 0 1 1 1 [ 464.473198][T10085] Node 0 Normal free:4kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.504045][T10085] lowmem_reserve[]: 0 0 0 0 0 [ 464.515292][T10085] Node 1 Normal free:3666144kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:6088kB local_pcp:3660kB free_cma:0kB [ 464.634982][T10085] lowmem_reserve[]: 0 0 0 0 0 [ 464.639792][T10085] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 464.658276][T10085] Node 0 DMA32: 4000*4kB (UME) 2545*8kB (UME) 1086*16kB (UME) 951*32kB (UME) 728*64kB (UME) 534*128kB (UME) 370*256kB (UME) 247*512kB (UM) 120*1024kB (UME) 4*2048kB (UM) 129*4096kB (M) = 1079752kB [ 464.696596][T10085] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 464.721503][T10085] Node 1 Normal: 2*4kB (UE) 20*8kB (UE) 14*16kB (UE) 77*32kB (UME) 100*64kB (UME) 31*128kB (UME) 15*256kB (UME) 5*512kB (UME) 3*1024kB (UE) 3*2048kB (UE) 888*4096kB (M) = 3666088kB [ 464.743774][T10085] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.753546][T10085] Node 0 hugepages_total=119 hugepages_free=119 hugepages_surp=0 hugepages_size=2048kB [ 464.770412][T10085] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.780858][T10085] Node 1 hugepages_total=118 hugepages_free=117 hugepages_surp=0 hugepages_size=2048kB [ 464.793012][T10085] 59910 total pagecache pages [ 464.806058][T10085] 10 pages in swap cache [ 464.812761][T10085] Free swap = 122428kB [ 464.817548][T10085] Total swap = 124996kB [ 464.852670][T10085] 2097051 pages RAM [ 464.878287][T10085] 0 pages HighMem/MovableOnly [ 464.887027][T10085] 429770 pages reserved [ 464.900496][T10085] 0 pages cma reserved [ 468.841587][T10151] FAULT_INJECTION: forcing a failure. [ 468.841587][T10151] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 468.909859][T10151] CPU: 1 UID: 0 PID: 10151 Comm: syz.2.1017 Tainted: G L syzkaller #0 PREEMPT(full) [ 468.909906][T10151] Tainted: [L]=SOFTLOCKUP [ 468.909916][T10151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 468.909932][T10151] Call Trace: [ 468.909940][T10151] [ 468.909951][T10151] dump_stack_lvl+0x16c/0x1f0 [ 468.909996][T10151] should_fail_ex+0x512/0x640 [ 468.910034][T10151] should_fail_alloc_page+0xe7/0x130 [ 468.910078][T10151] prepare_alloc_pages+0x401/0x670 [ 468.910122][T10151] ? rcu_is_watching+0x12/0xc0 [ 468.910166][T10151] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 468.910202][T10151] ? should_fail_alloc_page+0xee/0x130 [ 468.910250][T10151] ? rcu_is_watching+0x12/0xc0 [ 468.910284][T10151] ? trace_mm_page_alloc+0x11b/0x180 [ 468.910329][T10151] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 468.910364][T10151] ? stack_trace_save+0x8e/0xc0 [ 468.910407][T10151] ? __pfx_stack_trace_save+0x10/0x10 [ 468.910452][T10151] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 468.910490][T10151] ? find_held_lock+0x2b/0x80 [ 468.910543][T10151] ? kasan_save_stack+0x42/0x60 [ 468.910586][T10151] ? __get_vm_area_node+0x1ca/0x330 [ 468.910630][T10151] ? __vmalloc_node_noprof+0xad/0xf0 [ 468.910657][T10151] ? snd_dma_alloc_dir_pages+0x151/0x240 [ 468.910694][T10151] ? do_alloc_pages+0x136/0x2d0 [ 468.910725][T10151] ? snd_pcm_lib_malloc_pages+0x3df/0x9a0 [ 468.910761][T10151] ? snd_pcm_hw_params+0x1656/0x1ba0 [ 468.910792][T10151] ? snd_pcm_kernel_ioctl+0x147/0x2e0 [ 468.910828][T10151] ? snd_pcm_oss_change_params_locked+0x15ab/0x3ab0 [ 468.910857][T10151] ? snd_pcm_oss_make_ready+0xe6/0x1b0 [ 468.910891][T10151] ? do_syscall_64+0x4ee/0xf80 [ 468.910915][T10151] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.910952][T10151] alloc_pages_bulk_noprof+0x77a/0x1410 [ 468.910987][T10151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 468.911034][T10151] ? policy_nodemask+0xea/0x4e0 [ 468.911082][T10151] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 468.911120][T10151] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 468.911184][T10151] __kasan_populate_vmalloc+0xfb/0x220 [ 468.911232][T10151] alloc_vmap_area+0x98d/0x2a50 [ 468.911293][T10151] ? __pfx_alloc_vmap_area+0x10/0x10 [ 468.911347][T10151] __get_vm_area_node+0x1ca/0x330 [ 468.911399][T10151] __vmalloc_node_range_noprof+0x247/0x16b0 [ 468.911431][T10151] ? __snd_dma_alloc_pages+0x53/0x90 [ 468.911478][T10151] ? __pfx___might_resched+0x10/0x10 [ 468.911519][T10151] ? __snd_dma_alloc_pages+0x53/0x90 [ 468.911567][T10151] ? trace_contention_end+0xdd/0x110 [ 468.911598][T10151] ? do_syscall_64+0x4ee/0xf80 [ 468.911625][T10151] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 468.911656][T10151] ? do_alloc_pages+0xf8/0x2d0 [ 468.911697][T10151] ? __mutex_unlock_slowpath+0x161/0x790 [ 468.911730][T10151] ? __snd_dma_alloc_pages+0x53/0x90 [ 468.911766][T10151] __vmalloc_node_noprof+0xad/0xf0 [ 468.911794][T10151] ? __snd_dma_alloc_pages+0x53/0x90 [ 468.911829][T10151] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 468.911872][T10151] __snd_dma_alloc_pages+0x53/0x90 [ 468.911911][T10151] snd_dma_alloc_dir_pages+0x151/0x240 [ 468.911954][T10151] do_alloc_pages+0x136/0x2d0 [ 468.911997][T10151] snd_pcm_lib_malloc_pages+0x3df/0x9a0 [ 468.912043][T10151] snd_pcm_hw_params+0x1656/0x1ba0 [ 468.912087][T10151] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 468.912125][T10151] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 468.912163][T10151] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 468.912196][T10151] ? __asan_memset+0x23/0x50 [ 468.912235][T10151] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 468.912275][T10151] snd_pcm_oss_change_params_locked+0x15ab/0x3ab0 [ 468.912327][T10151] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 468.912359][T10151] ? __pfx___mutex_lock+0x10/0x10 [ 468.912417][T10151] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 468.912449][T10151] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 468.912479][T10151] snd_pcm_oss_sync+0x1de/0x840 [ 468.912506][T10151] ? kmem_cache_free+0x171/0x770 [ 468.912557][T10151] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 468.912588][T10151] snd_pcm_oss_release+0x28b/0x310 [ 468.912621][T10151] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 468.912650][T10151] __fput+0x402/0xb70 [ 468.912687][T10151] task_work_run+0x150/0x240 [ 468.912720][T10151] ? __pfx_task_work_run+0x10/0x10 [ 468.912746][T10151] ? __do_sys_close_range+0x278/0x730 [ 468.912799][T10151] exit_to_user_mode_loop+0xfb/0x540 [ 468.912840][T10151] do_syscall_64+0x4ee/0xf80 [ 468.912868][T10151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.912896][T10151] RIP: 0033:0x7fb1ef18f7c9 [ 468.912918][T10151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.912946][T10151] RSP: 002b:00007fb1f00d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 468.912974][T10151] RAX: 0000000000000000 RBX: 00007fb1ef3e6090 RCX: 00007fb1ef18f7c9 [ 468.912993][T10151] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 468.913009][T10151] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 468.913026][T10151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.913043][T10151] R13: 00007fb1ef3e6128 R14: 00007fb1ef3e6090 R15: 00007ffd5b5b7bc8 [ 468.913084][T10151] [ 471.191696][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1024'. [ 471.601050][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1027'. [ 471.610712][T10190] netlink: 'syz.1.1027': attribute type 1 has an invalid length. [ 471.618603][T10190] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1027'. [ 471.998440][T10200] Unable to find swap-space signature [ 473.940941][T10237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1038'. [ 474.339969][T10244] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 475.224310][T10241] Invalid ELF header magic: != ELF [ 476.703502][T10265] capability: warning: `syz.3.1045' uses 32-bit capabilities (legacy support in use) [ 477.705782][T10285] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1050'. [ 477.953637][T10289] FAULT_INJECTION: forcing a failure. [ 477.953637][T10289] name failslab, interval 1, probability 0, space 0, times 0 [ 478.024679][T10289] CPU: 1 UID: 0 PID: 10289 Comm: syz.1.1051 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.024718][T10289] Tainted: [L]=SOFTLOCKUP [ 478.024724][T10289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 478.024734][T10289] Call Trace: [ 478.024741][T10289] [ 478.024749][T10289] dump_stack_lvl+0x16c/0x1f0 [ 478.024781][T10289] should_fail_ex+0x512/0x640 [ 478.024800][T10289] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 478.024824][T10289] should_failslab+0xc2/0x120 [ 478.024850][T10289] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 478.024870][T10289] ? __d_lookup+0x25c/0x4a0 [ 478.024890][T10289] ? __d_alloc+0x35/0xa80 [ 478.024908][T10289] ? __d_alloc+0x35/0xa80 [ 478.024922][T10289] __d_alloc+0x35/0xa80 [ 478.024939][T10289] d_alloc+0x4a/0x1e0 [ 478.024955][T10289] lookup_one_qstr_excl+0x175/0x250 [ 478.024977][T10289] start_dirop+0x59/0xb0 [ 478.024999][T10289] simple_start_creating+0xf4/0x100 [ 478.025022][T10289] ? __pfx_simple_start_creating+0x10/0x10 [ 478.025044][T10289] ? do_raw_spin_unlock+0x172/0x230 [ 478.025065][T10289] ? simple_pin_fs+0xa3/0x190 [ 478.025086][T10289] debugfs_start_creating.part.0+0x86/0x1c0 [ 478.025114][T10289] __debugfs_create_file+0xb3/0x530 [ 478.025133][T10289] debugfs_create_file_full+0x41/0x60 [ 478.025152][T10289] ref_tracker_dir_debugfs+0x19d/0x2f0 [ 478.025173][T10289] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 478.025212][T10289] ? lockdep_init_map_type+0x5c/0x270 [ 478.025232][T10289] preinit_net.part.0+0x24e/0x8f0 [ 478.025257][T10289] copy_net_ns+0x4cd/0x7c0 [ 478.025283][T10289] create_new_namespaces+0x3ea/0xab0 [ 478.025310][T10289] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 478.025335][T10289] ksys_unshare+0x45b/0xa40 [ 478.025361][T10289] ? __pfx_ksys_unshare+0x10/0x10 [ 478.025387][T10289] ? xfd_validate_state+0x61/0x180 [ 478.025408][T10289] __x64_sys_unshare+0x31/0x40 [ 478.025425][T10289] do_syscall_64+0xcd/0xf80 [ 478.025441][T10289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.025458][T10289] RIP: 0033:0x7f51f3f8f7c9 [ 478.025473][T10289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.025489][T10289] RSP: 002b:00007f51f4e82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 478.025506][T10289] RAX: ffffffffffffffda RBX: 00007f51f41e5fa0 RCX: 00007f51f3f8f7c9 [ 478.025516][T10289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 478.025525][T10289] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 478.025534][T10289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.025544][T10289] R13: 00007f51f41e6038 R14: 00007f51f41e5fa0 R15: 00007ffeb62cb398 [ 478.025568][T10289] [ 479.028090][T10303] FAULT_INJECTION: forcing a failure. [ 479.028090][T10303] name failslab, interval 1, probability 0, space 0, times 0 [ 479.059773][T10303] CPU: 0 UID: 0 PID: 10303 Comm: syz.1.1055 Tainted: G L syzkaller #0 PREEMPT(full) [ 479.059820][T10303] Tainted: [L]=SOFTLOCKUP [ 479.059829][T10303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 479.059847][T10303] Call Trace: [ 479.059858][T10303] [ 479.059870][T10303] dump_stack_lvl+0x16c/0x1f0 [ 479.059918][T10303] should_fail_ex+0x512/0x640 [ 479.059949][T10303] ? kmem_cache_alloc_noprof+0x62/0x770 [ 479.059973][T10303] should_failslab+0xc2/0x120 [ 479.059997][T10303] kmem_cache_alloc_noprof+0x83/0x770 [ 479.060017][T10303] ? __kernfs_new_node+0xd2/0x9b0 [ 479.060041][T10303] ? __kernfs_new_node+0xd2/0x9b0 [ 479.060059][T10303] __kernfs_new_node+0xd2/0x9b0 [ 479.060082][T10303] ? __pfx___kernfs_new_node+0x10/0x10 [ 479.060106][T10303] ? find_held_lock+0x2b/0x80 [ 479.060128][T10303] ? kernfs_root+0xee/0x2a0 [ 479.060151][T10303] kernfs_new_node+0x13c/0x1e0 [ 479.060177][T10303] __kernfs_create_file+0x53/0x350 [ 479.060219][T10303] sysfs_add_file_mode_ns+0x207/0x3c0 [ 479.060258][T10303] internal_create_group+0x597/0xf70 [ 479.060303][T10303] ? __pfx_internal_create_group+0x10/0x10 [ 479.060345][T10303] ? kernfs_create_link+0x1bd/0x240 [ 479.060398][T10303] internal_create_groups+0x9d/0x150 [ 479.060447][T10303] device_add+0x6f7/0x1980 [ 479.060495][T10303] ? __pfx_device_add+0x10/0x10 [ 479.060537][T10303] ? lockdep_init_map_type+0x5c/0x270 [ 479.060569][T10303] ? __init_waitqueue_head+0xca/0x150 [ 479.060616][T10303] netdev_register_kobject+0x1a9/0x3d0 [ 479.060652][T10303] register_netdevice+0x13ac/0x21d0 [ 479.060700][T10303] ? __pfx_register_netdevice+0x10/0x10 [ 479.060754][T10303] ? __pfx_loopback_net_init+0x10/0x10 [ 479.060790][T10303] register_netdev+0x34/0x50 [ 479.060833][T10303] loopback_net_init+0x7a/0x170 [ 479.060869][T10303] ? __pfx_loopback_net_init+0x10/0x10 [ 479.060903][T10303] ops_init+0x1e2/0x5f0 [ 479.060947][T10303] setup_net+0x11d/0x3a0 [ 479.060988][T10303] ? __pfx_setup_net+0x10/0x10 [ 479.061023][T10303] ? lockdep_init_map_type+0x5c/0x270 [ 479.061052][T10303] ? mutex_init_lockep+0x110/0x150 [ 479.061089][T10303] copy_net_ns+0x351/0x7c0 [ 479.061139][T10303] create_new_namespaces+0x3ea/0xab0 [ 479.061189][T10303] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 479.061233][T10303] ksys_unshare+0x45b/0xa40 [ 479.061280][T10303] ? __pfx_ksys_unshare+0x10/0x10 [ 479.061326][T10303] ? xfd_validate_state+0x61/0x180 [ 479.061366][T10303] __x64_sys_unshare+0x31/0x40 [ 479.061392][T10303] do_syscall_64+0xcd/0xf80 [ 479.061423][T10303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.061460][T10303] RIP: 0033:0x7f51f3f8f7c9 [ 479.061486][T10303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.061513][T10303] RSP: 002b:00007f51f4e82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 479.061542][T10303] RAX: ffffffffffffffda RBX: 00007f51f41e5fa0 RCX: 00007f51f3f8f7c9 [ 479.061561][T10303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 479.061578][T10303] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 479.061597][T10303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.061614][T10303] R13: 00007f51f41e6038 R14: 00007f51f41e5fa0 R15: 00007ffeb62cb398 [ 479.061658][T10303] [ 479.835414][ T30] audit: type=1804 audit(4294967622.340:28): pid=10313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1057" name="file0" dev="tmpfs" ino=1624 res=1 errno=0 [ 480.202203][ T30] audit: type=1804 audit(4294967622.680:29): pid=10309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1057" name="file0" dev="tmpfs" ino=1624 res=1 errno=0 [ 483.211246][T10349] zswap: compressor not available [ 485.512646][ T30] audit: type=1804 audit(4294967628.010:30): pid=10378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1071" name="/newroot/238/file0" dev="tmpfs" ino=1270 res=1 errno=0 [ 485.584871][ T30] audit: type=1804 audit(4294967628.040:31): pid=10381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1071" name="/newroot/238/file0" dev="tmpfs" ino=1270 res=1 errno=0 [ 487.732462][T10412] nfs: Unknown parameter '' [ 488.036681][T10416] FAULT_INJECTION: forcing a failure. [ 488.036681][T10416] name failslab, interval 1, probability 0, space 0, times 0 [ 488.060517][T10416] CPU: 0 UID: 0 PID: 10416 Comm: syz.2.1081 Tainted: G L syzkaller #0 PREEMPT(full) [ 488.060564][T10416] Tainted: [L]=SOFTLOCKUP [ 488.060573][T10416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 488.060590][T10416] Call Trace: [ 488.060600][T10416] [ 488.060609][T10416] dump_stack_lvl+0x16c/0x1f0 [ 488.060657][T10416] should_fail_ex+0x512/0x640 [ 488.060686][T10416] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 488.060725][T10416] should_failslab+0xc2/0x120 [ 488.060760][T10416] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 488.060794][T10416] ? kstrdup_const+0x63/0x80 [ 488.060831][T10416] ? kstrdup+0x53/0x100 [ 488.060856][T10416] kstrdup+0x53/0x100 [ 488.060885][T10416] kstrdup_const+0x63/0x80 [ 488.060914][T10416] __kernfs_new_node+0x9b/0x9b0 [ 488.060949][T10416] ? __pfx___kernfs_new_node+0x10/0x10 [ 488.060986][T10416] ? find_held_lock+0x2b/0x80 [ 488.061019][T10416] ? kernfs_root+0xee/0x2a0 [ 488.061053][T10416] kernfs_new_node+0x13c/0x1e0 [ 488.061112][T10416] kernfs_create_link+0xcc/0x240 [ 488.061154][T10416] sysfs_do_create_link_sd+0x90/0x140 [ 488.061184][T10416] sysfs_create_link+0x61/0xc0 [ 488.061212][T10416] device_add+0x652/0x1980 [ 488.061252][T10416] ? __pfx_device_add+0x10/0x10 [ 488.061287][T10416] ? lockdep_init_map_type+0x5c/0x270 [ 488.061315][T10416] ? __init_waitqueue_head+0xca/0x150 [ 488.061361][T10416] netdev_register_kobject+0x1a9/0x3d0 [ 488.061394][T10416] register_netdevice+0x13ac/0x21d0 [ 488.061439][T10416] ? __pfx_register_netdevice+0x10/0x10 [ 488.061488][T10416] ? __pfx_loopback_net_init+0x10/0x10 [ 488.061520][T10416] register_netdev+0x34/0x50 [ 488.061557][T10416] loopback_net_init+0x7a/0x170 [ 488.061586][T10416] ? __pfx_loopback_net_init+0x10/0x10 [ 488.061614][T10416] ops_init+0x1e2/0x5f0 [ 488.061652][T10416] setup_net+0x11d/0x3a0 [ 488.061688][T10416] ? __pfx_setup_net+0x10/0x10 [ 488.061720][T10416] ? lockdep_init_map_type+0x5c/0x270 [ 488.061746][T10416] ? mutex_init_lockep+0x110/0x150 [ 488.061777][T10416] copy_net_ns+0x351/0x7c0 [ 488.061818][T10416] create_new_namespaces+0x3ea/0xab0 [ 488.061862][T10416] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 488.061932][T10416] ksys_unshare+0x45b/0xa40 [ 488.061973][T10416] ? __pfx_ksys_unshare+0x10/0x10 [ 488.062012][T10416] ? xfd_validate_state+0x61/0x180 [ 488.062047][T10416] __x64_sys_unshare+0x31/0x40 [ 488.062070][T10416] do_syscall_64+0xcd/0xf80 [ 488.062099][T10416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.062127][T10416] RIP: 0033:0x7fb1ef18f7c9 [ 488.062149][T10416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.062175][T10416] RSP: 002b:00007fb1f00d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 488.062201][T10416] RAX: ffffffffffffffda RBX: 00007fb1ef3e6090 RCX: 00007fb1ef18f7c9 [ 488.062219][T10416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 488.062235][T10416] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 488.062251][T10416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.062267][T10416] R13: 00007fb1ef3e6128 R14: 00007fb1ef3e6090 R15: 00007ffd5b5b7bc8 [ 488.062305][T10416] [ 489.896435][T10440] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 489.918808][T10440] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 489.935209][T10440] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 490.059551][T10440] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 490.070371][T10440] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 491.966191][ T5148] Bluetooth: hci0: command 0x0c1a tx timeout [ 491.972272][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 492.115283][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 492.115437][ T5148] Bluetooth: hci2: command 0x0c1a tx timeout [ 494.035364][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 495.372073][T10525] Invalid ELF header magic: != ELF [ 498.387652][ T30] audit: type=1804 audit(4294967640.890:32): pid=10572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1113" name="file0" dev="tmpfs" ino=1708 res=1 errno=0 [ 498.424706][ T30] audit: type=1804 audit(4294967640.910:33): pid=10574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1113" name="file0" dev="tmpfs" ino=1708 res=1 errno=0 [ 500.115395][ T5148] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 501.472509][ T5148] Bluetooth: hci3: unexpected event 0x31 length: 19 > 6 [ 503.081859][T10616] Invalid ELF header magic: != ELF [ 506.758833][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.774669][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.817886][T10674] Invalid ELF header magic: != ELF [ 508.614443][T10703] nfs: Unknown parameter '' [ 509.330446][T10714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1152'. [ 509.378601][T10714] netlink: 'syz.3.1152': attribute type 2 has an invalid length. [ 509.691799][T10714] netlink: 'syz.3.1152': attribute type 3 has an invalid length. [ 509.701975][T10714] netlink: 'syz.3.1152': attribute type 2 has an invalid length. [ 509.739663][T10714] netlink: 22400 bytes leftover after parsing attributes in process `syz.3.1152'. [ 510.088973][T10726] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1156'. [ 511.106012][T10741] random: crng reseeded on system resumption [ 511.128640][T10741] hub 1-0:1.0: USB hub found [ 511.135614][T10741] hub 1-0:1.0: 1 port detected [ 512.300845][T10759] futex_wake_op: syz.3.1166 tries to shift op by -2048; fix this program [ 512.340596][T10759] futex_wake_op: syz.3.1166 tries to shift op by -2048; fix this program [ 512.376638][T10759] 0x000000000001-0x000000020000 : "" [ 512.445018][T10759] ftl_cs: FTL header corrupt! [ 513.684339][T10776] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1177'. [ 513.731804][T10779] futex_wake_op: syz.0.1175 tries to shift op by -2048; fix this program [ 513.781976][T10779] futex_wake_op: syz.0.1175 tries to shift op by -2048; fix this program [ 517.074899][ T5148] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 518.076798][T10846] futex_wake_op: syz.3.1181 tries to shift op by -2048; fix this program [ 518.085501][T10846] futex_wake_op: syz.3.1181 tries to shift op by -2048; fix this program [ 518.128009][T10846] 0x000000000001-0x000000020000 : "" [ 518.171471][T10846] ftl_cs: FTL header corrupt! [ 519.185214][T10861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1185'. [ 519.241190][T10861] team0: Port device team_slave_0 removed [ 520.135086][ T30] audit: type=1800 audit(4294967662.640:34): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1188" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 520.996982][T10884] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 521.016591][T10884] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 521.023193][T10884] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 521.043770][T10884] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 521.689403][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1196'. [ 521.706988][T10899] random: crng reseeded on system resumption [ 521.761347][T10899] hub 1-0:1.0: USB hub found [ 521.787324][T10899] hub 1-0:1.0: 1 port detected [ 523.082637][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 523.090023][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 523.096212][ T5148] Bluetooth: hci0: command 0x0c1a tx timeout [ 523.119254][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 523.496577][T10918] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1200'. [ 526.539769][T10938] __vm_enough_memory: pid: 10938, comm: syz.2.1207, bytes: 8589938688 not enough memory for the allocation [ 526.862357][T10953] nfs: Unknown parameter '' [ 528.022507][T10970] futex_wake_op: syz.2.1214 tries to shift op by -2048; fix this program [ 528.054821][T10970] futex_wake_op: syz.2.1214 tries to shift op by -2048; fix this program [ 528.101041][T10970] 0x000000000001-0x000000020000 : "" [ 528.129734][T10970] ftl_cs: FTL header corrupt! [ 529.729568][T10995] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1221'. [ 531.364719][T11018] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1225'. [ 533.730990][T11049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1233'. [ 533.784879][T11049] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1233'. [ 533.899562][T11038] Invalid ELF header magic: != ELF [ 534.199683][T11064] FAULT_INJECTION: forcing a failure. [ 534.199683][T11064] name failslab, interval 1, probability 0, space 0, times 0 [ 534.215841][T11064] CPU: 0 UID: 0 PID: 11064 Comm: syz.3.1239 Tainted: G L syzkaller #0 PREEMPT(full) [ 534.215890][T11064] Tainted: [L]=SOFTLOCKUP [ 534.215900][T11064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 534.215917][T11064] Call Trace: [ 534.215928][T11064] [ 534.215939][T11064] dump_stack_lvl+0x16c/0x1f0 [ 534.215987][T11064] should_fail_ex+0x512/0x640 [ 534.216021][T11064] ? fs_reclaim_acquire+0xae/0x150 [ 534.216068][T11064] should_failslab+0xc2/0x120 [ 534.216111][T11064] __kmalloc_cache_noprof+0x80/0x800 [ 534.216143][T11064] ? tomoyo_init_log+0x197/0x2140 [ 534.216177][T11064] ? format_decode+0x1a7/0xd00 [ 534.216210][T11064] ? tomoyo_init_log+0x197/0x2140 [ 534.216238][T11064] tomoyo_init_log+0x197/0x2140 [ 534.216267][T11064] ? tomoyo_realpath_from_path+0x19f/0x6e0 [ 534.216299][T11064] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 534.216344][T11064] ? __pfx_tomoyo_init_log+0x10/0x10 [ 534.216373][T11064] ? tomoyo_profile+0x47/0x60 [ 534.216405][T11064] ? tomoyo_domain_quota_is_ok+0x2f6/0x5a0 [ 534.216454][T11064] tomoyo_supervisor+0x302/0x13b0 [ 534.216503][T11064] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 534.216545][T11064] ? __pfx_vsnprintf+0x10/0x10 [ 534.216587][T11064] ? kasan_quarantine_put+0x10a/0x240 [ 534.216645][T11064] ? tomoyo_encode+0x31/0x50 [ 534.216693][T11064] tomoyo_path_number_perm+0x448/0x580 [ 534.216730][T11064] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 534.216806][T11064] ? find_held_lock+0x2b/0x80 [ 534.216843][T11064] ? hook_file_ioctl_common+0x144/0x410 [ 534.216899][T11064] ? __fget_files+0x20e/0x3c0 [ 534.216949][T11064] security_file_ioctl+0x9b/0x240 [ 534.216987][T11064] __x64_sys_ioctl+0xb7/0x210 [ 534.217027][T11064] do_syscall_64+0xcd/0xf80 [ 534.217057][T11064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.217086][T11064] RIP: 0033:0x7f48c8b8f7c9 [ 534.217110][T11064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 534.217136][T11064] RSP: 002b:00007f48c9a4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 534.217163][T11064] RAX: ffffffffffffffda RBX: 00007f48c8de5fa0 RCX: 00007f48c8b8f7c9 [ 534.217181][T11064] RDX: 0000000000000000 RSI: 0000000050009404 RDI: 0000000000000005 [ 534.217198][T11064] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 534.217214][T11064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 534.217228][T11064] R13: 00007f48c8de6038 R14: 00007f48c8de5fa0 R15: 00007ffc2169e4e8 [ 534.217261][T11064] [ 535.994812][ T5836] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 537.084889][T11105] binder: 11104:11105 ioctl 5380 2000000000c0 returned -22 [ 537.129266][T11105] sd 0:0:1:0: PR command failed: 1026 [ 537.143507][T11105] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 537.162329][T11105] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 537.320807][T11128] random: crng reseeded on system resumption [ 541.082165][T11165] FAULT_INJECTION: forcing a failure. [ 541.082165][T11165] name failslab, interval 1, probability 0, space 0, times 0 [ 541.125392][T11165] CPU: 1 UID: 0 PID: 11165 Comm: syz.3.1267 Tainted: G L syzkaller #0 PREEMPT(full) [ 541.125439][T11165] Tainted: [L]=SOFTLOCKUP [ 541.125449][T11165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 541.125465][T11165] Call Trace: [ 541.125474][T11165] [ 541.125485][T11165] dump_stack_lvl+0x16c/0x1f0 [ 541.125533][T11165] should_fail_ex+0x512/0x640 [ 541.125561][T11165] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 541.125596][T11165] should_failslab+0xc2/0x120 [ 541.125635][T11165] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 541.125667][T11165] ? __d_lookup+0x25c/0x4a0 [ 541.125696][T11165] ? __d_alloc+0x35/0xa80 [ 541.125725][T11165] ? __d_alloc+0x35/0xa80 [ 541.125745][T11165] __d_alloc+0x35/0xa80 [ 541.125773][T11165] d_alloc+0x4a/0x1e0 [ 541.125799][T11165] lookup_one_qstr_excl+0x175/0x250 [ 541.125833][T11165] start_dirop+0x59/0xb0 [ 541.125868][T11165] simple_start_creating+0xf4/0x100 [ 541.125903][T11165] ? __pfx_simple_start_creating+0x10/0x10 [ 541.125936][T11165] ? do_raw_spin_unlock+0x172/0x230 [ 541.125970][T11165] ? simple_pin_fs+0xa3/0x190 [ 541.126005][T11165] debugfs_start_creating.part.0+0x86/0x1c0 [ 541.126051][T11165] debugfs_create_dir+0x72/0x470 [ 541.126080][T11165] blk_trace_setup_prepare+0x25a/0x700 [ 541.126116][T11165] blk_trace_setup+0x1c5/0x3b0 [ 541.126151][T11165] ? __pfx_blk_trace_setup+0x10/0x10 [ 541.126180][T11165] ? vsnprintf+0x331/0x11e0 [ 541.126224][T11165] ? __pfx_vsnprintf+0x10/0x10 [ 541.126282][T11165] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 541.126321][T11165] ? do_vfs_ioctl+0x128/0x14f0 [ 541.126365][T11165] blk_trace_ioctl+0x2ce/0x300 [ 541.126398][T11165] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 541.126437][T11165] ? find_held_lock+0x2b/0x80 [ 541.126470][T11165] ? hook_file_ioctl_common+0x144/0x410 [ 541.126508][T11165] blkdev_ioctl+0x1fa/0x6e0 [ 541.126539][T11165] ? __pfx_blkdev_ioctl+0x10/0x10 [ 541.126578][T11165] ? __pfx_blkdev_ioctl+0x10/0x10 [ 541.126613][T11165] __x64_sys_ioctl+0x18e/0x210 [ 541.126645][T11165] do_syscall_64+0xcd/0xf80 [ 541.126672][T11165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.126698][T11165] RIP: 0033:0x7f48c8b8f7c9 [ 541.126722][T11165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.126747][T11165] RSP: 002b:00007f48c9a4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.126774][T11165] RAX: ffffffffffffffda RBX: 00007f48c8de5fa0 RCX: 00007f48c8b8f7c9 [ 541.126791][T11165] RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000007 [ 541.126808][T11165] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 541.126824][T11165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.126840][T11165] R13: 00007f48c8de6038 R14: 00007f48c8de5fa0 R15: 00007ffc2169e4e8 [ 541.126880][T11165] [ 541.126899][T11165] blktrace: debugfs_dir not present for sda1 so skipping [ 543.205845][T11206] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1276'. [ 543.752908][T11206] team0: Port device team_slave_0 removed [ 544.099097][T11222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1280'. [ 545.053080][T11227] bridge0: port 3(dummy0) entered blocking state [ 545.060037][T11227] bridge0: port 3(dummy0) entered disabled state [ 545.853621][T11242] nvme_fabrics: unknown parameter or missing value 'û@è' in ctrl creation request [ 546.312723][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1288'. [ 548.767893][T11289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1298'. [ 549.707166][T11299] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1300'. [ 550.124937][T11312] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [2147479552]. [ 551.010413][T11322] binder: 11319:11322 ioctl 5380 2000000000c0 returned -22 [ 551.163069][T11322] sd 0:0:1:0: PR command failed: 1026 [ 551.195561][T11322] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 551.202337][T11322] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 555.812469][T11401] EXT4-fs warning: 2 callbacks suppressed [ 555.812493][T11401] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 555.835303][T11401] EXT4-fs error: 2 callbacks suppressed [ 555.835415][T11401] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 555.856048][T11401] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 555.875722][T11401] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 556.032252][T11402] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 556.049632][T11402] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 556.064734][T11402] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 556.094564][T11402] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 556.302400][T11404] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 556.325171][T11404] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 556.375847][T11404] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 556.393513][T11404] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 557.711467][T11423] random: crng reseeded on system resumption [ 561.525372][T11476] futex_wake_op: syz.1.1339 tries to shift op by -2048; fix this program [ 561.567596][T11476] futex_wake_op: syz.1.1339 tries to shift op by -2048; fix this program [ 561.625314][T11476] 0x000000000001-0x000000020000 : "" [ 561.668892][T11476] ftl_cs: FTL header corrupt! [ 562.135808][T11487] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [2147479552]. [ 563.873205][T11504] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1345'. [ 566.061840][T11535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1352'. [ 566.103640][T11535] netlink: 'syz.1.1352': attribute type 1 has an invalid length. [ 566.141948][T11535] netlink: 'syz.1.1352': attribute type 6 has an invalid length. [ 567.539673][T11504] syz.2.1345 (11504): drop_caches: 1 [ 567.845172][T11552] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1365'. [ 567.988006][T11552] syz.3.1365 (11552): drop_caches: 1 [ 568.216581][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.224094][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.780708][T11571] mkiss: ax0: crc mode is auto. [ 569.783348][T11588] FAULT_INJECTION: forcing a failure. [ 569.783348][T11588] name failslab, interval 1, probability 0, space 0, times 0 [ 569.798993][T11588] CPU: 1 UID: 0 PID: 11588 Comm: syz.2.1366 Tainted: G L syzkaller #0 PREEMPT(full) [ 569.799023][T11588] Tainted: [L]=SOFTLOCKUP [ 569.799029][T11588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 569.799039][T11588] Call Trace: [ 569.799045][T11588] [ 569.799053][T11588] dump_stack_lvl+0x16c/0x1f0 [ 569.799084][T11588] should_fail_ex+0x512/0x640 [ 569.799103][T11588] ? __kmalloc_noprof+0xca/0x910 [ 569.799124][T11588] should_failslab+0xc2/0x120 [ 569.799150][T11588] __kmalloc_noprof+0xeb/0x910 [ 569.799171][T11588] ? ops_init+0x77/0x5f0 [ 569.799199][T11588] ? ops_init+0x77/0x5f0 [ 569.799219][T11588] ops_init+0x77/0x5f0 [ 569.799244][T11588] setup_net+0x11d/0x3a0 [ 569.799267][T11588] ? __pfx_setup_net+0x10/0x10 [ 569.799288][T11588] ? lockdep_init_map_type+0x5c/0x270 [ 569.799305][T11588] ? mutex_init_lockep+0x110/0x150 [ 569.799325][T11588] copy_net_ns+0x351/0x7c0 [ 569.799352][T11588] create_new_namespaces+0x3ea/0xab0 [ 569.799380][T11588] copy_namespaces+0x468/0x570 [ 569.799403][T11588] copy_process+0x2a70/0x7430 [ 569.799437][T11588] ? __pfx_copy_process+0x10/0x10 [ 569.799465][T11588] ? futex_private_hash_put+0x160/0x1b0 [ 569.799487][T11588] kernel_clone+0xfc/0x910 [ 569.799512][T11588] ? __pfx_kernel_clone+0x10/0x10 [ 569.799547][T11588] __do_sys_clone+0xce/0x120 [ 569.799570][T11588] ? __pfx___do_sys_clone+0x10/0x10 [ 569.799605][T11588] ? syscall_user_dispatch+0x78/0x140 [ 569.799632][T11588] do_syscall_64+0xcd/0xf80 [ 569.799648][T11588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.799665][T11588] RIP: 0033:0x7fb1ef18f7c9 [ 569.799680][T11588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.799696][T11588] RSP: 002b:00007fb1f00f4fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 569.799712][T11588] RAX: ffffffffffffffda RBX: 00007fb1ef3e5fa0 RCX: 00007fb1ef18f7c9 [ 569.799723][T11588] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 569.799732][T11588] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 569.799741][T11588] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 569.799750][T11588] R13: 00007fb1ef3e6038 R14: 00007fb1ef3e5fa0 R15: 00007ffd5b5b7bc8 [ 569.799771][T11588] [ 570.286339][T11594] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 570.987249][T11610] vhci_hcd vhci_hcd.2: invalid port number 16 [ 570.993491][T11610] vhci_hcd vhci_hcd.2: invalid port number 16 [ 572.044986][T11633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1377'. [ 572.132311][T11624] __vm_enough_memory: pid: 11624, comm: syz.3.1374, bytes: 8589938688 not enough memory for the allocation [ 572.250105][T11633] team0: Port device team_slave_0 removed [ 578.653730][T11717] mkiss: ax0: crc mode is auto. [ 581.111862][T11752] random: crng reseeded on system resumption [ 581.301592][T11753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1403'. [ 581.502389][T11753] team0: Port device team_slave_0 removed [ 583.299115][T11766] FAULT_INJECTION: forcing a failure. [ 583.299115][T11766] name failslab, interval 1, probability 0, space 0, times 0 [ 583.365478][T11766] CPU: 1 UID: 0 PID: 11766 Comm: syz.3.1407 Tainted: G L syzkaller #0 PREEMPT(full) [ 583.365527][T11766] Tainted: [L]=SOFTLOCKUP [ 583.365538][T11766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 583.365554][T11766] Call Trace: [ 583.365565][T11766] [ 583.365576][T11766] dump_stack_lvl+0x16c/0x1f0 [ 583.365624][T11766] should_fail_ex+0x512/0x640 [ 583.365656][T11766] ? __kmalloc_cache_noprof+0x5f/0x800 [ 583.365694][T11766] should_failslab+0xc2/0x120 [ 583.365748][T11766] __kmalloc_cache_noprof+0x80/0x800 [ 583.365783][T11766] ? kobject_uevent_env+0x265/0x1920 [ 583.365816][T11766] ? kobject_init_and_add+0x123/0x190 [ 583.365862][T11766] ? kobject_uevent_env+0x265/0x1920 [ 583.365898][T11766] kobject_uevent_env+0x265/0x1920 [ 583.365948][T11766] nfs_netns_sysfs_setup+0x173/0x1f0 [ 583.365985][T11766] nfs_net_init+0x10a/0x340 [ 583.366024][T11766] ? __pfx_nfs_net_init+0x10/0x10 [ 583.366060][T11766] ops_init+0x1e2/0x5f0 [ 583.366105][T11766] setup_net+0x11d/0x3a0 [ 583.366146][T11766] ? __pfx_setup_net+0x10/0x10 [ 583.366184][T11766] ? lockdep_init_map_type+0x5c/0x270 [ 583.366225][T11766] ? mutex_init_lockep+0x110/0x150 [ 583.366262][T11766] copy_net_ns+0x351/0x7c0 [ 583.366311][T11766] create_new_namespaces+0x3ea/0xab0 [ 583.366363][T11766] copy_namespaces+0x468/0x570 [ 583.366406][T11766] copy_process+0x2a70/0x7430 [ 583.366470][T11766] ? __pfx_copy_process+0x10/0x10 [ 583.366523][T11766] ? futex_private_hash_put+0x160/0x1b0 [ 583.366564][T11766] kernel_clone+0xfc/0x910 [ 583.366610][T11766] ? __pfx_kernel_clone+0x10/0x10 [ 583.366678][T11766] __do_sys_clone+0xce/0x120 [ 583.366722][T11766] ? __pfx___do_sys_clone+0x10/0x10 [ 583.366788][T11766] ? syscall_user_dispatch+0x78/0x140 [ 583.366837][T11766] do_syscall_64+0xcd/0xf80 [ 583.366884][T11766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.366914][T11766] RIP: 0033:0x7f48c8b8f7c9 [ 583.366940][T11766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.366967][T11766] RSP: 002b:00007f48c9a4afe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 583.366997][T11766] RAX: ffffffffffffffda RBX: 00007f48c8de5fa0 RCX: 00007f48c8b8f7c9 [ 583.367017][T11766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 583.367035][T11766] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 583.367053][T11766] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 583.367070][T11766] R13: 00007f48c8de6038 R14: 00007f48c8de5fa0 R15: 00007ffc2169e4e8 [ 583.367113][T11766] [ 587.008497][T11822] Invalid ELF header magic: != ELF [ 587.315577][T11832] syz.1.1420 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 588.674822][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 589.582646][T11861] syz.2.1426 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 589.601813][T11861] CPU: 0 UID: 0 PID: 11861 Comm: syz.2.1426 Tainted: G L syzkaller #0 PREEMPT(full) [ 589.601857][T11861] Tainted: [L]=SOFTLOCKUP [ 589.601867][T11861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 589.601884][T11861] Call Trace: [ 589.601893][T11861] [ 589.601905][T11861] dump_stack_lvl+0x16c/0x1f0 [ 589.601954][T11861] dump_header+0x101/0x960 [ 589.601980][T11861] oom_kill_process+0x176/0x910 [ 589.602001][T11861] out_of_memory+0x350/0x1700 [ 589.602021][T11861] ? __lock_acquire+0x436/0x2890 [ 589.602040][T11861] ? __pfx_out_of_memory+0x10/0x10 [ 589.602065][T11861] mem_cgroup_out_of_memory+0x118/0x130 [ 589.602095][T11861] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 589.602120][T11861] ? do_raw_spin_unlock+0x172/0x230 [ 589.602144][T11861] try_charge_memcg+0x695/0xd30 [ 589.602181][T11861] ? __pfx_try_charge_memcg+0x10/0x10 [ 589.602212][T11861] ? find_held_lock+0x2b/0x80 [ 589.602238][T11861] charge_memcg+0x8a/0x230 [ 589.602264][T11861] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 589.602285][T11861] __read_swap_cache_async+0x397/0x500 [ 589.602310][T11861] ? __pfx___read_swap_cache_async+0x10/0x10 [ 589.602334][T11861] ? filemap_map_pages+0x12dd/0x1e00 [ 589.602359][T11861] swap_cluster_readahead+0x432/0x770 [ 589.602385][T11861] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 589.602413][T11861] ? __lock_acquire+0x436/0x2890 [ 589.602439][T11861] ? get_vma_policy+0x242/0x3c0 [ 589.602457][T11861] swapin_readahead+0x160/0x1220 [ 589.602486][T11861] ? __pfx_swapin_readahead+0x10/0x10 [ 589.602508][T11861] ? find_held_lock+0x2b/0x80 [ 589.602529][T11861] ? swap_cache_get_folio+0x267/0x8e0 [ 589.602548][T11861] ? swap_cache_get_folio+0x267/0x8e0 [ 589.602569][T11861] ? swap_cache_get_folio+0x267/0x8e0 [ 589.602591][T11861] ? swap_cache_get_folio+0x267/0x8e0 [ 589.602610][T11861] ? swap_cache_get_folio+0x293/0x8e0 [ 589.602631][T11861] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 589.602650][T11861] ? __pfx_get_swap_device+0x10/0x10 [ 589.602675][T11861] ? rcu_read_unlock+0x2d/0xb0 [ 589.602698][T11861] ? do_swap_page+0x962/0x64a0 [ 589.602714][T11861] do_swap_page+0x962/0x64a0 [ 589.602735][T11861] ? __lock_acquire+0x436/0x2890 [ 589.602756][T11861] ? __pfx_do_swap_page+0x10/0x10 [ 589.602776][T11861] ? __pfx_default_wake_function+0x10/0x10 [ 589.602802][T11861] ? mlock_drain_local+0x24c/0x4e0 [ 589.602827][T11861] ? rcu_is_watching+0x12/0xc0 [ 589.602852][T11861] ? ___pte_offset_map+0x175/0x380 [ 589.602879][T11861] __handle_mm_fault+0x19cb/0x2bb0 [ 589.602901][T11861] ? reacquire_held_locks+0xcd/0x1f0 [ 589.602918][T11861] ? __pfx___handle_mm_fault+0x10/0x10 [ 589.602942][T11861] ? lock_vma_under_rcu+0x176/0x580 [ 589.602976][T11861] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 589.603022][T11861] handle_mm_fault+0x3fe/0xad0 [ 589.603057][T11861] do_user_addr_fault+0x60c/0x1370 [ 589.603100][T11861] ? rcu_is_watching+0x12/0xc0 [ 589.603140][T11861] exc_page_fault+0x64/0xc0 [ 589.603182][T11861] asm_exc_page_fault+0x26/0x30 [ 589.603210][T11861] RIP: 0033:0x7fb1ef04df7e [ 589.603234][T11861] Code: f6 31 c0 e8 e4 ff 13 00 48 81 c4 90 00 00 00 48 98 5b c3 66 0f 1f 84 00 00 00 00 00 41 54 55 53 48 89 fb 48 81 ec d0 00 00 00 <48> 89 74 24 28 48 89 54 24 30 48 89 4c 24 38 4c 89 44 24 40 4c 89 [ 589.603258][T11861] RSP: 002b:00007fb1f00d3f70 EFLAGS: 00010202 [ 589.603280][T11861] RAX: 0000000000000000 RBX: 00007fb1ef215388 RCX: 00007fb1ef2242ce [ 589.603298][T11861] RDX: 000000000007a1d5 RSI: 0000000000000001 RDI: 00007fb1ef215388 [ 589.603316][T11861] RBP: 00007fb1ef2242ce R08: 0000000000006000 R09: 00007fb1f00f6000 [ 589.603333][T11861] R10: 0000000000000001 R11: 000000000001c25e R12: 0000000000000000 [ 589.603349][T11861] R13: 00007fb1ef3e6128 R14: 00007fb1ef3e6090 R15: 00007ffd5b5b7bc8 [ 589.603392][T11861] [ 590.051461][T11861] memory: usage 3072kB, limit 3072kB, failcnt 172091 [ 590.130710][T11861] memory+swap: usage 3316kB, limit 9007199254740988kB, failcnt 0 [ 590.152860][T11861] kmem: usage 2892kB, limit 9007199254740988kB, failcnt 0 [ 590.193680][T11861] Memory cgroup stats for /syz1: [ 590.193877][T11861] cache 0 [ 590.229258][T11861] rss 0 [ 590.236265][T11861] rss_huge 0 [ 590.251973][T11861] shmem 0 [ 590.264556][T11861] mapped_file 0 [ 590.268167][T11861] dirty 0 [ 590.275136][T11861] writeback 0 [ 590.278506][T11861] workingset_refault_anon 18822 [ 590.292785][T11861] workingset_refault_file 33469 [ 590.314855][T11861] swap 249856 [ 590.319761][T11861] swapcached 184320 [ 590.351048][T11861] pgpgin 360641 [ 590.371078][T11861] pgpgout 362129 [ 590.408251][T11861] pgfault 295879 [ 590.411847][T11861] pgmajfault 8543 [ 590.424655][T11861] inactive_anon 4096 [ 590.442991][T11861] active_anon 180224 [ 590.453523][T11861] inactive_file 0 [ 590.467080][T11861] active_file 0 [ 590.470569][T11861] unevictable 0 [ 590.484547][T11861] hierarchical_memory_limit 3145728 [ 590.489812][T11861] hierarchical_memsw_limit 9223372036854771712 [ 590.534618][T11861] total_cache 0 [ 590.542580][T11861] total_rss 0 [ 590.555031][T11861] total_rss_huge 0 [ 590.558786][T11861] total_shmem 0 [ 590.562247][T11861] total_mapped_file 0 [ 590.584605][T11861] total_dirty 0 [ 590.617306][T11861] total_writeback 0 [ 590.634056][T11861] total_workingset_refault_anon 18822 [ 590.684356][T11861] total_workingset_refault_file 33469 [ 590.704623][T11861] total_swap 249856 [ 590.716377][T11861] total_swapcached 184320 [ 590.732241][T11861] total_pgpgin 360641 [ 590.743181][T11861] total_pgpgout 362129 [ 590.776609][T11861] total_pgfault 295879 [ 590.797679][T11861] total_pgmajfault 8543 [ 590.801853][T11861] total_inactive_anon 4096 [ 590.840673][T11861] total_active_anon 180224 [ 590.867131][T11861] total_inactive_file 0 [ 590.871308][T11861] total_active_file 0 [ 590.897565][T11861] total_unevictable 0 [ 590.901570][T11861] anon_cost 0 [ 590.910447][T11861] file_cost 0 [ 590.919814][T11861] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1421,pid=11835,uid=0 [ 590.950458][T11861] Memory cgroup out of memory: Killed process 11835 (syz.1.1421) total-vm:147904kB, anon-rss:1268kB, file-rss:35716kB, shmem-rss:0kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 591.456022][T11879] mkiss: ax0: crc mode is auto. [ 591.500708][T11880] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1430'. [ 594.654771][T11888] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1432'. [ 594.807097][T11902] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1437'. [ 595.062396][T11897] syz.1.1432 (11897): drop_caches: 1 [ 596.384199][T11916] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 599.256007][T11974] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 599.256007][T11974] The task syz.0.1453 (11974) triggered the difference, watch for misbehavior. [ 599.419745][T11980] random: crng reseeded on system resumption [ 599.679429][T11984] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.1457: No space for directory leaf checksum. Please run e2fsck -D. [ 599.717147][T11984] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.1457: checksumming directory block 0 [ 599.775281][T11984] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 599.843579][T11984] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.1457: No space for directory leaf checksum. Please run e2fsck -D. [ 599.898238][T11984] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.1457: checksumming directory block 0 [ 599.943453][T11984] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 599.984281][T11984] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.1457: No space for directory leaf checksum. Please run e2fsck -D. [ 600.033291][T11984] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.1457: checksumming directory block 0 [ 600.080647][T11984] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 600.114898][T11984] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.1457: No space for directory leaf checksum. Please run e2fsck -D. [ 600.183614][T11984] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.1457: checksumming directory block 0 [ 600.214079][T11984] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 600.255933][T11984] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 600.270324][ T30] audit: type=1800 audit(4295098816.771:35): pid=11986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1455" name="lu_gp_id" dev="configfs" ino=37087 res=0 errno=0 [ 600.317893][T11984] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 600.626279][T11984] FAULT_INJECTION: forcing a failure. [ 600.626279][T11984] name failslab, interval 1, probability 0, space 0, times 0 [ 600.639780][T11984] CPU: 1 UID: 0 PID: 11984 Comm: syz.3.1457 Tainted: G L syzkaller #0 PREEMPT(full) [ 600.639825][T11984] Tainted: [L]=SOFTLOCKUP [ 600.639834][T11984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 600.639851][T11984] Call Trace: [ 600.639859][T11984] [ 600.639869][T11984] dump_stack_lvl+0x16c/0x1f0 [ 600.639920][T11984] should_fail_ex+0x512/0x640 [ 600.639952][T11984] ? fs_reclaim_acquire+0xae/0x150 [ 600.639998][T11984] should_failslab+0xc2/0x120 [ 600.640040][T11984] __kmalloc_noprof+0xeb/0x910 [ 600.640083][T11984] ? kobject_get_path+0xd2/0x2d0 [ 600.640116][T11984] ? kobject_get_path+0xd2/0x2d0 [ 600.640140][T11984] kobject_get_path+0xd2/0x2d0 [ 600.640173][T11984] kobject_uevent_env+0x289/0x1920 [ 600.640204][T11984] ? __pfx_dev_uevent_name+0x10/0x10 [ 600.640235][T11984] ? bus_to_subsys+0x131/0x160 [ 600.640263][T11984] device_del+0x623/0x9f0 [ 600.640298][T11984] ? __pfx_device_del+0x10/0x10 [ 600.640329][T11984] ? lockdep_hardirqs_on+0x7c/0x110 [ 600.640365][T11984] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 600.640414][T11984] firmware_fallback_sysfs+0x76e/0xc40 [ 600.640454][T11984] _request_firmware+0x101c/0x14e0 [ 600.640496][T11984] ? __pfx__request_firmware+0x10/0x10 [ 600.640521][T11984] ? __pfx_netdev_run_todo+0x10/0x10 [ 600.640569][T11984] request_firmware+0x35/0x50 [ 600.640596][T11984] reg_reload_regdb+0x85/0x460 [ 600.640624][T11984] ? __pfx_reg_reload_regdb+0x10/0x10 [ 600.640653][T11984] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 600.640684][T11984] ? nl80211_pre_doit+0x1b0/0xb10 [ 600.640720][T11984] genl_family_rcv_msg_doit+0x209/0x2f0 [ 600.640757][T11984] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 600.640785][T11984] ? genl_get_cmd+0x194/0x580 [ 600.640820][T11984] ? bpf_lsm_capable+0x9/0x10 [ 600.640852][T11984] ? security_capable+0x7e/0x260 [ 600.640906][T11984] genl_rcv_msg+0x55c/0x800 [ 600.640937][T11984] ? __pfx_genl_rcv_msg+0x10/0x10 [ 600.640964][T11984] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 600.640993][T11984] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 600.641017][T11984] ? __pfx_nl80211_post_doit+0x10/0x10 [ 600.641072][T11984] netlink_rcv_skb+0x158/0x420 [ 600.641110][T11984] ? __pfx_genl_rcv_msg+0x10/0x10 [ 600.641137][T11984] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 600.641188][T11984] ? netlink_deliver_tap+0x1ae/0xd30 [ 600.641229][T11984] genl_rcv+0x28/0x40 [ 600.641260][T11984] netlink_unicast+0x5aa/0x870 [ 600.641304][T11984] ? __pfx_netlink_unicast+0x10/0x10 [ 600.641355][T11984] netlink_sendmsg+0x8c8/0xdd0 [ 600.641398][T11984] ? __pfx_netlink_sendmsg+0x10/0x10 [ 600.641440][T11984] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 600.641489][T11984] ____sys_sendmsg+0xa5d/0xc30 [ 600.641517][T11984] ? copy_msghdr_from_user+0x10a/0x160 [ 600.641550][T11984] ? __pfx_____sys_sendmsg+0x10/0x10 [ 600.641573][T11984] ? preempt_schedule_thunk+0x16/0x30 [ 600.641607][T11984] ? try_to_wake_up+0xa67/0x1860 [ 600.641645][T11984] ___sys_sendmsg+0x134/0x1d0 [ 600.641681][T11984] ? __pfx____sys_sendmsg+0x10/0x10 [ 600.641715][T11984] ? futex_private_hash_put+0x160/0x1b0 [ 600.641790][T11984] __sys_sendmsg+0x16d/0x220 [ 600.641825][T11984] ? __pfx___sys_sendmsg+0x10/0x10 [ 600.641857][T11984] ? __x64_sys_futex+0x1e0/0x4c0 [ 600.641910][T11984] do_syscall_64+0xcd/0xf80 [ 600.641938][T11984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.641964][T11984] RIP: 0033:0x7f48c8b8f7c9 [ 600.641987][T11984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.642013][T11984] RSP: 002b:00007f48c9a4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 600.642039][T11984] RAX: ffffffffffffffda RBX: 00007f48c8de5fa0 RCX: 00007f48c8b8f7c9 [ 600.642067][T11984] RDX: 00000000000000d0 RSI: 0000200000000580 RDI: 0000000000000005 [ 600.642083][T11984] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 600.642099][T11984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.642115][T11984] R13: 00007f48c8de6038 R14: 00007f48c8de5fa0 R15: 00007ffc2169e4e8 [ 600.642154][T11984] [ 601.491759][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1462'. [ 601.525985][T12013] netlink: 'syz.3.1462': attribute type 1 has an invalid length. [ 601.533900][T12013] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1462'. [ 605.166890][ T30] audit: type=1800 audit(4295098821.651:36): pid=12054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1469" name="lu_gp_id" dev="configfs" ino=37246 res=0 errno=0 [ 605.311100][T12059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1474'. [ 605.366622][T12059] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1474'. [ 606.546428][T12081] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.1479: No space for directory leaf checksum. Please run e2fsck -D. [ 606.578283][T12081] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.1479: checksumming directory block 0 [ 606.675956][T12081] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 606.764822][T12081] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.1479: No space for directory leaf checksum. Please run e2fsck -D. [ 606.815138][T12081] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.1479: checksumming directory block 0 [ 606.947988][T12081] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 606.991319][T12081] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.1479: No space for directory leaf checksum. Please run e2fsck -D. [ 607.104856][T12081] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.1479: checksumming directory block 0 [ 607.203728][T12081] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 607.254971][T12081] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.1479: No space for directory leaf checksum. Please run e2fsck -D. [ 607.391607][T12081] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.1479: checksumming directory block 0 [ 607.470290][T12081] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 607.483664][T12081] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 607.511690][T12081] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 608.460852][T12100] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[12100] [ 610.152544][T12123] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1490'. [ 610.264031][T12119] syz.2.1489 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 610.374865][T12119] CPU: 0 UID: 0 PID: 12119 Comm: syz.2.1489 Tainted: G L syzkaller #0 PREEMPT(full) [ 610.374913][T12119] Tainted: [L]=SOFTLOCKUP [ 610.374922][T12119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 610.374938][T12119] Call Trace: [ 610.374946][T12119] [ 610.374957][T12119] dump_stack_lvl+0x16c/0x1f0 [ 610.375005][T12119] dump_header+0x101/0x960 [ 610.375042][T12119] oom_kill_process+0x176/0x910 [ 610.375085][T12119] out_of_memory+0x350/0x1700 [ 610.375117][T12119] ? __lock_acquire+0x436/0x2890 [ 610.375152][T12119] ? __pfx_out_of_memory+0x10/0x10 [ 610.375197][T12119] mem_cgroup_out_of_memory+0x118/0x130 [ 610.375233][T12119] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 610.375277][T12119] ? do_raw_spin_unlock+0x172/0x230 [ 610.375320][T12119] try_charge_memcg+0x695/0xd30 [ 610.375374][T12119] ? __pfx_try_charge_memcg+0x10/0x10 [ 610.375420][T12119] ? memory_min_write+0x81/0xe0 [ 610.375454][T12119] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 610.375492][T12119] obj_cgroup_charge_account+0x336/0x670 [ 610.375523][T12119] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 610.375556][T12119] ? kasan_save_track+0x14/0x30 [ 610.375581][T12119] kmem_cache_alloc_lru_noprof+0x58f/0x770 [ 610.375602][T12119] ? find_held_lock+0x2b/0x80 [ 610.375623][T12119] ? alloc_inode+0xc3/0x240 [ 610.375646][T12119] ? alloc_inode+0xc3/0x240 [ 610.375663][T12119] alloc_inode+0xc3/0x240 [ 610.375683][T12119] alloc_anon_inode+0x28/0x3e0 [ 610.375710][T12119] anon_inode_make_secure_inode+0x31/0x140 [ 610.375731][T12119] __do_sys_memfd_secret+0xd7/0x490 [ 610.375767][T12119] do_syscall_64+0xcd/0xf80 [ 610.375791][T12119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.375809][T12119] RIP: 0033:0x7fb1ef18f7c9 [ 610.375824][T12119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.375842][T12119] RSP: 002b:00007fb1f00d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 610.375858][T12119] RAX: ffffffffffffffda RBX: 00007fb1ef3e6090 RCX: 00007fb1ef18f7c9 [ 610.375869][T12119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.375879][T12119] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 610.375889][T12119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.375898][T12119] R13: 00007fb1ef3e6128 R14: 00007fb1ef3e6090 R15: 00007ffd5b5b7bc8 [ 610.375921][T12119] [ 610.637363][T12119] memory: usage 3072kB, limit 3072kB, failcnt 131320 [ 610.644069][T12119] memory+swap: usage 4992kB, limit 9007199254740988kB, failcnt 0 [ 610.651853][T12119] kmem: usage 968kB, limit 9007199254740988kB, failcnt 0 [ 610.658933][T12119] Memory cgroup stats for /syz2: [ 610.659115][T12119] cache 1990656 [ 610.667608][T12119] rss 155648 [ 610.670799][T12119] rss_huge 0 [ 610.673992][T12119] shmem 1990656 [ 610.677517][T12119] mapped_file 1990656 [ 610.682776][T12119] dirty 0 [ 610.685792][T12119] writeback 0 [ 610.689090][T12119] workingset_refault_anon 17358 [ 610.693959][T12119] workingset_refault_file 29753 [ 610.698869][T12119] swap 1966080 [ 610.702262][T12119] swapcached 110592 [ 610.706121][T12119] pgpgin 407653 [ 610.709585][T12119] pgpgout 409180 [ 610.713124][T12119] pgfault 322841 [ 610.716698][T12119] pgmajfault 7813 [ 610.720323][T12119] inactive_anon 0 [ 610.723959][T12119] active_anon 8192 [ 610.727711][T12119] inactive_file 0 [ 610.731333][T12119] active_file 0 [ 610.734868][T12119] unevictable 2146304 [ 610.738845][T12119] hierarchical_memory_limit 3145728 [ 610.744038][T12119] hierarchical_memsw_limit 9223372036854771712 [ 610.750274][T12119] total_cache 1990656 [ 610.754260][T12119] total_rss 155648 [ 610.758331][T12119] total_rss_huge 0 [ 610.762057][T12119] total_shmem 1990656 [ 610.766147][T12119] total_mapped_file 1990656 [ 610.770667][T12119] total_dirty 0 [ 610.774201][T12119] total_writeback 0 [ 610.778051][T12119] total_workingset_refault_anon 17358 [ 610.784608][T12119] total_workingset_refault_file 29753 [ 610.790098][T12119] total_swap 1966080 [ 610.793988][T12119] total_swapcached 110592 [ 610.798505][T12119] total_pgpgin 407653 [ 610.802480][T12119] total_pgpgout 409180 [ 610.806565][T12119] total_pgfault 322841 [ 610.810633][T12119] total_pgmajfault 7813 [ 610.814852][T12119] total_inactive_anon 0 [ 610.819002][T12119] total_active_anon 8192 [ 610.823436][T12119] total_inactive_file 0 [ 610.827658][T12119] total_active_file 0 [ 610.831652][T12119] total_unevictable 2146304 [ 610.836202][T12119] anon_cost 0 [ 610.839481][T12119] file_cost 0 [ 610.842759][T12119] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1489,pid=12113,uid=0 [ 610.858999][T12119] Memory cgroup out of memory: Killed process 12113 (syz.2.1489) total-vm:137244kB, anon-rss:1268kB, file-rss:23164kB, shmem-rss:1920kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 612.037733][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 614.090909][T12179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1503'. [ 621.049492][T12270] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.0.1522: No space for directory leaf checksum. Please run e2fsck -D. [ 621.105934][T12270] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.0.1522: checksumming directory block 0 [ 621.134927][T12270] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 621.179116][T12270] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.0.1522: No space for directory leaf checksum. Please run e2fsck -D. [ 621.214572][T12270] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.0.1522: checksumming directory block 0 [ 621.249587][T12270] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 621.314935][T12270] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.0.1522: No space for directory leaf checksum. Please run e2fsck -D. [ 621.346155][T12270] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.0.1522: checksumming directory block 0 [ 621.401773][T12270] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 621.419935][T12270] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.0.1522: No space for directory leaf checksum. Please run e2fsck -D. [ 621.449789][T12270] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.0.1522: checksumming directory block 0 [ 621.482638][T12270] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 621.492416][T12270] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 621.502533][T12270] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 622.211333][ T5836] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 622.215964][T12294] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 624.032955][T12308] netlink: 'syz.2.1533': attribute type 33 has an invalid length. [ 625.528599][T12333] binder: 12325:12333 ioctl c018620c 0 returned -1 [ 629.654237][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.661962][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.320476][T12382] syz.2.1546 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 630.362865][T12382] CPU: 1 UID: 0 PID: 12382 Comm: syz.2.1546 Tainted: G L syzkaller #0 PREEMPT(full) [ 630.362919][T12382] Tainted: [L]=SOFTLOCKUP [ 630.362929][T12382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 630.362945][T12382] Call Trace: [ 630.362954][T12382] [ 630.362966][T12382] dump_stack_lvl+0x16c/0x1f0 [ 630.363013][T12382] dump_header+0x101/0x960 [ 630.363049][T12382] oom_kill_process+0x176/0x910 [ 630.363086][T12382] out_of_memory+0x350/0x1700 [ 630.363118][T12382] ? __lock_acquire+0x436/0x2890 [ 630.363152][T12382] ? __pfx_out_of_memory+0x10/0x10 [ 630.363196][T12382] mem_cgroup_out_of_memory+0x118/0x130 [ 630.363234][T12382] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 630.363279][T12382] ? do_raw_spin_unlock+0x172/0x230 [ 630.363320][T12382] try_charge_memcg+0x695/0xd30 [ 630.363374][T12382] ? __pfx_try_charge_memcg+0x10/0x10 [ 630.363420][T12382] ? memory_min_write+0x81/0xe0 [ 630.363455][T12382] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 630.363494][T12382] obj_cgroup_charge_account+0x336/0x670 [ 630.363546][T12382] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 630.363606][T12382] __kmalloc_cache_noprof+0x5cc/0x800 [ 630.363640][T12382] ? ipv6_add_dev+0x6af/0x15f0 [ 630.363688][T12382] ? ipv6_add_dev+0x6af/0x15f0 [ 630.363730][T12382] ipv6_add_dev+0x6af/0x15f0 [ 630.363782][T12382] addrconf_notify+0x53e/0x19f0 [ 630.363816][T12382] ? ip6mr_device_event+0x1bc/0x230 [ 630.363867][T12382] notifier_call_chain+0xbc/0x3e0 [ 630.363921][T12382] ? __pfx_addrconf_notify+0x10/0x10 [ 630.363981][T12382] call_netdevice_notifiers_info+0xbe/0x110 [ 630.364018][T12382] register_netdevice+0x1792/0x21d0 [ 630.364075][T12382] ? __pfx_register_netdevice+0x10/0x10 [ 630.364119][T12382] ? net_generic+0xea/0x2a0 [ 630.364158][T12382] register_netdev+0x34/0x50 [ 630.364203][T12382] vti6_init_net+0x28f/0x490 [ 630.364235][T12382] ? __pfx_vti6_init_net+0x10/0x10 [ 630.364266][T12382] ops_init+0x1e2/0x5f0 [ 630.364315][T12382] setup_net+0x11d/0x3a0 [ 630.364358][T12382] ? __pfx_setup_net+0x10/0x10 [ 630.364397][T12382] ? lockdep_init_map_type+0x5c/0x270 [ 630.364425][T12382] ? mutex_init_lockep+0x110/0x150 [ 630.364459][T12382] copy_net_ns+0x351/0x7c0 [ 630.364503][T12382] create_new_namespaces+0x3ea/0xab0 [ 630.364550][T12382] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 630.364590][T12382] ksys_unshare+0x45b/0xa40 [ 630.364635][T12382] ? __pfx_ksys_unshare+0x10/0x10 [ 630.364681][T12382] ? xfd_validate_state+0x61/0x180 [ 630.364723][T12382] __x64_sys_unshare+0x31/0x40 [ 630.364751][T12382] do_syscall_64+0xcd/0xf80 [ 630.364783][T12382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.364814][T12382] RIP: 0033:0x7fb1ef18f7c9 [ 630.364839][T12382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.364868][T12382] RSP: 002b:00007fb1f0092038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 630.364904][T12382] RAX: ffffffffffffffda RBX: 00007fb1ef3e6270 RCX: 00007fb1ef18f7c9 [ 630.364923][T12382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 630.364940][T12382] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 630.364955][T12382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.364971][T12382] R13: 00007fb1ef3e6308 R14: 00007fb1ef3e6270 R15: 00007ffd5b5b7bc8 [ 630.365013][T12382] [ 630.913205][T12382] memory: usage 3072kB, limit 3072kB, failcnt 135190 [ 630.929913][T12382] memory+swap: usage 3276kB, limit 9007199254740988kB, failcnt 0 [ 630.974697][T12382] kmem: usage 3036kB, limit 9007199254740988kB, failcnt 0 [ 630.996674][T12382] Memory cgroup stats for /syz2: [ 630.996874][T12382] cache 4096 [ 631.035121][T12382] rss 0 [ 631.044926][T12382] rss_huge 0 [ 631.052338][T12382] shmem 0 [ 631.066286][T12382] mapped_file 0 [ 631.075018][T12382] dirty 0 [ 631.084772][T12382] writeback 0 [ 631.095135][T12382] workingset_refault_anon 18100 [ 631.110263][T12382] workingset_refault_file 29753 [ 631.123659][T12382] swap 208896 [ 631.134686][T12382] swapcached 32768 [ 631.138451][T12382] pgpgin 415428 [ 631.154244][T12382] pgpgout 417472 [ 631.171314][T12382] pgfault 335646 [ 631.181462][T12382] pgmajfault 8286 [ 631.191611][T12382] inactive_anon 28672 [ 631.205015][T12382] active_anon 4096 [ 631.214956][T12382] inactive_file 4096 [ 631.218866][T12382] active_file 0 [ 631.234645][T12382] unevictable 0 [ 631.238131][T12382] hierarchical_memory_limit 3145728 [ 631.262574][T12382] hierarchical_memsw_limit 9223372036854771712 [ 631.284544][T12382] total_cache 4096 [ 631.288309][T12382] total_rss 0 [ 631.302094][T12382] total_rss_huge 0 [ 631.313204][T12382] total_shmem 0 [ 631.324630][T12382] total_mapped_file 0 [ 631.328636][T12382] total_dirty 0 [ 631.344902][T12382] total_writeback 0 [ 631.348824][T12382] total_workingset_refault_anon 18100 [ 631.364593][T12382] total_workingset_refault_file 29753 [ 631.384517][T12382] total_swap 208896 [ 631.397891][T12382] total_swapcached 32768 [ 631.404736][T12382] total_pgpgin 415428 [ 631.417049][T12382] total_pgpgout 417472 [ 631.437301][T12382] total_pgfault 335646 [ 631.441399][T12382] total_pgmajfault 8286 [ 631.464711][T12382] total_inactive_anon 28672 [ 631.477764][T12382] total_active_anon 4096 [ 631.494541][T12382] total_inactive_file 4096 [ 631.508217][T12382] total_active_file 0 [ 631.512217][T12382] total_unevictable 0 [ 631.554498][T12382] anon_cost 0 [ 631.565188][T12382] file_cost 0 [ 631.574882][T12382] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1546,pid=12375,uid=0 [ 631.616220][T12382] Memory cgroup out of memory: Killed process 12375 (syz.2.1546) total-vm:145716kB, anon-rss:1268kB, file-rss:31072kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 632.429159][T12407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1555'. [ 634.703028][T12430] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1560'. [ 635.524315][T12442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 640.396132][T12482] bridge0: port 3(batadv0) entered blocking state [ 640.413103][T12482] bridge0: port 3(batadv0) entered disabled state [ 640.424798][T12482] batadv0: entered allmulticast mode [ 640.451876][T12482] batadv0: entered promiscuous mode [ 640.459877][T12482] bridge0: port 3(batadv0) entered blocking state [ 640.459889][T12484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'. [ 640.475856][T12482] bridge0: port 3(batadv0) entered forwarding state [ 640.654807][ T36] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 640.664509][ T36] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 641.921607][T12463] syz.1.1570 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 641.983673][T12463] CPU: 1 UID: 0 PID: 12463 Comm: syz.1.1570 Tainted: G L syzkaller #0 PREEMPT(full) [ 641.983721][T12463] Tainted: [L]=SOFTLOCKUP [ 641.983731][T12463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 641.983749][T12463] Call Trace: [ 641.983759][T12463] [ 641.983770][T12463] dump_stack_lvl+0x16c/0x1f0 [ 641.983829][T12463] dump_header+0x101/0x960 [ 641.983868][T12463] oom_kill_process+0x176/0x910 [ 641.983905][T12463] out_of_memory+0x350/0x1700 [ 641.983935][T12463] ? __lock_acquire+0x436/0x2890 [ 641.983968][T12463] ? __pfx_out_of_memory+0x10/0x10 [ 641.984012][T12463] mem_cgroup_out_of_memory+0x118/0x130 [ 641.984048][T12463] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 641.984093][T12463] ? do_raw_spin_unlock+0x172/0x230 [ 641.984133][T12463] try_charge_memcg+0x695/0xd30 [ 641.984185][T12463] ? __pfx_try_charge_memcg+0x10/0x10 [ 641.984238][T12463] ? find_held_lock+0x2b/0x80 [ 641.984282][T12463] charge_memcg+0x8a/0x230 [ 641.984326][T12463] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 641.984361][T12463] __read_swap_cache_async+0x397/0x500 [ 641.984403][T12463] ? __pfx___read_swap_cache_async+0x10/0x10 [ 641.984445][T12463] ? __lock_acquire+0x436/0x2890 [ 641.984479][T12463] swap_cluster_readahead+0x528/0x770 [ 641.984519][T12463] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 641.984556][T12463] ? __lock_acquire+0x436/0x2890 [ 641.984597][T12463] ? get_vma_policy+0x242/0x3c0 [ 641.984628][T12463] swapin_readahead+0x160/0x1220 [ 641.984673][T12463] ? __pfx_swapin_readahead+0x10/0x10 [ 641.984709][T12463] ? find_held_lock+0x2b/0x80 [ 641.984741][T12463] ? swap_cache_get_folio+0x267/0x8e0 [ 641.984770][T12463] ? swap_cache_get_folio+0x267/0x8e0 [ 641.984799][T12463] ? swap_cache_get_folio+0x267/0x8e0 [ 641.984844][T12463] ? swap_cache_get_folio+0x267/0x8e0 [ 641.984875][T12463] ? swap_cache_get_folio+0x293/0x8e0 [ 641.984910][T12463] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 641.984940][T12463] ? __pfx_get_swap_device+0x10/0x10 [ 641.984975][T12463] ? rcu_read_unlock+0x2d/0xb0 [ 641.985011][T12463] ? do_swap_page+0x962/0x64a0 [ 641.985034][T12463] do_swap_page+0x962/0x64a0 [ 641.985066][T12463] ? __lock_acquire+0x436/0x2890 [ 641.985104][T12463] ? __pfx_do_swap_page+0x10/0x10 [ 641.985136][T12463] ? __pfx_default_wake_function+0x10/0x10 [ 641.985178][T12463] ? rcu_is_watching+0x12/0xc0 [ 641.985221][T12463] ? rcu_is_watching+0x12/0xc0 [ 641.985259][T12463] ? ___pte_offset_map+0x175/0x380 [ 641.985305][T12463] __handle_mm_fault+0x19cb/0x2bb0 [ 641.985344][T12463] ? reacquire_held_locks+0xcd/0x1f0 [ 641.985373][T12463] ? __pfx___handle_mm_fault+0x10/0x10 [ 641.985409][T12463] ? lock_vma_under_rcu+0x176/0x580 [ 641.985453][T12463] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 641.985504][T12463] handle_mm_fault+0x3fe/0xad0 [ 641.985543][T12463] do_user_addr_fault+0x60c/0x1370 [ 641.985582][T12463] ? rcu_is_watching+0x12/0xc0 [ 641.985625][T12463] exc_page_fault+0x64/0xc0 [ 641.985669][T12463] asm_exc_page_fault+0x26/0x30 [ 641.985697][T12463] RIP: 0033:0x7f51f3e6f151 [ 641.985721][T12463] Code: 48 c7 43 50 08 00 00 00 8b 43 28 48 f7 d8 48 89 c6 83 e6 07 0f 85 c7 00 00 00 be 08 00 00 00 48 89 df 41 83 c5 01 41 83 c7 01 <4c> 89 44 24 10 4c 89 54 24 08 e8 40 9d fe ff 48 8b 43 38 4c 8b 44 [ 641.985748][T12463] RSP: 002b:00007ffeb62cb3d0 EFLAGS: 00010206 [ 641.985772][T12463] RAX: fffffffffffd10f8 RBX: 00007f51f4d15720 RCX: 0000000000000005 [ 641.985790][T12463] RDX: 0000000000001e6c RSI: 0000000000000008 RDI: 00007f51f4d15720 [ 641.985809][T12463] RBP: ffffffff82391e6c R08: 00007f51f41e6128 R09: 00007f51f41d2000 [ 641.985836][T12463] R10: 00007f51f35fd008 R11: 000000000000000f R12: 000000000000000f [ 641.985853][T12463] R13: 000000000000000c R14: ffffffff82391b15 R15: 000000000000000c [ 641.985872][T12463] ? build_open_flags+0x195/0x6e0 [ 641.985905][T12463] ? build_open_flags+0x4ec/0x6e0 [ 641.985953][T12463] [ 642.542588][T12463] memory: usage 3072kB, limit 3072kB, failcnt 185677 [ 642.549387][T12463] memory+swap: usage 6040kB, limit 9007199254740988kB, failcnt 0 [ 642.557201][T12463] kmem: usage 1532kB, limit 9007199254740988kB, failcnt 0 [ 642.564355][T12463] Memory cgroup stats for /syz1: [ 642.564599][T12463] cache 0 [ 642.572784][T12463] rss 1368064 [ 642.576147][T12463] rss_huge 0 [ 642.579428][T12463] shmem 0 [ 642.582391][T12463] mapped_file 0 [ 642.585950][T12463] dirty 0 [ 642.588999][T12463] writeback 0 [ 642.592307][T12463] workingset_refault_anon 22098 [ 642.597333][T12463] workingset_refault_file 33586 [ 642.602208][T12463] swap 3039232 [ 642.605684][T12463] swapcached 208896 [ 642.609523][T12463] pgpgin 383623 [ 642.613002][T12463] pgpgout 384771 [ 642.616619][T12463] pgfault 331704 [ 642.620185][T12463] pgmajfault 9955 [ 642.623875][T12463] inactive_anon 1314816 [ 642.628551][T12463] active_anon 0 [ 642.632053][T12463] inactive_file 0 [ 642.635761][T12463] active_file 0 [ 642.639257][T12463] unevictable 0 [ 642.642761][T12463] hierarchical_memory_limit 3145728 [ 642.648063][T12463] hierarchical_memsw_limit 9223372036854771712 [ 642.654241][T12463] total_cache 0 [ 642.657771][T12463] total_rss 1368064 [ 642.661600][T12463] total_rss_huge 0 [ 642.665383][T12463] total_shmem 0 [ 642.668889][T12463] total_mapped_file 0 [ 642.673084][T12463] total_dirty 0 [ 642.676609][T12463] total_writeback 0 [ 642.680453][T12463] total_workingset_refault_anon 22098 [ 642.685904][T12463] total_workingset_refault_file 33586 [ 642.691470][T12463] total_swap 3039232 [ 642.695438][T12463] total_swapcached 208896 [ 642.702741][T12463] total_pgpgin 383623 [ 642.706799][T12463] total_pgpgout 384771 [ 642.710903][T12463] total_pgfault 331704 [ 642.715060][T12463] total_pgmajfault 9955 [ 642.719253][T12463] total_inactive_anon 1314816 [ 642.723973][T12463] total_active_anon 0 [ 642.728047][T12463] total_inactive_file 0 [ 642.732716][T12463] total_active_file 0 [ 642.736805][T12463] total_unevictable 0 [ 642.740870][T12463] anon_cost 0 [ 642.744206][T12463] file_cost 0 [ 642.747624][T12463] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1570,pid=12463,uid=0 [ 642.767081][T12463] Memory cgroup out of memory: Killed process 12463 (syz.1.1570) total-vm:106396kB, anon-rss:2380kB, file-rss:22760kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 644.101228][T12506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1578'. [ 644.112353][T12506] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1578'. [ 644.950242][ T32] oom_reaper: reaped process 12463 (syz.1.1570), now anon-rss:0kB, file-rss:21576kB, shmem-rss:0kB [ 649.492632][T12543] kexec: Could not allocate control_code_buffer [ 649.875050][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 650.310530][T12569] Invalid ELF header magic: != ELF [ 651.628176][T12568] syz.0.1596 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 651.647769][T12568] CPU: 0 UID: 0 PID: 12568 Comm: syz.0.1596 Tainted: G L syzkaller #0 PREEMPT(full) [ 651.647817][T12568] Tainted: [L]=SOFTLOCKUP [ 651.647827][T12568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 651.647842][T12568] Call Trace: [ 651.647851][T12568] [ 651.647863][T12568] dump_stack_lvl+0x16c/0x1f0 [ 651.647912][T12568] dump_header+0x101/0x960 [ 651.647949][T12568] oom_kill_process+0x176/0x910 [ 651.647985][T12568] out_of_memory+0x350/0x1700 [ 651.648016][T12568] ? __lock_acquire+0x436/0x2890 [ 651.648051][T12568] ? __pfx_out_of_memory+0x10/0x10 [ 651.648093][T12568] mem_cgroup_out_of_memory+0x118/0x130 [ 651.648128][T12568] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 651.648172][T12568] ? do_raw_spin_unlock+0x172/0x230 [ 651.648213][T12568] try_charge_memcg+0x695/0xd30 [ 651.648264][T12568] ? __pfx_try_charge_memcg+0x10/0x10 [ 651.648316][T12568] ? find_held_lock+0x2b/0x80 [ 651.648359][T12568] charge_memcg+0x8a/0x230 [ 651.648401][T12568] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 651.648444][T12568] __read_swap_cache_async+0x397/0x500 [ 651.648484][T12568] ? __pfx___read_swap_cache_async+0x10/0x10 [ 651.648516][T12568] ? do_page_mkwrite+0x174/0x380 [ 651.648548][T12568] ? __handle_mm_fault+0x1919/0x2bb0 [ 651.648576][T12568] ? handle_mm_fault+0x3fe/0xad0 [ 651.648610][T12568] ? do_user_addr_fault+0x60c/0x1370 [ 651.648641][T12568] ? asm_exc_page_fault+0x26/0x30 [ 651.648680][T12568] swap_cluster_readahead+0x432/0x770 [ 651.648732][T12568] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 651.648787][T12568] ? lockdep_hardirqs_on+0x7c/0x110 [ 651.648833][T12568] ? get_vma_policy+0x242/0x3c0 [ 651.648864][T12568] swapin_readahead+0x160/0x1220 [ 651.648922][T12568] ? __pfx_swapin_readahead+0x10/0x10 [ 651.648959][T12568] ? find_held_lock+0x2b/0x80 [ 651.648992][T12568] ? swap_cache_get_folio+0x267/0x8e0 [ 651.649023][T12568] ? swap_cache_get_folio+0x267/0x8e0 [ 651.649053][T12568] ? swap_cache_get_folio+0x267/0x8e0 [ 651.649090][T12568] ? swap_cache_get_folio+0x267/0x8e0 [ 651.649122][T12568] ? swap_cache_get_folio+0x293/0x8e0 [ 651.649158][T12568] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 651.649188][T12568] ? __pfx_get_swap_device+0x10/0x10 [ 651.649228][T12568] ? rcu_read_unlock+0x2d/0xb0 [ 651.649259][T12568] ? __page_table_check_ptes_set+0x1b1/0x4e0 [ 651.649315][T12568] ? do_swap_page+0x962/0x64a0 [ 651.649343][T12568] do_swap_page+0x962/0x64a0 [ 651.649378][T12568] ? __lock_acquire+0x436/0x2890 [ 651.649409][T12568] ? block_dirty_folio+0x114/0x1b0 [ 651.649440][T12568] ? __pfx_do_swap_page+0x10/0x10 [ 651.649472][T12568] ? __pfx_default_wake_function+0x10/0x10 [ 651.649514][T12568] ? fault_dirty_shared_page+0x18f/0x690 [ 651.649550][T12568] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 651.649598][T12568] ? rcu_is_watching+0x12/0xc0 [ 651.649635][T12568] ? ___pte_offset_map+0x175/0x380 [ 651.649679][T12568] __handle_mm_fault+0x19cb/0x2bb0 [ 651.649717][T12568] ? reacquire_held_locks+0xcd/0x1f0 [ 651.649746][T12568] ? __pfx___handle_mm_fault+0x10/0x10 [ 651.649781][T12568] ? lock_vma_under_rcu+0x176/0x580 [ 651.649824][T12568] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 651.649873][T12568] handle_mm_fault+0x3fe/0xad0 [ 651.649912][T12568] do_user_addr_fault+0x60c/0x1370 [ 651.649950][T12568] ? rcu_is_watching+0x12/0xc0 [ 651.649992][T12568] exc_page_fault+0x64/0xc0 [ 651.650035][T12568] asm_exc_page_fault+0x26/0x30 [ 651.650060][T12568] RIP: 0033:0x7f05ce957450 [ 651.650085][T12568] Code: e0 c5 fe 6f 5c 16 c0 c5 fe 7f 07 c5 fe 7f 4f 20 c5 fe 7f 54 17 e0 c5 fe 7f 5c 17 c0 e9 60 ff ff ff 66 0f 1f 84 00 00 00 00 00 <48> 3b 15 39 2d 26 00 0f 87 e3 01 00 00 48 81 fa 00 01 00 00 77 60 [ 651.650111][T12568] RSP: 002b:00007ffd7c752408 EFLAGS: 00010202 [ 651.650135][T12568] RAX: 00007f05ce3ff010 RBX: 00007f05ce3ff058 RCX: 00007f05ce3ff058 [ 651.650154][T12568] RDX: 0000000000000050 RSI: 00007f05ce3ff008 RDI: 00007f05ce3ff010 [ 651.650171][T12568] RBP: ffffffff81621fd3 R08: 00007f05ce3ff128 R09: 00007f05cebd2000 [ 651.650190][T12568] R10: 00007f05ce3ff008 R11: 0000000000000008 R12: 0000000000000008 [ 651.650207][T12568] R13: 00007f05ce3ff008 R14: 00007f05ce3ff088 R15: 00007f05ce3ff008 [ 651.650230][T12568] ? fpregs_assert_state_consistent+0x13/0x150 [ 651.650287][T12568] [ 651.650297][T12568] memory: usage 3072kB, limit 3072kB, failcnt 187899 [ 652.154699][T12568] memory+swap: usage 4400kB, limit 9007199254740988kB, failcnt 0 [ 652.163390][T12568] kmem: usage 1480kB, limit 9007199254740988kB, failcnt 0 [ 652.173483][T12568] Memory cgroup stats for /syz1: [ 652.173682][T12568] cache 0 [ 652.210868][T12568] rss 1462272 [ 652.214216][T12568] rss_huge 0 [ 652.224517][T12568] shmem 0 [ 652.227694][T12568] mapped_file 0 [ 652.231268][T12568] dirty 0 [ 652.234242][T12568] writeback 0 [ 652.249690][T12568] workingset_refault_anon 22302 [ 652.274683][T12568] workingset_refault_file 34560 [ 652.279617][T12568] swap 1359872 [ 652.283146][T12568] swapcached 167936 [ 652.313503][T12568] pgpgin 387094 [ 652.331119][T12568] pgpgout 388229 [ 652.343355][T12568] pgfault 334730 [ 652.352902][T12568] pgmajfault 10119 [ 652.371189][T12568] inactive_anon 1232896 [ 652.383461][T12568] active_anon 270336 [ 652.410593][T12568] inactive_file 0 [ 652.421328][T12568] active_file 0 [ 652.435792][T12568] unevictable 0 [ 652.458287][T12568] hierarchical_memory_limit 3145728 [ 652.463586][T12568] hierarchical_memsw_limit 9223372036854771712 [ 652.483153][T12568] total_cache 0 [ 652.492906][T12568] total_rss 1462272 [ 652.514830][T12568] total_rss_huge 0 [ 652.518684][T12568] total_shmem 0 [ 652.522168][T12568] total_mapped_file 0 [ 652.558640][T12568] total_dirty 0 [ 652.574480][T12568] total_writeback 0 [ 652.578398][T12568] total_workingset_refault_anon 22302 [ 652.583824][T12568] total_workingset_refault_file 34560 [ 652.677374][T12568] total_swap 1359872 [ 652.689177][T12568] total_swapcached 167936 [ 652.713439][T12568] total_pgpgin 387094 [ 652.719820][T12568] total_pgpgout 388229 [ 652.723919][T12568] total_pgfault 334730 [ 652.735264][T12568] total_pgmajfault 10119 [ 652.739568][T12568] total_inactive_anon 1232896 [ 652.748343][T12568] total_active_anon 270336 [ 652.752878][T12568] total_inactive_file 0 [ 652.758095][T12568] total_active_file 0 [ 652.762123][T12568] total_unevictable 0 [ 652.767189][T12568] anon_cost 0 [ 652.770617][T12568] file_cost 0 [ 652.773936][T12568] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1592,pid=12558,uid=0 [ 652.789737][T12568] Memory cgroup out of memory: Killed process 12558 (syz.1.1592) total-vm:106264kB, anon-rss:2440kB, file-rss:22584kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 653.507909][T12592] syz.3.1600 (12592): /proc/12590/oom_adj is deprecated, please use /proc/12590/oom_score_adj instead. [ 653.971144][T12591] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 654.850546][ T32] oom_reaper: reaped process 12558 (syz.1.1592), now anon-rss:0kB, file-rss:21464kB, shmem-rss:0kB [ 655.758383][T12618] binder: 12615:12618 ioctl c018620c 0 returned -1 [ 657.724632][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 659.214128][T12647] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 660.191740][T12655] syz.2.1614 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 660.237094][T12655] CPU: 0 UID: 0 PID: 12655 Comm: syz.2.1614 Tainted: G L syzkaller #0 PREEMPT(full) [ 660.237143][T12655] Tainted: [L]=SOFTLOCKUP [ 660.237154][T12655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 660.237171][T12655] Call Trace: [ 660.237181][T12655] [ 660.237192][T12655] dump_stack_lvl+0x16c/0x1f0 [ 660.237244][T12655] dump_header+0x101/0x960 [ 660.237284][T12655] oom_kill_process+0x176/0x910 [ 660.237322][T12655] out_of_memory+0x350/0x1700 [ 660.237355][T12655] ? __lock_acquire+0x436/0x2890 [ 660.237390][T12655] ? __pfx_out_of_memory+0x10/0x10 [ 660.237436][T12655] mem_cgroup_out_of_memory+0x118/0x130 [ 660.237473][T12655] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 660.237521][T12655] ? do_raw_spin_unlock+0x172/0x230 [ 660.237562][T12655] try_charge_memcg+0x695/0xd30 [ 660.237617][T12655] ? __pfx_try_charge_memcg+0x10/0x10 [ 660.237673][T12655] ? find_held_lock+0x2b/0x80 [ 660.237721][T12655] charge_memcg+0x8a/0x230 [ 660.237767][T12655] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 660.237815][T12655] __read_swap_cache_async+0x397/0x500 [ 660.237859][T12655] ? __pfx___read_swap_cache_async+0x10/0x10 [ 660.237914][T12655] swap_cluster_readahead+0x432/0x770 [ 660.237951][T12655] ? find_held_lock+0x2b/0x80 [ 660.237998][T12655] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 660.238041][T12655] ? __lock_acquire+0x436/0x2890 [ 660.238089][T12655] ? get_vma_policy+0x242/0x3c0 [ 660.238121][T12655] swapin_readahead+0x160/0x1220 [ 660.238176][T12655] ? __pfx_swapin_readahead+0x10/0x10 [ 660.238215][T12655] ? find_held_lock+0x2b/0x80 [ 660.238251][T12655] ? swap_cache_get_folio+0x267/0x8e0 [ 660.238284][T12655] ? swap_cache_get_folio+0x267/0x8e0 [ 660.238316][T12655] ? swap_cache_get_folio+0x267/0x8e0 [ 660.238355][T12655] ? swap_cache_get_folio+0x267/0x8e0 [ 660.238389][T12655] ? swap_cache_get_folio+0x293/0x8e0 [ 660.238427][T12655] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 660.238460][T12655] ? __pfx_get_swap_device+0x10/0x10 [ 660.238502][T12655] ? rcu_read_unlock+0x2d/0xb0 [ 660.238542][T12655] ? do_swap_page+0x962/0x64a0 [ 660.238570][T12655] do_swap_page+0x962/0x64a0 [ 660.238607][T12655] ? __lock_acquire+0x436/0x2890 [ 660.238647][T12655] ? __pfx_do_swap_page+0x10/0x10 [ 660.238683][T12655] ? __pfx_default_wake_function+0x10/0x10 [ 660.238727][T12655] ? __lock_acquire+0x436/0x2890 [ 660.238761][T12655] ? rcu_is_watching+0x12/0xc0 [ 660.238830][T12655] ? ___pte_offset_map+0x175/0x380 [ 660.238879][T12655] __handle_mm_fault+0x19cb/0x2bb0 [ 660.238923][T12655] ? __pfx___handle_mm_fault+0x10/0x10 [ 660.238959][T12655] ? __pte_offset_map_lock+0x174/0x310 [ 660.239002][T12655] ? find_held_lock+0x2b/0x80 [ 660.239052][T12655] ? follow_page_pte+0x5cf/0x1390 [ 660.239106][T12655] handle_mm_fault+0x3fe/0xad0 [ 660.239147][T12655] __get_user_pages+0x54e/0x3590 [ 660.239205][T12655] ? down_read_killable+0x313/0x4c0 [ 660.239237][T12655] ? __lock_acquire+0x436/0x2890 [ 660.239265][T12655] ? __pfx___get_user_pages+0x10/0x10 [ 660.239323][T12655] __gup_longterm_locked+0x2dd/0x17e0 [ 660.239381][T12655] ? __pfx___gup_longterm_locked+0x10/0x10 [ 660.239432][T12655] ? __get_pfnblock_flags_mask+0x13c/0x240 [ 660.239482][T12655] ? sanity_check_pinned_pages+0x58a/0x11d0 [ 660.239529][T12655] gup_fast_fallback+0xf5f/0x2350 [ 660.239599][T12655] ? __pfx_gup_fast_fallback+0x10/0x10 [ 660.239648][T12655] ? ___kmalloc_large_node+0x97/0x150 [ 660.239678][T12655] ? rcu_is_watching+0x12/0xc0 [ 660.239723][T12655] pin_user_pages_fast+0xa7/0xf0 [ 660.239762][T12655] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 660.239822][T12655] io_pin_pages+0xe6/0x1e0 [ 660.239868][T12655] io_sqe_buffer_register+0x177/0x2020 [ 660.239919][T12655] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 660.239947][T12655] ? trace_kmalloc+0x2b/0xb0 [ 660.239999][T12655] ? iovec_from_user+0xbb/0x140 [ 660.240037][T12655] io_sqe_buffers_register+0x1f2/0x860 [ 660.240080][T12655] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 660.240117][T12655] ? __fget_files+0x20e/0x3c0 [ 660.240172][T12655] __do_sys_io_uring_register+0x2520/0x2620 [ 660.240229][T12655] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 660.240280][T12655] ? __x64_sys_futex+0x1e0/0x4c0 [ 660.240313][T12655] ? __x64_sys_futex+0x1e9/0x4c0 [ 660.240350][T12655] ? __x64_sys_openat+0x174/0x210 [ 660.240389][T12655] ? xfd_validate_state+0x61/0x180 [ 660.240432][T12655] do_syscall_64+0xcd/0xf80 [ 660.240463][T12655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.240494][T12655] RIP: 0033:0x7fb1ef18f7c9 [ 660.240519][T12655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.240546][T12655] RSP: 002b:00007fb1f00d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 660.240575][T12655] RAX: ffffffffffffffda RBX: 00007fb1ef3e6090 RCX: 00007fb1ef18f7c9 [ 660.240595][T12655] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 660.240613][T12655] RBP: 00007fb1ef213f91 R08: 0000000000000000 R09: 0000000000000000 [ 660.240630][T12655] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 660.240648][T12655] R13: 00007fb1ef3e6128 R14: 00007fb1ef3e6090 R15: 00007ffd5b5b7bc8 [ 660.240691][T12655] [ 660.814524][T12655] memory: usage 3072kB, limit 3072kB, failcnt 188300 [ 660.885645][T12655] memory+swap: usage 3316kB, limit 9007199254740988kB, failcnt 0 [ 660.902404][T12655] kmem: usage 2884kB, limit 9007199254740988kB, failcnt 0 [ 660.917818][T12655] Memory cgroup stats for /syz1: [ 660.918093][T12655] cache 0 [ 660.936315][T12655] rss 0 [ 660.966946][T12655] rss_huge 0 [ 660.974251][T12655] shmem 0 [ 660.988702][T12655] mapped_file 0 [ 660.997517][T12655] dirty 0 [ 661.003147][T12655] writeback 0 [ 661.011131][T12655] workingset_refault_anon 22560 [ 661.022007][T12655] workingset_refault_file 34560 [ 661.034025][T12655] swap 249856 [ 661.057607][T12655] swapcached 192512 [ 661.075677][T12655] pgpgin 387836 [ 661.079219][T12655] pgpgout 389322 [ 661.082883][T12655] pgfault 337255 [ 661.125171][T12655] pgmajfault 10266 [ 661.135015][T12655] inactive_anon 188416 [ 661.139245][T12655] active_anon 4096 [ 661.142969][T12655] inactive_file 0 [ 661.174455][T12655] active_file 0 [ 661.178108][T12655] unevictable 0 [ 661.181613][T12655] hierarchical_memory_limit 3145728 [ 661.200150][T12655] hierarchical_memsw_limit 9223372036854771712 [ 661.214471][T12655] total_cache 0 [ 661.218001][T12655] total_rss 0 [ 661.221700][T12655] total_rss_huge 0 [ 661.244527][T12655] total_shmem 0 [ 661.248044][T12655] total_mapped_file 0 [ 661.252055][T12655] total_dirty 0 [ 661.276209][T12655] total_writeback 0 [ 661.280077][T12655] total_workingset_refault_anon 22560 [ 661.320154][T12655] total_workingset_refault_file 34560 [ 661.344458][T12655] total_swap 249856 [ 661.354488][T12655] total_swapcached 192512 [ 661.359051][T12655] total_pgpgin 387836 [ 661.363059][T12655] total_pgpgout 389322 [ 661.388090][T12655] total_pgfault 337255 [ 661.392213][T12655] total_pgmajfault 10266 [ 661.424476][T12655] total_inactive_anon 188416 [ 661.439362][T12655] total_active_anon 4096 [ 661.443675][T12655] total_inactive_file 0 [ 661.455218][T12655] total_active_file 0 [ 661.463508][T12655] total_unevictable 0 [ 661.474345][T12655] anon_cost 0 [ 661.483760][T12655] file_cost 0 [ 661.493775][T12655] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1613,pid=12641,uid=0 [ 661.524827][T12655] Memory cgroup out of memory: Killed process 12641 (syz.1.1613) total-vm:145716kB, anon-rss:1140kB, file-rss:31076kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 662.265351][T12669] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 662.342434][T12669] serio: Serial port pty6 [ 665.274515][T12704] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1627'. [ 665.306577][T12673] kexec: Could not allocate control_code_buffer [ 666.082781][T12721] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 666.096911][T12724] netlink: 'syz.0.1633': attribute type 1 has an invalid length. [ 666.104889][T12724] netlink: 54 bytes leftover after parsing attributes in process `syz.0.1633'. [ 667.454588][T12738] FAULT_INJECTION: forcing a failure. [ 667.454588][T12738] name fail_futex, interval 1, probability 0, space 0, times 0 [ 667.504263][T12738] CPU: 0 UID: 0 PID: 12738 Comm: syz.2.1635 Tainted: G L syzkaller #0 PREEMPT(full) [ 667.504308][T12738] Tainted: [L]=SOFTLOCKUP [ 667.504317][T12738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 667.504333][T12738] Call Trace: [ 667.504342][T12738] [ 667.504353][T12738] dump_stack_lvl+0x16c/0x1f0 [ 667.504405][T12738] should_fail_ex+0x512/0x640 [ 667.504440][T12738] get_futex_key+0x1d0/0x15f0 [ 667.504477][T12738] ? __pfx_get_futex_key+0x10/0x10 [ 667.504532][T12738] futex_wait_setup+0x9d/0x570 [ 667.504582][T12738] __futex_wait+0x193/0x2f0 [ 667.504620][T12738] ? __pfx___futex_wait+0x10/0x10 [ 667.504665][T12738] ? __pfx_futex_wake_mark+0x10/0x10 [ 667.504708][T12738] ? find_held_lock+0x2b/0x80 [ 667.504750][T12738] ? futex_private_hash_put+0x160/0x1b0 [ 667.504782][T12738] futex_wait+0xe8/0x380 [ 667.504821][T12738] ? __pfx_futex_wait+0x10/0x10 [ 667.504881][T12738] do_futex+0x229/0x350 [ 667.504914][T12738] ? __pfx_do_futex+0x10/0x10 [ 667.504946][T12738] ? fput+0x70/0xf0 [ 667.504975][T12738] ? __sys_sendmsg+0x18c/0x220 [ 667.505018][T12738] __x64_sys_futex+0x1e0/0x4c0 [ 667.505054][T12738] ? __pfx___x64_sys_futex+0x10/0x10 [ 667.505085][T12738] ? xfd_validate_state+0x61/0x180 [ 667.505122][T12738] do_syscall_64+0xcd/0xf80 [ 667.505150][T12738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.505178][T12738] RIP: 0033:0x7fb1ef18f7c9 [ 667.505201][T12738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.505229][T12738] RSP: 002b:00007fb1f00f50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 667.505258][T12738] RAX: ffffffffffffffda RBX: 00007fb1ef3e5fa8 RCX: 00007fb1ef18f7c9 [ 667.505276][T12738] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb1ef3e5fa8 [ 667.505293][T12738] RBP: 00007fb1ef3e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 667.505311][T12738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.505328][T12738] R13: 00007fb1ef3e6038 R14: 00007ffd5b5b7ae0 R15: 00007ffd5b5b7bc8 [ 667.505365][T12738] [ 668.914687][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 669.692787][T12754] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1640'. [ 672.291101][T12818] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1657'. [ 672.855747][T12829] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1660'. [ 672.893823][T12829] veth1_macvtap: left allmulticast mode [ 672.918052][T12829] veth1_macvtap: left promiscuous mode [ 672.941375][T12829] macsec0: left promiscuous mode [ 676.452187][T12841] syz.1.1662 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 676.474738][T12841] CPU: 1 UID: 0 PID: 12841 Comm: syz.1.1662 Tainted: G L syzkaller #0 PREEMPT(full) [ 676.474794][T12841] Tainted: [L]=SOFTLOCKUP [ 676.474803][T12841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 676.474821][T12841] Call Trace: [ 676.474831][T12841] [ 676.474841][T12841] dump_stack_lvl+0x16c/0x1f0 [ 676.474893][T12841] dump_header+0x101/0x960 [ 676.474930][T12841] oom_kill_process+0x176/0x910 [ 676.474967][T12841] out_of_memory+0x350/0x1700 [ 676.474999][T12841] ? __lock_acquire+0x436/0x2890 [ 676.475031][T12841] ? __pfx_out_of_memory+0x10/0x10 [ 676.475081][T12841] mem_cgroup_out_of_memory+0x118/0x130 [ 676.475117][T12841] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 676.475162][T12841] ? do_raw_spin_unlock+0x172/0x230 [ 676.475204][T12841] try_charge_memcg+0x695/0xd30 [ 676.475257][T12841] ? __pfx_try_charge_memcg+0x10/0x10 [ 676.475311][T12841] ? find_held_lock+0x2b/0x80 [ 676.475355][T12841] charge_memcg+0x8a/0x230 [ 676.475401][T12841] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 676.475437][T12841] __read_swap_cache_async+0x397/0x500 [ 676.475479][T12841] ? __pfx___read_swap_cache_async+0x10/0x10 [ 676.475530][T12841] swap_cluster_readahead+0x432/0x770 [ 676.475565][T12841] ? find_held_lock+0x2b/0x80 [ 676.475610][T12841] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 676.475646][T12841] ? __lock_acquire+0x436/0x2890 [ 676.475693][T12841] ? get_vma_policy+0x242/0x3c0 [ 676.475726][T12841] swapin_readahead+0x160/0x1220 [ 676.475786][T12841] ? __pfx_swapin_readahead+0x10/0x10 [ 676.475822][T12841] ? find_held_lock+0x2b/0x80 [ 676.475854][T12841] ? swap_cache_get_folio+0x267/0x8e0 [ 676.475884][T12841] ? swap_cache_get_folio+0x267/0x8e0 [ 676.475913][T12841] ? swap_cache_get_folio+0x267/0x8e0 [ 676.475950][T12841] ? swap_cache_get_folio+0x267/0x8e0 [ 676.475982][T12841] ? swap_cache_get_folio+0x293/0x8e0 [ 676.476014][T12841] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 676.476046][T12841] ? __pfx_get_swap_device+0x10/0x10 [ 676.476088][T12841] ? rcu_read_unlock+0x2d/0xb0 [ 676.476129][T12841] ? do_swap_page+0x962/0x64a0 [ 676.476154][T12841] do_swap_page+0x962/0x64a0 [ 676.476189][T12841] ? __lock_acquire+0x436/0x2890 [ 676.476226][T12841] ? __pfx_do_swap_page+0x10/0x10 [ 676.476257][T12841] ? __pfx_default_wake_function+0x10/0x10 [ 676.476298][T12841] ? __lock_acquire+0x436/0x2890 [ 676.476330][T12841] ? rcu_is_watching+0x12/0xc0 [ 676.476368][T12841] ? ___pte_offset_map+0x175/0x380 [ 676.476413][T12841] __handle_mm_fault+0x19cb/0x2bb0 [ 676.476452][T12841] ? __pfx___handle_mm_fault+0x10/0x10 [ 676.476485][T12841] ? __pte_offset_map_lock+0x174/0x310 [ 676.476524][T12841] ? find_held_lock+0x2b/0x80 [ 676.476574][T12841] ? follow_page_pte+0x5cf/0x1390 [ 676.476623][T12841] handle_mm_fault+0x3fe/0xad0 [ 676.476662][T12841] __get_user_pages+0x54e/0x3590 [ 676.476713][T12841] ? down_read_killable+0x313/0x4c0 [ 676.476741][T12841] ? __lock_acquire+0x436/0x2890 [ 676.476775][T12841] ? __pfx___get_user_pages+0x10/0x10 [ 676.476825][T12841] __gup_longterm_locked+0x2dd/0x17e0 [ 676.476883][T12841] ? __pfx___gup_longterm_locked+0x10/0x10 [ 676.476933][T12841] ? __get_pfnblock_flags_mask+0x13c/0x240 [ 676.476982][T12841] ? sanity_check_pinned_pages+0x58a/0x11d0 [ 676.477034][T12841] gup_fast_fallback+0xf5f/0x2350 [ 676.477110][T12841] ? __pfx_gup_fast_fallback+0x10/0x10 [ 676.477159][T12841] ? ___kmalloc_large_node+0x97/0x150 [ 676.477185][T12841] ? rcu_is_watching+0x12/0xc0 [ 676.477230][T12841] pin_user_pages_fast+0xa7/0xf0 [ 676.477269][T12841] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 676.477325][T12841] io_pin_pages+0xe6/0x1e0 [ 676.477372][T12841] io_sqe_buffer_register+0x177/0x2020 [ 676.477400][T12841] ? irqentry_exit+0x1dd/0x8c0 [ 676.477422][T12841] ? lockdep_hardirqs_on+0x7c/0x110 [ 676.477464][T12841] ? trace_irq_disable.constprop.0+0xd4/0x110 [ 676.477526][T12841] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 676.477553][T12841] ? copy_iovec_from_user+0x82/0x170 [ 676.477597][T12841] ? iovec_from_user+0xbb/0x140 [ 676.477634][T12841] io_sqe_buffers_register+0x1f2/0x860 [ 676.477675][T12841] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 676.477709][T12841] ? __fget_files+0x20e/0x3c0 [ 676.477764][T12841] __do_sys_io_uring_register+0x2520/0x2620 [ 676.477806][T12841] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 676.477844][T12841] ? __x64_sys_futex+0x1e0/0x4c0 [ 676.477868][T12841] ? __x64_sys_futex+0x1e9/0x4c0 [ 676.477895][T12841] ? __x64_sys_openat+0x174/0x210 [ 676.477923][T12841] ? xfd_validate_state+0x61/0x180 [ 676.477957][T12841] do_syscall_64+0xcd/0xf80 [ 676.477979][T12841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.478001][T12841] RIP: 0033:0x7f51f3f8f7c9 [ 676.478021][T12841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.478041][T12841] RSP: 002b:00007f51f4e82038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 676.478064][T12841] RAX: ffffffffffffffda RBX: 00007f51f41e5fa0 RCX: 00007f51f3f8f7c9 [ 676.478078][T12841] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 676.478092][T12841] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 676.478105][T12841] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 676.478118][T12841] R13: 00007f51f41e6038 R14: 00007f51f41e5fa0 R15: 00007ffeb62cb398 [ 676.478150][T12841] [ 677.006885][T12841] memory: usage 3072kB, limit 3072kB, failcnt 190929 [ 677.014080][T12841] memory+swap: usage 6140kB, limit 9007199254740988kB, failcnt 0 [ 677.021961][T12841] kmem: usage 1616kB, limit 9007199254740988kB, failcnt 0 [ 677.040933][T12841] Memory cgroup stats for /syz1: [ 677.041052][T12841] cache 0 [ 677.065826][T12841] rss 1269760 [ 677.069175][T12841] rss_huge 0 [ 677.072680][T12841] shmem 0 [ 677.077265][T12841] mapped_file 0 [ 677.081261][T12841] dirty 0 [ 677.084345][T12841] writeback 0 [ 677.088191][T12841] workingset_refault_anon 23268 [ 677.093162][T12841] workingset_refault_file 34561 [ 677.098677][T12841] swap 3141632 [ 677.102162][T12841] swapcached 229376 [ 677.106724][T12841] pgpgin 391815 [ 677.110373][T12841] pgpgout 392984 [ 677.114199][T12841] pgfault 346392 [ 677.118450][T12841] pgmajfault 10576 [ 677.122783][T12841] inactive_anon 1490944 [ 677.127780][T12841] active_anon 0 [ 677.131557][T12841] inactive_file 0 [ 677.139376][T12841] active_file 0 [ 677.143087][T12841] unevictable 0 [ 677.147858][T12841] hierarchical_memory_limit 3145728 [ 677.153218][T12841] hierarchical_memsw_limit 9223372036854771712 [ 677.163191][T12841] total_cache 0 [ 677.167131][T12841] total_rss 1269760 [ 677.171047][T12841] total_rss_huge 0 [ 677.176505][T12841] total_shmem 0 [ 677.180140][T12841] total_mapped_file 0 [ 677.184217][T12841] total_dirty 0 [ 677.188579][T12841] total_writeback 0 [ 677.192539][T12841] total_workingset_refault_anon 23268 [ 677.198549][T12841] total_workingset_refault_file 34561 [ 677.204066][T12841] total_swap 3141632 [ 677.208494][T12841] total_swapcached 229376 [ 677.212920][T12841] total_pgpgin 391815 [ 677.217555][T12841] total_pgpgout 392984 [ 677.221803][T12841] total_pgfault 346392 [ 677.226755][T12841] total_pgmajfault 10576 [ 677.231196][T12841] total_inactive_anon 1490944 [ 677.236439][T12841] total_active_anon 0 [ 677.243959][T12841] total_inactive_file 0 [ 677.250082][T12841] total_active_file 0 [ 677.254874][T12841] total_unevictable 0 [ 677.258974][T12841] anon_cost 0 [ 677.262449][T12841] file_cost 0 [ 677.269441][T12841] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1662,pid=12839,uid=0 [ 677.287309][T12841] Memory cgroup out of memory: Killed process 12839 (syz.1.1662) total-vm:106396kB, anon-rss:2240kB, file-rss:22676kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 678.023421][T12852] kexec: Could not allocate control_code_buffer [ 678.688037][T12870] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 678.699505][T12870] CPU: 0 UID: 0 PID: 12870 Comm: syz.1.1668 Tainted: G L syzkaller #0 PREEMPT(full) [ 678.699549][T12870] Tainted: [L]=SOFTLOCKUP [ 678.699560][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 678.699576][T12870] Call Trace: [ 678.699585][T12870] [ 678.699595][T12870] dump_stack_lvl+0x16c/0x1f0 [ 678.699643][T12870] sysfs_warn_dup+0x7f/0xa0 [ 678.699667][T12870] sysfs_do_create_link_sd+0x124/0x140 [ 678.699688][T12870] sysfs_create_link+0x61/0xc0 [ 678.699707][T12870] device_add+0x652/0x1980 [ 678.699735][T12870] ? __pfx_device_add+0x10/0x10 [ 678.699760][T12870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 678.699786][T12870] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 678.699816][T12870] wiphy_register+0x1ea1/0x2cc0 [ 678.699833][T12870] ? __rtnl_unlock+0x68/0xf0 [ 678.699859][T12870] ? net_rx_action+0x740/0xfa0 [ 678.699884][T12870] ? __pfx_wiphy_register+0x10/0x10 [ 678.699901][T12870] ? __asan_memset+0x23/0x50 [ 678.699928][T12870] ? ieee80211_init_rate_ctrl_alg+0x125/0x680 [ 678.699948][T12870] ieee80211_register_hw+0x2bb2/0x4160 [ 678.699974][T12870] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 678.699991][T12870] ? __pfx___debug_object_init+0x10/0x10 [ 678.700022][T12870] ? find_held_lock+0x2b/0x80 [ 678.700044][T12870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 678.700069][T12870] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 678.700094][T12870] ? __hrtimer_setup+0x176/0x280 [ 678.700117][T12870] mac80211_hwsim_new_radio+0x3323/0x5150 [ 678.700150][T12870] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 678.700178][T12870] hwsim_new_radio_nl+0xba2/0x1330 [ 678.700200][T12870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 678.700227][T12870] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 678.700246][T12870] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 678.700269][T12870] genl_family_rcv_msg_doit+0x209/0x2f0 [ 678.700288][T12870] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 678.700305][T12870] ? genl_get_cmd+0x194/0x580 [ 678.700325][T12870] ? bpf_lsm_capable+0x9/0x10 [ 678.700347][T12870] ? security_capable+0x7e/0x260 [ 678.700374][T12870] ? ns_capable+0xd7/0x110 [ 678.700404][T12870] genl_rcv_msg+0x55c/0x800 [ 678.700424][T12870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 678.700441][T12870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 678.700469][T12870] netlink_rcv_skb+0x158/0x420 [ 678.700537][T12870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 678.700557][T12870] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 678.700592][T12870] ? netlink_deliver_tap+0x1ae/0xd30 [ 678.700627][T12870] genl_rcv+0x28/0x40 [ 678.700648][T12870] netlink_unicast+0x5aa/0x870 [ 678.700689][T12870] ? __pfx_netlink_unicast+0x10/0x10 [ 678.700718][T12870] ? __pfx___might_resched+0x10/0x10 [ 678.700744][T12870] ? __lock_acquire+0x436/0x2890 [ 678.700770][T12870] netlink_sendmsg+0x8c8/0xdd0 [ 678.700800][T12870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 678.700827][T12870] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 678.700859][T12870] ____sys_sendmsg+0xa5d/0xc30 [ 678.700877][T12870] ? copy_msghdr_from_user+0x10a/0x160 [ 678.700898][T12870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 678.700920][T12870] ? __pfx_futex_wake_mark+0x10/0x10 [ 678.700946][T12870] ___sys_sendmsg+0x134/0x1d0 [ 678.700970][T12870] ? __pfx____sys_sendmsg+0x10/0x10 [ 678.700995][T12870] ? futex_private_hash_put+0x160/0x1b0 [ 678.701039][T12870] __sys_sendmsg+0x16d/0x220 [ 678.701061][T12870] ? __pfx___sys_sendmsg+0x10/0x10 [ 678.701084][T12870] ? __x64_sys_futex+0x1e0/0x4c0 [ 678.701116][T12870] do_syscall_64+0xcd/0xf80 [ 678.701134][T12870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.701151][T12870] RIP: 0033:0x7f51f3f8f7c9 [ 678.701166][T12870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.701183][T12870] RSP: 002b:00007f51f4e40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 678.701200][T12870] RAX: ffffffffffffffda RBX: 00007f51f41e6180 RCX: 00007f51f3f8f7c9 [ 678.701211][T12870] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000004 [ 678.701223][T12870] RBP: 00007f51f4013f91 R08: 0000000000000000 R09: 0000000000000000 [ 678.701233][T12870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.701244][T12870] R13: 00007f51f41e6218 R14: 00007f51f41e6180 R15: 00007ffeb62cb398 [ 678.701268][T12870] [ 681.565481][T12894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 681.581403][T12894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 681.587752][T12894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 681.614854][T12894] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 681.948650][T12900] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 682.122998][T12908] netlink: 'syz.0.1678': attribute type 11 has an invalid length. [ 682.238446][T12902] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 683.234603][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 683.642748][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 683.642839][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 683.650808][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 685.479806][T12943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 685.630036][T12943] serio: Serial port pty6 [ 686.578282][T12959] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1688'. [ 687.277121][T12975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1694'. [ 687.368315][T12977] ================================================================== [ 687.368330][T12977] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 687.368356][T12977] Read of size 256 at addr ffff888090f163c0 by task syz.3.1693/12977 [ 687.368371][T12977] [ 687.368385][T12977] CPU: 0 UID: 0 PID: 12977 Comm: syz.3.1693 Tainted: G L syzkaller #0 PREEMPT(full) [ 687.368408][T12977] Tainted: [L]=SOFTLOCKUP [ 687.368414][T12977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 687.368425][T12977] Call Trace: [ 687.368431][T12977] [ 687.368443][T12977] dump_stack_lvl+0x116/0x1f0 [ 687.368483][T12977] print_report+0xcd/0x630 [ 687.368519][T12977] ? __virt_addr_valid+0x81/0x610 [ 687.368558][T12977] ? __phys_addr+0xe8/0x180 [ 687.368586][T12977] ? fbcon_prepare_logo+0xa03/0xc70 [ 687.368603][T12977] kasan_report+0xe0/0x110 [ 687.368635][T12977] ? fbcon_prepare_logo+0xa03/0xc70 [ 687.368656][T12977] kasan_check_range+0x100/0x1b0 [ 687.368673][T12977] __asan_memcpy+0x23/0x60 [ 687.368693][T12977] fbcon_prepare_logo+0xa03/0xc70 [ 687.368717][T12977] fbcon_init+0xda0/0x1930 [ 687.368736][T12977] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 687.368757][T12977] visual_init+0x320/0x620 [ 687.368777][T12977] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 687.368804][T12977] store_bind+0x61d/0x760 [ 687.368827][T12977] ? sysfs_file_kobj+0xe4/0x290 [ 687.368844][T12977] ? __pfx_store_bind+0x10/0x10 [ 687.368865][T12977] dev_attr_store+0x58/0x80 [ 687.368887][T12977] ? __pfx_dev_attr_store+0x10/0x10 [ 687.368909][T12977] sysfs_kf_write+0xf2/0x150 [ 687.368925][T12977] kernfs_fop_write_iter+0x3af/0x570 [ 687.368949][T12977] ? __pfx_sysfs_kf_write+0x10/0x10 [ 687.368966][T12977] iter_file_splice_write+0xa24/0x12b0 [ 687.368997][T12977] ? __pfx_iter_file_splice_write+0x10/0x10 [ 687.369023][T12977] ? __pfx_copy_splice_read+0x10/0x10 [ 687.369051][T12977] ? __pfx_iter_file_splice_write+0x10/0x10 [ 687.369077][T12977] direct_splice_actor+0x192/0x6c0 [ 687.369103][T12977] splice_direct_to_actor+0x345/0xa30 [ 687.369128][T12977] ? __pfx_direct_splice_actor+0x10/0x10 [ 687.369154][T12977] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 687.369181][T12977] do_splice_direct+0x174/0x240 [ 687.369205][T12977] ? __pfx_do_splice_direct+0x10/0x10 [ 687.369228][T12977] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 687.369253][T12977] ? rw_verify_area+0xcf/0x6c0 [ 687.369274][T12977] do_sendfile+0xb06/0xe50 [ 687.369297][T12977] ? __pfx_do_sendfile+0x10/0x10 [ 687.369320][T12977] ? __x64_sys_futex+0x1e0/0x4c0 [ 687.369339][T12977] ? __x64_sys_futex+0x1e9/0x4c0 [ 687.369358][T12977] __x64_sys_sendfile64+0x1d8/0x220 [ 687.369374][T12977] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 687.369393][T12977] do_syscall_64+0xcd/0xf80 [ 687.369409][T12977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.369427][T12977] RIP: 0033:0x7f48c8b8f7c9 [ 687.369441][T12977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.369459][T12977] RSP: 002b:00007f48c9a2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 687.369476][T12977] RAX: ffffffffffffffda RBX: 00007f48c8de6090 RCX: 00007f48c8b8f7c9 [ 687.369487][T12977] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 687.369497][T12977] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 687.369508][T12977] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 687.369518][T12977] R13: 00007f48c8de6128 R14: 00007f48c8de6090 R15: 00007ffc2169e4e8 [ 687.369533][T12977] [ 687.369539][T12977] [ 687.369544][T12977] Allocated by task 12873: [ 687.369553][T12977] kasan_save_stack+0x33/0x60 [ 687.369575][T12977] kasan_save_track+0x14/0x30 [ 687.369595][T12977] __kasan_kmalloc+0xaa/0xb0 [ 687.369616][T12977] set_mm_walk+0x1f8/0x270 [ 687.369642][T12977] try_to_inc_max_seq+0xea/0xfa0 [ 687.369656][T12977] try_to_shrink_lruvec+0x735/0x9b0 [ 687.369671][T12977] shrink_lruvec+0x312/0x2b00 [ 687.369685][T12977] shrink_node+0x8a6/0x3bb0 [ 687.369701][T12977] do_try_to_free_pages+0x362/0x1920 [ 687.369718][T12977] try_to_free_mem_cgroup_pages+0x31b/0x740 [ 687.369738][T12977] try_charge_memcg+0x42a/0xd30 [ 687.369761][T12977] obj_cgroup_charge_account+0x336/0x670 [ 687.369786][T12977] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 687.369813][T12977] __kmalloc_node_track_caller_noprof+0x6e3/0x930 [ 687.369837][T12977] kmemdup_noprof+0x29/0x60 [ 687.369856][T12977] neigh_sysctl_register+0xb2/0x670 [ 687.369877][T12977] devinet_sysctl_register+0xb6/0x200 [ 687.369894][T12977] inetdev_init+0x2b8/0x580 [ 687.369909][T12977] inetdev_event+0xc32/0x1870 [ 687.369924][T12977] notifier_call_chain+0xbc/0x3e0 [ 687.369949][T12977] call_netdevice_notifiers_info+0xbe/0x110 [ 687.369964][T12977] register_netdevice+0x1792/0x21d0 [ 687.369988][T12977] __ip_tunnel_create+0x540/0x6b0 [ 687.370003][T12977] ip_tunnel_init_net+0x22f/0x7d0 [ 687.370019][T12977] ops_init+0x1e2/0x5f0 [ 687.370040][T12977] setup_net+0x11d/0x3a0 [ 687.370060][T12977] copy_net_ns+0x351/0x7c0 [ 687.370083][T12977] create_new_namespaces+0x3ea/0xab0 [ 687.370103][T12977] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 687.370124][T12977] ksys_unshare+0x45b/0xa40 [ 687.370148][T12977] __x64_sys_unshare+0x31/0x40 [ 687.370161][T12977] do_syscall_64+0xcd/0xf80 [ 687.370174][T12977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.370190][T12977] [ 687.370194][T12977] Freed by task 12873: [ 687.370202][T12977] kasan_save_stack+0x33/0x60 [ 687.370222][T12977] kasan_save_track+0x14/0x30 [ 687.370243][T12977] kasan_save_free_info+0x3b/0x60 [ 687.370260][T12977] __kasan_slab_free+0x5f/0x80 [ 687.370281][T12977] kfree+0x2f8/0x6e0 [ 687.370296][T12977] clear_mm_walk+0x162/0x1a0 [ 687.370315][T12977] shrink_lruvec+0x331/0x2b00 [ 687.370329][T12977] shrink_node+0x8a6/0x3bb0 [ 687.370344][T12977] do_try_to_free_pages+0x362/0x1920 [ 687.370361][T12977] try_to_free_mem_cgroup_pages+0x31b/0x740 [ 687.370380][T12977] try_charge_memcg+0x42a/0xd30 [ 687.370403][T12977] obj_cgroup_charge_account+0x336/0x670 [ 687.370427][T12977] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 687.370453][T12977] __kmalloc_node_track_caller_noprof+0x6e3/0x930 [ 687.370476][T12977] kmemdup_noprof+0x29/0x60 [ 687.370493][T12977] neigh_sysctl_register+0xb2/0x670 [ 687.370514][T12977] devinet_sysctl_register+0xb6/0x200 [ 687.370530][T12977] inetdev_init+0x2b8/0x580 [ 687.370544][T12977] inetdev_event+0xc32/0x1870 [ 687.370559][T12977] notifier_call_chain+0xbc/0x3e0 [ 687.370583][T12977] call_netdevice_notifiers_info+0xbe/0x110 [ 687.370601][T12977] register_netdevice+0x1792/0x21d0 [ 687.370633][T12977] __ip_tunnel_create+0x540/0x6b0 [ 687.370649][T12977] ip_tunnel_init_net+0x22f/0x7d0 [ 687.370665][T12977] ops_init+0x1e2/0x5f0 [ 687.370686][T12977] setup_net+0x11d/0x3a0 [ 687.370708][T12977] copy_net_ns+0x351/0x7c0 [ 687.370732][T12977] create_new_namespaces+0x3ea/0xab0 [ 687.370753][T12977] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 687.370776][T12977] ksys_unshare+0x45b/0xa40 [ 687.370800][T12977] __x64_sys_unshare+0x31/0x40 [ 687.370813][T12977] do_syscall_64+0xcd/0xf80 [ 687.370826][T12977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.370842][T12977] [ 687.370846][T12977] The buggy address belongs to the object at ffff888090f16200 [ 687.370846][T12977] which belongs to the cache kmalloc-256 of size 256 [ 687.370861][T12977] The buggy address is located 192 bytes to the right of [ 687.370861][T12977] allocated 256-byte region [ffff888090f16200, ffff888090f16300) [ 687.370878][T12977] [ 687.370882][T12977] The buggy address belongs to the physical page: [ 687.370891][T12977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90f16 [ 687.370906][T12977] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 687.370920][T12977] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 687.370936][T12977] page_type: f5(slab) [ 687.370951][T12977] raw: 00fff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 687.370967][T12977] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 687.370982][T12977] head: 00fff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 687.370997][T12977] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 687.371013][T12977] head: 00fff00000000001 ffffea000243c581 00000000ffffffff 00000000ffffffff [ 687.371028][T12977] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 687.371038][T12977] page dumped because: kasan: bad access detected [ 687.371046][T12977] page_owner tracks the page as allocated [ 687.371052][T12977] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xc2100(__GFP_ZERO|__GFP_NOWARN|__GFP_COMP|__GFP_NOMEMALLOC), pid 12873, tgid 12863 (syz.1.1668), ts 681223661226, free_ts 677776891030 [ 687.371081][T12977] post_alloc_hook+0x1af/0x220 [ 687.371099][T12977] get_page_from_freelist+0xd0b/0x31a0 [ 687.371118][T12977] alloc_frozen_pages_nolock_noprof+0x16d/0x1d0 [ 687.371141][T12977] new_slab+0x365/0x430 [ 687.371156][T12977] ___slab_alloc+0xe18/0x1c90 [ 687.371172][T12977] __slab_alloc.constprop.0+0x63/0x110 [ 687.371190][T12977] __kmalloc_cache_noprof+0x485/0x800 [ 687.371208][T12977] set_mm_walk+0x1f8/0x270 [ 687.371229][T12977] try_to_inc_max_seq+0xea/0xfa0 [ 687.371242][T12977] try_to_shrink_lruvec+0x735/0x9b0 [ 687.371258][T12977] shrink_lruvec+0x312/0x2b00 [ 687.371273][T12977] shrink_node+0x8a6/0x3bb0 [ 687.371288][T12977] do_try_to_free_pages+0x362/0x1920 [ 687.371306][T12977] try_to_free_mem_cgroup_pages+0x31b/0x740 [ 687.371325][T12977] try_charge_memcg+0x42a/0xd30 [ 687.371349][T12977] obj_cgroup_charge_account+0x336/0x670 [ 687.371375][T12977] page last free pid 12854 tgid 12853 stack trace: [ 687.371385][T12977] __free_frozen_pages+0x7df/0x1170 [ 687.371401][T12977] __put_partials+0x130/0x170 [ 687.371418][T12977] qlist_free_all+0x4c/0xf0 [ 687.371438][T12977] kasan_quarantine_reduce+0x195/0x1e0 [ 687.371460][T12977] __kasan_slab_alloc+0x69/0x90 [ 687.371483][T12977] kmem_cache_alloc_node_noprof+0x298/0x800 [ 687.371503][T12977] zswap_store+0x850/0x2800 [ 687.371519][T12977] swap_writeout+0x3f4/0x1090 [ 687.371536][T12977] shrink_folio_list+0x3eea/0x4a70 [ 687.371551][T12977] evict_folios+0x79c/0x1b30 [ 687.371565][T12977] try_to_shrink_lruvec+0x585/0x9b0 [ 687.371580][T12977] shrink_lruvec+0x312/0x2b00 [ 687.371595][T12977] shrink_node+0x8a6/0x3bb0 [ 687.371611][T12977] do_try_to_free_pages+0x362/0x1920 [ 687.371633][T12977] try_to_free_mem_cgroup_pages+0x31b/0x740 [ 687.371653][T12977] try_charge_memcg+0x42a/0xd30 [ 687.371677][T12977] [ 687.371681][T12977] Memory state around the buggy address: [ 687.371689][T12977] ffff888090f16280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 687.371702][T12977] ffff888090f16300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 687.371714][T12977] >ffff888090f16380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 687.371723][T12977] ^ [ 687.371733][T12977] ffff888090f16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 687.371744][T12977] ffff888090f16480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 687.371754][T12977] ================================================================== [ 687.399474][T12977] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 687.399506][T12977] CPU: 0 UID: 0 PID: 12977 Comm: syz.3.1693 Tainted: G L syzkaller #0 PREEMPT(full) [ 687.399549][T12977] Tainted: [L]=SOFTLOCKUP [ 687.399560][T12977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 687.399578][T12977] Call Trace: [ 687.399589][T12977] [ 687.399601][T12977] dump_stack_lvl+0x3d/0x1f0 [ 687.399660][T12977] vpanic+0x640/0x6f0 [ 687.399691][T12977] panic+0xca/0xd0 [ 687.399719][T12977] ? __pfx_panic+0x10/0x10 [ 687.399747][T12977] ? fbcon_prepare_logo+0xa03/0xc70 [ 687.399780][T12977] ? preempt_schedule_common+0x44/0xc0 [ 687.399824][T12977] ? preempt_schedule_thunk+0x16/0x30 [ 687.399856][T12977] check_panic_on_warn+0xab/0xb0 [ 687.399887][T12977] end_report+0x107/0x160 [ 687.399930][T12977] kasan_report+0xee/0x110 [ 687.399973][T12977] ? fbcon_prepare_logo+0xa03/0xc70 [ 687.400008][T12977] kasan_check_range+0x100/0x1b0 [ 687.400044][T12977] __asan_memcpy+0x23/0x60 [ 687.400078][T12977] fbcon_prepare_logo+0xa03/0xc70 [ 687.400118][T12977] fbcon_init+0xda0/0x1930 [ 687.400149][T12977] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 687.400185][T12977] visual_init+0x320/0x620 [ 687.400221][T12977] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 687.400265][T12977] store_bind+0x61d/0x760 [ 687.400303][T12977] ? sysfs_file_kobj+0xe4/0x290 [ 687.400330][T12977] ? __pfx_store_bind+0x10/0x10 [ 687.400366][T12977] dev_attr_store+0x58/0x80 [ 687.400403][T12977] ? __pfx_dev_attr_store+0x10/0x10 [ 687.400439][T12977] sysfs_kf_write+0xf2/0x150 [ 687.400468][T12977] kernfs_fop_write_iter+0x3af/0x570 [ 687.400511][T12977] ? __pfx_sysfs_kf_write+0x10/0x10 [ 687.400542][T12977] iter_file_splice_write+0xa24/0x12b0 [ 687.400596][T12977] ? __pfx_iter_file_splice_write+0x10/0x10 [ 687.400653][T12977] ? __pfx_copy_splice_read+0x10/0x10 [ 687.400704][T12977] ? __pfx_iter_file_splice_write+0x10/0x10 [ 687.400750][T12977] direct_splice_actor+0x192/0x6c0 [ 687.400796][T12977] splice_direct_to_actor+0x345/0xa30 [ 687.400840][T12977] ? __pfx_direct_splice_actor+0x10/0x10 [ 687.400888][T12977] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 687.400936][T12977] do_splice_direct+0x174/0x240 [ 687.400978][T12977] ? __pfx_do_splice_direct+0x10/0x10 [ 687.401022][T12977] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 687.401067][T12977] ? rw_verify_area+0xcf/0x6c0 [ 687.401106][T12977] do_sendfile+0xb06/0xe50 [ 687.401147][T12977] ? __pfx_do_sendfile+0x10/0x10 [ 687.401189][T12977] ? __x64_sys_futex+0x1e0/0x4c0 [ 687.401223][T12977] ? __x64_sys_futex+0x1e9/0x4c0 [ 687.401258][T12977] __x64_sys_sendfile64+0x1d8/0x220 [ 687.401287][T12977] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 687.401321][T12977] do_syscall_64+0xcd/0xf80 [ 687.401349][T12977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.401380][T12977] RIP: 0033:0x7f48c8b8f7c9 [ 687.401403][T12977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.401434][T12977] RSP: 002b:00007f48c9a2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 687.401464][T12977] RAX: ffffffffffffffda RBX: 00007f48c8de6090 RCX: 00007f48c8b8f7c9 [ 687.401486][T12977] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 687.401504][T12977] RBP: 00007f48c8c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 687.401524][T12977] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 687.401543][T12977] R13: 00007f48c8de6128 R14: 00007f48c8de6090 R15: 00007ffc2169e4e8 [ 687.401572][T12977] [ 687.402036][T12977] Kernel Offset: disabled