last executing test programs: 12.108378748s ago: executing program 0 (id=1126): r0 = prctl$auto_SECCOMP_MODE_FILTER(0x9, 0x2, 0xffffffffffffffff, 0x401, 0x2) ioctl$auto_SNDRV_PCM_IOCTL_PREPARE2(r0, 0x4140, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r1, 0x29, 0x10, 0x0, 0x0) 10.965809734s ago: executing program 0 (id=1128): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) unshare$auto(0x40000080) r1 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r1, 0x7ffe) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2a, 0x8001, 0x9b7e, r4, 0x28000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r5, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x0) r7 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x9, 0xa00007, 0x2, 0x15, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r7, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(r5, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x8, 0xfffffffffffffffa, 0x9, 0xfffffffffffffbff) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/idVendor\x00', 0x80000, 0x0) read$auto(r8, &(0x7f00000000c0)='\xcb%)\xbf\xaa\r\x00', 0x400000000007) splice$auto(r8, &(0x7f0000000040)=0x7, r7, &(0x7f0000000080)=0x7, 0x26c4, 0x895) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0xfdd5, 0xd, 0x378, 0x9) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(r9, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r3, @ANYRES16=r0, @ANYRESHEX, @ANYRES8=0x0], 0x158}, 0x1, 0x0, 0x0, 0x80c0}, 0x84) sendmsg$auto_OVS_FLOW_CMD_GET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x800) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) 9.293123737s ago: executing program 2 (id=1130): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dvmrp1\x00'}) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mtd0ro\x00', 0x141080, 0x0) mmap$auto(0x0, 0xbff, 0xdf, 0x12, 0x2, 0x100008004) futex$auto(0x0, 0x3, 0x2, 0x0, 0x0, 0x71a8dce0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r1, 0x0, 0x6, 0xffffffff) readv$auto(0x3, 0x0, 0x4) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x7, 0x0, 0x8000) unshare$auto(0x40000080) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, 0x0, 0x4) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xfffffffffffffff8) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0202, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0xffd8) 8.194662458s ago: executing program 0 (id=1132): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r0, 0x4018620d, 0x9) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0x4018620d, 0x9) socket(0x10, 0x2, 0x6) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) write$auto(0x3, 0x0, 0x800) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) setrlimit$auto(0xb, 0x0) getpid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto_OVS_FLOW_CMD_NEW(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6255260f844b0cdd2adbf95bbd0000000000001214fb6aafc64424561100"/42, @ANYRES16=0x0, @ANYBLOB="01002cbd7000fcdbdf25010000000400080004000800"], 0x1c}, 0x1, 0x0, 0x0, 0x8b329abce7ab394d}, 0x40) sendmsg$auto_OVS_FLOW_CMD_DEL(r2, &(0x7f0000000280)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[], 0x78}}, 0x40014) writev$auto(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)="32e3eec48051c4cc1b23", 0xfff}, 0x3) 6.585290196s ago: executing program 0 (id=1136): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, r0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x1602, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x20000001, 0x2, 0x3, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, 0x0) close_range$auto(0x2, 0x8, 0x0) fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x40000000014c, 0x4) 6.037936243s ago: executing program 2 (id=1137): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000000000, 0x20007, 0x4000000000db, 0x12, 0x400, 0x18002) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r1, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.10/usb29/29-0:1.0/usb29-port8/power/runtime_status\x00', 0xc0202, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/net/rose15/address\x00', 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/mcfilter6\x00', 0x8000, 0x0) pread64$auto(r3, 0x0, 0xf429, 0xb) read$auto(r2, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0) read$auto_state_fops_(r0, &(0x7f0000000280)=""/69, 0x45) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) 4.970014026s ago: executing program 2 (id=1141): mmap$auto(0x20000000, 0x2020205, 0x6, 0x16, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x13, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000005c0), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000140), r0) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\b\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000ffdbdf25010000000c0004006dffffffffffffff0c00030000000000000000800c0005000c00000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x200048d4) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004540)={0x40, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x28, 0x1, 0x0, 0x1, [@nested={0x24, 0xc9, 0x0, 0x1, [@nested={0x20, 0x90, 0x0, 0x1, [@nested={0x1c, 0x9, 0x0, 0x1, [@nested={0x18, 0xa4, 0x0, 0x1, [@typed={0x14, 0x87, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @broadcast}}]}]}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x48080}, 0x20000000) r3 = prctl$auto_PR_SET_MM_END_DATA(0x5, 0x4, 0x0, 0x8, 0x5) ioctl$auto_SNDRV_PCM_IOCTL_STATUS_EXT322(r3, 0xc06c4124, &(0x7f0000000240)={0x200, 0x19, 0xfff, 0x0, 0x200, 0x1ff, 0x3, 0x0, 0x10001, 0x5, 0x7, 0xa1a, 0x100, 0x3, 0x6, 0x3, 0x2, 0x70e, "43a24c1b3c5b42cbc6193f3ba539317c5f81c2799152e1dd47cea91bf266b8c29d270987"}) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) mmap$auto(0xfffffffffffffffd, 0x20009, 0x5000000000df, 0x200000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) pread64$auto(r5, 0x0, 0x8, 0x8) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x560e, r6) r7 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r7, &(0x7f0000000080)="65507307ff6587a725ca87720ef9769f20592e7748315620724892e74526afb97ab17a24948c80c0330e81cdf0a589966954526f4548210eee03e9df0e5e1af908387ecc25c8de6717e11b31ead2e4f452ee89d77cc56ac221fde7e6cf58162474a55f166c6498ec03208a", 0x6b) ioctl$auto(0x3, 0x40106f52, r4) 4.968540445s ago: executing program 1 (id=1149): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x0) io_uring_setup$auto(0x6, 0x0) (async) syz_clone3(&(0x7f00000001c0)={0x200, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r2, 0x7, 0x6}, 0x7, 0x3) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r2) (async) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r3, &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [0x4], {0x9, 0x6, 0xfffffffd, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x3, 0x1, 0x6, 0x104, 0x8, 0x100000000}}) (async) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) readv$auto(0x3, 0x0, 0x3) (async, rerun: 32) vmsplice$auto(r4, &(0x7f0000000000)={0x0, 0x7}, 0x5, 0x1) (rerun: 32) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask_requested\x00', 0x0, 0x0) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0) (async) madvise$auto(0x7fffffff, 0x7, 0x80) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.pressure\x00', 0x42802, 0x0) (async) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000000c0)='5', 0x1) write$auto(0x3, 0x0, 0x100082) (async, rerun: 32) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (rerun: 32) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001180)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7fffffffffffffff}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) 4.636433159s ago: executing program 2 (id=1142): unshare$auto(0xfffffffffffffffe) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) semget$auto(0x0, 0x4, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 64) semctl$auto_GETALL(0x0, 0x0, 0xd, 0x7) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x8, 0x400000036d8b0da, 0x15) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, r0) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010031bd700502cabf7c914b53f3d7cd5e051744734aa78a672912a5d699630452377fdcd800fddbdf250c00000033ced447db3e72b62544e0fcd529838c4a861c2d13c5264ebeae33fe4fe91dd631dd2a7af56978dd38a496407b633542"], 0x14}}, 0x24048084) (async) madvise$auto(0x0, 0x200007, 0x19) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/pagemap\x00', 0x103003, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0x2, 0x1, 0x106) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x40, 0x0) (rerun: 64) socket(0xa, 0x801, 0x84) (async) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c9943, 0x0) (async) socket(0x2c, 0x3, 0x0) (async) sendfile$auto(0x6, 0x3, 0x0, 0xc01) (async) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) 4.216353271s ago: executing program 3 (id=1143): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x103001, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) read$auto(r0, 0x0, 0x9a28) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0x40047452, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) 3.872508972s ago: executing program 1 (id=1144): r0 = prctl$auto_SECCOMP_MODE_FILTER(0x9, 0x2, 0xffffffffffffffff, 0x401, 0x2) ioctl$auto_SNDRV_PCM_IOCTL_PREPARE2(r0, 0x4140, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r1, 0x29, 0x10, 0x0, 0x0) 3.053638741s ago: executing program 3 (id=1145): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20443, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000180)="eb2937be9f8ee434f6a729e1d8825ba95c852f44a6fa194930f2beba5d97c51ea3675f3ecf17db38b73251f06802b7f1a5b7badb9f23d02a2c504cddf1eed10ecb8b0f45167cf1c0ec7be3f2c9b4ee128c539492ce57") 3.052170031s ago: executing program 1 (id=1146): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, r0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x1602, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x20000001, 0x2, 0x3, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, 0x0) close_range$auto(0x2, 0x8, 0x0) fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x40000000014c, 0x4) 2.771565394s ago: executing program 0 (id=1147): r0 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x600, 0x0) r1 = openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/fail_io_timeout/space\x00', 0x4000, 0x0) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000280)={r1, &(0x7f0000000180)="597fb6f057923120c172f5fdab17cebffa86b0fb4a108dfb596f40c84c7a5f5e9191", 0x6, &(0x7f0000000300)="d2a68ff08268080481a84d133fe27114ef3d73b4b6910e327ff10dd37c19196cc5e893e356aae95441b04779d8494cddf726c3e87bd130388662bcd4d4aa7b0bdba742940c07e79013d999d4605317d009acb0023ced5fe62d9af84cafe4f84e3e7da9c59c6ec9f1eba1331985be1fa7c105f7d82748e256f9168ce47c3576fe570602a0ff81a65243327fb3a3e4699ccd91913b1790da", 0x2, &(0x7f00000001c0)="bf35ec00ef5fc3d3193906f82180ec62f6bdabbfa2cfc526922c22577b53bb08353463fdd17f3b2a1f06212121a98c3db3", &(0x7f0000000200)=0x7fff}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r2, 0x8, 0x0) brk$auto(0xffffffffffffff66) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r5, 0x0, 0x800003, 0x270) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/smaps_rollup\x00', 0x404000, 0x0) mmap$auto(0xfffffffffffffff1, 0x7, 0xfffffffffffffffe, 0x5f, 0xffffffffffffffff, 0x80000001) writev$auto(0x3, 0x0, 0x8) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r6, 0x4, 0x7ff) ptrace$auto_PTRACE_SETSIGMASK(0x420b, r6, 0x8, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000001ac0)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x10000}, 0x8) mprotect$auto(0x110c230000, 0xa588, 0x6) mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getpgid(r7) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x10000, 0xee01, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x89, 0x0, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0xfffd, 0x5, 0xdff9, @raw=0xffc00, @raw}) 2.702410436s ago: executing program 3 (id=1148): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3fe, 0x2, 0x7, 0x11, 0x7ff, 0x5, 0x807, 0x4, 0x6, 0xe914, 0x3, 0x6, 0x21, 0xb4, 0xffffffffffffffff, 0x6, 0x10001, 0x8, 0x100000000, 0x3b, 0x7, 0x5, 0x1fe, 0xfffffffd, 0x84, 0x0, 0x1000006, 0xfff, 0xffffffff, 0x0, [0x6, 0x1ff, 0x1, 0xfffffffffffffffe, 0x1000000000, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x80000000, 0x8003, 0x4000000, 0x0, 0xa784, 0x0, 0x4, 0x0, 0x4, 0x7fffffffffffffff, 0x20000000000, 0x9, 0x2, 0xb8, 0x0, 0x0, 0x1000000000000000, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffd, 0xec4e, 0x0, 0x8000000000000001, 0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x9a]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000003b00), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000003b40)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000003bc0)={&(0x7f0000003b80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0100fdc3af1ccc001a8b0700001008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x180c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x24, 0x4008) 2.572482888s ago: executing program 3 (id=1150): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/pcrypt/pencrypt/serial_cpumask\x00', 0x8a001, 0x0) write$auto(r2, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xee\x0f_o\xc0\xee?\xce\xa3\x04\x95Hq\xf4\x00\x00\x00\x00\x00\x00\x006\xe0\xb1d)X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x80000000000) write$auto(r0, 0x0, 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x2000000000000000, 0x4, 0x13, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x0) madvise$auto(0x0, 0x240007, 0x19) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r3) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$auto_NS_GET_PID_IN_PIDNS(r1, 0x8004b708, &(0x7f0000000040)=0x8) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/apparmor/exec\x00', 0x4602c1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r5) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES64=r4, @ANYRES8=r3, @ANYRES32, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0x800df, 0x9b72, 0xfffffffffffffffe, 0x8000) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000140), 0x600000, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) fcntl$auto(0x3, 0x4, 0xa553) socketpair$auto(0x1e, 0x5, 0x3, 0x0) open(0x0, 0x22241, 0x155) socket(0x2, 0x1, 0x0) 2.380521465s ago: executing program 2 (id=1151): sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e1f, @loopback}, 0x51) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x4082, 0x0) mmap$auto(0x400000002, 0x1, 0xdf, 0x9b72, 0x2, 0x1) r0 = prctl$auto(0x80, 0x1, 0x0, 0x2, 0x81) openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) read$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b800, 0x0) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) rename$auto(0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper\x00', 0x20681, 0x0) write$auto(r1, &(0x7f0000000280)='/d{\xa8wU/\x83\x99\xcc}\x81h\xda/\x98\xc8\xea\xb6T,7\'\xce\x8enC\xe7\xad\x00\x00\x00\x00.\xa6Wk\x9d\x10\xed`6\xbe%\xf4pm\xf2\x8b\fev/ra\xb1\x7ft\xcf\x811\xc3\x18\xf6\xfc\xc4\x014f\xed\xab\x02k)\x00\x00\x00\x00\x00\x00\x00\x00', 0x100000002) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x2, 0x2, 0x8, 0x1000014, 0x401, 0x8000) mmap$auto(0xb4ee, 0xb20, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2, 0x80002, 0x73) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000240)=0xffff) setsockopt$auto(0x3, 0x11e, 0x1, 0x0, 0x10001) getsockname$auto(0xffffffffffffffff, &(0x7f00000001c0), 0x0) pidfd_send_signal$auto_SIGCONT(0xffffffffffffffff, 0x12, 0x0, 0x0) readv$auto(0x3, 0x0, 0x5) utimensat$auto(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x38) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 1.651509098s ago: executing program 3 (id=1152): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(&(0x7f0000000000)="3b50ea6b7e3e528300dadce21e9b8ac6c95dce63d9019ff0401db82a5aa63540b6516f93e4cb399e9e7f69bebdb28d589344eaa6856fd56504c238f4a9d46c2b29bfb14602bdd9e71f1e639ef8f205c443811c04595b40d1ecb58d9736d5c219e55d5c790d42b2649f14025cf077707cfbb4183f0a9518f218a2f53baebd4d3b5b1ad9034957426449775c1145dbc34aad7864c82c2f", 0x10000, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon30\x00', 0x20880, 0x0) ioctl$auto_MON_IOCH_MFLUSH(r0, 0x9208, 0x0) r1 = socketpair$auto(0x1, 0xfff, 0x8000000000000000, 0x0) bind$auto(r1, &(0x7f0000000040)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7}, 0x2) 1.494819057s ago: executing program 1 (id=1153): close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/rfkill6/power\x00', 0x307082, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xca, 0x0, 0x2d9) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x40800) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x7bdb, 0x19) madvise$auto(0x5, 0x200007, 0xfffffffa) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x8658) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') socket(0x10, 0x2, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) 1.418196823s ago: executing program 3 (id=1154): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/usb4-port1/uevent\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x8}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="1100", 0x2) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x20401, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r2 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) kill$auto(r2, 0x11) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC1\x00', 0x0, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 1.013388342s ago: executing program 2 (id=1155): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0xfff, 0x4, 0x5, 0x9652) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xfffffffffffffff7, 0x401, 0x8000000000008000) unshare$auto(0x40000080) set_mempolicy_home_node$auto(0x0, 0x5, 0x1ff, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0xa, 0x106) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(r0, 0x8000451a, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) r2 = socket(0x18, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0\x00'}) socket(0xa, 0x801, 0x84) socket(0x18, 0x5, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x80487436, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40000b, 0x4df, 0x15, 0x2, 0x1000800000007ffe) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r4, 0xc0686611, &(0x7f0000000080)={0x67, 0x3f, 0x7fff, 0x5, 0x80000000007, 0x1, 0x6, 0xff, 0x5, 0x7f, 0xfbfffffe, 0xfff, 0x7fb, 0x4, 0x9}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f00000000c0), 0xffffffffffffffff) socketpair$auto(0xffffffff, 0x6, 0x6, 0x0) keyctl$auto(0xa, 0xfffffffffffffffd, 0x0, 0x0, 0x20) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r1) r5 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f00000003c0), 0x28000, 0x0) read$auto_fops_atomic_t_ro_(r5, 0x0, 0x0) 784.405396ms ago: executing program 1 (id=1156): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/sunrpc/parameters/auth_hashtable_size\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0x100082) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(r0, 0x541c, r1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(r2, 0x81004520, 0xffffffffffffffff) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x8, 0x1, 0x13, 0x3, 0x110000000) 577.865337ms ago: executing program 1 (id=1157): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, r0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x1602, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x20000001, 0x2, 0x3, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, 0x0) close_range$auto(0x2, 0x8, 0x0) fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x40000000014c, 0x4) 0s ago: executing program 0 (id=1158): r0 = socket(0xa, 0x5, 0x0) ioctl$auto(r0, 0x8941, 0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram1/trace/start_lba\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/transaction_log\x00', 0x8000, 0x0) r3 = openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x22800, 0x0) inotify_init1$auto(0x3000000000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/hid/drivers/cypress/new_id\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000080)='0[.[\x00', 0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) pread64$auto(r3, &(0x7f0000000080)=']$,]/\x00', 0x8, 0x9) readv$auto(r2, &(0x7f0000000540)={0x0, 0x2}, 0xc) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/bus/usb/drivers/sunplus/remove_id\x00', 0xa081, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/key\x00', 0x80000, 0x0) read$auto(r6, 0x0, 0x20) write$auto(0x3, 0x0, 0x81) ioctl$auto_MON_IOCG_STATS(r5, 0x80089203, &(0x7f0000000140)={0x7, 0xf}) kernel console output (not intermixed with test programs): tive_anon:49336kB inactive_anon:0kB active_file:71328kB inactive_file:161492kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100376kB dirty:3664kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12148kB pagetables:4920kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 314.050133][ T9215] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 314.081004][ T9215] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 314.113233][ T9215] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 314.123062][ T9215] Node 0 DMA32 free:1339376kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:49420kB inactive_anon:0kB active_file:71328kB inactive_file:161492kB unevictable:1536kB writepending:3668kB zspages:0kB present:3129332kB managed:2541020kB mlocked:0kB bounce:0kB free_pcp:62728kB local_pcp:30276kB free_cma:0kB [ 314.157627][ T9215] lowmem_reserve[]: 0 0 1 1 1 [ 314.162503][ T9215] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 314.193523][ T9215] lowmem_reserve[]: 0 0 0 0 0 [ 314.198594][ T9215] Node 1 Normal free:3905660kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:8044kB local_pcp:504kB free_cma:0kB [ 314.232143][ T9215] lowmem_reserve[]: 0 0 0 0 0 [ 314.240019][ T9215] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 314.258043][ T9215] Node 0 DMA32: 2664*4kB (UE) 2910*8kB (UME) 1841*16kB (UM) 956*32kB (UM) 662*64kB (UME) 340*128kB (UME) 215*256kB (UME) 83*512kB (UME) 67*1024kB (UME) 25*2048kB (UME) 230*4096kB (M) = 1339296kB [ 314.283544][ T9215] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 314.303646][ T9215] Node 1 Normal: 186*4kB (UME) 51*8kB (UE) 39*16kB (UME) 214*32kB (UE) 106*64kB (UME) 37*128kB (UME) 18*256kB (UME) 8*512kB (UME) 2*1024kB (U) 4*2048kB (UME) 944*4096kB (M) = 3905712kB [ 314.324536][ T9215] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 314.345027][ T9215] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 314.376591][ T9215] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 314.428116][ T9215] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 314.451948][ T9215] 59619 total pagecache pages [ 314.463734][ T9215] 0 pages in swap cache [ 314.468100][ T9215] Free swap = 124996kB [ 314.472306][ T9215] Total swap = 124996kB [ 314.477402][ T9215] 2097051 pages RAM [ 314.481263][ T9215] 0 pages HighMem/MovableOnly [ 314.487503][ T9037] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 314.490211][ T9215] 429770 pages reserved [ 314.499799][ T9215] 0 pages cma reserved [ 314.504713][ T9215] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 314.656338][ T9037] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 314.701770][ T9037] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 314.774736][ T9037] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 315.163902][ T9037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.247137][ T9037] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.311574][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.319509][ T3550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.381980][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.389336][ T7225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.880584][ T9276] cougar: G6 mapped to space [ 315.897510][ T9264] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 315.923479][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.3.639 Tainted: G U L syzkaller #0 PREEMPT(full) [ 315.923531][ T9264] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 315.923543][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.923560][ T9264] Call Trace: [ 315.923570][ T9264] [ 315.923582][ T9264] dump_stack_lvl+0x16c/0x1f0 [ 315.923644][ T9264] sysfs_warn_dup+0x7f/0xa0 [ 315.923679][ T9264] sysfs_do_create_link_sd+0x124/0x140 [ 315.923717][ T9264] sysfs_create_link+0x61/0xc0 [ 315.923749][ T9264] device_add+0x652/0x1980 [ 315.923797][ T9264] ? __pfx_device_add+0x10/0x10 [ 315.923836][ T9264] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.923883][ T9264] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 315.923937][ T9264] wiphy_register+0x1ea1/0x2cc0 [ 315.923966][ T9264] ? __rtnl_unlock+0x68/0xf0 [ 315.924011][ T9264] ? net_rx_action+0x530/0xfa0 [ 315.924056][ T9264] ? __pfx_wiphy_register+0x10/0x10 [ 315.924088][ T9264] ? __asan_memset+0x23/0x50 [ 315.924138][ T9264] ? ieee80211_init_rate_ctrl_alg+0x125/0x680 [ 315.924175][ T9264] ieee80211_register_hw+0x2bb2/0x4160 [ 315.924223][ T9264] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 315.924255][ T9264] ? __pfx___debug_object_init+0x10/0x10 [ 315.924309][ T9264] ? find_held_lock+0x2b/0x80 [ 315.924354][ T9264] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.924398][ T9264] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 315.924442][ T9264] ? __hrtimer_setup+0x176/0x280 [ 315.924483][ T9264] mac80211_hwsim_new_radio+0x3323/0x5150 [ 315.924545][ T9264] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 315.924606][ T9264] hwsim_new_radio_nl+0xba2/0x1330 [ 315.924646][ T9264] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 315.924696][ T9264] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 315.924730][ T9264] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 315.924772][ T9264] genl_family_rcv_msg_doit+0x209/0x2f0 [ 315.924807][ T9264] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 315.924839][ T9264] ? genl_get_cmd+0x194/0x580 [ 315.924875][ T9264] ? bpf_lsm_capable+0x9/0x10 [ 315.924913][ T9264] ? security_capable+0x7e/0x260 [ 315.924962][ T9264] ? ns_capable+0xd7/0x110 [ 315.925001][ T9264] genl_rcv_msg+0x55c/0x800 [ 315.925037][ T9264] ? __pfx_genl_rcv_msg+0x10/0x10 [ 315.925068][ T9264] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 315.925120][ T9264] netlink_rcv_skb+0x158/0x420 [ 315.925162][ T9264] ? __pfx_genl_rcv_msg+0x10/0x10 [ 315.925194][ T9264] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 315.925256][ T9264] ? netlink_deliver_tap+0x1ae/0xd30 [ 315.925305][ T9264] genl_rcv+0x28/0x40 [ 315.925330][ T9264] netlink_unicast+0x5aa/0x870 [ 315.925377][ T9264] ? __pfx_netlink_unicast+0x10/0x10 [ 315.925421][ T9264] ? __pfx___might_resched+0x10/0x10 [ 315.925459][ T9264] ? __lock_acquire+0x436/0x2890 [ 315.925493][ T9264] netlink_sendmsg+0x8c8/0xdd0 [ 315.925541][ T9264] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.925599][ T9264] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 315.925656][ T9264] ____sys_sendmsg+0xa5d/0xc30 [ 315.925687][ T9264] ? copy_msghdr_from_user+0x10a/0x160 [ 315.925722][ T9264] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.925759][ T9264] ? __pfx_futex_wake_mark+0x10/0x10 [ 315.925806][ T9264] ___sys_sendmsg+0x134/0x1d0 [ 315.925849][ T9264] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.925888][ T9264] ? futex_private_hash_put+0x160/0x1b0 [ 315.925970][ T9264] __sys_sendmsg+0x16d/0x220 [ 315.926008][ T9264] ? __pfx___sys_sendmsg+0x10/0x10 [ 315.926045][ T9264] ? __x64_sys_futex+0x1e0/0x4c0 [ 315.926100][ T9264] do_syscall_64+0xcd/0xf80 [ 315.926138][ T9264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.926166][ T9264] RIP: 0033:0x7fdd8f38f7c9 [ 315.926191][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.926217][ T9264] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.926244][ T9264] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 315.926263][ T9264] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 315.926280][ T9264] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 315.926297][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.926314][ T9264] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 315.926355][ T9264] [ 316.779632][ T9037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 317.268175][ T9037] veth0_vlan: entered promiscuous mode [ 317.285683][ T9037] veth1_vlan: entered promiscuous mode [ 317.685103][ T9037] veth0_macvtap: entered promiscuous mode [ 317.746915][ T9037] veth1_macvtap: entered promiscuous mode [ 317.885233][ T9037] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.950896][ T9037] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.052881][ T5953] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.124048][ T5953] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.248280][ T5953] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.299895][ T5953] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.349756][ T7225] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 318.802064][ T7454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.862456][ T7454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.030723][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.085532][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.887578][ T9332] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 320.469862][ T9352] cougar: G6 mapped to space [ 322.659200][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.668887][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.263048][ T9417] nvme_fcloop: unknown parameter or missing value '7' [ 325.084272][ T9471] input: f¬ as /devices/virtual/input/input24 [ 325.257242][ T9476] zram: Removed device: zram0 [ 327.010093][ T9505] FAULT_INJECTION: forcing a failure. [ 327.010093][ T9505] name (null), interval 1, probability 0, space 0, times 1 [ 327.035029][ T9505] CPU: 0 UID: 0 PID: 9505 Comm: syz.1.675 Tainted: G U L syzkaller #0 PREEMPT(full) [ 327.035083][ T9505] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 327.035096][ T9505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 327.035113][ T9505] Call Trace: [ 327.035123][ T9505] [ 327.035135][ T9505] dump_stack_lvl+0x16c/0x1f0 [ 327.035186][ T9505] should_fail_ex+0x512/0x640 [ 327.035225][ T9505] null_queue_rq+0x2ed/0xfd0 [ 327.035273][ T9505] null_queue_rqs+0xe9/0x2f0 [ 327.035309][ T9505] ? __pfx_null_queue_rqs+0x10/0x10 [ 327.035368][ T9505] __blk_mq_flush_list+0x9a/0xc0 [ 327.035414][ T9505] blk_mq_dispatch_queue_requests+0x184/0x7b0 [ 327.035459][ T9505] blk_mq_flush_plug_list+0x1f2/0x600 [ 327.035505][ T9505] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 327.035557][ T9505] __blk_flush_plug+0x2c4/0x4b0 [ 327.035597][ T9505] ? __pfx___blk_flush_plug+0x10/0x10 [ 327.035628][ T9505] ? folio_batch_move_lru+0x278/0x3a0 [ 327.035663][ T9505] ? __pfx_lru_add+0x10/0x10 [ 327.035705][ T9505] blk_finish_plug+0x53/0xa0 [ 327.035738][ T9505] read_pages+0x583/0xc70 [ 327.035772][ T9505] ? lru_gen_add_folio+0xe97/0xef0 [ 327.035810][ T9505] ? __pfx_read_pages+0x10/0x10 [ 327.035845][ T9505] ? filemap_get_entry+0x1a7/0x3b0 [ 327.035892][ T9505] page_cache_ra_order+0x74b/0xed0 [ 327.035942][ T9505] page_cache_async_ra+0x74b/0xc40 [ 327.035982][ T9505] filemap_fault+0xd14/0x29d0 [ 327.036025][ T9505] ? __pfx_filemap_fault+0x10/0x10 [ 327.036079][ T9505] ? __pfx_filemap_map_pages+0x10/0x10 [ 327.036110][ T9505] __do_fault+0x10d/0x490 [ 327.036156][ T9505] ? __pfx_filemap_map_pages+0x10/0x10 [ 327.036186][ T9505] do_fault+0xae4/0x1ad0 [ 327.036226][ T9505] ? __pfx_filemap_map_pages+0x10/0x10 [ 327.036267][ T9505] __handle_mm_fault+0x1919/0x2bb0 [ 327.036310][ T9505] ? __pfx___handle_mm_fault+0x10/0x10 [ 327.036353][ T9505] ? __pte_offset_map_lock+0x174/0x310 [ 327.036396][ T9505] ? find_held_lock+0x2b/0x80 [ 327.036449][ T9505] ? follow_page_pte+0x5cf/0x1390 [ 327.036502][ T9505] handle_mm_fault+0x3fe/0xad0 [ 327.036543][ T9505] __get_user_pages+0x54e/0x3590 [ 327.036602][ T9505] ? __pfx___get_user_pages+0x10/0x10 [ 327.036658][ T9505] populate_vma_page_range+0x267/0x3f0 [ 327.036707][ T9505] ? __pfx_populate_vma_page_range+0x10/0x10 [ 327.036751][ T9505] ? __pfx_find_vma_intersection+0x10/0x10 [ 327.036794][ T9505] ? do_mmap+0x69c/0x1210 [ 327.036841][ T9505] __mm_populate+0x1d8/0x380 [ 327.036887][ T9505] ? __pfx___mm_populate+0x10/0x10 [ 327.036935][ T9505] ? up_write+0x282/0x4e0 [ 327.036971][ T9505] vm_mmap_pgoff+0x37f/0x470 [ 327.037017][ T9505] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 327.037065][ T9505] ? __fget_files+0x20e/0x3c0 [ 327.037115][ T9505] ksys_mmap_pgoff+0x32c/0x5c0 [ 327.037163][ T9505] __x64_sys_mmap+0x125/0x190 [ 327.037199][ T9505] do_syscall_64+0xcd/0xf80 [ 327.037230][ T9505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.037260][ T9505] RIP: 0033:0x7f259878f7c9 [ 327.037283][ T9505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.037320][ T9505] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 327.037349][ T9505] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 327.037369][ T9505] RDX: 0000000000000ffb RSI: 0000000000810006 RDI: 0000000000000000 [ 327.037386][ T9505] RBP: 00007f2598813f91 R08: 0000000000000003 R09: 0000000000000000 [ 327.037404][ T9505] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000000 [ 327.037421][ T9505] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 327.037464][ T9505] [ 327.479814][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.677'. [ 328.744901][ T9530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 328.766324][ T9530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.798290][ T9530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 328.829607][ T9530] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 328.873751][ T9530] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 329.084884][ T9530] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 329.377551][ T9543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.684'. [ 330.813566][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 330.813601][ T5148] Bluetooth: hci0: command 0x0c1a tx timeout [ 330.826039][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 330.903690][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 332.973209][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 334.170288][ T9629] HfR: entered promiscuous mode [ 334.206767][ T9629] netlink: 12 bytes leftover after parsing attributes in process `syz.0.702'. [ 334.229785][ T9629] HfR: left promiscuous mode [ 334.454560][ T9640] cougar: G6 mapped to F18 [ 335.053538][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 335.744921][ T9654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 335.798122][ T9654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 335.811233][ T9654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 335.819928][ T9654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 336.132878][ T30] audit: type=1800 audit(4294967463.742:53): pid=9664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.710" name="dbroot" dev="configfs" ino=30499 res=0 errno=0 [ 336.973372][ T9680] cougar: G6 mapped to F18 [ 337.607545][ T9696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.717'. [ 337.621123][ T9695] MTRR 1 not used [ 337.629442][ T9690] cougar: G6 mapped to F18 [ 337.721826][ T9696] bridge_slave_1: left allmulticast mode [ 337.764231][ T9696] bridge_slave_1: left promiscuous mode [ 337.773173][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 337.863342][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 337.863380][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 337.877591][ T5148] Bluetooth: hci2: command 0x0c1a tx timeout [ 337.923692][ T9696] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.177436][ T9696] bridge_slave_0: left allmulticast mode [ 338.241334][ T9696] bridge_slave_0: left promiscuous mode [ 338.269970][ T9696] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.319240][ T9703] bdi 1:0: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 339.240307][ T9733] syz.2.722 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 341.103775][ T9762] cougar: G6 mapped to F18 [ 343.574880][ T9827] netlink: 334 bytes leftover after parsing attributes in process `syz.3.735'. [ 344.280726][ T9839] Trying to write to read-only block-device sda1 [ 344.734240][ T9843] cougar: G6 mapped to space [ 345.994816][ T9864] cougar: G6 mapped to space [ 348.893488][ T9910] cougar: G6 mapped to F18 [ 349.605057][ T30] audit: type=1800 audit(4294967477.222:54): pid=9913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.747" name="features" dev="configfs" ino=31469 res=0 errno=0 [ 349.993987][ T9918] FAULT_INJECTION: forcing a failure. [ 349.993987][ T9918] name failslab, interval 1, probability 0, space 0, times 0 [ 350.007221][ T9918] CPU: 1 UID: 0 PID: 9918 Comm: syz.3.752 Tainted: G U L syzkaller #0 PREEMPT(full) [ 350.007268][ T9918] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 350.007280][ T9918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 350.007296][ T9918] Call Trace: [ 350.007321][ T9918] [ 350.007333][ T9918] dump_stack_lvl+0x16c/0x1f0 [ 350.007382][ T9918] should_fail_ex+0x512/0x640 [ 350.007414][ T9918] ? __kmalloc_noprof+0xca/0x910 [ 350.007459][ T9918] should_failslab+0xc2/0x120 [ 350.007502][ T9918] __kmalloc_noprof+0xeb/0x910 [ 350.007532][ T9918] ? lsm_blob_alloc+0x68/0x90 [ 350.007579][ T9918] ? lsm_blob_alloc+0x68/0x90 [ 350.007618][ T9918] lsm_blob_alloc+0x68/0x90 [ 350.007659][ T9918] security_sk_alloc+0x2f/0x270 [ 350.007690][ T9918] sk_prot_alloc+0x1c7/0x2a0 [ 350.007738][ T9918] sk_alloc+0x36/0xe30 [ 350.007775][ T9918] __netlink_create+0x5e/0x2c0 [ 350.007818][ T9918] __netlink_kernel_create+0xed/0x750 [ 350.007859][ T9918] ? __lock_acquire+0x436/0x2890 [ 350.007905][ T9918] ? __pfx___netlink_kernel_create+0x10/0x10 [ 350.007963][ T9918] rtnetlink_net_init+0xb9/0x140 [ 350.008000][ T9918] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 350.008037][ T9918] ? lockdep_init_map_type+0x5c/0x270 [ 350.008066][ T9918] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 350.008099][ T9918] ? __pfx_rtnetlink_bind+0x10/0x10 [ 350.008137][ T9918] ? mutex_init_lockep+0x110/0x150 [ 350.008172][ T9918] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 350.008204][ T9918] ops_init+0x1e2/0x5f0 [ 350.008261][ T9918] setup_net+0x11d/0x3a0 [ 350.008305][ T9918] ? __pfx_setup_net+0x10/0x10 [ 350.008344][ T9918] ? lockdep_init_map_type+0x5c/0x270 [ 350.008374][ T9918] ? mutex_init_lockep+0x110/0x150 [ 350.008411][ T9918] copy_net_ns+0x351/0x7c0 [ 350.008469][ T9918] create_new_namespaces+0x3ea/0xab0 [ 350.008520][ T9918] copy_namespaces+0x468/0x570 [ 350.008562][ T9918] copy_process+0x2a70/0x7430 [ 350.008604][ T9918] ? __pfx___schedule+0x10/0x10 [ 350.008669][ T9918] ? __pfx_copy_process+0x10/0x10 [ 350.008723][ T9918] ? _copy_from_user+0x59/0xd0 [ 350.008762][ T9918] kernel_clone+0xfc/0x910 [ 350.008809][ T9918] ? __pfx_kernel_clone+0x10/0x10 [ 350.008848][ T9918] ? futex_private_hash_put+0x160/0x1b0 [ 350.008890][ T9918] ? __pfx_futex_wake+0x10/0x10 [ 350.008929][ T9918] __do_sys_clone3+0x212/0x290 [ 350.008968][ T9918] ? __pfx___do_sys_clone3+0x10/0x10 [ 350.009029][ T9918] ? putname+0xf5/0x1a0 [ 350.009054][ T9918] ? putname+0xf5/0x1a0 [ 350.009111][ T9918] do_syscall_64+0xcd/0xf80 [ 350.009141][ T9918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.009171][ T9918] RIP: 0033:0x7fdd8f38f7c9 [ 350.009195][ T9918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.009223][ T9918] RSP: 002b:00007fdd9026df08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 350.009252][ T9918] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fdd8f38f7c9 [ 350.009270][ T9918] RDX: 00007fdd9026df20 RSI: 0000000000000058 RDI: 00007fdd9026df20 [ 350.009288][ T9918] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000058 [ 350.009305][ T9918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.009323][ T9918] R13: 00007fdd8f5e6128 R14: 00007fdd8f5e6090 R15: 00007ffc04af0ce8 [ 350.009365][ T9918] [ 350.400530][ T9922] HfR: entered promiscuous mode [ 351.344293][ T9942] netlink: 28 bytes leftover after parsing attributes in process `syz.0.756'. [ 351.398488][ T5845] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 351.492832][ T5845] Bluetooth: hci1: Malformed Event: 0x02 [ 351.586786][ T9942] bond0: (slave bond_slave_1): Releasing backup interface [ 352.416923][ T9956] cougar: G6 mapped to space [ 354.101936][ T9988] input: f¬ as /devices/virtual/input/input26 [ 354.196303][ T9992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.770'. [ 355.632146][ T7451] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.023321][T10015] cougar: G6 mapped to space [ 358.125581][ T5845] Bluetooth: hci0: unexpected event 0x2f length: 435 > 260 [ 358.125628][ T5845] Bluetooth: hci0: Malformed Event: 0x2f [ 359.696639][T10061] netlink: 28 bytes leftover after parsing attributes in process `syz.1.783'. [ 359.821199][T10056] __vm_enough_memory: pid: 10056, comm: syz.2.777, bytes: 4398046511104 not enough memory for the allocation [ 360.039434][T10067] cougar: G6 mapped to space [ 361.909929][T10083] XFS: Clearing xfsstats [ 361.926507][T10081] HfR: entered promiscuous mode [ 362.453901][T10097] raw_sendmsg: syz.1.791 forgot to set AF_INET. Fix it! [ 362.636027][T10116] input: f¬ as /devices/virtual/input/input27 [ 363.019811][T10114] cougar: G6 mapped to space [ 363.798812][T10130] bond0: Unable to set up delay as MII monitoring is disabled [ 363.972769][T10128] cougar: G6 mapped to space [ 364.288762][T10138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.797'. [ 368.458138][T10146] syz.2.799 (10146) used greatest stack depth: 18632 bytes left [ 369.199513][T10193] cougar: G6 mapped to space [ 369.462777][T10201] Invalid ELF header magic: != ELF [ 370.015096][T10213] FAULT_INJECTION: forcing a failure. [ 370.015096][T10213] name failslab, interval 1, probability 0, space 0, times 0 [ 370.062642][T10213] CPU: 1 UID: 0 PID: 10213 Comm: syz.2.815 Tainted: G U L syzkaller #0 PREEMPT(full) [ 370.062699][T10213] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 370.062711][T10213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 370.062729][T10213] Call Trace: [ 370.062738][T10213] [ 370.062749][T10213] dump_stack_lvl+0x16c/0x1f0 [ 370.062799][T10213] should_fail_ex+0x512/0x640 [ 370.062833][T10213] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 370.062874][T10213] should_failslab+0xc2/0x120 [ 370.062918][T10213] kmem_cache_alloc_node_noprof+0x86/0x800 [ 370.062953][T10213] ? do_syscall_64+0xcd/0xf80 [ 370.062977][T10213] ? alloc_vmap_area+0x66f/0x2a50 [ 370.063022][T10213] ? alloc_vmap_area+0x66f/0x2a50 [ 370.063060][T10213] alloc_vmap_area+0x66f/0x2a50 [ 370.063112][T10213] ? __pfx_alloc_vmap_area+0x10/0x10 [ 370.063166][T10213] __get_vm_area_node+0x1ca/0x330 [ 370.063219][T10213] __vmalloc_node_range_noprof+0x247/0x16b0 [ 370.063258][T10213] ? n_tty_open+0x1a/0x170 [ 370.063285][T10213] ? do_raw_spin_lock+0x12c/0x2b0 [ 370.063329][T10213] ? n_tty_open+0x1a/0x170 [ 370.063369][T10213] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 370.063399][T10213] ? __ldsem_down_write_nested+0xfd/0x850 [ 370.063427][T10213] ? __ldsem_down_write_nested+0x10e/0x850 [ 370.063455][T10213] ? lockdep_init_map_type+0x5c/0x270 [ 370.063489][T10213] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 370.063526][T10213] ? n_tty_open+0x1a/0x170 [ 370.063552][T10213] __vmalloc_node_noprof+0xad/0xf0 [ 370.063580][T10213] ? n_tty_open+0x1a/0x170 [ 370.063608][T10213] ? __pfx_n_tty_open+0x10/0x10 [ 370.063636][T10213] n_tty_open+0x1a/0x170 [ 370.063662][T10213] ? __pfx_n_tty_open+0x10/0x10 [ 370.063688][T10213] tty_ldisc_open+0x9f/0x120 [ 370.063725][T10213] tty_ldisc_setup+0x40/0x100 [ 370.063762][T10213] tty_init_dev.part.0+0x1ec/0x500 [ 370.063803][T10213] tty_init_dev+0x60/0x80 [ 370.063840][T10213] ptmx_open+0x15e/0x3c0 [ 370.063873][T10213] ? __pfx_ptmx_open+0x10/0x10 [ 370.063903][T10213] chrdev_open+0x234/0x6a0 [ 370.063943][T10213] ? __pfx_apparmor_file_open+0x10/0x10 [ 370.063972][T10213] ? __pfx_chrdev_open+0x10/0x10 [ 370.064013][T10213] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 370.064064][T10213] do_dentry_open+0x748/0x1590 [ 370.064102][T10213] ? __pfx_chrdev_open+0x10/0x10 [ 370.064169][T10213] vfs_open+0x82/0x3f0 [ 370.064204][T10213] path_openat+0x2078/0x3140 [ 370.064267][T10213] ? __pfx_path_openat+0x10/0x10 [ 370.064326][T10213] do_filp_open+0x20b/0x470 [ 370.064367][T10213] ? __pfx_do_filp_open+0x10/0x10 [ 370.064441][T10213] ? alloc_fd+0x471/0x7d0 [ 370.064495][T10213] do_sys_openat2+0x121/0x290 [ 370.064525][T10213] ? __pfx_do_sys_openat2+0x10/0x10 [ 370.064557][T10213] ? find_held_lock+0x2b/0x80 [ 370.064604][T10213] __x64_sys_openat+0x174/0x210 [ 370.064636][T10213] ? __pfx___x64_sys_openat+0x10/0x10 [ 370.064685][T10213] do_syscall_64+0xcd/0xf80 [ 370.064714][T10213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.064742][T10213] RIP: 0033:0x7f5211d8f7c9 [ 370.064766][T10213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.064792][T10213] RSP: 002b:00007f5212bb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 370.064820][T10213] RAX: ffffffffffffffda RBX: 00007f5211fe5fa0 RCX: 00007f5211d8f7c9 [ 370.064840][T10213] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 370.064858][T10213] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 370.064875][T10213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.064891][T10213] R13: 00007f5211fe6038 R14: 00007f5211fe5fa0 R15: 00007ffff545f938 [ 370.064931][T10213] [ 370.474723][T10213] syz.2.815: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 370.527210][T10213] CPU: 0 UID: 0 PID: 10213 Comm: syz.2.815 Tainted: G U L syzkaller #0 PREEMPT(full) [ 370.527261][T10213] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 370.527274][T10213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 370.527291][T10213] Call Trace: [ 370.527301][T10213] [ 370.527314][T10213] dump_stack_lvl+0x16c/0x1f0 [ 370.527367][T10213] warn_alloc+0x248/0x3a0 [ 370.527406][T10213] ? __pfx_warn_alloc+0x10/0x10 [ 370.527447][T10213] ? __get_vm_area_node+0x2cd/0x330 [ 370.527498][T10213] ? __get_vm_area_node+0x2cd/0x330 [ 370.527541][T10213] ? __get_vm_area_node+0x208/0x330 [ 370.527595][T10213] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 370.527639][T10213] ? n_tty_open+0x1a/0x170 [ 370.527679][T10213] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 370.527709][T10213] ? __ldsem_down_write_nested+0xfd/0x850 [ 370.527739][T10213] ? __ldsem_down_write_nested+0x10e/0x850 [ 370.527767][T10213] ? lockdep_init_map_type+0x5c/0x270 [ 370.527806][T10213] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 370.527842][T10213] ? n_tty_open+0x1a/0x170 [ 370.527870][T10213] __vmalloc_node_noprof+0xad/0xf0 [ 370.527899][T10213] ? n_tty_open+0x1a/0x170 [ 370.527927][T10213] ? __pfx_n_tty_open+0x10/0x10 [ 370.527957][T10213] n_tty_open+0x1a/0x170 [ 370.527996][T10213] ? __pfx_n_tty_open+0x10/0x10 [ 370.528026][T10213] tty_ldisc_open+0x9f/0x120 [ 370.528065][T10213] tty_ldisc_setup+0x40/0x100 [ 370.528105][T10213] tty_init_dev.part.0+0x1ec/0x500 [ 370.528155][T10213] tty_init_dev+0x60/0x80 [ 370.528201][T10213] ptmx_open+0x15e/0x3c0 [ 370.528243][T10213] ? __pfx_ptmx_open+0x10/0x10 [ 370.528277][T10213] chrdev_open+0x234/0x6a0 [ 370.528319][T10213] ? __pfx_apparmor_file_open+0x10/0x10 [ 370.528351][T10213] ? __pfx_chrdev_open+0x10/0x10 [ 370.528398][T10213] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 370.528455][T10213] do_dentry_open+0x748/0x1590 [ 370.528496][T10213] ? __pfx_chrdev_open+0x10/0x10 [ 370.528551][T10213] vfs_open+0x82/0x3f0 [ 370.528589][T10213] path_openat+0x2078/0x3140 [ 370.528646][T10213] ? __pfx_path_openat+0x10/0x10 [ 370.528706][T10213] do_filp_open+0x20b/0x470 [ 370.528752][T10213] ? __pfx_do_filp_open+0x10/0x10 [ 370.528835][T10213] ? alloc_fd+0x471/0x7d0 [ 370.528890][T10213] do_sys_openat2+0x121/0x290 [ 370.528924][T10213] ? __pfx_do_sys_openat2+0x10/0x10 [ 370.528960][T10213] ? find_held_lock+0x2b/0x80 [ 370.529023][T10213] __x64_sys_openat+0x174/0x210 [ 370.529058][T10213] ? __pfx___x64_sys_openat+0x10/0x10 [ 370.529113][T10213] do_syscall_64+0xcd/0xf80 [ 370.529145][T10213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.529176][T10213] RIP: 0033:0x7f5211d8f7c9 [ 370.529201][T10213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.529229][T10213] RSP: 002b:00007f5212bb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 370.529258][T10213] RAX: ffffffffffffffda RBX: 00007f5211fe5fa0 RCX: 00007f5211d8f7c9 [ 370.529277][T10213] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 370.529292][T10213] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 370.529309][T10213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.529325][T10213] R13: 00007f5211fe6038 R14: 00007f5211fe5fa0 R15: 00007ffff545f938 [ 370.529367][T10213] [ 370.529493][T10213] Mem-Info: [ 370.935433][T10213] active_anon:18646 inactive_anon:22 isolated_anon:0 [ 370.935433][T10213] active_file:16099 inactive_file:41161 isolated_file:0 [ 370.935433][T10213] unevictable:768 dirty:663 writeback:0 [ 370.935433][T10213] slab_reclaimable:11530 slab_unreclaimable:94337 [ 370.935433][T10213] mapped:32619 shmem:8175 pagetables:1132 [ 370.935433][T10213] sec_pagetables:0 bounce:0 [ 370.935433][T10213] kernel_misc_reclaimable:0 [ 370.935433][T10213] free:1315232 free_pcp:7890 free_cma:0 [ 371.053317][T10213] Node 0 active_anon:78920kB inactive_anon:88kB active_file:64396kB inactive_file:164508kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130988kB dirty:2672kB writeback:0kB shmem:32088kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12332kB pagetables:4460kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 371.131415][T10211] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 371.163193][T10213] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 371.250525][T10222] FAULT_INJECTION: forcing a failure. [ 371.250525][T10222] name fail_futex, interval 1, probability 0, space 0, times 0 [ 371.273458][T10222] CPU: 0 UID: 0 PID: 10222 Comm: syz.1.814 Tainted: G U L syzkaller #0 PREEMPT(full) [ 371.273507][T10222] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 371.273517][T10222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 371.273534][T10222] Call Trace: [ 371.273544][T10222] [ 371.273555][T10222] dump_stack_lvl+0x16c/0x1f0 [ 371.273606][T10222] should_fail_ex+0x512/0x640 [ 371.273647][T10222] get_futex_key+0x1d0/0x15f0 [ 371.273687][T10222] ? __pfx_get_futex_key+0x10/0x10 [ 371.273733][T10222] futex_wake+0xea/0x530 [ 371.273769][T10222] ? futex_wait+0x120/0x380 [ 371.273810][T10222] ? __pfx_futex_wait+0x10/0x10 [ 371.273850][T10222] ? __pfx_futex_wake+0x10/0x10 [ 371.273896][T10222] ? __fget_files+0x204/0x3c0 [ 371.273948][T10222] do_futex+0x1e3/0x350 [ 371.273983][T10222] ? __pfx_do_futex+0x10/0x10 [ 371.274017][T10222] ? fput+0x70/0xf0 [ 371.274043][T10222] ? __sys_sendmsg+0x18c/0x220 [ 371.274088][T10222] __x64_sys_futex+0x1e0/0x4c0 [ 371.274129][T10222] ? __pfx___x64_sys_futex+0x10/0x10 [ 371.274164][T10222] ? __task_pid_nr_ns+0x1f5/0x500 [ 371.274204][T10222] do_syscall_64+0xcd/0xf80 [ 371.274235][T10222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.274266][T10222] RIP: 0033:0x7f259878f7c9 [ 371.274300][T10222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.274329][T10222] RSP: 002b:00007f25995840e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 371.274358][T10222] RAX: ffffffffffffffda RBX: 00007f25989e6188 RCX: 00007f259878f7c9 [ 371.274378][T10222] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f25989e618c [ 371.274396][T10222] RBP: 00007f25989e6180 R08: 00007f25995c7000 R09: 0000000000000000 [ 371.274414][T10222] R10: 00000000000003a8 R11: 0000000000000246 R12: 0000000000000000 [ 371.274432][T10222] R13: 00007f25989e6218 R14: 00007fffeb5d44c0 R15: 00007fffeb5d45a8 [ 371.274473][T10222] [ 371.444052][T10213] Node 0 [ 371.494880][T10225] vhci_hcd vhci_hcd.2: invalid port number 252 [ 371.504290][T10225] vhci_hcd vhci_hcd.2: default hub control req: 040f v0772 i00fc l2 [ 371.512489][T10213] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 371.542860][T10213] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 371.549064][T10213] Node 0 DMA32 free:1328496kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:86920kB inactive_anon:88kB active_file:64396kB inactive_file:164576kB unevictable:1536kB writepending:2680kB zspages:280kB present:3129332kB managed:2541020kB mlocked:0kB bounce:0kB free_pcp:17428kB local_pcp:10200kB free_cma:0kB [ 371.583691][T10213] lowmem_reserve[]: 0 0 1 1 1 [ 371.589196][T10213] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 371.622727][T10213] lowmem_reserve[]: 0 0 0 0 0 [ 371.627658][T10213] Node 1 Normal free:3908484kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:5308kB local_pcp:4584kB free_cma:0kB [ 371.703241][T10213] lowmem_reserve[]: 0 0 0 0 0 [ 371.708152][T10213] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 371.773130][T10213] Node 0 DMA32: 2761*4kB (UM) 2941*8kB (UME) 2525*16kB (UME) 1051*32kB (UME) 597*64kB (UME) 306*128kB (UM) 166*256kB (UM) 101*512kB (UME) 75*1024kB (UME) 22*2048kB (UME) 226*4096kB (M) = 1327740kB [ 371.864170][T10213] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 371.957074][T10226] cougar: G6 mapped to space [ 372.021841][T10213] Node 1 Normal: 201*4kB (UME) 56*8kB (UME) 26*16kB (UME) 200*32kB (UME) 108*64kB (UME) 40*128kB (UME) 21*256kB (UME) 8*512kB (UME) 4*1024kB (UM) 4*2048kB (UME) 944*4096kB (M) = 3908484kB [ 372.073250][T10213] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 372.123213][T10213] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 372.140666][T10213] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 372.182562][T10213] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 372.202790][T10213] 67357 total pagecache pages [ 372.223232][T10213] 5 pages in swap cache [ 372.232496][T10213] Free swap = 124916kB [ 372.243230][T10213] Total swap = 124996kB [ 372.258850][T10213] 2097051 pages RAM [ 372.263491][T10213] 0 pages HighMem/MovableOnly [ 372.276749][T10213] 429770 pages reserved [ 372.291646][T10213] 0 pages cma reserved [ 372.301377][T10213] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 372.398654][T10228] FAULT_INJECTION: forcing a failure. [ 372.398654][T10228] name failslab, interval 1, probability 0, space 0, times 0 [ 372.425457][T10228] CPU: 1 UID: 0 PID: 10228 Comm: syz.1.817 Tainted: G U L syzkaller #0 PREEMPT(full) [ 372.425511][T10228] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 372.425523][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 372.425540][T10228] Call Trace: [ 372.425551][T10228] [ 372.425562][T10228] dump_stack_lvl+0x16c/0x1f0 [ 372.425613][T10228] should_fail_ex+0x512/0x640 [ 372.425647][T10228] ? __kmalloc_cache_noprof+0x5f/0x800 [ 372.425685][T10228] should_failslab+0xc2/0x120 [ 372.425730][T10228] __kmalloc_cache_noprof+0x80/0x800 [ 372.425765][T10228] ? alloc_tty_struct+0x96/0x8c0 [ 372.425817][T10228] ? alloc_tty_struct+0x96/0x8c0 [ 372.425860][T10228] alloc_tty_struct+0x96/0x8c0 [ 372.425907][T10228] ? __pfx_alloc_tty_struct+0x10/0x10 [ 372.425962][T10228] pty_common_install+0x1c7/0xb30 [ 372.426004][T10228] ? __pfx_pty_unix98_install+0x10/0x10 [ 372.426040][T10228] tty_init_dev.part.0+0x9c/0x500 [ 372.426088][T10228] tty_init_dev+0x60/0x80 [ 372.426132][T10228] ptmx_open+0x15e/0x3c0 [ 372.426175][T10228] ? __pfx_ptmx_open+0x10/0x10 [ 372.426209][T10228] chrdev_open+0x234/0x6a0 [ 372.426252][T10228] ? __pfx_apparmor_file_open+0x10/0x10 [ 372.426284][T10228] ? __pfx_chrdev_open+0x10/0x10 [ 372.426339][T10228] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 372.426392][T10228] do_dentry_open+0x748/0x1590 [ 372.426434][T10228] ? __pfx_chrdev_open+0x10/0x10 [ 372.426490][T10228] vfs_open+0x82/0x3f0 [ 372.426523][T10228] path_openat+0x2078/0x3140 [ 372.426573][T10228] ? __pfx_path_openat+0x10/0x10 [ 372.426631][T10228] do_filp_open+0x20b/0x470 [ 372.426674][T10228] ? __pfx_do_filp_open+0x10/0x10 [ 372.426742][T10228] ? alloc_fd+0x471/0x7d0 [ 372.426792][T10228] do_sys_openat2+0x121/0x290 [ 372.426826][T10228] ? __pfx_do_sys_openat2+0x10/0x10 [ 372.426860][T10228] ? find_held_lock+0x2b/0x80 [ 372.426908][T10228] __x64_sys_openat+0x174/0x210 [ 372.426943][T10228] ? __pfx___x64_sys_openat+0x10/0x10 [ 372.426992][T10228] do_syscall_64+0xcd/0xf80 [ 372.427023][T10228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.427050][T10228] RIP: 0033:0x7f259878f7c9 [ 372.427076][T10228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.427104][T10228] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 372.427133][T10228] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 372.427151][T10228] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 372.427168][T10228] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 372.427185][T10228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.427202][T10228] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 372.427246][T10228] [ 373.923760][ T5845] Bluetooth: hci3: Malformed Event: 0x02 [ 375.424484][T10261] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 376.434610][T10272] __vm_enough_memory: pid: 10272, comm: syz.0.825, bytes: 4398046511104 not enough memory for the allocation [ 376.587011][T10261] FAULT_INJECTION: forcing a failure. [ 376.587011][T10261] name fail_futex, interval 1, probability 0, space 0, times 0 [ 376.600458][T10261] CPU: 1 UID: 0 PID: 10261 Comm: syz.2.826 Tainted: G U L syzkaller #0 PREEMPT(full) [ 376.600495][T10261] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 376.600501][T10261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 376.600511][T10261] Call Trace: [ 376.600519][T10261] [ 376.600526][T10261] dump_stack_lvl+0x16c/0x1f0 [ 376.600557][T10261] should_fail_ex+0x512/0x640 [ 376.600579][T10261] get_futex_key+0x1d0/0x15f0 [ 376.600600][T10261] ? __pfx_get_futex_key+0x10/0x10 [ 376.600624][T10261] futex_wake+0xea/0x530 [ 376.600644][T10261] ? futex_wait+0x120/0x380 [ 376.600666][T10261] ? __pfx_futex_wait+0x10/0x10 [ 376.600688][T10261] ? __pfx_futex_wake+0x10/0x10 [ 376.600712][T10261] ? __fget_files+0x204/0x3c0 [ 376.600741][T10261] do_futex+0x1e3/0x350 [ 376.600759][T10261] ? __pfx_do_futex+0x10/0x10 [ 376.600778][T10261] ? fput+0x70/0xf0 [ 376.600795][T10261] ? __sys_sendmsg+0x18c/0x220 [ 376.600819][T10261] __x64_sys_futex+0x1e0/0x4c0 [ 376.600840][T10261] ? __pfx___x64_sys_futex+0x10/0x10 [ 376.600860][T10261] ? __task_pid_nr_ns+0x1f5/0x500 [ 376.600882][T10261] do_syscall_64+0xcd/0xf80 [ 376.600898][T10261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.600922][T10261] RIP: 0033:0x7f5211d8f7c9 [ 376.600936][T10261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.600952][T10261] RSP: 002b:00007f5212bb80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 376.600968][T10261] RAX: ffffffffffffffda RBX: 00007f5211fe5fa8 RCX: 00007f5211d8f7c9 [ 376.600979][T10261] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5211fe5fac [ 376.600990][T10261] RBP: 00007f5211fe5fa0 R08: 00007f5212bb9000 R09: 0000000000000000 [ 376.601000][T10261] R10: 00000000000000b5 R11: 0000000000000246 R12: 0000000000000000 [ 376.601010][T10261] R13: 00007f5211fe6038 R14: 00007ffff545f850 R15: 00007ffff545f938 [ 376.601032][T10261] [ 376.808445][T10280] vhci_hcd vhci_hcd.2: invalid port number 252 [ 376.835386][T10280] vhci_hcd vhci_hcd.2: default hub control req: 040f v0772 i00fc l2 [ 377.883616][T10294] netlink: 'syz.1.832': attribute type 11 has an invalid length. [ 377.894602][T10294] netlink: 'syz.1.832': attribute type 11 has an invalid length. [ 377.925007][T10294] netlink: 'syz.1.832': attribute type 11 has an invalid length. [ 378.554246][ T7451] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.225920][T10335] cougar: G6 mapped to space [ 380.630800][T10341] binder: BINDER_SET_CONTEXT_MGR already set [ 380.703382][T10341] binder: 10340:10341 ioctl 4018620d 9 returned -16 [ 381.144719][T10351] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 381.374480][T10349] Console: switching to colour VGA+ 80x25 [ 381.551582][T10350] Console: switching to colour frame buffer device 4x6 [ 381.818119][T10358] block nbd7: not configured, cannot reconfigure [ 383.403998][T10376] sctp: [Deprecated]: syz.0.848 (pid 10376) Use of struct sctp_assoc_value in delayed_ack socket option. [ 383.403998][T10376] Use struct sctp_sack_info instead [ 384.119145][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.125873][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.505278][T10387] cougar: G6 mapped to space [ 385.206843][T10400] cougar: G6 mapped to space [ 385.418026][ T30] audit: type=1804 audit(4294967513.032:55): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.853" name="/newroot/sys/kernel/debug/tracing/options/trace_printk_dest" dev="tracefs" ino=1096 res=1 errno=0 [ 385.680864][T10397] cougar: G6 mapped to space [ 387.048081][T10420] Invalid ELF header magic: != ELF [ 387.303167][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.855'. [ 387.314717][T10411] ubi: mtd0 is already attached to ubi31 [ 387.385334][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.855'. [ 387.588049][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.855'. [ 387.686102][T10435] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 387.986119][T10440] FAULT_INJECTION: forcing a failure. [ 387.986119][T10440] name failslab, interval 1, probability 0, space 0, times 0 [ 388.023281][T10440] CPU: 1 UID: 0 PID: 10440 Comm: syz.1.861 Tainted: G U L syzkaller #0 PREEMPT(full) [ 388.023344][T10440] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 388.023355][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 388.023373][T10440] Call Trace: [ 388.023383][T10440] [ 388.023394][T10440] dump_stack_lvl+0x16c/0x1f0 [ 388.023444][T10440] should_fail_ex+0x512/0x640 [ 388.023476][T10440] ? __kmalloc_cache_node_noprof+0x62/0x830 [ 388.023522][T10440] should_failslab+0xc2/0x120 [ 388.023570][T10440] __kmalloc_cache_node_noprof+0x83/0x830 [ 388.023607][T10440] ? __get_vm_area_node+0x101/0x330 [ 388.023648][T10440] ? register_lock_class+0x41/0x4b0 [ 388.023682][T10440] ? __get_vm_area_node+0x101/0x330 [ 388.023726][T10440] __get_vm_area_node+0x101/0x330 [ 388.023778][T10440] __vmalloc_node_range_noprof+0x247/0x16b0 [ 388.023807][T10440] ? n_tty_open+0x1a/0x170 [ 388.023844][T10440] ? do_raw_spin_lock+0x12c/0x2b0 [ 388.023888][T10440] ? n_tty_open+0x1a/0x170 [ 388.023926][T10440] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 388.023957][T10440] ? __ldsem_down_write_nested+0xfd/0x850 [ 388.023986][T10440] ? __ldsem_down_write_nested+0x10e/0x850 [ 388.024021][T10440] ? lockdep_init_map_type+0x5c/0x270 [ 388.024058][T10440] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 388.024092][T10440] ? n_tty_open+0x1a/0x170 [ 388.024118][T10440] __vmalloc_node_noprof+0xad/0xf0 [ 388.024146][T10440] ? n_tty_open+0x1a/0x170 [ 388.024172][T10440] ? __pfx_n_tty_open+0x10/0x10 [ 388.024202][T10440] n_tty_open+0x1a/0x170 [ 388.024228][T10440] ? __pfx_n_tty_open+0x10/0x10 [ 388.024253][T10440] tty_ldisc_open+0x9f/0x120 [ 388.024291][T10440] tty_ldisc_setup+0x40/0x100 [ 388.024330][T10440] tty_init_dev.part.0+0x1ec/0x500 [ 388.024378][T10440] tty_init_dev+0x60/0x80 [ 388.024423][T10440] ptmx_open+0x15e/0x3c0 [ 388.024457][T10440] ? __pfx_ptmx_open+0x10/0x10 [ 388.024490][T10440] chrdev_open+0x234/0x6a0 [ 388.024535][T10440] ? __pfx_apparmor_file_open+0x10/0x10 [ 388.024566][T10440] ? __pfx_chrdev_open+0x10/0x10 [ 388.024611][T10440] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 388.024661][T10440] do_dentry_open+0x748/0x1590 [ 388.024702][T10440] ? __pfx_chrdev_open+0x10/0x10 [ 388.024757][T10440] vfs_open+0x82/0x3f0 [ 388.024794][T10440] path_openat+0x2078/0x3140 [ 388.024985][T10440] ? __pfx_path_openat+0x10/0x10 [ 388.025046][T10440] do_filp_open+0x20b/0x470 [ 388.025089][T10440] ? __pfx_do_filp_open+0x10/0x10 [ 388.025165][T10440] ? alloc_fd+0x471/0x7d0 [ 388.025220][T10440] do_sys_openat2+0x121/0x290 [ 388.025253][T10440] ? __pfx_do_sys_openat2+0x10/0x10 [ 388.025288][T10440] ? find_held_lock+0x2b/0x80 [ 388.025335][T10440] __x64_sys_openat+0x174/0x210 [ 388.025369][T10440] ? __pfx___x64_sys_openat+0x10/0x10 [ 388.025421][T10440] do_syscall_64+0xcd/0xf80 [ 388.025452][T10440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.025483][T10440] RIP: 0033:0x7f259878f7c9 [ 388.025508][T10440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.025537][T10440] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 388.025567][T10440] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 388.025587][T10440] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 388.025606][T10440] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 388.025624][T10440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.025641][T10440] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 388.025684][T10440] [ 388.031084][T10440] syz.1.861: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 388.482830][T10444] block nbd7: not configured, cannot reconfigure [ 388.613531][T10440] ,cpuset=/,mems_allowed=0-1 [ 388.633692][T10440] CPU: 0 UID: 0 PID: 10440 Comm: syz.1.861 Tainted: G U L syzkaller #0 PREEMPT(full) [ 388.633723][T10440] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 388.633730][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 388.633739][T10440] Call Trace: [ 388.633745][T10440] [ 388.633752][T10440] dump_stack_lvl+0x16c/0x1f0 [ 388.633784][T10440] warn_alloc+0x248/0x3a0 [ 388.633807][T10440] ? __pfx_warn_alloc+0x10/0x10 [ 388.633826][T10440] ? trace_kmalloc+0x2b/0xb0 [ 388.633852][T10440] ? __get_vm_area_node+0x101/0x330 [ 388.633884][T10440] ? __kasan_kmalloc+0x8a/0xb0 [ 388.633908][T10440] ? __get_vm_area_node+0x208/0x330 [ 388.633939][T10440] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 388.633964][T10440] ? n_tty_open+0x1a/0x170 [ 388.633987][T10440] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 388.634004][T10440] ? __ldsem_down_write_nested+0xfd/0x850 [ 388.634020][T10440] ? __ldsem_down_write_nested+0x10e/0x850 [ 388.634036][T10440] ? lockdep_init_map_type+0x5c/0x270 [ 388.634057][T10440] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 388.634077][T10440] ? n_tty_open+0x1a/0x170 [ 388.634092][T10440] __vmalloc_node_noprof+0xad/0xf0 [ 388.634109][T10440] ? n_tty_open+0x1a/0x170 [ 388.634124][T10440] ? __pfx_n_tty_open+0x10/0x10 [ 388.634149][T10440] n_tty_open+0x1a/0x170 [ 388.634164][T10440] ? __pfx_n_tty_open+0x10/0x10 [ 388.634179][T10440] tty_ldisc_open+0x9f/0x120 [ 388.634201][T10440] tty_ldisc_setup+0x40/0x100 [ 388.634232][T10440] tty_init_dev.part.0+0x1ec/0x500 [ 388.634274][T10440] tty_init_dev+0x60/0x80 [ 388.634314][T10440] ptmx_open+0x15e/0x3c0 [ 388.634347][T10440] ? __pfx_ptmx_open+0x10/0x10 [ 388.634367][T10440] chrdev_open+0x234/0x6a0 [ 388.634393][T10440] ? __pfx_apparmor_file_open+0x10/0x10 [ 388.634411][T10440] ? __pfx_chrdev_open+0x10/0x10 [ 388.634439][T10440] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 388.634470][T10440] do_dentry_open+0x748/0x1590 [ 388.634494][T10440] ? __pfx_chrdev_open+0x10/0x10 [ 388.634526][T10440] vfs_open+0x82/0x3f0 [ 388.634547][T10440] path_openat+0x2078/0x3140 [ 388.634580][T10440] ? __pfx_path_openat+0x10/0x10 [ 388.634614][T10440] do_filp_open+0x20b/0x470 [ 388.634672][T10440] ? __pfx_do_filp_open+0x10/0x10 [ 388.634719][T10440] ? alloc_fd+0x471/0x7d0 [ 388.634750][T10440] do_sys_openat2+0x121/0x290 [ 388.634769][T10440] ? __pfx_do_sys_openat2+0x10/0x10 [ 388.634794][T10440] ? find_held_lock+0x2b/0x80 [ 388.634821][T10440] __x64_sys_openat+0x174/0x210 [ 388.634841][T10440] ? __pfx___x64_sys_openat+0x10/0x10 [ 388.634869][T10440] do_syscall_64+0xcd/0xf80 [ 388.634889][T10440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.634907][T10440] RIP: 0033:0x7f259878f7c9 [ 388.634921][T10440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.634938][T10440] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 388.634955][T10440] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 388.634966][T10440] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 388.634976][T10440] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 388.634986][T10440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.634996][T10440] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 388.635018][T10440] [ 388.635024][T10440] Mem-Info: [ 389.033227][T10440] active_anon:43501 inactive_anon:12 isolated_anon:0 [ 389.033227][T10440] active_file:16324 inactive_file:40214 isolated_file:0 [ 389.033227][T10440] unevictable:768 dirty:489 writeback:0 [ 389.033227][T10440] slab_reclaimable:11852 slab_unreclaimable:93788 [ 389.033227][T10440] mapped:27623 shmem:33140 pagetables:1123 [ 389.033227][T10440] sec_pagetables:0 bounce:0 [ 389.033227][T10440] kernel_misc_reclaimable:0 [ 389.033227][T10440] free:1277766 free_pcp:22178 free_cma:0 [ 389.218290][T10440] Node 0 active_anon:165896kB inactive_anon:48kB active_file:65296kB inactive_file:160720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:110776kB dirty:2092kB writeback:0kB shmem:120804kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12596kB pagetables:4300kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 389.338419][T10440] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 389.376690][T10440] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 389.408229][T10440] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 389.415444][T10440] Node 0 DMA32 free:1207132kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:158692kB inactive_anon:48kB active_file:65296kB inactive_file:160720kB unevictable:1536kB writepending:2124kB zspages:236kB present:3129332kB managed:2541020kB mlocked:0kB bounce:0kB free_pcp:79328kB local_pcp:44372kB free_cma:0kB [ 389.463321][T10440] lowmem_reserve[]: 0 0 1 1 1 [ 389.468146][T10440] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 389.535345][T10437] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 389.594488][T10440] lowmem_reserve[]: 0 0 0 0 0 [ 389.599384][T10440] Node 1 Normal free:3910700kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:3120kB local_pcp:4kB free_cma:0kB [ 389.687889][T10440] lowmem_reserve[]: 0 0 0 0 0 [ 389.700243][T10440] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 389.742189][T10440] Node 0 DMA32: 8982*4kB (UME) 4066*8kB (UM) 2005*16kB (UM) 609*32kB (UME) 387*64kB (UME) 170*128kB (UM) 92*256kB (UM) 57*512kB (UM) 65*1024kB (UME) 21*2048kB (UME) 219*4096kB (M) = 1225880kB [ 389.813166][T10440] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 389.843490][T10440] Node 1 Normal: 202*4kB (UME) 57*8kB (UME) 45*16kB (UME) 207*32kB (UME) 109*64kB (UME) 41*128kB (UME) 23*256kB (UME) 8*512kB (UME) 3*1024kB (UM) 5*2048kB (UME) 944*4096kB (M) = 3910752kB [ 389.912868][T10440] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 389.939787][T10440] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 389.962042][T10440] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 389.985738][T10440] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 390.005116][T10440] 77939 total pagecache pages [ 390.010397][T10440] 36 pages in swap cache [ 390.023874][T10440] Free swap = 124804kB [ 390.029473][T10440] Total swap = 124996kB [ 390.040066][T10440] 2097051 pages RAM [ 390.045107][T10440] 0 pages HighMem/MovableOnly [ 390.060107][T10440] 429770 pages reserved [ 390.065012][T10440] 0 pages cma reserved [ 390.069372][T10440] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 390.648429][T10461] sctp: [Deprecated]: syz.1.862 (pid 10461) Use of struct sctp_assoc_value in delayed_ack socket option. [ 390.648429][T10461] Use struct sctp_sack_info instead [ 391.350388][T10468] cougar: G6 mapped to space [ 392.216380][T10485] FAULT_INJECTION: forcing a failure. [ 392.216380][T10485] name fail_futex, interval 1, probability 0, space 0, times 0 [ 392.242435][T10485] CPU: 0 UID: 0 PID: 10485 Comm: syz.3.868 Tainted: G U L syzkaller #0 PREEMPT(full) [ 392.242467][T10485] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 392.242473][T10485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 392.242483][T10485] Call Trace: [ 392.242489][T10485] [ 392.242496][T10485] dump_stack_lvl+0x16c/0x1f0 [ 392.242527][T10485] should_fail_ex+0x512/0x640 [ 392.242549][T10485] get_futex_key+0x1d0/0x15f0 [ 392.242571][T10485] ? __pfx_get_futex_key+0x10/0x10 [ 392.242595][T10485] futex_wake+0xea/0x530 [ 392.242614][T10485] ? futex_wait+0x120/0x380 [ 392.242636][T10485] ? __pfx_futex_wait+0x10/0x10 [ 392.242658][T10485] ? __pfx_futex_wake+0x10/0x10 [ 392.242681][T10485] ? find_held_lock+0x2b/0x80 [ 392.242705][T10485] ? do_mlock+0x378/0x800 [ 392.242726][T10485] do_futex+0x1e3/0x350 [ 392.242745][T10485] ? __pfx_do_futex+0x10/0x10 [ 392.242763][T10485] ? map_id_range_up+0x2ce/0x3b0 [ 392.242792][T10485] __x64_sys_futex+0x1e0/0x4c0 [ 392.242813][T10485] ? __pfx___x64_sys_futex+0x10/0x10 [ 392.242832][T10485] ? from_kuid_munged+0xaa/0x130 [ 392.242855][T10485] ? __pfx_from_kuid_munged+0x10/0x10 [ 392.242885][T10485] do_syscall_64+0xcd/0xf80 [ 392.242901][T10485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.242929][T10485] RIP: 0033:0x7fdd8f38f7c9 [ 392.242943][T10485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.242960][T10485] RSP: 002b:00007fdd9028f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 392.242978][T10485] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa8 RCX: 00007fdd8f38f7c9 [ 392.242990][T10485] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdd8f5e5fac [ 392.243001][T10485] RBP: 00007fdd8f5e5fa0 R08: 00007fdd90290000 R09: 0000000000000000 [ 392.243011][T10485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.243021][T10485] R13: 00007fdd8f5e6038 R14: 00007ffc04af0c00 R15: 00007ffc04af0ce8 [ 392.243049][T10485] [ 392.926319][T10497] vmstat_refresh: nr_hugetlb -1536 [ 392.936462][T10492] FAULT_INJECTION: forcing a failure. [ 392.936462][T10492] name failslab, interval 1, probability 0, space 0, times 0 [ 392.964033][T10497] vmstat_refresh: nr_hugetlb -1536 [ 392.973391][T10492] CPU: 1 UID: 0 PID: 10492 Comm: syz.3.872 Tainted: G U L syzkaller #0 PREEMPT(full) [ 392.973443][T10492] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 392.973455][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 392.973472][T10492] Call Trace: [ 392.973481][T10492] [ 392.973493][T10492] dump_stack_lvl+0x16c/0x1f0 [ 392.973544][T10492] should_fail_ex+0x512/0x640 [ 392.973577][T10492] ? __kmalloc_cache_noprof+0x5f/0x800 [ 392.973616][T10492] should_failslab+0xc2/0x120 [ 392.973660][T10492] __kmalloc_cache_noprof+0x80/0x800 [ 392.973695][T10492] ? alloc_tty_struct+0x96/0x8c0 [ 392.973747][T10492] ? alloc_tty_struct+0x96/0x8c0 [ 392.973789][T10492] alloc_tty_struct+0x96/0x8c0 [ 392.973836][T10492] ? __pfx_alloc_tty_struct+0x10/0x10 [ 392.973903][T10492] pty_common_install+0x1c7/0xb30 [ 392.973947][T10492] ? __pfx_pty_unix98_install+0x10/0x10 [ 392.973987][T10492] tty_init_dev.part.0+0x9c/0x500 [ 392.974036][T10492] tty_init_dev+0x60/0x80 [ 392.974080][T10492] ptmx_open+0x15e/0x3c0 [ 392.974111][T10492] ? __pfx_ptmx_open+0x10/0x10 [ 392.974145][T10492] chrdev_open+0x234/0x6a0 [ 392.974188][T10492] ? __pfx_apparmor_file_open+0x10/0x10 [ 392.974219][T10492] ? __pfx_chrdev_open+0x10/0x10 [ 392.974266][T10492] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 392.974315][T10492] do_dentry_open+0x748/0x1590 [ 392.974356][T10492] ? __pfx_chrdev_open+0x10/0x10 [ 392.974409][T10492] vfs_open+0x82/0x3f0 [ 392.974446][T10492] path_openat+0x2078/0x3140 [ 392.974502][T10492] ? __pfx_path_openat+0x10/0x10 [ 392.974561][T10492] do_filp_open+0x20b/0x470 [ 392.974605][T10492] ? __pfx_do_filp_open+0x10/0x10 [ 392.974679][T10492] ? alloc_fd+0x471/0x7d0 [ 392.974733][T10492] do_sys_openat2+0x121/0x290 [ 392.974767][T10492] ? __pfx_do_sys_openat2+0x10/0x10 [ 392.974802][T10492] ? find_held_lock+0x2b/0x80 [ 392.974858][T10492] __x64_sys_openat+0x174/0x210 [ 392.974892][T10492] ? __pfx___x64_sys_openat+0x10/0x10 [ 392.974943][T10492] do_syscall_64+0xcd/0xf80 [ 392.974973][T10492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.975004][T10492] RIP: 0033:0x7fdd8f38f7c9 [ 392.975029][T10492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.975058][T10492] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 392.975086][T10492] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 392.975104][T10492] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 392.975122][T10492] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 392.975139][T10492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.975156][T10492] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 392.975200][T10492] [ 393.675961][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.884'. [ 394.557162][T10523] Invalid ELF header magic: != ELF [ 394.700648][T10524] sctp: [Deprecated]: syz.2.876 (pid 10524) Use of struct sctp_assoc_value in delayed_ack socket option. [ 394.700648][T10524] Use struct sctp_sack_info instead [ 396.493437][ T5845] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 396.546278][T10547] Invalid ELF header magic: != ELF [ 398.828263][T10587] FAULT_INJECTION: forcing a failure. [ 398.828263][T10587] name failslab, interval 1, probability 0, space 0, times 0 [ 398.903270][T10587] CPU: 0 UID: 0 PID: 10587 Comm: syz.2.892 Tainted: G U L syzkaller #0 PREEMPT(full) [ 398.903321][T10587] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 398.903332][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 398.903349][T10587] Call Trace: [ 398.903358][T10587] [ 398.903369][T10587] dump_stack_lvl+0x16c/0x1f0 [ 398.903421][T10587] should_fail_ex+0x512/0x640 [ 398.903453][T10587] ? __kmalloc_cache_noprof+0x5f/0x800 [ 398.903492][T10587] should_failslab+0xc2/0x120 [ 398.903536][T10587] __kmalloc_cache_noprof+0x80/0x800 [ 398.903570][T10587] ? alloc_tty_struct+0x96/0x8c0 [ 398.903621][T10587] ? alloc_tty_struct+0x96/0x8c0 [ 398.903664][T10587] alloc_tty_struct+0x96/0x8c0 [ 398.903709][T10587] ? __pfx_alloc_tty_struct+0x10/0x10 [ 398.903768][T10587] pty_common_install+0x1c7/0xb30 [ 398.903819][T10587] ? __pfx_pty_unix98_install+0x10/0x10 [ 398.903857][T10587] tty_init_dev.part.0+0x9c/0x500 [ 398.903905][T10587] tty_init_dev+0x60/0x80 [ 398.903949][T10587] ptmx_open+0x15e/0x3c0 [ 398.903982][T10587] ? __pfx_ptmx_open+0x10/0x10 [ 398.904016][T10587] chrdev_open+0x234/0x6a0 [ 398.904059][T10587] ? __pfx_apparmor_file_open+0x10/0x10 [ 398.904090][T10587] ? __pfx_chrdev_open+0x10/0x10 [ 398.904135][T10587] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 398.904189][T10587] do_dentry_open+0x748/0x1590 [ 398.904230][T10587] ? __pfx_chrdev_open+0x10/0x10 [ 398.904285][T10587] vfs_open+0x82/0x3f0 [ 398.904322][T10587] path_openat+0x2078/0x3140 [ 398.904380][T10587] ? __pfx_path_openat+0x10/0x10 [ 398.904440][T10587] do_filp_open+0x20b/0x470 [ 398.904484][T10587] ? __pfx_do_filp_open+0x10/0x10 [ 398.904559][T10587] ? alloc_fd+0x471/0x7d0 [ 398.904612][T10587] do_sys_openat2+0x121/0x290 [ 398.904645][T10587] ? __pfx_do_sys_openat2+0x10/0x10 [ 398.904679][T10587] ? find_held_lock+0x2b/0x80 [ 398.904727][T10587] __x64_sys_openat+0x174/0x210 [ 398.904761][T10587] ? __pfx___x64_sys_openat+0x10/0x10 [ 398.904819][T10587] do_syscall_64+0xcd/0xf80 [ 398.904849][T10587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.904878][T10587] RIP: 0033:0x7f5211d8f7c9 [ 398.904902][T10587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.904931][T10587] RSP: 002b:00007f5212bb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 398.904959][T10587] RAX: ffffffffffffffda RBX: 00007f5211fe5fa0 RCX: 00007f5211d8f7c9 [ 398.904979][T10587] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 398.904998][T10587] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 398.905015][T10587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.905033][T10587] R13: 00007f5211fe6038 R14: 00007f5211fe5fa0 R15: 00007ffff545f938 [ 398.905074][T10587] [ 399.955803][T10596] zswap: compressor not available [ 400.687217][T10612] Invalid ELF header magic: != ELF [ 401.147268][T10598] zswap: compressor not available [ 401.873273][T10629] cougar: G6 mapped to space [ 402.517672][T10649] FAULT_INJECTION: forcing a failure. [ 402.517672][T10649] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 402.541612][T10649] CPU: 1 UID: 0 PID: 10649 Comm: syz.3.902 Tainted: G U L syzkaller #0 PREEMPT(full) [ 402.541668][T10649] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 402.541681][T10649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 402.541699][T10649] Call Trace: [ 402.541711][T10649] [ 402.541723][T10649] dump_stack_lvl+0x16c/0x1f0 [ 402.541775][T10649] should_fail_ex+0x512/0x640 [ 402.541816][T10649] should_fail_alloc_page+0xe7/0x130 [ 402.541868][T10649] prepare_alloc_pages+0x401/0x670 [ 402.541924][T10649] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 402.541974][T10649] ? find_held_lock+0x2b/0x80 [ 402.542028][T10649] ? is_bpf_text_address+0x8a/0x1a0 [ 402.542077][T10649] ? bpf_ksym_find+0x124/0x1c0 [ 402.542112][T10649] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 402.542152][T10649] ? kernel_text_address+0x8d/0x100 [ 402.542188][T10649] ? __kernel_text_address+0xd/0x40 [ 402.542223][T10649] ? unwind_get_return_address+0x59/0xa0 [ 402.542281][T10649] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 402.542328][T10649] ? policy_nodemask+0xea/0x4e0 [ 402.542376][T10649] alloc_pages_mpol+0x1fb/0x550 [ 402.542423][T10649] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 402.542465][T10649] ? kasan_save_stack+0x42/0x60 [ 402.542504][T10649] ? kasan_save_track+0x14/0x30 [ 402.542542][T10649] ? __kasan_kmalloc+0xaa/0xb0 [ 402.542584][T10649] ? __get_vm_area_node+0x101/0x330 [ 402.542637][T10649] alloc_pages_noprof+0x131/0x390 [ 402.542683][T10649] get_free_pages_noprof+0x10/0xb0 [ 402.542724][T10649] __kasan_populate_vmalloc+0xa0/0x220 [ 402.542773][T10649] alloc_vmap_area+0x98d/0x2a50 [ 402.542833][T10649] ? __pfx_alloc_vmap_area+0x10/0x10 [ 402.542888][T10649] __get_vm_area_node+0x1ca/0x330 [ 402.542943][T10649] __vmalloc_node_range_noprof+0x247/0x16b0 [ 402.542975][T10649] ? n_tty_open+0x1a/0x170 [ 402.543003][T10649] ? do_raw_spin_lock+0x12c/0x2b0 [ 402.543057][T10649] ? n_tty_open+0x1a/0x170 [ 402.543093][T10649] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 402.543120][T10649] ? __ldsem_down_write_nested+0xfd/0x850 [ 402.543146][T10649] ? __ldsem_down_write_nested+0x10e/0x850 [ 402.543171][T10649] ? lockdep_init_map_type+0x5c/0x270 [ 402.543208][T10649] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 402.543244][T10649] ? n_tty_open+0x1a/0x170 [ 402.543271][T10649] __vmalloc_node_noprof+0xad/0xf0 [ 402.543299][T10649] ? n_tty_open+0x1a/0x170 [ 402.543321][T10649] ? __pfx_n_tty_open+0x10/0x10 [ 402.543346][T10649] n_tty_open+0x1a/0x170 [ 402.543368][T10649] ? __pfx_n_tty_open+0x10/0x10 [ 402.543391][T10649] tty_ldisc_open+0x9f/0x120 [ 402.543422][T10649] tty_ldisc_setup+0x40/0x100 [ 402.543450][T10649] tty_init_dev.part.0+0x1ec/0x500 [ 402.543487][T10649] tty_init_dev+0x60/0x80 [ 402.543524][T10649] ptmx_open+0x15e/0x3c0 [ 402.543559][T10649] ? __pfx_ptmx_open+0x10/0x10 [ 402.543588][T10649] chrdev_open+0x234/0x6a0 [ 402.543629][T10649] ? __pfx_apparmor_file_open+0x10/0x10 [ 402.543659][T10649] ? __pfx_chrdev_open+0x10/0x10 [ 402.543705][T10649] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 402.543761][T10649] do_dentry_open+0x748/0x1590 [ 402.543801][T10649] ? __pfx_chrdev_open+0x10/0x10 [ 402.543857][T10649] vfs_open+0x82/0x3f0 [ 402.543895][T10649] path_openat+0x2078/0x3140 [ 402.543954][T10649] ? __pfx_path_openat+0x10/0x10 [ 402.544014][T10649] do_filp_open+0x20b/0x470 [ 402.544069][T10649] ? __pfx_do_filp_open+0x10/0x10 [ 402.544145][T10649] ? alloc_fd+0x471/0x7d0 [ 402.544202][T10649] do_sys_openat2+0x121/0x290 [ 402.544237][T10649] ? __pfx_do_sys_openat2+0x10/0x10 [ 402.544270][T10649] ? find_held_lock+0x2b/0x80 [ 402.544318][T10649] __x64_sys_openat+0x174/0x210 [ 402.544353][T10649] ? __pfx___x64_sys_openat+0x10/0x10 [ 402.544405][T10649] do_syscall_64+0xcd/0xf80 [ 402.544437][T10649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.544467][T10649] RIP: 0033:0x7fdd8f38f7c9 [ 402.544494][T10649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.544524][T10649] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 402.544555][T10649] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 402.544574][T10649] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 402.544593][T10649] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 402.544611][T10649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.544629][T10649] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 402.544673][T10649] [ 403.014280][T10649] syz.3.902: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 403.083303][T10649] CPU: 0 UID: 0 PID: 10649 Comm: syz.3.902 Tainted: G U L syzkaller #0 PREEMPT(full) [ 403.083356][T10649] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 403.083366][T10649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.083383][T10649] Call Trace: [ 403.083393][T10649] [ 403.083405][T10649] dump_stack_lvl+0x16c/0x1f0 [ 403.083456][T10649] warn_alloc+0x248/0x3a0 [ 403.083496][T10649] ? __pfx_warn_alloc+0x10/0x10 [ 403.083535][T10649] ? __get_vm_area_node+0x2cd/0x330 [ 403.083587][T10649] ? __get_vm_area_node+0x2cd/0x330 [ 403.083631][T10649] ? __get_vm_area_node+0x208/0x330 [ 403.083684][T10649] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 403.083729][T10649] ? n_tty_open+0x1a/0x170 [ 403.083769][T10649] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 403.083798][T10649] ? __ldsem_down_write_nested+0xfd/0x850 [ 403.083833][T10649] ? __ldsem_down_write_nested+0x10e/0x850 [ 403.083860][T10649] ? lockdep_init_map_type+0x5c/0x270 [ 403.083899][T10649] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 403.083936][T10649] ? n_tty_open+0x1a/0x170 [ 403.083962][T10649] __vmalloc_node_noprof+0xad/0xf0 [ 403.083991][T10649] ? n_tty_open+0x1a/0x170 [ 403.084019][T10649] ? __pfx_n_tty_open+0x10/0x10 [ 403.084048][T10649] n_tty_open+0x1a/0x170 [ 403.084073][T10649] ? __pfx_n_tty_open+0x10/0x10 [ 403.084099][T10649] tty_ldisc_open+0x9f/0x120 [ 403.084138][T10649] tty_ldisc_setup+0x40/0x100 [ 403.084178][T10649] tty_init_dev.part.0+0x1ec/0x500 [ 403.084227][T10649] tty_init_dev+0x60/0x80 [ 403.084273][T10649] ptmx_open+0x15e/0x3c0 [ 403.084307][T10649] ? __pfx_ptmx_open+0x10/0x10 [ 403.084341][T10649] chrdev_open+0x234/0x6a0 [ 403.084384][T10649] ? __pfx_apparmor_file_open+0x10/0x10 [ 403.084416][T10649] ? __pfx_chrdev_open+0x10/0x10 [ 403.084462][T10649] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 403.084517][T10649] do_dentry_open+0x748/0x1590 [ 403.084557][T10649] ? __pfx_chrdev_open+0x10/0x10 [ 403.084613][T10649] vfs_open+0x82/0x3f0 [ 403.084650][T10649] path_openat+0x2078/0x3140 [ 403.084707][T10649] ? __pfx_path_openat+0x10/0x10 [ 403.084767][T10649] do_filp_open+0x20b/0x470 [ 403.084820][T10649] ? __pfx_do_filp_open+0x10/0x10 [ 403.084895][T10649] ? alloc_fd+0x471/0x7d0 [ 403.084950][T10649] do_sys_openat2+0x121/0x290 [ 403.084983][T10649] ? __pfx_do_sys_openat2+0x10/0x10 [ 403.085019][T10649] ? find_held_lock+0x2b/0x80 [ 403.085069][T10649] __x64_sys_openat+0x174/0x210 [ 403.085104][T10649] ? __pfx___x64_sys_openat+0x10/0x10 [ 403.085156][T10649] do_syscall_64+0xcd/0xf80 [ 403.085188][T10649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.085217][T10649] RIP: 0033:0x7fdd8f38f7c9 [ 403.085243][T10649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.085270][T10649] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 403.085298][T10649] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 403.085316][T10649] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 403.085334][T10649] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 403.085351][T10649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.085368][T10649] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 403.085411][T10649] [ 403.085423][T10649] Mem-Info: [ 403.518718][T10649] active_anon:26841 inactive_anon:18 isolated_anon:0 [ 403.518718][T10649] active_file:16314 inactive_file:40218 isolated_file:0 [ 403.518718][T10649] unevictable:779 dirty:147 writeback:0 [ 403.518718][T10649] slab_reclaimable:11587 slab_unreclaimable:93573 [ 403.518718][T10649] mapped:25280 shmem:16506 pagetables:1170 [ 403.518718][T10649] sec_pagetables:0 bounce:0 [ 403.518718][T10649] kernel_misc_reclaimable:0 [ 403.518718][T10649] free:1302844 free_pcp:12433 free_cma:0 [ 403.565951][T10649] Node 0 active_anon:104764kB inactive_anon:72kB active_file:65256kB inactive_file:160736kB unevictable:1580kB isolated(anon):0kB isolated(file):0kB mapped:101120kB dirty:588kB writeback:0kB shmem:61788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12088kB pagetables:4548kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 403.599784][T10649] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 403.673130][T10649] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 403.730848][T10649] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 403.739061][T10649] Node 0 DMA32 free:1290004kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:99264kB inactive_anon:72kB active_file:65256kB inactive_file:160736kB unevictable:1580kB writepending:688kB zspages:0kB present:3129332kB managed:2541020kB mlocked:44kB bounce:0kB free_pcp:59136kB local_pcp:29772kB free_cma:0kB [ 403.784530][T10649] lowmem_reserve[]: 0 0 1 1 1 [ 403.789717][T10649] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 403.829751][T10649] lowmem_reserve[]: 0 0 0 0 0 [ 403.835767][T10649] Node 1 Normal free:3912012kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:1900kB local_pcp:1864kB free_cma:0kB [ 403.869802][T10649] lowmem_reserve[]: 0 0 0 0 0 [ 403.875868][T10649] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 403.889638][T10649] Node 0 DMA32: 5334*4kB (UME) 2476*8kB (UME) 1472*16kB (UME) 488*32kB (UME) 825*64kB (UME) 383*128kB (UM) 180*256kB (UM) 106*512kB (UME) 74*1024kB (UM) 18*2048kB (UME) 219*4096kB (M) = 1292152kB [ 403.912132][T10649] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 403.953033][T10649] Node 1 Normal: 205*4kB (UME) 57*8kB (UME) 45*16kB (UME) 206*32kB (UME) 109*64kB (UME) 41*128kB (UME) 24*256kB (UME) 8*512kB (UME) 4*1024kB (UM) 5*2048kB (UME) 944*4096kB (M) = 3912012kB [ 404.012477][T10649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 404.061234][T10649] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 404.086670][T10649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 404.155232][T10649] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 404.176270][T10649] 68420 total pagecache pages [ 404.181391][T10649] 20 pages in swap cache [ 404.186442][T10649] Free swap = 124904kB [ 404.190950][T10649] Total swap = 124996kB [ 404.214343][T10649] 2097051 pages RAM [ 404.218455][T10649] 0 pages HighMem/MovableOnly [ 404.224800][T10649] 429770 pages reserved [ 404.229185][T10649] 0 pages cma reserved [ 404.238793][T10649] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 404.811174][T10689] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 405.243199][T10684] FAULT_INJECTION: forcing a failure. [ 405.243199][T10684] name failslab, interval 1, probability 0, space 0, times 0 [ 405.273271][T10684] CPU: 0 UID: 0 PID: 10684 Comm: syz.2.910 Tainted: G U L syzkaller #0 PREEMPT(full) [ 405.273317][T10684] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 405.273327][T10684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 405.273343][T10684] Call Trace: [ 405.273352][T10684] [ 405.273363][T10684] dump_stack_lvl+0x16c/0x1f0 [ 405.273411][T10684] should_fail_ex+0x512/0x640 [ 405.273440][T10684] ? __kmalloc_cache_noprof+0x5f/0x800 [ 405.273481][T10684] should_failslab+0xc2/0x120 [ 405.273523][T10684] __kmalloc_cache_noprof+0x80/0x800 [ 405.273552][T10684] ? snd_seq_port_connect+0x61/0x580 [ 405.273599][T10684] ? snd_seq_port_connect+0x61/0x580 [ 405.273638][T10684] snd_seq_port_connect+0x61/0x580 [ 405.273677][T10684] ? _raw_read_unlock+0x28/0x50 [ 405.273717][T10684] ? check_subscription_permission.isra.0+0xf5/0x240 [ 405.273765][T10684] snd_seq_ioctl_subscribe_port+0x209/0x4b0 [ 405.273796][T10684] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 405.273823][T10684] ? do_raw_spin_lock+0x12c/0x2b0 [ 405.273860][T10684] call_seq_client_ctl+0xa3/0x130 [ 405.273894][T10684] snd_seq_kernel_client_ctl+0x7a/0xc0 [ 405.273933][T10684] snd_seq_oss_midi_open+0x489/0x6a0 [ 405.273968][T10684] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 405.273997][T10684] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 405.274042][T10684] ? __mutex_lock+0x27b/0x1ca0 [ 405.274088][T10684] snd_seq_oss_synth_reset+0x437/0x900 [ 405.274123][T10684] ? __pfx___mutex_lock+0x10/0x10 [ 405.274150][T10684] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 405.274187][T10684] ? __pfx___fsnotify_parent+0x10/0x10 [ 405.274238][T10684] snd_seq_oss_reset+0x73/0x290 [ 405.274266][T10684] ? __pfx_odev_release+0x10/0x10 [ 405.274304][T10684] snd_seq_oss_release+0x7c/0x180 [ 405.274332][T10684] odev_release+0x56/0xa0 [ 405.274372][T10684] __fput+0x402/0xb70 [ 405.274412][T10684] task_work_run+0x150/0x240 [ 405.274445][T10684] ? __pfx_task_work_run+0x10/0x10 [ 405.274472][T10684] ? __do_sys_close_range+0x278/0x730 [ 405.274526][T10684] exit_to_user_mode_loop+0xfb/0x540 [ 405.274566][T10684] do_syscall_64+0x4ee/0xf80 [ 405.274595][T10684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.274624][T10684] RIP: 0033:0x7f5211d8f7c9 [ 405.274649][T10684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.274675][T10684] RSP: 002b:00007f5212bb8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 405.274703][T10684] RAX: 0000000000000000 RBX: 00007f5211fe5fa0 RCX: 00007f5211d8f7c9 [ 405.274721][T10684] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 405.274738][T10684] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 405.274755][T10684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 405.274770][T10684] R13: 00007f5211fe6038 R14: 00007f5211fe5fa0 R15: 00007ffff545f938 [ 405.274811][T10684] [ 406.878108][T10713] FAULT_INJECTION: forcing a failure. [ 406.878108][T10713] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 406.892962][T10713] CPU: 0 UID: 0 PID: 10713 Comm: syz.0.916 Tainted: G U L syzkaller #0 PREEMPT(full) [ 406.893011][T10713] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 406.893031][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 406.893053][T10713] Call Trace: [ 406.893063][T10713] [ 406.893074][T10713] dump_stack_lvl+0x16c/0x1f0 [ 406.893124][T10713] should_fail_ex+0x512/0x640 [ 406.893165][T10713] should_fail_alloc_page+0xe7/0x130 [ 406.893213][T10713] prepare_alloc_pages+0x401/0x670 [ 406.893266][T10713] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 406.893314][T10713] ? find_held_lock+0x2b/0x80 [ 406.893354][T10713] ? is_bpf_text_address+0x8a/0x1a0 [ 406.893392][T10713] ? bpf_ksym_find+0x124/0x1c0 [ 406.893423][T10713] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 406.893463][T10713] ? kernel_text_address+0x8d/0x100 [ 406.893496][T10713] ? __kernel_text_address+0xd/0x40 [ 406.893528][T10713] ? unwind_get_return_address+0x59/0xa0 [ 406.893585][T10713] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 406.893632][T10713] ? policy_nodemask+0xea/0x4e0 [ 406.893680][T10713] alloc_pages_mpol+0x1fb/0x550 [ 406.893727][T10713] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 406.893768][T10713] ? kasan_save_stack+0x42/0x60 [ 406.893800][T10713] ? kasan_save_track+0x14/0x30 [ 406.893831][T10713] ? __kasan_kmalloc+0xaa/0xb0 [ 406.893865][T10713] ? __get_vm_area_node+0x101/0x330 [ 406.893912][T10713] alloc_pages_noprof+0x131/0x390 [ 406.893957][T10713] get_free_pages_noprof+0x10/0xb0 [ 406.893998][T10713] __kasan_populate_vmalloc+0xa0/0x220 [ 406.894056][T10713] alloc_vmap_area+0x98d/0x2a50 [ 406.894134][T10713] ? __pfx_alloc_vmap_area+0x10/0x10 [ 406.894189][T10713] __get_vm_area_node+0x1ca/0x330 [ 406.894243][T10713] __vmalloc_node_range_noprof+0x247/0x16b0 [ 406.894275][T10713] ? n_tty_open+0x1a/0x170 [ 406.894302][T10713] ? do_raw_spin_lock+0x12c/0x2b0 [ 406.894348][T10713] ? n_tty_open+0x1a/0x170 [ 406.894386][T10713] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 406.894416][T10713] ? __ldsem_down_write_nested+0xfd/0x850 [ 406.894445][T10713] ? __ldsem_down_write_nested+0x10e/0x850 [ 406.894473][T10713] ? lockdep_init_map_type+0x5c/0x270 [ 406.894510][T10713] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 406.894546][T10713] ? n_tty_open+0x1a/0x170 [ 406.894572][T10713] __vmalloc_node_noprof+0xad/0xf0 [ 406.894601][T10713] ? n_tty_open+0x1a/0x170 [ 406.894628][T10713] ? __pfx_n_tty_open+0x10/0x10 [ 406.894658][T10713] n_tty_open+0x1a/0x170 [ 406.894683][T10713] ? __pfx_n_tty_open+0x10/0x10 [ 406.894710][T10713] tty_ldisc_open+0x9f/0x120 [ 406.894748][T10713] tty_ldisc_setup+0x40/0x100 [ 406.894785][T10713] tty_init_dev.part.0+0x1ec/0x500 [ 406.894835][T10713] tty_init_dev+0x60/0x80 [ 406.894880][T10713] ptmx_open+0x15e/0x3c0 [ 406.894915][T10713] ? __pfx_ptmx_open+0x10/0x10 [ 406.894949][T10713] chrdev_open+0x234/0x6a0 [ 406.894993][T10713] ? __pfx_apparmor_file_open+0x10/0x10 [ 406.895033][T10713] ? __pfx_chrdev_open+0x10/0x10 [ 406.895081][T10713] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 406.895138][T10713] do_dentry_open+0x748/0x1590 [ 406.895179][T10713] ? __pfx_chrdev_open+0x10/0x10 [ 406.895233][T10713] vfs_open+0x82/0x3f0 [ 406.895269][T10713] path_openat+0x2078/0x3140 [ 406.895327][T10713] ? __pfx_path_openat+0x10/0x10 [ 406.895387][T10713] do_filp_open+0x20b/0x470 [ 406.895432][T10713] ? __pfx_do_filp_open+0x10/0x10 [ 406.895508][T10713] ? alloc_fd+0x471/0x7d0 [ 406.895565][T10713] do_sys_openat2+0x121/0x290 [ 406.895597][T10713] ? __pfx_do_sys_openat2+0x10/0x10 [ 406.895633][T10713] ? find_held_lock+0x2b/0x80 [ 406.895682][T10713] __x64_sys_openat+0x174/0x210 [ 406.895716][T10713] ? __pfx___x64_sys_openat+0x10/0x10 [ 406.895768][T10713] do_syscall_64+0xcd/0xf80 [ 406.895798][T10713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.895828][T10713] RIP: 0033:0x7fb09d38f7c9 [ 406.895854][T10713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.895883][T10713] RSP: 002b:00007fb09e13e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 406.895913][T10713] RAX: ffffffffffffffda RBX: 00007fb09d5e5fa0 RCX: 00007fb09d38f7c9 [ 406.895932][T10713] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 406.895951][T10713] RBP: 00007fb09d413f91 R08: 0000000000000000 R09: 0000000000000000 [ 406.895969][T10713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.895987][T10713] R13: 00007fb09d5e6038 R14: 00007fb09d5e5fa0 R15: 00007ffda05ff5d8 [ 406.896039][T10713] [ 407.410550][T10713] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 408.351629][T10740] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 409.509021][T10774] FAULT_INJECTION: forcing a failure. [ 409.509021][T10774] name failslab, interval 1, probability 0, space 0, times 0 [ 409.541997][T10774] CPU: 0 UID: 0 PID: 10774 Comm: syz.1.927 Tainted: G U L syzkaller #0 PREEMPT(full) [ 409.542044][T10774] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 409.542055][T10774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 409.542071][T10774] Call Trace: [ 409.542081][T10774] [ 409.542091][T10774] dump_stack_lvl+0x16c/0x1f0 [ 409.542146][T10774] should_fail_ex+0x512/0x640 [ 409.542178][T10774] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 409.542218][T10774] should_failslab+0xc2/0x120 [ 409.542263][T10774] kmem_cache_alloc_node_noprof+0x86/0x800 [ 409.542296][T10774] ? do_syscall_64+0xcd/0xf80 [ 409.542319][T10774] ? alloc_vmap_area+0x66f/0x2a50 [ 409.542368][T10774] ? alloc_vmap_area+0x66f/0x2a50 [ 409.542406][T10774] alloc_vmap_area+0x66f/0x2a50 [ 409.542464][T10774] ? __pfx_alloc_vmap_area+0x10/0x10 [ 409.542517][T10774] __get_vm_area_node+0x1ca/0x330 [ 409.542567][T10774] __vmalloc_node_range_noprof+0x247/0x16b0 [ 409.542595][T10774] ? n_tty_open+0x1a/0x170 [ 409.542620][T10774] ? do_raw_spin_lock+0x12c/0x2b0 [ 409.542658][T10774] ? n_tty_open+0x1a/0x170 [ 409.542693][T10774] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.542721][T10774] ? __ldsem_down_write_nested+0xfd/0x850 [ 409.542845][T10774] ? __ldsem_down_write_nested+0x10e/0x850 [ 409.542880][T10774] ? lockdep_init_map_type+0x5c/0x270 [ 409.542915][T10774] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 409.542949][T10774] ? n_tty_open+0x1a/0x170 [ 409.542971][T10774] __vmalloc_node_noprof+0xad/0xf0 [ 409.542997][T10774] ? n_tty_open+0x1a/0x170 [ 409.543020][T10774] ? __pfx_n_tty_open+0x10/0x10 [ 409.543050][T10774] n_tty_open+0x1a/0x170 [ 409.543074][T10774] ? __pfx_n_tty_open+0x10/0x10 [ 409.543101][T10774] tty_ldisc_open+0x9f/0x120 [ 409.543135][T10774] tty_ldisc_setup+0x40/0x100 [ 409.543170][T10774] tty_init_dev.part.0+0x1ec/0x500 [ 409.543211][T10774] tty_init_dev+0x60/0x80 [ 409.543253][T10774] ptmx_open+0x15e/0x3c0 [ 409.543284][T10774] ? __pfx_ptmx_open+0x10/0x10 [ 409.543314][T10774] chrdev_open+0x234/0x6a0 [ 409.543353][T10774] ? __pfx_apparmor_file_open+0x10/0x10 [ 409.543383][T10774] ? __pfx_chrdev_open+0x10/0x10 [ 409.543426][T10774] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 409.543477][T10774] do_dentry_open+0x748/0x1590 [ 409.543515][T10774] ? __pfx_chrdev_open+0x10/0x10 [ 409.543571][T10774] vfs_open+0x82/0x3f0 [ 409.543608][T10774] path_openat+0x2078/0x3140 [ 409.543664][T10774] ? __pfx_path_openat+0x10/0x10 [ 409.543720][T10774] do_filp_open+0x20b/0x470 [ 409.543779][T10774] ? __pfx_do_filp_open+0x10/0x10 [ 409.543856][T10774] ? alloc_fd+0x471/0x7d0 [ 409.543912][T10774] do_sys_openat2+0x121/0x290 [ 409.543943][T10774] ? __pfx_do_sys_openat2+0x10/0x10 [ 409.543977][T10774] ? find_held_lock+0x2b/0x80 [ 409.544030][T10774] __x64_sys_openat+0x174/0x210 [ 409.544060][T10774] ? __pfx___x64_sys_openat+0x10/0x10 [ 409.544104][T10774] do_syscall_64+0xcd/0xf80 [ 409.544135][T10774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.544165][T10774] RIP: 0033:0x7f259878f7c9 [ 409.544190][T10774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.544231][T10774] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 409.544261][T10774] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 409.544280][T10774] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 409.544298][T10774] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 409.544315][T10774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.544333][T10774] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 409.544374][T10774] [ 409.964623][T10774] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 410.084010][T10779] No such timeout policy "" [ 410.096340][T10779] netlink: Failed to associated timeout policy '' [ 411.102102][T10792] binder: 10791:10792 ioctl c00c620f 9 returned -22 [ 411.494010][T10802] input input34: cannot allocate more than FF_MAX_EFFECTS effects [ 411.653132][T10817] FAULT_INJECTION: forcing a failure. [ 411.653132][T10817] name failslab, interval 1, probability 0, space 0, times 0 [ 411.705426][T10817] CPU: 0 UID: 0 PID: 10817 Comm: syz.3.938 Tainted: G U L syzkaller #0 PREEMPT(full) [ 411.705480][T10817] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 411.705491][T10817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.705508][T10817] Call Trace: [ 411.705518][T10817] [ 411.705530][T10817] dump_stack_lvl+0x16c/0x1f0 [ 411.705584][T10817] should_fail_ex+0x512/0x640 [ 411.705615][T10817] ? __kmalloc_cache_noprof+0x5f/0x800 [ 411.705652][T10817] should_failslab+0xc2/0x120 [ 411.705692][T10817] __kmalloc_cache_noprof+0x80/0x800 [ 411.705720][T10817] ? alloc_tty_struct+0x96/0x8c0 [ 411.705768][T10817] ? alloc_tty_struct+0x96/0x8c0 [ 411.705805][T10817] alloc_tty_struct+0x96/0x8c0 [ 411.705847][T10817] ? __pfx_alloc_tty_struct+0x10/0x10 [ 411.705899][T10817] pty_common_install+0x1c7/0xb30 [ 411.705939][T10817] ? __pfx_pty_unix98_install+0x10/0x10 [ 411.705978][T10817] tty_init_dev.part.0+0x9c/0x500 [ 411.706030][T10817] tty_init_dev+0x60/0x80 [ 411.706069][T10817] ptmx_open+0x15e/0x3c0 [ 411.706100][T10817] ? __pfx_ptmx_open+0x10/0x10 [ 411.706130][T10817] chrdev_open+0x234/0x6a0 [ 411.706169][T10817] ? __pfx_apparmor_file_open+0x10/0x10 [ 411.706196][T10817] ? __pfx_chrdev_open+0x10/0x10 [ 411.706237][T10817] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 411.706289][T10817] do_dentry_open+0x748/0x1590 [ 411.706327][T10817] ? __pfx_chrdev_open+0x10/0x10 [ 411.706378][T10817] vfs_open+0x82/0x3f0 [ 411.706411][T10817] path_openat+0x2078/0x3140 [ 411.706463][T10817] ? __pfx_path_openat+0x10/0x10 [ 411.706514][T10817] do_filp_open+0x20b/0x470 [ 411.706553][T10817] ? __pfx_do_filp_open+0x10/0x10 [ 411.706622][T10817] ? alloc_fd+0x471/0x7d0 [ 411.706672][T10817] do_sys_openat2+0x121/0x290 [ 411.706703][T10817] ? __pfx_do_sys_openat2+0x10/0x10 [ 411.706735][T10817] ? find_held_lock+0x2b/0x80 [ 411.706780][T10817] __x64_sys_openat+0x174/0x210 [ 411.706812][T10817] ? __pfx___x64_sys_openat+0x10/0x10 [ 411.706861][T10817] do_syscall_64+0xcd/0xf80 [ 411.706892][T10817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.706920][T10817] RIP: 0033:0x7fdd8f38f7c9 [ 411.706944][T10817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.706972][T10817] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 411.707002][T10817] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 411.707029][T10817] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 411.707063][T10817] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 411.707081][T10817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.707098][T10817] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 411.707138][T10817] [ 412.654048][T10837] netlink: 28 bytes leftover after parsing attributes in process `syz.0.943'. [ 413.087267][T10844] Invalid ELF header magic: != ELF [ 414.264472][T10871] FAULT_INJECTION: forcing a failure. [ 414.264472][T10871] name failslab, interval 1, probability 0, space 0, times 0 [ 414.296524][T10871] CPU: 0 UID: 0 PID: 10871 Comm: syz.1.949 Tainted: G U L syzkaller #0 PREEMPT(full) [ 414.296575][T10871] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 414.296585][T10871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 414.296602][T10871] Call Trace: [ 414.296613][T10871] [ 414.296624][T10871] dump_stack_lvl+0x16c/0x1f0 [ 414.296676][T10871] should_fail_ex+0x512/0x640 [ 414.296709][T10871] ? __kmalloc_cache_noprof+0x5f/0x800 [ 414.296745][T10871] should_failslab+0xc2/0x120 [ 414.296791][T10871] __kmalloc_cache_noprof+0x80/0x800 [ 414.296825][T10871] ? alloc_tty_struct+0x96/0x8c0 [ 414.296877][T10871] ? alloc_tty_struct+0x96/0x8c0 [ 414.296921][T10871] alloc_tty_struct+0x96/0x8c0 [ 414.296968][T10871] ? __pfx_alloc_tty_struct+0x10/0x10 [ 414.297035][T10871] pty_common_install+0x1c7/0xb30 [ 414.297078][T10871] ? __pfx_pty_unix98_install+0x10/0x10 [ 414.297118][T10871] tty_init_dev.part.0+0x9c/0x500 [ 414.297165][T10871] tty_init_dev+0x60/0x80 [ 414.297211][T10871] ptmx_open+0x15e/0x3c0 [ 414.297246][T10871] ? __pfx_ptmx_open+0x10/0x10 [ 414.297281][T10871] chrdev_open+0x234/0x6a0 [ 414.297324][T10871] ? __pfx_apparmor_file_open+0x10/0x10 [ 414.297356][T10871] ? __pfx_chrdev_open+0x10/0x10 [ 414.297402][T10871] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 414.297456][T10871] do_dentry_open+0x748/0x1590 [ 414.297498][T10871] ? __pfx_chrdev_open+0x10/0x10 [ 414.297553][T10871] vfs_open+0x82/0x3f0 [ 414.297591][T10871] path_openat+0x2078/0x3140 [ 414.297646][T10871] ? __pfx_path_openat+0x10/0x10 [ 414.297697][T10871] do_filp_open+0x20b/0x470 [ 414.297734][T10871] ? __pfx_do_filp_open+0x10/0x10 [ 414.297805][T10871] ? alloc_fd+0x471/0x7d0 [ 414.297856][T10871] do_sys_openat2+0x121/0x290 [ 414.297888][T10871] ? __pfx_do_sys_openat2+0x10/0x10 [ 414.297922][T10871] ? find_held_lock+0x2b/0x80 [ 414.297979][T10871] __x64_sys_openat+0x174/0x210 [ 414.298014][T10871] ? __pfx___x64_sys_openat+0x10/0x10 [ 414.298065][T10871] do_syscall_64+0xcd/0xf80 [ 414.298096][T10871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.298125][T10871] RIP: 0033:0x7f259878f7c9 [ 414.298151][T10871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.298179][T10871] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 414.298207][T10871] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 414.298227][T10871] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 414.298245][T10871] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 414.298263][T10871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.298279][T10871] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 414.298321][T10871] [ 415.249500][ T30] audit: type=1107 audit(4294967304.676:56): pid=10883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 415.300085][ T30] audit: type=1107 audit(4294967304.696:57): pid=10883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 416.167178][T10886] sd 0:0:1:0: PR command failed: 1026 [ 416.183516][T10886] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 416.197459][T10886] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 416.839443][T10916] bridge0: port 3(bond0) entered blocking state [ 416.846037][ T30] audit: type=1800 audit(4294967306.265:58): pid=10912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.958" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 416.873162][T10916] bridge0: port 3(bond0) entered disabled state [ 416.881671][T10916] bond0: entered allmulticast mode [ 416.887039][T10916] bond_slave_0: entered allmulticast mode [ 416.893695][T10916] bond_slave_1: entered allmulticast mode [ 416.905317][T10916] bond0: entered promiscuous mode [ 416.917894][T10916] bond_slave_0: entered promiscuous mode [ 416.954575][T10916] bond_slave_1: entered promiscuous mode [ 416.991747][T10916] bridge0: port 3(bond0) entered blocking state [ 416.998245][T10916] bridge0: port 3(bond0) entered forwarding state [ 417.680496][T10937] cougar: G6 mapped to space [ 418.476267][ T5845] Bluetooth: hci0: unexpected event 0x32 length: 727 > 9 [ 418.809281][T10957] zswap: compressor not available [ 419.493900][T10960] zswap: compressor not available [ 420.240197][T10955] zero sized request [ 420.698581][T10991] zswap: compressor û not available [ 421.040758][T11003] cougar: G6 mapped to space [ 423.224512][T11046] FAULT_INJECTION: forcing a failure. [ 423.224512][T11046] name failslab, interval 1, probability 0, space 0, times 0 [ 423.245229][T11046] CPU: 0 UID: 0 PID: 11046 Comm: syz.3.988 Tainted: G U L syzkaller #0 PREEMPT(full) [ 423.245277][T11046] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 423.245286][T11046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 423.245300][T11046] Call Trace: [ 423.245309][T11046] [ 423.245320][T11046] dump_stack_lvl+0x16c/0x1f0 [ 423.245366][T11046] should_fail_ex+0x512/0x640 [ 423.245396][T11046] ? __kmalloc_noprof+0xca/0x910 [ 423.245428][T11046] should_failslab+0xc2/0x120 [ 423.245465][T11046] __kmalloc_noprof+0xeb/0x910 [ 423.245493][T11046] ? do_raw_spin_lock+0x12c/0x2b0 [ 423.245521][T11046] ? __seq_open_private+0x22/0xd0 [ 423.245562][T11046] ? __seq_open_private+0x22/0xd0 [ 423.245592][T11046] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 423.245633][T11046] __seq_open_private+0x22/0xd0 [ 423.245680][T11046] pid_numa_maps_open+0x29/0xf0 [ 423.245708][T11046] do_dentry_open+0x748/0x1590 [ 423.245744][T11046] ? __pfx_pid_numa_maps_open+0x10/0x10 [ 423.245780][T11046] vfs_open+0x82/0x3f0 [ 423.245814][T11046] path_openat+0x2078/0x3140 [ 423.245861][T11046] ? __pfx_path_openat+0x10/0x10 [ 423.245911][T11046] do_filp_open+0x20b/0x470 [ 423.245948][T11046] ? __pfx_do_filp_open+0x10/0x10 [ 423.246002][T11046] ? __pfx_kfree_link+0x10/0x10 [ 423.246048][T11046] ? alloc_fd+0x471/0x7d0 [ 423.246100][T11046] do_sys_openat2+0x121/0x290 [ 423.246131][T11046] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.246177][T11046] __x64_sys_openat+0x174/0x210 [ 423.246209][T11046] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.246257][T11046] do_syscall_64+0xcd/0xf80 [ 423.246287][T11046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.246316][T11046] RIP: 0033:0x7fdd8f38f7c9 [ 423.246339][T11046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.246365][T11046] RSP: 002b:00007fdd9026e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.246393][T11046] RAX: ffffffffffffffda RBX: 00007fdd8f5e6090 RCX: 00007fdd8f38f7c9 [ 423.246412][T11046] RDX: 0000000000008240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 423.246430][T11046] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 423.246447][T11046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.246462][T11046] R13: 00007fdd8f5e6128 R14: 00007fdd8f5e6090 R15: 00007ffc04af0ce8 [ 423.246502][T11046] [ 423.958729][T11053] FAULT_INJECTION: forcing a failure. [ 423.958729][T11053] name failslab, interval 1, probability 0, space 0, times 0 [ 423.991387][T11053] CPU: 0 UID: 0 PID: 11053 Comm: syz.1.989 Tainted: G U L syzkaller #0 PREEMPT(full) [ 423.991437][T11053] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 423.991448][T11053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 423.991466][T11053] Call Trace: [ 423.991475][T11053] [ 423.991487][T11053] dump_stack_lvl+0x16c/0x1f0 [ 423.991536][T11053] should_fail_ex+0x512/0x640 [ 423.991570][T11053] ? kmem_cache_alloc_noprof+0x62/0x770 [ 423.991609][T11053] should_failslab+0xc2/0x120 [ 423.991653][T11053] kmem_cache_alloc_noprof+0x83/0x770 [ 423.991686][T11053] ? security_file_alloc+0x34/0x2b0 [ 423.991725][T11053] ? security_file_alloc+0x34/0x2b0 [ 423.991759][T11053] security_file_alloc+0x34/0x2b0 [ 423.991796][T11053] init_file+0x93/0x4c0 [ 423.991826][T11053] alloc_empty_file+0x73/0x1e0 [ 423.991855][T11053] alloc_file_pseudo+0x13a/0x230 [ 423.991890][T11053] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 423.991924][T11053] ? alloc_fd+0x471/0x7d0 [ 423.991981][T11053] sock_alloc_file+0x50/0x210 [ 423.992024][T11053] __sys_socket+0x1c0/0x260 [ 423.992055][T11053] ? __pfx___sys_socket+0x10/0x10 [ 423.992085][T11053] ? xfd_validate_state+0x61/0x180 [ 423.992111][T11053] ? __pfx_do_writev+0x10/0x10 [ 423.992160][T11053] __x64_sys_socket+0x72/0xb0 [ 423.992187][T11053] ? lockdep_hardirqs_on+0x7c/0x110 [ 423.992230][T11053] do_syscall_64+0xcd/0xf80 [ 423.992257][T11053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.992286][T11053] RIP: 0033:0x7f259878f7c9 [ 423.992311][T11053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.992338][T11053] RSP: 002b:00007f25995c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 423.992365][T11053] RAX: ffffffffffffffda RBX: 00007f25989e5fa0 RCX: 00007f259878f7c9 [ 423.992384][T11053] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 423.992402][T11053] RBP: 00007f2598813f91 R08: 0000000000000000 R09: 0000000000000000 [ 423.992419][T11053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.992436][T11053] R13: 00007f25989e6038 R14: 00007f25989e5fa0 R15: 00007fffeb5d45a8 [ 423.992476][T11053] [ 424.544717][T11060] Invalid ELF header magic: != ELF [ 428.694572][T11107] Invalid ELF header magic: != ELF [ 428.965261][T11113] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1003'. [ 429.599247][T11129] binder: 11127:11129 ioctl c0306201 0 returned -14 [ 429.631607][T11129] binder: 11127:11129 ioctl c0306201 0 returned -14 [ 429.700379][T11135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1007'. [ 430.609671][T11154] netlink: 'syz.3.1011': attribute type 10 has an invalid length. [ 430.617792][T11154] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1011'. [ 431.146788][T11157] binder: BINDER_SET_CONTEXT_MGR already set [ 431.152919][T11157] binder: 11156:11157 ioctl 4018620d 9 returned -16 [ 431.589393][T11149] syz.2.1010 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 431.629466][T11149] CPU: 0 UID: 0 PID: 11149 Comm: syz.2.1010 Tainted: G U L syzkaller #0 PREEMPT(full) [ 431.629517][T11149] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 431.629528][T11149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 431.629545][T11149] Call Trace: [ 431.629555][T11149] [ 431.629566][T11149] dump_stack_lvl+0x16c/0x1f0 [ 431.629619][T11149] dump_header+0x101/0x960 [ 431.629656][T11149] oom_kill_process+0x176/0x910 [ 431.629695][T11149] out_of_memory+0x350/0x1700 [ 431.629728][T11149] ? __lock_acquire+0x436/0x2890 [ 431.629763][T11149] ? __pfx_out_of_memory+0x10/0x10 [ 431.629809][T11149] mem_cgroup_out_of_memory+0x118/0x130 [ 431.629845][T11149] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 431.629891][T11149] ? do_raw_spin_unlock+0x172/0x230 [ 431.629943][T11149] try_charge_memcg+0x695/0xd30 [ 431.629997][T11149] ? __pfx_try_charge_memcg+0x10/0x10 [ 431.630043][T11149] ? __print_lock_name+0x31/0xe0 [ 431.630082][T11149] ? rcu_read_unlock+0x17/0x60 [ 431.630121][T11149] charge_memcg+0x8a/0x230 [ 431.630167][T11149] __mem_cgroup_charge+0x2b/0x1e0 [ 431.630200][T11149] do_anonymous_page+0xca9/0x2190 [ 431.630248][T11149] __handle_mm_fault+0x1ecf/0x2bb0 [ 431.630291][T11149] ? __pfx___handle_mm_fault+0x10/0x10 [ 431.630324][T11149] ? __pte_offset_map_lock+0x174/0x310 [ 431.630367][T11149] ? find_held_lock+0x2b/0x80 [ 431.630438][T11149] ? follow_page_pte+0x5cf/0x1390 [ 431.630493][T11149] handle_mm_fault+0x3fe/0xad0 [ 431.630533][T11149] __get_user_pages+0x54e/0x3590 [ 431.630591][T11149] ? down_read_killable+0x313/0x4c0 [ 431.630622][T11149] ? __lock_acquire+0x436/0x2890 [ 431.630649][T11149] ? __pfx___get_user_pages+0x10/0x10 [ 431.630702][T11149] __gup_longterm_locked+0x2dd/0x17e0 [ 431.630760][T11149] ? __pfx___gup_longterm_locked+0x10/0x10 [ 431.630810][T11149] ? __get_pfnblock_flags_mask+0x13c/0x240 [ 431.630860][T11149] ? sanity_check_pinned_pages+0x58a/0x11d0 [ 431.630921][T11149] gup_fast_fallback+0xf5f/0x2350 [ 431.630998][T11149] ? __pfx_gup_fast_fallback+0x10/0x10 [ 431.631051][T11149] ? ___kmalloc_large_node+0x97/0x150 [ 431.631080][T11149] ? rcu_is_watching+0x12/0xc0 [ 431.631129][T11149] pin_user_pages_fast+0xa7/0xf0 [ 431.631174][T11149] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 431.631231][T11149] io_pin_pages+0xe6/0x1e0 [ 431.631281][T11149] io_sqe_buffer_register+0x177/0x2020 [ 431.631338][T11149] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 431.631368][T11149] ? trace_kmalloc+0x2b/0xb0 [ 431.631420][T11149] ? iovec_from_user+0xbb/0x140 [ 431.631460][T11149] io_sqe_buffers_register+0x1f2/0x860 [ 431.631501][T11149] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 431.631536][T11149] ? __fget_files+0x20e/0x3c0 [ 431.631592][T11149] __do_sys_io_uring_register+0x2520/0x2620 [ 431.631648][T11149] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 431.631698][T11149] ? __x64_sys_futex+0x1e0/0x4c0 [ 431.631730][T11149] ? __x64_sys_futex+0x1e9/0x4c0 [ 431.631772][T11149] ? xfd_validate_state+0x61/0x180 [ 431.631815][T11149] do_syscall_64+0xcd/0xf80 [ 431.631846][T11149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.631876][T11149] RIP: 0033:0x7f5211d8f7c9 [ 431.631908][T11149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.631937][T11149] RSP: 002b:00007f5212bb8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 431.631965][T11149] RAX: ffffffffffffffda RBX: 00007f5211fe5fa0 RCX: 00007f5211d8f7c9 [ 431.631984][T11149] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 431.632002][T11149] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 431.632019][T11149] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 431.632036][T11149] R13: 00007f5211fe6038 R14: 00007f5211fe5fa0 R15: 00007ffff545f938 [ 431.632078][T11149] [ 431.632090][T11149] memory: usage 3072kB, limit 3072kB, failcnt 21732 [ 432.041822][T11149] memory+swap: usage 3268kB, limit 9007199254740988kB, failcnt 0 [ 432.052202][T11149] kmem: usage 876kB, limit 9007199254740988kB, failcnt 0 [ 432.087627][T11149] Memory cgroup stats for /syz2: [ 432.088028][T11149] cache 0 [ 432.105423][T11149] rss 2158592 [ 432.108775][T11149] rss_huge 0 [ 432.112012][T11149] shmem 0 [ 432.114973][T11149] mapped_file 0 [ 432.145144][T11149] dirty 0 [ 432.150152][T11149] writeback 0 [ 432.153551][T11149] workingset_refault_anon 7050 [ 432.205445][T11149] workingset_refault_file 5541 [ 432.210344][T11149] swap 200704 [ 432.213680][T11149] swapcached 90112 [ 432.245536][T11149] pgpgin 204972 [ 432.265695][T11149] pgpgout 206467 [ 432.269420][T11149] pgfault 236269 [ 432.315512][T11149] pgmajfault 2147 [ 432.319434][T11149] inactive_anon 0 [ 432.323114][T11149] active_anon 0 [ 432.355577][T11149] inactive_file 2158592 [ 432.365560][T11149] active_file 0 [ 432.369126][T11149] unevictable 0 [ 432.379189][T11149] hierarchical_memory_limit 3145728 [ 432.391309][T11149] hierarchical_memsw_limit 9223372036854771712 [ 432.395257][ T30] audit: type=1800 audit(4294967321.807:59): pid=11165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1013" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 432.408935][T11149] total_cache 0 [ 432.440548][T11149] total_rss 2158592 [ 432.444780][T11149] total_rss_huge 0 [ 432.467033][T11149] total_shmem 0 [ 432.485648][T11149] total_mapped_file 0 [ 432.489891][T11149] total_dirty 0 [ 432.493487][T11149] total_writeback 0 [ 432.525591][T11149] total_workingset_refault_anon 7050 [ 432.531312][T11149] total_workingset_refault_file 5541 [ 432.565853][T11149] total_swap 200704 [ 432.569768][T11149] total_swapcached 90112 [ 432.574037][T11149] total_pgpgin 204972 [ 432.587409][T11149] total_pgpgout 206467 [ 432.591541][T11149] total_pgfault 236269 [ 432.606115][T11149] total_pgmajfault 2147 [ 432.610829][T11149] total_inactive_anon 0 [ 432.615121][T11149] total_active_anon 0 [ 432.620998][T11149] total_inactive_file 2158592 [ 432.634717][T11149] total_active_file 0 [ 432.642996][T11149] total_unevictable 0 [ 432.647339][T11149] anon_cost 0 [ 432.651147][T11149] file_cost 0 [ 432.663196][T11149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1010,pid=11148,uid=0 [ 432.680750][T11149] Memory cgroup out of memory: Killed process 11148 (syz.2.1010) total-vm:134992kB, anon-rss:3172kB, file-rss:23112kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 432.769856][T11172] Invalid ELF header magic: != ELF [ 434.399041][T11210] syz.3.1025 (11210): /proc/11210/oom_adj is deprecated, please use /proc/11210/oom_score_adj instead. [ 434.479083][ T5889] smpboot: CPU 1 is now offline [ 435.565684][T11215] zswap: compressor not available [ 436.552626][T11239] cougar: G6 mapped to space [ 437.960748][T11248] zero sized request [ 444.274344][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.315242][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.870140][T11351] ima: Unable to open file: /surit‹¯Ròy/integrity?iqa/policy (-2) [ 446.163967][T11343] ima: policy update failed [ 446.221018][ T30] audit: type=1802 audit(4294967335.610:60): pid=11343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1051" res=0 errno=0 [ 446.419821][T11346] binder: BINDER_SET_CONTEXT_MGR already set [ 446.431203][ T5845] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 446.453569][T11346] binder: 11345:11346 ioctl 4018620d 9 returned -16 [ 447.715209][T11372] hub 1-0:1.0: USB hub found [ 447.776788][T11372] hub 1-0:1.0: 1 port detected [ 448.170472][T11380] usbcore.quirks: string doesn't fit in 127 chars. [ 448.576122][ T30] audit: type=1800 audit(4294967337.989:61): pid=11398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1061" name="lu_gp_id" dev="configfs" ino=40553 res=0 errno=0 [ 449.515240][T11412] : Can't lookup blockdev [ 452.691063][T11508] binder: BINDER_SET_CONTEXT_MGR already set [ 452.740821][T11508] binder: 11503:11508 ioctl 4018620d 9 returned -16 [ 454.478412][ T30] audit: type=1804 audit(4294967343.886:62): pid=11548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1085" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 454.777926][T11559] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1089'. [ 455.236235][T11563] Invalid ELF header magic: != ELF [ 455.345783][T11571] Invalid ELF header magic: != ELF [ 456.402280][T11581] zswap: compressor not available [ 456.924744][T11584] mkiss: ax0: crc mode is auto. [ 457.508974][ T30] audit: type=1326 audit(4294967346.905:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11610 comm="syz.0.1099" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb09d38f7c9 code=0x0 [ 457.685751][T11616] FAULT_INJECTION: forcing a failure. [ 457.685751][T11616] name failslab, interval 1, probability 0, space 0, times 0 [ 457.754021][T11616] CPU: 0 UID: 0 PID: 11616 Comm: syz.0.1099 Tainted: G U L syzkaller #0 PREEMPT(full) [ 457.754053][T11616] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 457.754060][T11616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 457.754070][T11616] Call Trace: [ 457.754075][T11616] [ 457.754083][T11616] dump_stack_lvl+0x16c/0x1f0 [ 457.754114][T11616] should_fail_ex+0x512/0x640 [ 457.754136][T11616] should_failslab+0xc2/0x120 [ 457.754163][T11616] __kmalloc_cache_noprof+0x80/0x800 [ 457.754184][T11616] ? bdi_split_work_to_wbs+0x1c1/0xfc0 [ 457.754209][T11616] ? bdi_split_work_to_wbs+0x1c1/0xfc0 [ 457.754228][T11616] bdi_split_work_to_wbs+0x1c1/0xfc0 [ 457.754252][T11616] ? __pfx_bdi_split_work_to_wbs+0x10/0x10 [ 457.754282][T11616] ? __lock_acquire+0x436/0x2890 [ 457.754302][T11616] __writeback_inodes_sb_nr+0x200/0x2b0 [ 457.754323][T11616] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 457.754351][T11616] ? get_nr_dirty_inodes+0x170/0x1e0 [ 457.754379][T11616] ? __pfx_fs_bdev_sync+0x10/0x10 [ 457.754400][T11616] sync_filesystem+0xbb/0x290 [ 457.754416][T11616] ? __pfx_fs_bdev_sync+0x10/0x10 [ 457.754435][T11616] fs_bdev_sync+0x2c/0x40 [ 457.754456][T11616] blkdev_common_ioctl+0x2250/0x2b80 [ 457.754480][T11616] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 457.754507][T11616] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 457.754534][T11616] ? do_vfs_ioctl+0x128/0x14f0 [ 457.754554][T11616] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 457.754580][T11616] ? find_held_lock+0x2b/0x80 [ 457.754605][T11616] blkdev_ioctl+0x2b5/0x6e0 [ 457.754625][T11616] ? __pfx_blkdev_ioctl+0x10/0x10 [ 457.754647][T11616] ? __pfx_blkdev_ioctl+0x10/0x10 [ 457.754672][T11616] __x64_sys_ioctl+0x18e/0x210 [ 457.754737][T11616] do_syscall_64+0xcd/0xf80 [ 457.754762][T11616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.754785][T11616] RIP: 0033:0x7fb09d38f7c9 [ 457.754800][T11616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.754817][T11616] RSP: 002b:00007fb09b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.754839][T11616] RAX: ffffffffffffffda RBX: 00007fb09d5e6090 RCX: 00007fb09d38f7c9 [ 457.754850][T11616] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 457.754860][T11616] RBP: 00007fb09d413f91 R08: 0000000000000000 R09: 0000000000000000 [ 457.754870][T11616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.754880][T11616] R13: 00007fb09d5e6128 R14: 00007fb09d5e6090 R15: 00007ffda05ff5d8 [ 457.754903][T11616] [ 458.204231][T11626] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1101'. [ 458.225043][T11626] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.353709][T11626] bridge_slave_1 (unregistering): left allmulticast mode [ 458.378144][T11631] Invalid ELF header magic: != ELF [ 458.393780][T11626] bridge_slave_1 (unregistering): left promiscuous mode [ 458.418044][T11626] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.863799][T11638] Invalid ELF header magic: != ELF [ 461.696248][T11685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1113'. [ 462.738082][T11697] netlink: 'syz.2.1118': attribute type 19 has an invalid length. [ 462.762805][T11697] netlink: 226 bytes leftover after parsing attributes in process `syz.2.1118'. [ 463.865675][T11712] netlink: zone id is out of range [ 463.897814][T11712] netlink: zone id is out of range [ 464.908689][T11726] FAULT_INJECTION: forcing a failure. [ 464.908689][T11726] name failslab, interval 1, probability 0, space 0, times 0 [ 465.062923][T11726] CPU: 0 UID: 0 PID: 11726 Comm: syz.2.1125 Tainted: G U L syzkaller #0 PREEMPT(full) [ 465.062955][T11726] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 465.062962][T11726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 465.062972][T11726] Call Trace: [ 465.062978][T11726] [ 465.062984][T11726] dump_stack_lvl+0x16c/0x1f0 [ 465.063016][T11726] should_fail_ex+0x512/0x640 [ 465.063036][T11726] ? kmem_cache_alloc_noprof+0x62/0x770 [ 465.063059][T11726] should_failslab+0xc2/0x120 [ 465.063086][T11726] kmem_cache_alloc_noprof+0x83/0x770 [ 465.063105][T11726] ? ptlock_alloc+0x1f/0x70 [ 465.063126][T11726] ? ptlock_alloc+0x1f/0x70 [ 465.063142][T11726] ptlock_alloc+0x1f/0x70 [ 465.063159][T11726] pte_alloc_one+0x84/0x3d0 [ 465.063186][T11726] __pte_alloc+0x6d/0x3f0 [ 465.063208][T11726] ? __pfx___pte_alloc+0x10/0x10 [ 465.063231][T11726] ? _raw_spin_unlock+0x28/0x50 [ 465.063253][T11726] ? __pmd_alloc+0x6aa/0x9c0 [ 465.063279][T11726] move_page_tables+0x2c0a/0x4380 [ 465.063305][T11726] ? __pfx_copy_vma+0x10/0x10 [ 465.063331][T11726] ? __pfx_move_page_tables+0x10/0x10 [ 465.063359][T11726] ? trace_sched_exit_tp+0xd1/0x110 [ 465.063392][T11726] ? __schedule+0x10b9/0x6150 [ 465.063420][T11726] copy_vma_and_data+0x24e/0x790 [ 465.063441][T11726] ? __pfx_copy_vma_and_data+0x10/0x10 [ 465.063469][T11726] ? find_held_lock+0x2b/0x80 [ 465.063491][T11726] ? move_vma+0x533/0x1790 [ 465.063509][T11726] ? __vm_enough_memory+0x184/0x3f0 [ 465.063538][T11726] move_vma+0x545/0x1790 [ 465.063562][T11726] ? __pfx_move_vma+0x10/0x10 [ 465.063584][T11726] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 465.063610][T11726] ? cap_mmap_addr+0x4b/0x120 [ 465.063625][T11726] ? bpf_lsm_mmap_addr+0x9/0x10 [ 465.063644][T11726] ? security_mmap_addr+0x6c/0x1e0 [ 465.063665][T11726] ? __get_unmapped_area+0x267/0x3f0 [ 465.063691][T11726] ? vrm_set_new_addr+0x208/0x290 [ 465.063711][T11726] mremap_to+0x1b7/0x450 [ 465.063731][T11726] do_mremap+0x13a8/0x2020 [ 465.063751][T11726] ? futex_private_hash_put+0xd0/0x1b0 [ 465.063775][T11726] ? __pfx_do_mremap+0x10/0x10 [ 465.063791][T11726] ? __pfx_futex_wake+0x10/0x10 [ 465.063817][T11726] ? ksys_write+0x190/0x250 [ 465.063845][T11726] __do_sys_mremap+0x119/0x170 [ 465.063864][T11726] ? __pfx___do_sys_mremap+0x10/0x10 [ 465.063889][T11726] ? __x64_sys_futex+0x1e0/0x4c0 [ 465.063920][T11726] do_syscall_64+0xcd/0xf80 [ 465.063937][T11726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.063955][T11726] RIP: 0033:0x7f5211d8f7c9 [ 465.063970][T11726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.063986][T11726] RSP: 002b:00007f5212b97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 465.064002][T11726] RAX: ffffffffffffffda RBX: 00007f5211fe6090 RCX: 00007f5211d8f7c9 [ 465.064013][T11726] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 465.064022][T11726] RBP: 00007f5211e13f91 R08: 0000000100000000 R09: 0000000000000000 [ 465.064032][T11726] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 465.064042][T11726] R13: 00007f5211fe6128 R14: 00007f5211fe6090 R15: 00007ffff545f938 [ 465.064063][T11726] [ 465.885246][T11742] random: crng reseeded on system resumption [ 465.996709][ T30] audit: type=1800 audit(4294967355.400:64): pid=11748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1129" name="lu_gp_id" dev="configfs" ino=42272 res=0 errno=0 [ 469.405720][T11789] binder: BINDER_SET_CONTEXT_MGR already set [ 469.491128][T11789] binder: 11774:11789 ioctl 4018620d 9 returned -16 [ 470.239400][T11795] Invalid ELF header magic: != ELF [ 470.684902][T11800] Invalid ELF header magic: != ELF [ 472.049327][T11823] netlink: zone id is out of range [ 472.073724][T11823] netlink: zone id is out of range [ 472.976656][T11845] FAULT_INJECTION: forcing a failure. [ 472.976656][T11845] name failslab, interval 1, probability 0, space 0, times 0 [ 473.126163][T11845] CPU: 0 UID: 0 PID: 11845 Comm: syz.3.1143 Tainted: G U L syzkaller #0 PREEMPT(full) [ 473.126208][T11845] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 473.126215][T11845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 473.126226][T11845] Call Trace: [ 473.126231][T11845] [ 473.126238][T11845] dump_stack_lvl+0x16c/0x1f0 [ 473.126272][T11845] should_fail_ex+0x512/0x640 [ 473.126293][T11845] ? __kmalloc_cache_noprof+0x5f/0x800 [ 473.126317][T11845] should_failslab+0xc2/0x120 [ 473.126345][T11845] __kmalloc_cache_noprof+0x80/0x800 [ 473.126366][T11845] ? alloc_tty_struct+0x96/0x8c0 [ 473.126398][T11845] ? alloc_tty_struct+0x96/0x8c0 [ 473.126425][T11845] alloc_tty_struct+0x96/0x8c0 [ 473.126453][T11845] ? __pfx_alloc_tty_struct+0x10/0x10 [ 473.126486][T11845] pty_common_install+0x1c7/0xb30 [ 473.126511][T11845] ? __pfx_pty_unix98_install+0x10/0x10 [ 473.126535][T11845] tty_init_dev.part.0+0x9c/0x500 [ 473.126565][T11845] tty_init_dev+0x60/0x80 [ 473.126600][T11845] ptmx_open+0x15e/0x3c0 [ 473.126622][T11845] ? __pfx_ptmx_open+0x10/0x10 [ 473.126643][T11845] chrdev_open+0x234/0x6a0 [ 473.126672][T11845] ? __pfx_apparmor_file_open+0x10/0x10 [ 473.126691][T11845] ? __pfx_chrdev_open+0x10/0x10 [ 473.126719][T11845] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 473.126752][T11845] do_dentry_open+0x748/0x1590 [ 473.126778][T11845] ? __pfx_chrdev_open+0x10/0x10 [ 473.126812][T11845] vfs_open+0x82/0x3f0 [ 473.126834][T11845] path_openat+0x2078/0x3140 [ 473.126868][T11845] ? __pfx_path_openat+0x10/0x10 [ 473.126902][T11845] do_filp_open+0x20b/0x470 [ 473.126929][T11845] ? __pfx_do_filp_open+0x10/0x10 [ 473.126973][T11845] ? alloc_fd+0x471/0x7d0 [ 473.127005][T11845] do_sys_openat2+0x121/0x290 [ 473.127025][T11845] ? __pfx_do_sys_openat2+0x10/0x10 [ 473.127046][T11845] ? find_held_lock+0x2b/0x80 [ 473.127076][T11845] __x64_sys_openat+0x174/0x210 [ 473.127097][T11845] ? __pfx___x64_sys_openat+0x10/0x10 [ 473.127127][T11845] do_syscall_64+0xcd/0xf80 [ 473.127145][T11845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.127168][T11845] RIP: 0033:0x7fdd8f38f7c9 [ 473.127186][T11845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.127205][T11845] RSP: 002b:00007fdd9028f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 473.127224][T11845] RAX: ffffffffffffffda RBX: 00007fdd8f5e5fa0 RCX: 00007fdd8f38f7c9 [ 473.127236][T11845] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 473.127247][T11845] RBP: 00007fdd8f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 473.127258][T11845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.127268][T11845] R13: 00007fdd8f5e6038 R14: 00007fdd8f5e5fa0 R15: 00007ffc04af0ce8 [ 473.127291][T11845] [ 473.974775][T11852] Invalid ELF header magic: != ELF [ 474.146570][T11854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1147'. [ 474.234684][T11857] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1148'. [ 474.254413][T11857] dummy0: entered promiscuous mode [ 474.264506][T11857] dummy0: entered allmulticast mode [ 475.363421][T11870] Invalid ELF header magic: != ELF [ 476.495030][T11890] Invalid ELF header magic: != ELF [ 476.904260][T11884] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 476.912223][T11884] #PF: supervisor instruction fetch in kernel mode [ 476.918825][T11884] #PF: error_code(0x0010) - not-present page [ 476.925157][T11884] PGD 800000003e829067 P4D 800000003e829067 PUD 3955e067 PMD 699fe067 PTE 7ffffffffff5e0a [ 476.935253][T11884] Oops: Oops: 0010 [#1] SMP KASAN PTI [ 476.940632][T11884] CPU: 0 UID: 0 PID: 11884 Comm: syz.2.1155 Tainted: G U L syzkaller #0 PREEMPT(full) [ 476.951828][T11884] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 476.957021][T11884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 476.967479][T11884] RIP: 0010:0x0 [ 476.970964][T11884] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 476.978526][T11884] RSP: 0018:ffffc90004ebf988 EFLAGS: 00010283 [ 476.984605][T11884] RAX: 00000000000009d6 RBX: 0000000000000000 RCX: ffffc9000f664000 [ 476.992832][T11884] RDX: 0000000000080000 RSI: ffffea0000e81800 RDI: ffff88802ae95180 [ 477.000809][T11884] RBP: ffffea0000e81800 R08: 0000000000000007 R09: 0000000000000000 [ 477.008781][T11884] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920009d7f32 [ 477.016768][T11884] R13: ffff88802ae95180 R14: 0000000000000000 R15: dffffc0000000000 [ 477.024920][T11884] FS: 00007f5212b976c0(0000) GS:ffff8881248f9000(0000) knlGS:0000000000000000 [ 477.033949][T11884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 477.040663][T11884] CR2: ffffffffffffffd6 CR3: 0000000069b32000 CR4: 00000000003526f0 [ 477.048737][T11884] Call Trace: [ 477.052015][T11884] [ 477.054943][T11884] filemap_read_folio+0xc8/0x2a0 [ 477.060058][T11884] ? __pfx_filemap_read_folio+0x10/0x10 [ 477.065796][T11884] do_read_cache_folio+0x266/0x5c0 [ 477.070997][T11884] freader_get_folio+0x33a/0x930 [ 477.075952][T11884] freader_fetch+0xbd/0x740 [ 477.080472][T11884] ? __asan_memset+0x23/0x50 [ 477.085212][T11884] __build_id_parse.isra.0+0xdd/0x6c0 [ 477.090600][T11884] ? query_matching_vma+0x48e/0x7d0 [ 477.095902][T11884] ? __pfx___build_id_parse.isra.0+0x10/0x10 [ 477.102088][T11884] do_procmap_query+0xb0e/0x1080 [ 477.107123][T11884] ? __pfx_do_procmap_query+0x10/0x10 [ 477.112509][T11884] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 477.118420][T11884] ? do_vfs_ioctl+0x128/0x14f0 [ 477.123367][T11884] ? __fget_files+0x20e/0x3c0 [ 477.128058][T11884] procfs_procmap_ioctl+0x9d/0xe0 [ 477.133169][T11884] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 477.139071][T11884] __x64_sys_ioctl+0x18e/0x210 [ 477.143932][T11884] do_syscall_64+0xcd/0xf80 [ 477.148433][T11884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.154382][T11884] RIP: 0033:0x7f5211d8f7c9 [ 477.158881][T11884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.178920][T11884] RSP: 002b:00007f5212b97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 477.187446][T11884] RAX: ffffffffffffffda RBX: 00007f5211fe6090 RCX: 00007f5211d8f7c9 [ 477.195847][T11884] RDX: 0000200000000080 RSI: 00000000c0686611 RDI: 0000000000000009 [ 477.204017][T11884] RBP: 00007f5211e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 477.211994][T11884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 477.220141][T11884] R13: 00007f5211fe6128 R14: 00007f5211fe6090 R15: 00007ffff545f938 [ 477.228335][T11884] [ 477.231375][T11884] Modules linked in: [ 477.235263][T11884] CR2: 0000000000000000 [ 477.239415][T11884] ---[ end trace 0000000000000000 ]--- [ 477.244868][T11884] RIP: 0010:0x0 [ 477.248328][T11884] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 477.255788][T11884] RSP: 0018:ffffc90004ebf988 EFLAGS: 00010283 [ 477.261854][T11884] RAX: 00000000000009d6 RBX: 0000000000000000 RCX: ffffc9000f664000 [ 477.269831][T11884] RDX: 0000000000080000 RSI: ffffea0000e81800 RDI: ffff88802ae95180 [ 477.277796][T11884] RBP: ffffea0000e81800 R08: 0000000000000007 R09: 0000000000000000 [ 477.285936][T11884] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920009d7f32 [ 477.294005][T11884] R13: ffff88802ae95180 R14: 0000000000000000 R15: dffffc0000000000 [ 477.302069][T11884] FS: 00007f5212b976c0(0000) GS:ffff8881248f9000(0000) knlGS:0000000000000000 [ 477.311195][T11884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 477.317892][T11884] CR2: ffffffffffffffd6 CR3: 0000000069b32000 CR4: 00000000003526f0 [ 477.325887][T11884] Kernel panic - not syncing: Fatal exception [ 477.332372][T11884] Kernel Offset: disabled [ 477.336704][T11884] Rebooting in 86400 seconds..