last executing test programs: 2m46.017681558s ago: executing program 0 (id=1828): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/flags\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xfdf1) lstat$auto(0x0, &(0x7f0000000240)={0x4, 0x4, 0x100000001, 0xfffffffc, 0x0, 0x0, 0x0, 0x23, 0x10001, 0x7, 0x1, 0x7ffffff8, 0x5, 0x7, 0x4, 0x3, 0x7}) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/lowpan0/mtu\x00', 0x183841, 0x0) write$auto(r1, &(0x7f0000000300)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb', 0x4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x4000, 0x0) 2m45.244465769s ago: executing program 0 (id=1830): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) setrlimit$auto(0x2, &(0x7f0000000080)={0x3, 0x20000000000006}) mprotect$auto(0x200000000000, 0x806121, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = io_uring_setup$auto(0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/sockstat\x00', 0x0, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1020, 0x202, 0x10001, 0x8, r0, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000008, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2b, 0x1, 0x0) shutdown$auto(r1, 0x4) socket(0x10, 0x3, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, r3, 0x305, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40008}, 0x0) 2m44.10535666s ago: executing program 0 (id=1833): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r0, 0x0, 0x80, 0x0, 0x0) getsockopt$auto_SO_REUSEPORT(r0, 0x28000000, 0xf, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/usbip-vudc.0/udc/usbip-vudc.0/current_speed\x00', 0x181040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)=""/206, 0xce) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r3 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) read$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000003dc0)=""/167, 0xa7) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) connect$auto(0xffffffffffffffff, 0x0, 0x3a) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) 2m39.710129067s ago: executing program 0 (id=1841): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r1, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, 0x1) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon6\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x38, r5, 0x1, 0x70bd28, 0x25dfdbff, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, "7729ecac5e9239d0c4058eac0405576c2cd59ffc84b3098afa677190f34d1790"}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00'}) 2m38.353797835s ago: executing program 0 (id=1848): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 2m35.630634985s ago: executing program 0 (id=1856): socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setreuid$auto(0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) epoll_wait$auto(0xffffffffffffffff, 0x0, 0xe007, 0x1) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r0) sendmsg$auto_TIPC_NL_LINK_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x2, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) unshare$auto(0x40000080) socket(0x27, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) unshare$auto(0x20000000000003f) 2m20.505937226s ago: executing program 32 (id=1856): socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setreuid$auto(0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) epoll_wait$auto(0xffffffffffffffff, 0x0, 0xe007, 0x1) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r0) sendmsg$auto_TIPC_NL_LINK_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x2, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) unshare$auto(0x40000080) socket(0x27, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) unshare$auto(0x20000000000003f) 1m48.072426871s ago: executing program 4 (id=1967): close_range$auto(0x2, 0x8000, 0x0) memfd_secret$auto(0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) r1 = socket(0xa, 0x2, 0x88) r2 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r2, @new_prog_fd=r3, 0x1}, 0x9) 1m47.485120823s ago: executing program 4 (id=1968): close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 1m47.180581352s ago: executing program 4 (id=1970): socket(0xa, 0x3, 0x3b) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x6, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/lapb0/napi_defer_hard_irqs\x00', 0x8a401, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) io_uring_setup$auto(0x7e1b, 0x0) openat$auto_dfs_dom_ops_debugfs(0xffffffffffffff9c, &(0x7f0000001400), 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0xc94, 0x5, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x444082, 0x0) unshare$auto(0x40000080) io_uring_setup$auto(0x1, 0x0) write$auto_split_huge_pages_fops_huge_memory(0xffffffffffffffff, 0x0, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) ioctl$auto(r0, 0xc0205649, r0) 1m46.055539214s ago: executing program 4 (id=1976): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_last_time_ms\x00', 0x2240, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/105, 0x69) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x40000) r2 = getpid() getsid$auto(r2) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x4, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000000, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0x401, 0x22000, 0x9, 0xfffffffc, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xe]}, 0x9, 0xd) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r4 = socket(0x2c, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r4, 0x4, 0x1, 0x0, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffff7effffd04, &(0x7f00000001c0)) socket(0x2b, 0x1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mlockall$auto(0x7) removexattrat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f00000000c0)='\x00') 1m45.50003703s ago: executing program 4 (id=1978): mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x2, 0x3, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1, @ANYRES64=r0], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80) 1m45.022005168s ago: executing program 4 (id=1980): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x400, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x2d, 0x1c, 0x0, 0x3) r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket(0x10, 0x2, 0xc) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r3, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_NAME={0x0, 0x2, '%/\x00\xe2\xa8\\A\xe7Z\x02q[\xcb\xc0\xb0N\\\xdc\xdf(\xff\xfee\xc3\x17py\x9f\xda\xb88\xaa\xf6q*\x82\xe6(\xc9\xe6B\x9aJ82\v-i(c\x92{\xd7D\xb4\xf7\xb4\t\xb2\x98b\xd3%vu\xd4\xfd\t\xd7J\x83\x19)\xb1\x00[\xdd(\xef?\xc5\xae(\x84\xefjx\xfe\xdb\xeb\xbceaAw\x1eW\x12Bh\xc3y2\xc9\x0e\xc9\x99#\x92j\x97\xbbDOi\x03\xa4\x11\x02Ff\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kmsg\x00', 0x80900, 0x0) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) 11.223837953s ago: executing program 2 (id=2213): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x200009}, 0x1}, 0x2, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000140), 0x101081, 0x0) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 9.004815721s ago: executing program 5 (id=2216): openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x121d03, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/net/dev_snmp6/veth0_virt_wifi\x00', 0x200000, 0x0) r0 = io_uring_setup$auto(0x86, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mem\x00', 0x402, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8}, 0x1) write$auto(0x3, 0x0, 0xffd8) ioctl$auto(r1, 0xc0205647, r0) 8.413499894s ago: executing program 3 (id=2217): bpf$auto(0x1, &(0x7f0000000100)=@bpf_attr_4={0x800000000012, 0xffffffffffffffff, 0x80000001}, 0x350) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, r0, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) 8.288244958s ago: executing program 5 (id=2218): mmap$auto(0x0, 0x7, 0xde, 0x9b72, 0x2, 0x8000) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r1 = gettid() r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/block/nullb0/queue/rq_affinity\x00', 0x4a001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000180)="12", 0x1) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r1, 0x11) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1ff, 0x20000000) semget$auto(0x3, 0x13c, 0x1ff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x181100, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptyd9\x00', 0x100000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r3, 0x5408, r3) 5.522889686s ago: executing program 1 (id=2219): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_policy\x00', 0x202, 0x0) sendfile$auto(r1, r0, 0x0, 0x48) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x141401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x5, 0x7]}, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getegid() r3 = epoll_create$auto(0x3e) epoll_ctl$auto(r3, 0x1, 0x8000000000000000, 0x0) keyctl$auto(0x5, 0xffffffffffffffff, 0x200008, 0x6, 0x3) clock_nanosleep$auto(0x66, 0x8, &(0x7f00000001c0)={0x40000000000, 0x9}, &(0x7f0000000200)={0x11f3, 0x20}) keyctl$auto(0x3, 0xffffffffffffffff, 0x2, 0x3b, 0x9) sendmsg$auto_NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r2, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x1}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x80000000}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x60044000) 5.515973493s ago: executing program 3 (id=2220): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x401, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9c, 0x7, 0x8}, 0x9) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) 5.187020706s ago: executing program 3 (id=2221): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/flags\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xfdf1) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/lowpan0/mtu\x00', 0x183841, 0x0) write$auto(r1, &(0x7f0000000300)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb', 0x4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x4000, 0x0) 4.870751965s ago: executing program 1 (id=2222): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r0, 0x3a, 0x1, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0c/sub0/sw_params\x00', 0x40, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$auto_SO_PREFER_BUSY_POLL(r1, 0x0, 0x45, 0x0, 0x2) r2 = io_uring_setup$auto(0xc, 0x0) mmap$auto(0x0, 0x400408, 0x10001, 0x411, r2, 0x8000) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r3) sendmsg$auto_WG_CMD_SET_DEVICE(r3, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002900)={0x30, r4, 0x21, 0x70bd27, 0x25dfdc00, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0xc0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/logsyscall\x00', 0x20a42, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000100)="ba", 0x1) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, 0x3, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) timer_create$auto(0x8, 0x0, 0x0) 4.659191704s ago: executing program 3 (id=2223): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D3\x00', 0x401, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x18, 0x5, 0x7) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="1136daefdad8374b297345969e5c4ccccca7eb6d337a0876c66d1e5008c65b34d116", @ANYRES16=0x0, @ANYBLOB="100026bd7000ffdbdf25590000000400340106001a01ff070000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4010) close_range$auto(0x2, 0x8, 0x0) r2 = io_uring_setup$auto(0x82, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x5, 0x0) r3 = epoll_create$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) pidfd_open$auto(0x0, 0x6) ioctl$auto(r3, 0x4020565d, r2) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f0000000400)=@enable_stats={0x5}, 0x1d) acct$auto(&(0x7f0000000280)='/dev/v4l-subdev5\x00') 4.606212019s ago: executing program 5 (id=2224): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/flags\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xfdf1) lstat$auto(0x0, &(0x7f0000000240)={0x4, 0x4, 0x100000001, 0xfffffffc, 0x0, 0x0, 0x0, 0x23, 0x10001, 0x7, 0x1, 0x7ffffff8, 0x5, 0x7, 0x4, 0x3, 0x7}) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) setfsuid$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/lowpan0/mtu\x00', 0x183841, 0x0) write$auto(r1, &(0x7f0000000300)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb', 0x4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x4000, 0x0) 4.446154316s ago: executing program 2 (id=2225): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x401, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9c, 0x7, 0x8}, 0x9) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) 3.230203867s ago: executing program 1 (id=2226): socket(0x2c, 0x80003, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/kernel/kexec_load_limit_panic\x00', 0x840141, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/msr/events/tsc\x00', 0x129000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0x2a8380, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x5408, 0x0) 3.208479452s ago: executing program 5 (id=2227): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xaea3, 0xffffffffffffffff) mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x7, 0x6, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0xffff, 0x6, 0x4, 0x9b4, 0x9, "0800aafc241cd010c7543bfbca2ce1", "0200", "00000600", "2ff43123", ['\x00', "f8ffffffffffffff00000001", "0004154db00b0004000400", "5fe10eedab2c4b353c392a92"]}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.0/attach\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000040)='\x01\x00^\xa2\x02\x00\x00\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x3) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5609, r4) getsockopt$auto_SO_BUSY_POLL(r2, 0x7, 0x2e, &(0x7f0000000180)='nfsd\x00', &(0x7f00000001c0)=0x2) r5 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000000040), r4) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r5, 0x400, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4000000) 1.668408012s ago: executing program 5 (id=2228): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) brk$auto(0xffffffffffffff66) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r3, 0x0, 0x800003, 0x270) mlockall$auto(0x7) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000001ac0)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x10000}, 0x8) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) 1.667675431s ago: executing program 3 (id=2229): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3b) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x0, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=r0, 0x4, @old_prog_fd=r1}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x10004, 0x7, 0x9, 0x7f, @prog_cnt=0x42c, 0x0, 0x80000005, 0xf, 0xb, 0x5}, 0x4) 1.650045315s ago: executing program 1 (id=2230): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x401, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9c, 0x7, 0x8}, 0x9) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) 1.273859041s ago: executing program 2 (id=2231): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) setresuid$auto(0x0, 0x0, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x80001, 0x0) ioctl$auto(r2, 0x3b82, 0x38) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4080000000df, 0x40eb1, r0, 0x300000000000) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r3, &(0x7f0000000080)=',*(,\x00', 0xffffffff) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 1.045642806s ago: executing program 1 (id=2232): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/flags\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xfdf1) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/lowpan0/mtu\x00', 0x183841, 0x0) write$auto(r1, &(0x7f0000000300)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb', 0x4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x4000, 0x0) 67.922255ms ago: executing program 3 (id=2233): socket(0x11, 0x80003, 0x300) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4004) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r1, 0x0, 0x8fb5) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 0s ago: executing program 1 (id=2234): socket(0x10, 0x2, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) write$auto(0xffffffffffffffff, 0x0, 0xb8c5) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) capset$auto(&(0x7f0000000180)={0x19980330, 0x0}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000900)='/proc/sys/kernel/pid_max\x00', 0x0, 0x0) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x20401, 0x0) mmap$auto(0x987e, 0xf2b, 0x4000000000df, 0x40000000000ebd, 0x401, 0x121) io_uring_setup$auto(0x1, 0x0) msgctl$auto_MSG_INFO(0x6, 0xc, &(0x7f0000000240)={{0x80000001, 0x0, 0xffffffffffffffff, 0xffffffff, 0x32, 0x3, 0x2}, &(0x7f0000000140)=0x9, 0x0, 0x3, 0x9, 0x5b6c, 0xfffffffffffffc7a, 0x0, 0x928, 0x6, 0x2, @inferred=r1, @inferred=r1}) r2 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) kill$auto(r2, 0x11) kernel console output (not intermixed with test programs): kB, failcnt 51315 [ 693.432896][T12960] binder: 12959:12960 ioctl c018620c 0 returned -22 [ 693.452821][T12545] Bluetooth: hci3: command 0x0c1a tx timeout [ 693.546982][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.652031][T12958] memory+swap: usage 6536kB, limit 9007199254740988kB, failcnt 0 [ 693.685319][T12958] kmem: usage 2820kB, limit 9007199254740988kB, failcnt 0 [ 693.745824][T12958] Memory cgroup stats for /syz2: [ 693.745983][T12958] cache 0 [ 693.768068][T12958] rss 135168 [ 693.789590][T12958] rss_huge 0 [ 693.794748][T12958] shmem 0 [ 693.809659][T12958] mapped_file 0 [ 693.830409][T12958] dirty 0 [ 693.861141][T12958] writeback 0 [ 693.956208][T12958] workingset_refault_anon 14112 [ 693.989916][T12539] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 693.993123][T12958] workingset_refault_file 10630 [ 694.004261][T12958] swap 3547136 [ 694.011960][T12958] swapcached 122880 [ 694.017204][T12958] pgpgin 561614 [ 694.020725][T12958] pgpgout 563609 [ 694.051915][T12958] pgfault 405437 [ 694.055485][T12958] pgmajfault 5012 [ 694.073532][T12958] inactive_anon 94208 [ 694.081186][T12958] active_anon 32768 [ 694.096434][T12958] inactive_file 0 [ 694.104586][T12958] active_file 0 [ 694.108076][T12958] unevictable 0 [ 694.112253][T12958] hierarchical_memory_limit 3145728 [ 694.117475][T12958] hierarchical_memsw_limit 9223372036854771712 [ 694.129639][T12958] total_cache 0 [ 694.142480][T12958] total_rss 135168 [ 694.173958][T12958] total_rss_huge 0 [ 694.212133][T12958] total_shmem 0 [ 694.228324][T12958] total_mapped_file 0 [ 694.251965][T12958] total_dirty 0 [ 694.272194][T12958] total_writeback 0 [ 694.293870][T12958] total_workingset_refault_anon 14112 [ 694.326115][T12958] total_workingset_refault_file 10630 [ 694.331555][T12958] total_swap 3547136 [ 694.364251][T12958] total_swapcached 122880 [ 694.368621][T12958] total_pgpgin 561614 [ 694.382132][T12958] total_pgpgout 563609 [ 694.393861][T12958] total_pgfault 405437 [ 694.428494][T12958] total_pgmajfault 5012 [ 694.552034][T12958] total_inactive_anon 94208 [ 694.556709][T12958] total_active_anon 32768 [ 694.567394][T12958] total_inactive_file 0 [ 694.571756][T12958] total_active_file 0 [ 694.578852][T12958] total_unevictable 0 [ 694.585199][T12958] anon_cost 147 [ 694.591044][T12958] file_cost 0 [ 694.597969][T12958] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1943,pid=12957,uid=0 [ 694.635590][T12958] Memory cgroup out of memory: Killed process 12957 (syz.2.1943) total-vm:108180kB, anon-rss:1268kB, file-rss:21556kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 694.710346][ T5836] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 694.967080][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 694.967117][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 694.967134][ T5836] Call Trace: [ 694.967143][ T5836] [ 694.967172][ T5836] dump_stack_lvl+0x16c/0x1f0 [ 694.967225][ T5836] dump_header+0x101/0x930 [ 694.967262][ T5836] oom_kill_process+0x272/0xa40 [ 694.967290][ T5836] ? out_of_memory+0x194/0x1700 [ 694.967326][ T5836] out_of_memory+0x350/0x1700 [ 694.967366][ T5836] ? __pfx_out_of_memory+0x10/0x10 [ 694.967419][ T5836] mem_cgroup_out_of_memory+0x118/0x130 [ 694.967468][ T5836] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 694.967523][ T5836] ? do_raw_spin_unlock+0x172/0x230 [ 694.967558][ T5836] try_charge_memcg+0x695/0xd30 [ 694.967604][ T5836] ? __pfx_try_charge_memcg+0x10/0x10 [ 694.967649][ T5836] ? find_held_lock+0x2b/0x80 [ 694.967687][ T5836] charge_memcg+0x8a/0x230 [ 694.967726][ T5836] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 694.967792][ T5836] __read_swap_cache_async+0x397/0x500 [ 694.967832][ T5836] ? __pfx___read_swap_cache_async+0x10/0x10 [ 694.967867][ T5836] ? __lock_acquire+0xb70/0x1c90 [ 694.967912][ T5836] ? __xa_erase+0xee/0x150 [ 694.967960][ T5836] swap_cluster_readahead+0x528/0x770 [ 694.968004][ T5836] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 694.968049][ T5836] ? css_rstat_updated+0x1c2/0x510 [ 694.968100][ T5836] ? get_vma_policy+0x242/0x3c0 [ 694.968149][ T5836] swapin_readahead+0x160/0x1180 [ 694.968222][ T5836] ? __pfx_swapin_readahead+0x10/0x10 [ 694.968270][ T5836] ? find_held_lock+0x2b/0x80 [ 694.968309][ T5836] ? swap_cache_get_folio+0x267/0x8e0 [ 694.968347][ T5836] ? swap_cache_get_folio+0x267/0x8e0 [ 694.968396][ T5836] ? swap_cache_get_folio+0x267/0x8e0 [ 694.968435][ T5836] ? swap_cache_get_folio+0x267/0x8e0 [ 694.968473][ T5836] ? swap_cache_get_folio+0x1f/0x8e0 [ 694.968513][ T5836] ? swap_cache_get_folio+0x293/0x8e0 [ 694.968549][ T5836] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 694.968588][ T5836] ? __pfx_get_swap_device+0x10/0x10 [ 694.968638][ T5836] ? do_swap_page+0x125/0x6340 [ 694.968685][ T5836] ? do_swap_page+0x86c/0x6340 [ 694.968725][ T5836] do_swap_page+0x86c/0x6340 [ 694.968785][ T5836] ? __pfx_do_swap_page+0x10/0x10 [ 694.968833][ T5836] ? __pfx_default_wake_function+0x10/0x10 [ 694.968868][ T5836] ? __lock_acquire+0x622/0x1c90 [ 694.968915][ T5836] ? rcu_is_watching+0x12/0xc0 [ 694.968948][ T5836] ? ___pte_offset_map+0x2ad/0x4f0 [ 694.968994][ T5836] __handle_mm_fault+0x17d1/0x2aa0 [ 694.969057][ T5836] ? __pfx___handle_mm_fault+0x10/0x10 [ 694.969112][ T5836] ? lock_vma_under_rcu+0x176/0x530 [ 694.969182][ T5836] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 694.969231][ T5836] ? get_timespec64+0x136/0x1b0 [ 694.969281][ T5836] handle_mm_fault+0x589/0xd10 [ 694.969333][ T5836] ? __pkru_allows_pkey+0x21/0xb0 [ 694.969386][ T5836] do_user_addr_fault+0x60c/0x1370 [ 694.969422][ T5836] ? rcu_is_watching+0x12/0xc0 [ 694.969459][ T5836] exc_page_fault+0x64/0xc0 [ 694.969497][ T5836] asm_exc_page_fault+0x26/0x30 [ 694.969528][ T5836] RIP: 0033:0x7f79761c2008 [ 694.969553][ T5836] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 694.969584][ T5836] RSP: 002b:00007ffcb7ced390 EFLAGS: 00010293 [ 694.969609][ T5836] RAX: 0000000000000000 RBX: 00000000000005f8 RCX: 00007f79761c2005 [ 694.969627][ T5836] RDX: 00007ffcb7ced3d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 694.969646][ T5836] RBP: 00007ffcb7ced43c R08: 0000000000000000 R09: 0000000000000000 [ 694.969664][ T5836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 694.969681][ T5836] R13: 00000000000927c0 R14: 00000000000a9052 R15: 00007ffcb7ced490 [ 694.969723][ T5836] [ 694.969734][ T5836] memory: usage 2928kB, limit 3072kB, failcnt 51318 [ 695.385271][ T5836] memory+swap: usage 3316kB, limit 9007199254740988kB, failcnt 0 [ 695.426510][ T5836] kmem: usage 2724kB, limit 9007199254740988kB, failcnt 0 [ 695.452137][ T5836] Memory cgroup stats for /syz2: [ 695.452499][ T5836] cache 0 [ 695.460612][ T5836] rss 0 [ 695.485096][ T5836] rss_huge 0 [ 695.488382][ T5836] shmem 0 [ 695.491342][ T5836] mapped_file 0 [ 695.507070][ T5836] dirty 0 [ 695.525433][ T5836] writeback 0 [ 695.532293][ T5836] workingset_refault_anon 14116 [ 695.551903][ T5836] workingset_refault_file 10630 [ 695.556907][ T5836] swap 356352 [ 695.581928][ T5836] swapcached 110592 [ 695.586153][ T5836] pgpgin 561619 [ 695.589631][ T5836] pgpgout 563650 [ 695.611027][ T5836] pgfault 405440 [ 695.615546][ T5836] pgmajfault 5013 [ 695.619194][ T5836] inactive_anon 0 [ 695.642907][ T5836] active_anon 110592 [ 695.648596][ T5836] inactive_file 0 [ 695.672020][ T5836] active_file 0 [ 695.675513][ T5836] unevictable 0 [ 695.724889][T12539] Bluetooth: hci3: command 0x0c1a tx timeout [ 695.730975][T12539] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 695.741267][T12539] Bluetooth: hci2: Injecting HCI hardware error event [ 695.749897][T12539] Bluetooth: hci2: hardware error 0x00 [ 695.758584][ T5836] hierarchical_memory_limit 3145728 [ 695.787128][ T5836] hierarchical_memsw_limit 9223372036854771712 [ 695.805729][ T5836] total_cache 0 [ 695.812856][ T5836] total_rss 0 [ 695.819577][ T5836] total_rss_huge 0 [ 695.840815][ T5836] total_shmem 0 [ 695.861403][ T5836] total_mapped_file 0 [ 695.891928][ T5836] total_dirty 0 [ 695.895475][ T5836] total_writeback 0 [ 695.899320][ T5836] total_workingset_refault_anon 14116 [ 695.941996][ T5836] total_workingset_refault_file 10630 [ 695.947459][ T5836] total_swap 356352 [ 695.951299][ T5836] total_swapcached 110592 [ 695.988903][ T5836] total_pgpgin 561619 [ 695.993562][ T5836] total_pgpgout 563650 [ 695.997658][ T5836] total_pgfault 405440 [ 696.017547][ T5836] total_pgmajfault 5013 [ 696.021782][ T5836] total_inactive_anon 0 [ 696.051946][ T5836] total_active_anon 110592 [ 696.057789][ T5836] total_inactive_file 0 [ 696.065168][ T5836] total_active_file 0 [ 696.079408][ T5836] total_unevictable 0 [ 696.085326][ T5836] anon_cost 535 [ 696.088842][ T5836] file_cost 0 [ 696.092269][ T5836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.115,pid=6323,uid=0 [ 696.124370][ T5836] Memory cgroup out of memory: Killed process 6323 (syz.2.115) total-vm:104140kB, anon-rss:1164kB, file-rss:20608kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 696.279957][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.287682][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 697.815419][T12539] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 701.371236][T13064] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input32 [ 701.602999][T13067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1978'. [ 702.316081][T13074] netlink: 93 bytes leftover after parsing attributes in process `syz.4.1980'. [ 703.128795][T13051] syz.2.1973 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 703.192458][T13051] CPU: 0 UID: 0 PID: 13051 Comm: syz.2.1973 Not tainted syzkaller #0 PREEMPT(full) [ 703.192501][T13051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 703.192520][T13051] Call Trace: [ 703.192531][T13051] [ 703.192543][T13051] dump_stack_lvl+0x16c/0x1f0 [ 703.192590][T13051] dump_header+0x101/0x930 [ 703.192627][T13051] oom_kill_process+0x272/0xa40 [ 703.192665][T13051] out_of_memory+0x350/0x1700 [ 703.192714][T13051] ? __pfx_out_of_memory+0x10/0x10 [ 703.192760][T13051] mem_cgroup_out_of_memory+0x118/0x130 [ 703.192814][T13051] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 703.192877][T13051] ? do_raw_spin_unlock+0x172/0x230 [ 703.192915][T13051] try_charge_memcg+0x695/0xd30 [ 703.192966][T13051] ? __pfx_try_charge_memcg+0x10/0x10 [ 703.193017][T13051] ? find_held_lock+0x2b/0x80 [ 703.193058][T13051] charge_memcg+0x8a/0x230 [ 703.193101][T13051] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 703.193156][T13051] __read_swap_cache_async+0x397/0x500 [ 703.193198][T13051] ? __pfx___read_swap_cache_async+0x10/0x10 [ 703.193259][T13051] swap_cluster_readahead+0x528/0x770 [ 703.193304][T13051] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 703.193364][T13051] ? lock_acquire+0x179/0x350 [ 703.193409][T13051] ? get_vma_policy+0x242/0x3c0 [ 703.193461][T13051] swapin_readahead+0x160/0x1180 [ 703.193510][T13051] ? __pfx_swapin_readahead+0x10/0x10 [ 703.193545][T13051] ? find_held_lock+0x2b/0x80 [ 703.193577][T13051] ? swap_cache_get_folio+0x267/0x8e0 [ 703.193606][T13051] ? swap_cache_get_folio+0x267/0x8e0 [ 703.193635][T13051] ? swap_cache_get_folio+0x267/0x8e0 [ 703.193669][T13051] ? swap_cache_get_folio+0x267/0x8e0 [ 703.193700][T13051] ? swap_cache_get_folio+0x1f/0x8e0 [ 703.193728][T13051] ? swap_cache_get_folio+0x293/0x8e0 [ 703.193763][T13051] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 703.193794][T13051] ? __pfx_get_swap_device+0x10/0x10 [ 703.193837][T13051] ? do_swap_page+0x125/0x6340 [ 703.193886][T13051] ? do_swap_page+0x86c/0x6340 [ 703.193928][T13051] do_swap_page+0x86c/0x6340 [ 703.193992][T13051] ? __pfx_do_swap_page+0x10/0x10 [ 703.194042][T13051] ? __pfx_default_wake_function+0x10/0x10 [ 703.194079][T13051] ? __lock_acquire+0x622/0x1c90 [ 703.194128][T13051] ? rcu_is_watching+0x12/0xc0 [ 703.194163][T13051] ? ___pte_offset_map+0x2ad/0x4f0 [ 703.194212][T13051] __handle_mm_fault+0x17d1/0x2aa0 [ 703.194283][T13051] ? __pfx___handle_mm_fault+0x10/0x10 [ 703.194342][T13051] ? lock_vma_under_rcu+0x176/0x530 [ 703.194408][T13051] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 703.194471][T13051] handle_mm_fault+0x589/0xd10 [ 703.194526][T13051] ? __pkru_allows_pkey+0x21/0xb0 [ 703.194583][T13051] do_user_addr_fault+0x60c/0x1370 [ 703.194619][T13051] ? rcu_is_watching+0x12/0xc0 [ 703.194659][T13051] exc_page_fault+0x64/0xc0 [ 703.194700][T13051] asm_exc_page_fault+0x26/0x30 [ 703.194731][T13051] RIP: 0033:0x7f797606efcb [ 703.194756][T13051] Code: 74 28 25 ff 0f 00 00 83 f0 3d 8d 04 c0 89 c5 c1 ed 04 31 c5 69 ed 2d eb d4 27 89 e8 c1 e8 0f 31 c5 81 e5 ff 0f 00 00 48 31 d5 <80> 3d 76 30 37 00 00 0f 84 a8 00 00 00 4c 89 f6 48 8b 0d 56 30 37 [ 703.194788][T13051] RSP: 002b:00007ffcb7ced0b0 EFLAGS: 00010286 [ 703.194814][T13051] RAX: 0000000000006622 RBX: 00007f7976f15720 RCX: 0000000000000003 [ 703.194833][T13051] RDX: ffffffff823543e2 RSI: 0000000000000008 RDI: 00007f7976f15720 [ 703.194854][T13051] RBP: ffffffff823548fa R08: 00007f79763e6038 R09: 00007f79763d2000 [ 703.194876][T13051] R10: 00007f7975bff008 R11: 0000000000000000 R12: 0000000000000000 [ 703.194895][T13051] R13: 0000000000000003 R14: ffffffff823543e2 R15: 0000000000000003 [ 703.194917][T13051] ? __x64_sys_openat+0x152/0x210 [ 703.194968][T13051] ? __ia32_compat_sys_open+0x2a/0x1e0 [ 703.195024][T13051] ? __x64_sys_openat+0x152/0x210 [ 703.195082][T13051] [ 703.195094][T13051] memory: usage 3072kB, limit 3072kB, failcnt 54320 [ 703.601964][T13051] memory+swap: usage 6212kB, limit 9007199254740988kB, failcnt 0 [ 703.609754][T13051] kmem: usage 2956kB, limit 9007199254740988kB, failcnt 0 [ 703.641897][T13051] Memory cgroup stats for /syz2: [ 703.642242][T13051] cache 4096 [ 703.650489][T13051] rss 0 [ 703.671949][T13051] rss_huge 0 [ 703.681954][T13051] shmem 4096 [ 703.685265][T13051] mapped_file 0 [ 703.688752][T13051] dirty 0 [ 703.691725][T13051] writeback 0 [ 703.701889][T13051] workingset_refault_anon 14751 [ 703.706802][T13051] workingset_refault_file 10635 [ 703.711700][T13051] swap 3215360 [ 703.722780][T13051] swapcached 110592 [ 703.727172][T13051] pgpgin 563820 [ 703.730672][T13051] pgpgout 565850 [ 703.741893][T13051] pgfault 407191 [ 703.745505][T13051] pgmajfault 5563 [ 703.752354][T13051] inactive_anon 114688 [ 703.757831][T13051] active_anon 0 [ 703.761319][T13051] inactive_file 0 [ 703.771905][T13051] active_file 0 [ 703.775421][T13051] unevictable 0 [ 703.778919][T13051] hierarchical_memory_limit 3145728 [ 703.794391][T13051] hierarchical_memsw_limit 9223372036854771712 [ 703.800632][T13051] total_cache 4096 [ 703.821932][T13051] total_rss 0 [ 703.825298][T13051] total_rss_huge 0 [ 703.829035][T13051] total_shmem 4096 [ 703.832821][T13051] total_mapped_file 0 [ 703.836862][T13051] total_dirty 0 [ 703.840347][T13051] total_writeback 0 [ 703.861911][T13051] total_workingset_refault_anon 14751 [ 703.867373][T13051] total_workingset_refault_file 10635 [ 703.882038][T13051] total_swap 3215360 [ 703.886033][T13051] total_swapcached 110592 [ 703.890396][T13051] total_pgpgin 563820 [ 703.901947][T13051] total_pgpgout 565850 [ 703.906110][T13051] total_pgfault 407191 [ 703.910302][T13051] total_pgmajfault 5563 [ 703.934778][T13051] total_inactive_anon 114688 [ 703.939466][T13051] total_active_anon 0 [ 703.944743][T13051] total_inactive_file 0 [ 703.948964][T13051] total_active_file 0 [ 703.962103][T13051] total_unevictable 0 [ 703.966139][T13051] anon_cost 128 [ 703.969678][T13051] file_cost 0 [ 703.992074][T13051] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1958,pid=12999,uid=0 [ 704.009561][T13051] Memory cgroup out of memory: Killed process 12999 (syz.2.1958) total-vm:134932kB, anon-rss:1268kB, file-rss:23140kB, shmem-rss:128kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 708.247477][T13121] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1993'. [ 708.879142][T13128] netlink: 'syz.1.1996': attribute type 1 has an invalid length. [ 714.244083][T13164] syz.2.2008 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 714.258259][T13164] CPU: 0 UID: 0 PID: 13164 Comm: syz.2.2008 Not tainted syzkaller #0 PREEMPT(full) [ 714.258300][T13164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 714.258319][T13164] Call Trace: [ 714.258329][T13164] [ 714.258348][T13164] dump_stack_lvl+0x16c/0x1f0 [ 714.258390][T13164] dump_header+0x101/0x930 [ 714.258425][T13164] oom_kill_process+0x272/0xa40 [ 714.258461][T13164] out_of_memory+0x350/0x1700 [ 714.258517][T13164] ? __pfx_out_of_memory+0x10/0x10 [ 714.258564][T13164] mem_cgroup_out_of_memory+0x118/0x130 [ 714.258617][T13164] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 714.258678][T13164] ? do_raw_spin_unlock+0x172/0x230 [ 714.258716][T13164] try_charge_memcg+0x695/0xd30 [ 714.258765][T13164] ? __pfx_try_charge_memcg+0x10/0x10 [ 714.258806][T13164] ? __print_lock_name+0xb1/0xe0 [ 714.258840][T13164] ? rcu_read_unlock+0x17/0x60 [ 714.258895][T13164] charge_memcg+0x8a/0x230 [ 714.258936][T13164] __mem_cgroup_charge+0x2b/0x1e0 [ 714.258984][T13164] do_pte_missing+0x222a/0x3ba0 [ 714.259036][T13164] ? find_held_lock+0x2b/0x80 [ 714.259081][T13164] __handle_mm_fault+0x1556/0x2aa0 [ 714.259143][T13164] ? __pfx___handle_mm_fault+0x10/0x10 [ 714.259197][T13164] ? __pte_offset_map_lock+0x174/0x310 [ 714.259238][T13164] ? find_held_lock+0x2b/0x80 [ 714.259284][T13164] ? follow_page_pte+0x5cf/0x1390 [ 714.259343][T13164] handle_mm_fault+0x589/0xd10 [ 714.259403][T13164] __get_user_pages+0x54e/0x3530 [ 714.259465][T13164] ? __pfx___get_user_pages+0x10/0x10 [ 714.259521][T13164] populate_vma_page_range+0x267/0x3f0 [ 714.259570][T13164] ? __pfx_populate_vma_page_range+0x10/0x10 [ 714.259617][T13164] ? __pfx_find_vma_intersection+0x10/0x10 [ 714.259661][T13164] ? do_mmap+0x69c/0x1210 [ 714.259707][T13164] __mm_populate+0x1d8/0x380 [ 714.259755][T13164] ? __pfx___mm_populate+0x10/0x10 [ 714.259814][T13164] ? up_write+0x1b2/0x520 [ 714.259875][T13164] vm_mmap_pgoff+0x37f/0x470 [ 714.259945][T13164] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 714.259980][T13164] ? find_held_lock+0x2b/0x80 [ 714.260019][T13164] ? find_held_lock+0x2b/0x80 [ 714.260056][T13164] ksys_mmap_pgoff+0x7d/0x5c0 [ 714.260103][T13164] __x64_sys_mmap+0x125/0x190 [ 714.260154][T13164] do_syscall_64+0xcd/0xfa0 [ 714.260195][T13164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.260226][T13164] RIP: 0033:0x7f797618f749 [ 714.260250][T13164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.260280][T13164] RSP: 002b:00007f79770d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 714.260308][T13164] RAX: ffffffffffffffda RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 714.260327][T13164] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 714.260350][T13164] RBP: 00007f7976213f91 R08: 0000000000000002 R09: 0000000000008000 [ 714.260368][T13164] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 714.260385][T13164] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 714.260426][T13164] [ 714.260437][T13164] memory: usage 3072kB, limit 3072kB, failcnt 60324 [ 714.571972][T13164] memory+swap: usage 10872kB, limit 9007199254740988kB, failcnt 0 [ 714.598671][T13164] kmem: usage 2900kB, limit 9007199254740988kB, failcnt 0 [ 714.617012][T13164] Memory cgroup stats for /syz2: [ 714.617227][T13164] cache 0 [ 714.636467][T13164] rss 65536 [ 714.639646][T13164] rss_huge 0 [ 714.662294][T13164] shmem 0 [ 714.665302][T13164] mapped_file 0 [ 714.668785][T13164] dirty 0 [ 714.671754][T13164] writeback 0 [ 714.692142][T13164] workingset_refault_anon 16314 [ 714.697108][T13164] workingset_refault_file 11101 [ 714.702487][T13164] swap 7987200 [ 714.705916][T13164] swapcached 98304 [ 714.709665][T13164] pgpgin 569063 [ 714.732393][T13164] pgpgout 571081 [ 714.736009][T13164] pgfault 411207 [ 714.739588][T13164] pgmajfault 6788 [ 714.743996][T13164] inactive_anon 40960 [ 714.748040][T13164] active_anon 0 [ 714.751560][T13164] inactive_file 0 [ 714.773687][T13164] active_file 0 [ 714.777268][T13164] unevictable 0 [ 714.780766][T13164] hierarchical_memory_limit 3145728 [ 714.796819][T13164] hierarchical_memsw_limit 9223372036854771712 [ 714.803706][T13164] total_cache 0 [ 714.807215][T13164] total_rss 65536 [ 714.810959][T13164] total_rss_huge 0 [ 714.822314][T13164] total_shmem 0 [ 714.832846][T13164] total_mapped_file 0 [ 714.837343][T13164] total_dirty 0 [ 714.840847][T13164] total_writeback 0 [ 714.845151][T13164] total_workingset_refault_anon 16314 [ 714.850562][T13164] total_workingset_refault_file 11101 [ 714.857760][T13164] total_swap 7987200 [ 714.861715][T13164] total_swapcached 98304 [ 714.868342][T13164] total_pgpgin 569063 [ 714.872760][T13164] total_pgpgout 571081 [ 714.877614][T13164] total_pgfault 411207 [ 714.881730][T13164] total_pgmajfault 6788 [ 714.886526][T13164] total_inactive_anon 40960 [ 714.891172][T13164] total_active_anon 0 [ 714.896015][T13164] total_inactive_file 0 [ 714.900207][T13164] total_active_file 0 [ 714.904697][T13164] total_unevictable 0 [ 714.908718][T13164] anon_cost 142 [ 714.913387][T13164] file_cost 0 [ 714.916809][T13164] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2008,pid=13162,uid=0 [ 714.933576][T13164] Memory cgroup out of memory: Killed process 13162 (syz.2.2008) total-vm:108180kB, anon-rss:1264kB, file-rss:21556kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 716.298651][T13202] Falling back ldisc for pty66. [ 716.577049][T13148] syz.2.2002 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 [ 716.687352][T13148] CPU: 0 UID: 0 PID: 13148 Comm: syz.2.2002 Not tainted syzkaller #0 PREEMPT(full) [ 716.687395][T13148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 716.687415][T13148] Call Trace: [ 716.687425][T13148] [ 716.687438][T13148] dump_stack_lvl+0x16c/0x1f0 [ 716.687482][T13148] dump_header+0x101/0x930 [ 716.687518][T13148] oom_kill_process+0x272/0xa40 [ 716.687554][T13148] out_of_memory+0x350/0x1700 [ 716.687594][T13148] ? __pfx_out_of_memory+0x10/0x10 [ 716.687636][T13148] mem_cgroup_out_of_memory+0x118/0x130 [ 716.687688][T13148] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 716.687749][T13148] ? do_raw_spin_unlock+0x172/0x230 [ 716.687787][T13148] try_charge_memcg+0x695/0xd30 [ 716.687838][T13148] ? __pfx_try_charge_memcg+0x10/0x10 [ 716.687880][T13148] ? find_held_lock+0x2b/0x80 [ 716.687915][T13148] ? rcu_read_unlock+0x17/0x60 [ 716.687971][T13148] obj_cgroup_charge_account+0x292/0x500 [ 716.688023][T13148] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 716.688077][T13148] ? kasan_save_track+0x14/0x30 [ 716.688121][T13148] kmem_cache_alloc_lru_noprof+0x556/0x6e0 [ 716.688180][T13148] ? xas_nomem+0x101/0x2c0 [ 716.688226][T13148] ? xas_nomem+0x101/0x2c0 [ 716.688261][T13148] xas_nomem+0x101/0x2c0 [ 716.688313][T13148] ? _raw_spin_unlock_irq+0x23/0x50 [ 716.688354][T13148] shmem_add_to_page_cache+0x6da/0xa70 [ 716.688416][T13148] ? __pfx_shmem_add_to_page_cache+0x10/0x10 [ 716.688492][T13148] shmem_alloc_and_add_folio+0x662/0xc20 [ 716.688536][T13148] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 716.688573][T13148] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 716.688618][T13148] shmem_get_folio_gfp+0x67f/0x1610 [ 716.688657][T13148] ? filemap_map_pages+0x11a2/0x1d50 [ 716.688691][T13148] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 716.688727][T13148] ? filemap_map_pages+0x121f/0x1d50 [ 716.688767][T13148] shmem_fault+0x1fe/0xa30 [ 716.688803][T13148] ? __pfx_shmem_fault+0x10/0x10 [ 716.688843][T13148] ? __pfx_filemap_map_pages+0x10/0x10 [ 716.688888][T13148] ? __pfx_filemap_map_pages+0x10/0x10 [ 716.688918][T13148] __do_fault+0x10d/0x490 [ 716.688957][T13148] ? __pfx_filemap_map_pages+0x10/0x10 [ 716.688998][T13148] do_pte_missing+0xf4a/0x3ba0 [ 716.689048][T13148] ? __thp_vma_allowable_orders+0x1c8/0xcd0 [ 716.689098][T13148] ? find_held_lock+0x2b/0x80 [ 716.689134][T13148] __handle_mm_fault+0x1556/0x2aa0 [ 716.689205][T13148] ? __pfx___handle_mm_fault+0x10/0x10 [ 716.689291][T13148] handle_mm_fault+0x589/0xd10 [ 716.689351][T13148] __get_user_pages+0x54e/0x3530 [ 716.689413][T13148] ? __pfx___get_user_pages+0x10/0x10 [ 716.689458][T13148] ? __kernel_write_iter+0x5a5/0xb10 [ 716.689503][T13148] get_dump_page+0x257/0x3d0 [ 716.689548][T13148] ? __pfx_get_dump_page+0x10/0x10 [ 716.689592][T13148] ? dump_user_range+0x756/0xb70 [ 716.689633][T13148] dump_user_range+0x195/0xb70 [ 716.689674][T13148] ? __pfx_dump_user_range+0x10/0x10 [ 716.689709][T13148] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 716.689767][T13148] ? __pfx_writenote+0x10/0x10 [ 716.689814][T13148] elf_core_dump+0x29c3/0x3c00 [ 716.689871][T13148] ? __pfx_elf_core_dump+0x10/0x10 [ 716.689904][T13148] ? kasan_save_stack+0x33/0x60 [ 716.689938][T13148] ? kasan_save_track+0x14/0x30 [ 716.689973][T13148] ? __kasan_kmalloc+0xaa/0xb0 [ 716.690007][T13148] ? __kvmalloc_node_noprof+0x3a3/0x9c0 [ 716.690041][T13148] ? vfs_coredump+0x1ddc/0x5670 [ 716.690070][T13148] ? arch_do_signal_or_restart+0x8f/0x790 [ 716.690106][T13148] ? irqentry_exit_to_user_mode+0x176/0x310 [ 716.690145][T13148] ? asm_exc_page_fault+0x26/0x30 [ 716.690193][T13148] ? 0xffffffffff600000 [ 716.690289][T13148] ? vfs_coredump+0x2b9f/0x5670 [ 716.690317][T13148] vfs_coredump+0x2b9f/0x5670 [ 716.690365][T13148] ? __pfx_vfs_coredump+0x10/0x10 [ 716.690399][T13148] ? __lock_acquire+0x622/0x1c90 [ 716.690459][T13148] ? lock_acquire+0x179/0x350 [ 716.690521][T13148] ? is_bpf_text_address+0x8a/0x1a0 [ 716.690564][T13148] ? bpf_ksym_find+0x124/0x1c0 [ 716.690610][T13148] ? unwind_get_return_address+0x59/0xa0 [ 716.690646][T13148] ? arch_stack_walk+0xa6/0x100 [ 716.690695][T13148] ? stack_trace_save+0x8e/0xc0 [ 716.690731][T13148] ? __pfx_stack_trace_save+0x10/0x10 [ 716.690769][T13148] ? stack_depot_save_flags+0x29/0x9c0 [ 716.690819][T13148] ? __lock_acquire+0xb8a/0x1c90 [ 716.690935][T13148] ? proc_coredump_connector+0x2d1/0x4f0 [ 716.690971][T13148] ? __pfx_proc_coredump_connector+0x10/0x10 [ 716.691016][T13148] ? rcu_is_watching+0x12/0xc0 [ 716.691057][T13148] get_signal+0x22e1/0x26d0 [ 716.691110][T13148] ? __pfx_get_signal+0x10/0x10 [ 716.691149][T13148] ? rcu_is_watching+0x12/0xc0 [ 716.691198][T13148] arch_do_signal_or_restart+0x8f/0x790 [ 716.691241][T13148] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 716.691307][T13148] irqentry_exit_to_user_mode+0x176/0x310 [ 716.691352][T13148] asm_exc_page_fault+0x26/0x30 [ 716.691382][T13148] RIP: 0033:0x0 [ 716.691402][T13148] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 716.691417][T13148] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 716.691441][T13148] RAX: 0000000000000000 RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 716.691460][T13148] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 716.691478][T13148] RBP: 00007f7976213f91 R08: 0000000000000002 R09: 0000000000000000 [ 716.691496][T13148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.691513][T13148] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 716.691556][T13148] [ 716.691568][T13148] memory: usage 3072kB, limit 3072kB, failcnt 62288 [ 717.241999][T13148] memory+swap: usage 9540kB, limit 9007199254740988kB, failcnt 0 [ 717.272021][T13148] kmem: usage 2940kB, limit 9007199254740988kB, failcnt 0 [ 717.280849][T13148] Memory cgroup stats for /syz2: [ 717.281194][T13148] cache 0 [ 717.311289][T13148] rss 4096 [ 717.314498][T13148] rss_huge 0 [ 717.317733][T13148] shmem 0 [ 717.320694][T13148] mapped_file 0 [ 717.344811][T13148] dirty 0 [ 717.350346][T13148] writeback 0 [ 717.371774][T13148] workingset_refault_anon 16572 [ 717.402527][T13148] workingset_refault_file 11101 [ 717.407451][T13148] swap 6623232 [ 717.410855][T13148] swapcached 131072 [ 717.421932][T13148] pgpgin 570566 [ 717.425454][T13148] pgpgout 572591 [ 717.429033][T13148] pgfault 412106 [ 717.441937][T13148] pgmajfault 6974 [ 717.452156][T13148] inactive_anon 0 [ 717.455849][T13148] active_anon 126976 [ 717.459770][T13148] inactive_file 0 [ 717.503507][T13148] active_file 0 [ 717.507036][T13148] unevictable 0 [ 717.510526][T13148] hierarchical_memory_limit 3145728 [ 717.523560][T13148] hierarchical_memsw_limit 9223372036854771712 [ 717.529800][T13148] total_cache 0 [ 717.541525][T13148] total_rss 4096 [ 717.557237][T13148] total_rss_huge 0 [ 717.561056][T13148] total_shmem 0 [ 717.571909][T13148] total_mapped_file 0 [ 717.575976][T13148] total_dirty 0 [ 717.579476][T13148] total_writeback 0 [ 717.601940][T13148] total_workingset_refault_anon 16572 [ 717.607444][T13148] total_workingset_refault_file 11101 [ 717.622111][T13148] total_swap 6623232 [ 717.628210][T13148] total_swapcached 131072 [ 717.641983][T13148] total_pgpgin 570566 [ 717.646081][T13148] total_pgpgout 572591 [ 717.650180][T13148] total_pgfault 412106 [ 717.673633][T13148] total_pgmajfault 6974 [ 717.677863][T13148] total_inactive_anon 0 [ 717.691916][T13148] total_active_anon 126976 [ 717.696398][T13148] total_inactive_file 0 [ 717.700576][T13148] total_active_file 0 [ 717.732136][T13148] total_unevictable 0 [ 717.736183][T13148] anon_cost 156 [ 717.739672][T13148] file_cost 0 [ 717.751929][T13148] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2002,pid=13148,uid=0 [ 717.792239][T13148] Memory cgroup out of memory: Killed process 13148 (syz.2.2002) total-vm:135064kB, anon-rss:1140kB, file-rss:22980kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 717.849234][T12545] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 717.859513][T12545] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 717.868372][T12545] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 717.876851][T12545] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 717.885132][T12545] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 718.229493][T13213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2023'. [ 718.246435][T13213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2023'. [ 718.306749][T13217] chnl_net:caif_netlink_parms(): no params data found [ 718.783707][T13217] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.801653][T13217] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.824387][T13217] bridge_slave_0: entered allmulticast mode [ 718.843773][T13217] bridge_slave_0: entered promiscuous mode [ 718.860172][T13217] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.872100][T13217] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.889625][T13217] bridge_slave_1: entered allmulticast mode [ 718.898156][T13217] bridge_slave_1: entered promiscuous mode [ 719.081004][T13217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 719.120331][T13217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.347972][T13217] team0: Port device team_slave_0 added [ 719.364972][T13217] team0: Port device team_slave_1 added [ 719.566730][T13217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 719.585331][T13217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 719.635163][T13217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 719.662701][T13217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 719.670348][T13217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 719.739107][T13217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 719.955548][T12545] Bluetooth: hci5: command tx timeout [ 719.987397][T13217] hsr_slave_0: entered promiscuous mode [ 720.024755][T13217] hsr_slave_1: entered promiscuous mode [ 720.063572][T13217] debugfs: 'hsr0' already exists in 'hsr' [ 720.069464][T13217] Cannot create hsr debugfs directory [ 721.116242][T13217] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 721.174325][T13217] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 721.220006][T13217] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 721.323165][T13217] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 721.570538][T13217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 721.629756][T13217] 8021q: adding VLAN 0 to HW filter on device team0 [ 721.661410][T12543] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.668686][T12543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 721.807835][T13053] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.815082][T13053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.033509][T12545] Bluetooth: hci5: command tx timeout [ 722.450466][T13217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.293594][T13217] veth0_vlan: entered promiscuous mode [ 723.340257][T13217] veth1_vlan: entered promiscuous mode [ 723.431088][T13217] veth0_macvtap: entered promiscuous mode [ 723.461407][T13217] veth1_macvtap: entered promiscuous mode [ 723.540873][T13217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.575596][T13217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 723.621228][T12636] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.643873][T12636] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.664136][T12636] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.758504][T12636] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.112723][T12545] Bluetooth: hci5: command tx timeout [ 724.280719][T12636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.296228][T12636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.415061][T12636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.439363][T12636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 726.192030][T12545] Bluetooth: hci5: command tx timeout [ 728.564499][T13312] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 729.152909][T13322] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 729.716340][T13325] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 730.049446][T13341] FAULT_INJECTION: forcing a failure. [ 730.049446][T13341] name failslab, interval 1, probability 0, space 0, times 0 [ 730.066563][T13341] CPU: 0 UID: 0 PID: 13341 Comm: syz.5.2053 Not tainted syzkaller #0 PREEMPT(full) [ 730.066591][T13341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 730.066605][T13341] Call Trace: [ 730.066611][T13341] [ 730.066619][T13341] dump_stack_lvl+0x16c/0x1f0 [ 730.066650][T13341] should_fail_ex+0x512/0x640 [ 730.066684][T13341] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 730.066715][T13341] should_failslab+0xc2/0x120 [ 730.066744][T13341] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 730.066772][T13341] ? __debug_object_init+0x2de/0x3d0 [ 730.066797][T13341] ? kvasprintf_const+0x66/0x1a0 [ 730.066824][T13341] ? kvasprintf+0xbc/0x160 [ 730.066842][T13341] kvasprintf+0xbc/0x160 [ 730.066862][T13341] ? __pfx_kvasprintf+0x10/0x10 [ 730.066885][T13341] ? lockdep_init_map_type+0x5c/0x280 [ 730.066923][T13341] kvasprintf_const+0x66/0x1a0 [ 730.066945][T13341] kobject_set_name_vargs+0x5a/0x140 [ 730.066977][T13341] device_create_groups_vargs+0x1b1/0x270 [ 730.067003][T13341] device_create+0xed/0x130 [ 730.067051][T13341] ? __pfx_device_create+0x10/0x10 [ 730.067075][T13341] ? do_init_timer+0xc9/0x110 [ 730.067104][T13341] ? ieee80211_roc_setup+0x136/0x270 [ 730.067131][T13341] ? ieee80211_alloc_hw_nm+0x231/0x22b0 [ 730.067168][T13341] mac80211_hwsim_new_radio+0x36a/0x50b0 [ 730.067207][T13341] ? __asan_memset+0x23/0x50 [ 730.067243][T13341] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 730.067276][T13341] hwsim_new_radio_nl+0xba2/0x1330 [ 730.067302][T13341] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 730.067334][T13341] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 730.067365][T13341] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 730.067400][T13341] genl_family_rcv_msg_doit+0x209/0x2f0 [ 730.067430][T13341] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 730.067467][T13341] ? bpf_lsm_capable+0x9/0x10 [ 730.067496][T13341] ? security_capable+0x7e/0x260 [ 730.067527][T13341] ? ns_capable+0xd7/0x110 [ 730.067572][T13341] genl_rcv_msg+0x55c/0x800 [ 730.067604][T13341] ? __pfx_genl_rcv_msg+0x10/0x10 [ 730.067633][T13341] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 730.067668][T13341] netlink_rcv_skb+0x158/0x420 [ 730.067693][T13341] ? __pfx_genl_rcv_msg+0x10/0x10 [ 730.067734][T13341] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 730.067769][T13341] ? netlink_deliver_tap+0x1ae/0xd30 [ 730.067795][T13341] genl_rcv+0x28/0x40 [ 730.067819][T13341] netlink_unicast+0x5aa/0x870 [ 730.067846][T13341] ? __pfx_netlink_unicast+0x10/0x10 [ 730.067900][T13341] netlink_sendmsg+0x8c8/0xdd0 [ 730.067930][T13341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 730.067959][T13341] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 730.067999][T13341] ____sys_sendmsg+0xa98/0xc70 [ 730.068037][T13341] ? copy_msghdr_from_user+0x10a/0x160 [ 730.068066][T13341] ? __pfx_____sys_sendmsg+0x10/0x10 [ 730.068103][T13341] ? __pfx_futex_wake_mark+0x10/0x10 [ 730.068145][T13341] ___sys_sendmsg+0x134/0x1d0 [ 730.068170][T13341] ? __pfx____sys_sendmsg+0x10/0x10 [ 730.068191][T13341] ? __lock_acquire+0x622/0x1c90 [ 730.068259][T13341] __sys_sendmsg+0x16d/0x220 [ 730.068282][T13341] ? __pfx___sys_sendmsg+0x10/0x10 [ 730.068305][T13341] ? __x64_sys_futex+0x1e0/0x4c0 [ 730.068354][T13341] do_syscall_64+0xcd/0xfa0 [ 730.068385][T13341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.068408][T13341] RIP: 0033:0x7fb69a38f749 [ 730.068427][T13341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.068450][T13341] RSP: 002b:00007fb69b1b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 730.068472][T13341] RAX: ffffffffffffffda RBX: 00007fb69a5e6090 RCX: 00007fb69a38f749 [ 730.068486][T13341] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 730.068500][T13341] RBP: 00007fb69a413f91 R08: 0000000000000000 R09: 0000000000000000 [ 730.068513][T13341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 730.068526][T13341] R13: 00007fb69a5e6128 R14: 00007fb69a5e6090 R15: 00007ffe7304a038 [ 730.068557][T13341] [ 733.136833][T13367] Unable to find swap-space signature [ 733.966935][T13378] netlink: 'syz.1.2065': attribute type 15 has an invalid length. [ 733.996058][T13378] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2065'. [ 734.035653][T13379] netlink: 'syz.1.2065': attribute type 15 has an invalid length. [ 734.050037][T13379] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2065'. [ 734.615397][T13385] Falling back ldisc for pty66. [ 736.198472][T13391] syz.2.2068 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 736.212227][T13391] CPU: 1 UID: 0 PID: 13391 Comm: syz.2.2068 Not tainted syzkaller #0 PREEMPT(full) [ 736.212270][T13391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 736.212289][T13391] Call Trace: [ 736.212298][T13391] [ 736.212310][T13391] dump_stack_lvl+0x16c/0x1f0 [ 736.212355][T13391] dump_header+0x101/0x930 [ 736.212393][T13391] oom_kill_process+0x272/0xa40 [ 736.212432][T13391] out_of_memory+0x350/0x1700 [ 736.212469][T13391] ? __pfx_out_of_memory+0x10/0x10 [ 736.212507][T13391] mem_cgroup_out_of_memory+0x118/0x130 [ 736.212559][T13391] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 736.212622][T13391] ? do_raw_spin_unlock+0x172/0x230 [ 736.212661][T13391] try_charge_memcg+0x695/0xd30 [ 736.212865][T13391] ? __pfx_try_charge_memcg+0x10/0x10 [ 736.212913][T13391] ? find_held_lock+0x2b/0x80 [ 736.212948][T13391] ? rcu_read_unlock+0x17/0x60 [ 736.213004][T13391] obj_cgroup_charge_account+0x292/0x500 [ 736.213054][T13391] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 736.213108][T13391] ? kasan_save_track+0x14/0x30 [ 736.213152][T13391] kmem_cache_alloc_noprof+0x550/0x6e0 [ 736.213185][T13391] ? rcu_is_watching+0x12/0xc0 [ 736.213217][T13391] ? alloc_pid+0xc7/0xbc0 [ 736.213268][T13391] ? alloc_pid+0xc7/0xbc0 [ 736.213308][T13391] alloc_pid+0xc7/0xbc0 [ 736.213361][T13391] copy_process+0x49a3/0x76a0 [ 736.213400][T13391] ? do_swap_page+0x7ae/0x6340 [ 736.213455][T13391] ? __pfx_copy_process+0x10/0x10 [ 736.213547][T13391] ? _copy_from_user+0x59/0xd0 [ 736.213599][T13391] kernel_clone+0xfc/0x930 [ 736.213636][T13391] ? __pfx_kernel_clone+0x10/0x10 [ 736.213691][T13391] __do_sys_clone3+0x212/0x290 [ 736.213726][T13391] ? __pfx___do_sys_clone3+0x10/0x10 [ 736.213779][T13391] ? handle_mm_fault+0x2ab/0xd10 [ 736.213838][T13391] ? do_user_addr_fault+0x843/0x1370 [ 736.213875][T13391] do_syscall_64+0xcd/0xfa0 [ 736.213912][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.213941][T13391] RIP: 0033:0x7f79761c3e89 [ 736.213963][T13391] Code: ef 08 00 48 8d 3d 5c ef 08 00 e8 12 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 736.213989][T13391] RSP: 002b:00007ffcb7cecf48 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 736.214015][T13391] RAX: ffffffffffffffda RBX: 00007f79761462a0 RCX: 00007f79761c3e89 [ 736.214032][T13391] RDX: 00007f79761462a0 RSI: 0000000000000058 RDI: 00007ffcb7cecf90 [ 736.214049][T13391] RBP: 00007f79770b46c0 R08: 00007f79770b46c0 R09: 00007ffcb7ced077 [ 736.214078][T13391] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 736.214094][T13391] R13: 000000000000006e R14: 00007ffcb7cecf90 R15: 00007ffcb7ced078 [ 736.214129][T13391] [ 736.214145][T13391] memory: usage 3072kB, limit 3072kB, failcnt 74275 [ 736.561905][T13391] memory+swap: usage 18208kB, limit 9007199254740988kB, failcnt 0 [ 736.580189][T13391] kmem: usage 2992kB, limit 9007199254740988kB, failcnt 0 [ 736.667181][T13407] Console: switching to colour VGA+ 80x25 [ 736.715179][T13391] Memory cgroup stats for /syz2: [ 736.715548][T13391] cache 0 [ 736.715563][T13391] rss 0 [ 736.715575][T13391] rss_huge 0 [ 736.715587][T13391] shmem 0 [ 736.715599][T13391] mapped_file 0 [ 736.715611][T13391] dirty 0 [ 736.715622][T13391] writeback 0 [ 736.715634][T13391] workingset_refault_anon 19271 [ 736.715648][T13391] workingset_refault_file 11101 [ 736.715662][T13391] swap 15503360 [ 736.715681][T13391] swapcached 77824 [ 736.715694][T13391] pgpgin 580850 [ 736.715705][T13391] pgpgout 582889 [ 736.715718][T13391] pgfault 418915 [ 736.715731][T13391] pgmajfault 9309 [ 736.715743][T13391] inactive_anon 77824 [ 736.715756][T13391] active_anon 0 [ 736.715768][T13391] inactive_file 0 [ 736.715781][T13391] active_file 0 [ 736.715793][T13391] unevictable 0 [ 736.715805][T13391] hierarchical_memory_limit 3145728 [ 736.715820][T13391] hierarchical_memsw_limit 9223372036854771712 [ 736.715835][T13391] total_cache 0 [ 736.715847][T13391] total_rss 0 [ 736.715859][T13391] total_rss_huge 0 [ 736.715871][T13391] total_shmem 0 [ 736.715884][T13391] total_mapped_file 0 [ 736.715896][T13391] total_dirty 0 [ 736.715908][T13391] total_writeback 0 [ 736.715921][T13391] total_workingset_refault_anon 19271 [ 736.715935][T13391] total_workingset_refault_file 11101 [ 736.715950][T13391] total_swap 15503360 [ 736.715962][T13391] total_swapcached 77824 [ 736.715975][T13391] total_pgpgin 580850 [ 736.715988][T13391] total_pgpgout 582889 [ 736.716001][T13391] total_pgfault 418915 [ 736.716014][T13391] total_pgmajfault 9309 [ 736.716027][T13391] total_inactive_anon 77824 [ 736.716040][T13391] total_active_anon 0 [ 736.716052][T13391] total_inactive_file 0 [ 736.716065][T13391] total_active_file 0 [ 736.716078][T13391] total_unevictable 0 [ 736.716090][T13391] anon_cost 145 [ 736.716102][T13391] file_cost 0 [ 736.716114][T13391] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2016,pid=13225,uid=0 [ 736.718994][T13391] Memory cgroup out of memory: Killed process 13225 (syz.2.2016) total-vm:135064kB, anon-rss:1260kB, file-rss:23036kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000 [ 738.559234][T13423] Falling back ldisc for pty66. [ 743.292150][T13470] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2094'. [ 743.774903][T13475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 743.782020][T13475] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 743.788406][T13475] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 743.825046][T13475] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 743.939017][T13475] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 745.792018][T12545] Bluetooth: hci3: command 0x0c1a tx timeout [ 745.798122][T12539] Bluetooth: hci0: command 0x0c1a tx timeout [ 745.837494][T13497] syz.2.2101 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 745.872044][T12545] Bluetooth: hci5: command 0x0c1a tx timeout [ 745.918966][T13497] CPU: 1 UID: 0 PID: 13497 Comm: syz.2.2101 Not tainted syzkaller #0 PREEMPT(full) [ 745.919011][T13497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 745.919031][T13497] Call Trace: [ 745.919042][T13497] [ 745.919054][T13497] dump_stack_lvl+0x16c/0x1f0 [ 745.919101][T13497] dump_header+0x101/0x930 [ 745.919138][T13497] oom_kill_process+0x272/0xa40 [ 745.919177][T13497] out_of_memory+0x350/0x1700 [ 745.919219][T13497] ? __pfx_out_of_memory+0x10/0x10 [ 745.919264][T13497] mem_cgroup_out_of_memory+0x118/0x130 [ 745.919317][T13497] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 745.919379][T13497] ? do_raw_spin_unlock+0x172/0x230 [ 745.919418][T13497] try_charge_memcg+0x695/0xd30 [ 745.919467][T13497] ? __pfx_try_charge_memcg+0x10/0x10 [ 745.919510][T13497] ? __print_lock_name+0xb1/0xe0 [ 745.919545][T13497] ? rcu_read_unlock+0x17/0x60 [ 745.919609][T13497] charge_memcg+0x8a/0x230 [ 745.919648][T13497] __mem_cgroup_charge+0x2b/0x1e0 [ 745.919693][T13497] do_pte_missing+0x222a/0x3ba0 [ 745.919735][T13497] ? find_held_lock+0x2b/0x80 [ 745.919769][T13497] __handle_mm_fault+0x1556/0x2aa0 [ 745.919819][T13497] ? __pfx___handle_mm_fault+0x10/0x10 [ 745.919862][T13497] ? __pte_offset_map_lock+0x174/0x310 [ 745.919894][T13497] ? find_held_lock+0x2b/0x80 [ 745.919934][T13497] ? follow_page_pte+0x5cf/0x1390 [ 745.919976][T13497] handle_mm_fault+0x589/0xd10 [ 745.920022][T13497] __get_user_pages+0x54e/0x3530 [ 745.920071][T13497] ? __pfx___get_user_pages+0x10/0x10 [ 745.920135][T13497] populate_vma_page_range+0x267/0x3f0 [ 745.920178][T13497] ? __pfx_populate_vma_page_range+0x10/0x10 [ 745.920217][T13497] ? __pfx_find_vma_intersection+0x10/0x10 [ 745.920262][T13497] __mm_populate+0x1d8/0x380 [ 745.920302][T13497] ? __pfx___mm_populate+0x10/0x10 [ 745.920344][T13497] ? up_write+0x1b2/0x520 [ 745.920388][T13497] vm_mmap_pgoff+0x37f/0x470 [ 745.920427][T13497] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 745.920459][T13497] ? find_held_lock+0x2b/0x80 [ 745.920494][T13497] ? find_held_lock+0x2b/0x80 [ 745.920550][T13497] ksys_mmap_pgoff+0x7d/0x5c0 [ 745.920591][T13497] __x64_sys_mmap+0x125/0x190 [ 745.920636][T13497] do_syscall_64+0xcd/0xfa0 [ 745.920673][T13497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.920701][T13497] RIP: 0033:0x7f797618f749 [ 745.920722][T13497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.920748][T13497] RSP: 002b:00007f79770d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 745.920773][T13497] RAX: ffffffffffffffda RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 745.920790][T13497] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 745.920806][T13497] RBP: 00007f7976213f91 R08: 0000000000000002 R09: 0000000000008000 [ 745.920822][T13497] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 745.920839][T13497] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 745.920874][T13497] [ 745.920888][T13497] memory: usage 3072kB, limit 3072kB, failcnt 75894 [ 746.298230][T13497] memory+swap: usage 4660kB, limit 9007199254740988kB, failcnt 0 [ 746.306633][T13497] kmem: usage 2900kB, limit 9007199254740988kB, failcnt 0 [ 746.322515][T13497] Memory cgroup stats for /syz2: [ 746.322724][T13497] cache 0 [ 746.330684][T13497] rss 114688 [ 746.377803][T13497] rss_huge 0 [ 746.381092][T13497] shmem 0 [ 746.401898][T13497] mapped_file 0 [ 746.405430][T13497] dirty 0 [ 746.408472][T13497] writeback 0 [ 746.433180][T13497] workingset_refault_anon 19763 [ 746.439091][T13497] workingset_refault_file 11101 [ 746.444598][T13497] swap 1626112 [ 746.662670][T13497] swapcached 45056 [ 746.666475][T13497] pgpgin 582162 [ 746.669972][T13497] pgpgout 584181 [ 746.692227][T13497] pgfault 421269 [ 746.695940][T13497] pgmajfault 9707 [ 746.699599][T13497] inactive_anon 151552 [ 746.721886][T13497] active_anon 8192 [ 746.725675][T13497] inactive_file 0 [ 746.729334][T13497] active_file 0 [ 746.762826][T13497] unevictable 0 [ 746.767698][T13497] hierarchical_memory_limit 3145728 [ 746.781870][T13497] hierarchical_memsw_limit 9223372036854771712 [ 746.788235][T13497] total_cache 0 [ 746.791724][T13497] total_rss 114688 [ 746.821948][T13497] total_rss_huge 0 [ 746.825745][T13497] total_shmem 0 [ 746.829262][T13497] total_mapped_file 0 [ 746.841933][T13497] total_dirty 0 [ 746.845591][T13497] total_writeback 0 [ 746.849427][T13497] total_workingset_refault_anon 19763 [ 746.870577][T13497] total_workingset_refault_file 11101 [ 746.901921][T13497] total_swap 1626112 [ 746.921954][T13497] total_swapcached 45056 [ 746.926253][T13497] total_pgpgin 582162 [ 746.930270][T13497] total_pgpgout 584181 [ 746.971907][T13497] total_pgfault 421269 [ 746.976043][T13497] total_pgmajfault 9707 [ 746.980240][T13497] total_inactive_anon 151552 [ 747.011964][T13497] total_active_anon 8192 [ 747.016269][T13497] total_inactive_file 0 [ 747.020447][T13497] total_active_file 0 [ 747.061880][T13497] total_unevictable 0 [ 747.066003][T13497] anon_cost 179 [ 747.069481][T13497] file_cost 0 [ 747.091921][T13497] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2101,pid=13492,uid=0 [ 747.141919][T13497] Memory cgroup out of memory: Killed process 13492 (syz.2.2101) total-vm:108312kB, anon-rss:1148kB, file-rss:21556kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 747.520310][T13508] syz.2.2104 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 747.545516][T13508] CPU: 0 UID: 0 PID: 13508 Comm: syz.2.2104 Not tainted syzkaller #0 PREEMPT(full) [ 747.545555][T13508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 747.545572][T13508] Call Trace: [ 747.545582][T13508] [ 747.545593][T13508] dump_stack_lvl+0x16c/0x1f0 [ 747.545634][T13508] dump_header+0x101/0x930 [ 747.545668][T13508] oom_kill_process+0x272/0xa40 [ 747.545703][T13508] out_of_memory+0x350/0x1700 [ 747.545741][T13508] ? __pfx_out_of_memory+0x10/0x10 [ 747.545788][T13508] mem_cgroup_out_of_memory+0x118/0x130 [ 747.545836][T13508] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 747.545892][T13508] ? do_raw_spin_unlock+0x172/0x230 [ 747.545927][T13508] try_charge_memcg+0x695/0xd30 [ 747.545973][T13508] ? __pfx_try_charge_memcg+0x10/0x10 [ 747.546006][T13508] ? __print_lock_name+0xb1/0xe0 [ 747.546033][T13508] ? rcu_read_unlock+0x17/0x60 [ 747.546075][T13508] charge_memcg+0x8a/0x230 [ 747.546107][T13508] __mem_cgroup_charge+0x2b/0x1e0 [ 747.546143][T13508] do_wp_page+0x1213/0x52b0 [ 747.546187][T13508] ? __pfx_do_wp_page+0x10/0x10 [ 747.546224][T13508] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 747.546263][T13508] ? ___pte_offset_map+0x2ad/0x4f0 [ 747.546300][T13508] __handle_mm_fault+0x1ae3/0x2aa0 [ 747.546349][T13508] ? __pfx___handle_mm_fault+0x10/0x10 [ 747.546394][T13508] ? lock_vma_under_rcu+0x176/0x530 [ 747.546443][T13508] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 747.546492][T13508] handle_mm_fault+0x589/0xd10 [ 747.546534][T13508] ? __pkru_allows_pkey+0x21/0xb0 [ 747.546575][T13508] do_user_addr_fault+0x60c/0x1370 [ 747.546601][T13508] ? rcu_is_watching+0x12/0xc0 [ 747.546632][T13508] exc_page_fault+0x64/0xc0 [ 747.546663][T13508] asm_exc_page_fault+0x26/0x30 [ 747.546686][T13508] RIP: 0033:0x7f797604d75c [ 747.546705][T13508] Code: 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 41 38 3c 10 74 0b 41 88 3c 10 31 c0 <49> 89 34 d1 c3 b8 01 00 00 00 c3 66 0f 1f 84 00 00 00 00 00 48 83 [ 747.546729][T13508] RSP: 002b:00007ffcb7ced0a8 EFLAGS: 00010246 [ 747.546754][T13508] RAX: 0000000000000000 RBX: 00007f7976f15720 RCX: 0000000000000000 [ 747.546770][T13508] RDX: 0000000000001d00 RSI: ffffffff8b5bbd00 RDI: 0000000000000000 [ 747.546785][T13508] RBP: ffffffff8b5bbd00 R08: 00007f79763d0000 R09: 00007f79763d2000 [ 747.546800][T13508] R10: 000000008b5bbd04 R11: 0000000000000000 R12: 0000000000000000 [ 747.546815][T13508] R13: 0000000000000044 R14: ffffffff8b5bb26a R15: 0000000000000044 [ 747.546831][T13508] ? xas_load+0x2a/0x5b0 [ 747.546861][T13508] ? xas_split+0x500/0x770 [ 747.546895][T13508] ? xas_split+0x500/0x770 [ 747.546930][T13508] [ 747.546942][T13508] memory: usage 3072kB, limit 3072kB, failcnt 76005 [ 747.823747][T13508] memory+swap: usage 3216kB, limit 9007199254740988kB, failcnt 0 [ 747.831597][T13508] kmem: usage 2772kB, limit 9007199254740988kB, failcnt 0 [ 747.841062][T13508] Memory cgroup stats for /syz2: [ 747.841269][T13508] cache 0 [ 747.849264][T13508] rss 110592 [ 747.852568][T13508] rss_huge 0 [ 747.855796][T13508] shmem 0 [ 747.858837][T13508] mapped_file 0 [ 747.862398][T13508] dirty 0 [ 747.865374][T13508] writeback 0 [ 747.868690][T13508] workingset_refault_anon 19788 [ 747.874848][T13508] workingset_refault_file 11101 [ 747.879736][T13508] swap 147456 [ 747.891961][T13508] swapcached 45056 [ 747.895866][T13508] pgpgin 582224 [ 747.899359][T13508] pgpgout 584244 [ 747.918369][T13508] pgfault 421379 [ 747.929269][T13508] pgmajfault 9729 [ 747.941881][T13508] inactive_anon 155648 [ 747.949459][T13508] active_anon 0 [ 747.953178][T12545] Bluetooth: hci5: command 0x0c1a tx timeout [ 747.962681][T13508] inactive_file 0 [ 747.966845][T13508] active_file 0 [ 747.970782][T13508] unevictable 0 [ 747.984376][T13508] hierarchical_memory_limit 3145728 [ 748.011963][T13508] hierarchical_memsw_limit 9223372036854771712 [ 748.018388][T13508] total_cache 0 [ 748.034516][T13508] total_rss 110592 [ 748.040297][T13508] total_rss_huge 0 [ 748.091900][T13508] total_shmem 0 [ 748.097169][T13508] total_mapped_file 0 [ 748.101181][T13508] total_dirty 0 [ 748.126572][T13508] total_writeback 0 [ 748.130455][T13508] total_workingset_refault_anon 19788 [ 748.326840][T13508] total_workingset_refault_file 11101 [ 748.369620][T13508] total_swap 147456 [ 748.381937][T13508] total_swapcached 45056 [ 748.421719][T13508] total_pgpgin 582224 [ 748.439570][T13508] total_pgpgout 584244 [ 748.454659][T13508] total_pgfault 421379 [ 748.501130][T13508] total_pgmajfault 9729 [ 748.522119][T13508] total_inactive_anon 155648 [ 748.526764][T13508] total_active_anon 0 [ 748.530769][T13508] total_inactive_file 0 [ 748.556297][T13508] total_active_file 0 [ 748.560361][T13508] total_unevictable 0 [ 748.629954][T13508] anon_cost 239 [ 748.645798][T13508] file_cost 0 [ 748.649148][T13508] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2104,pid=13508,uid=0 [ 748.761984][T13508] Memory cgroup out of memory: Killed process 13508 (syz.2.2104) total-vm:104080kB, anon-rss:1140kB, file-rss:21944kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 748.836972][T13146] syz.3.2001 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 748.922278][T13146] CPU: 1 UID: 0 PID: 13146 Comm: syz.3.2001 Not tainted syzkaller #0 PREEMPT(full) [ 748.922320][T13146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 748.922339][T13146] Call Trace: [ 748.922349][T13146] [ 748.922361][T13146] dump_stack_lvl+0x16c/0x1f0 [ 748.922404][T13146] dump_header+0x101/0x930 [ 748.922449][T13146] oom_kill_process+0x272/0xa40 [ 748.922487][T13146] out_of_memory+0x350/0x1700 [ 748.922528][T13146] ? __pfx_out_of_memory+0x10/0x10 [ 748.922572][T13146] mem_cgroup_out_of_memory+0x118/0x130 [ 748.922623][T13146] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 748.922685][T13146] ? do_raw_spin_unlock+0x172/0x230 [ 748.922726][T13146] try_charge_memcg+0x695/0xd30 [ 748.922794][T13146] ? __pfx_try_charge_memcg+0x10/0x10 [ 748.922836][T13146] ? __print_lock_name+0xb1/0xe0 [ 748.922871][T13146] ? rcu_read_unlock+0x17/0x60 [ 748.922926][T13146] charge_memcg+0x8a/0x230 [ 748.922968][T13146] __mem_cgroup_charge+0x2b/0x1e0 [ 748.923016][T13146] shmem_alloc_and_add_folio+0x50c/0xc20 [ 748.923061][T13146] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 748.923097][T13146] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 748.923143][T13146] shmem_get_folio_gfp+0x67f/0x1610 [ 748.923184][T13146] ? __lock_acquire+0xb8a/0x1c90 [ 748.923228][T13146] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 748.923276][T13146] shmem_write_begin+0x160/0x300 [ 748.923315][T13146] ? __pfx_shmem_write_begin+0x10/0x10 [ 748.923347][T13146] ? timestamp_truncate+0x21e/0x2d0 [ 748.923386][T13146] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 748.923446][T13146] generic_perform_write+0x3c4/0x900 [ 748.923509][T13146] ? __pfx_generic_perform_write+0x10/0x10 [ 748.923564][T13146] ? inode_needs_update_time.part.0+0x191/0x270 [ 748.923614][T13146] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 748.923653][T13146] shmem_file_write_iter+0x10e/0x140 [ 748.923696][T13146] __kernel_write_iter+0x31a/0xb10 [ 748.923736][T13146] ? __pfx___kernel_write_iter+0x10/0x10 [ 748.923771][T13146] ? __up_read+0x1f8/0x750 [ 748.923825][T13146] ? dump_user_range+0x756/0xb70 [ 748.923868][T13146] dump_user_range+0x413/0xb70 [ 748.923910][T13146] ? __pfx_dump_user_range+0x10/0x10 [ 748.923947][T13146] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 748.924028][T13146] ? __pfx_writenote+0x10/0x10 [ 748.924071][T13146] elf_core_dump+0x29c3/0x3c00 [ 748.924124][T13146] ? __pfx_elf_core_dump+0x10/0x10 [ 748.924154][T13146] ? kasan_save_stack+0x33/0x60 [ 748.924186][T13146] ? kasan_save_track+0x14/0x30 [ 748.924219][T13146] ? __kasan_kmalloc+0xaa/0xb0 [ 748.924251][T13146] ? __kvmalloc_node_noprof+0x3a3/0x9c0 [ 748.924282][T13146] ? vfs_coredump+0x1ddc/0x5670 [ 748.924309][T13146] ? arch_do_signal_or_restart+0x8f/0x790 [ 748.924342][T13146] ? irqentry_exit_to_user_mode+0x176/0x310 [ 748.924378][T13146] ? asm_exc_page_fault+0x26/0x30 [ 748.924421][T13146] ? 0xffffffffff600000 [ 748.924530][T13146] ? vfs_coredump+0x2b9f/0x5670 [ 748.924559][T13146] vfs_coredump+0x2b9f/0x5670 [ 748.924605][T13146] ? __pfx_vfs_coredump+0x10/0x10 [ 748.924638][T13146] ? __lock_acquire+0x622/0x1c90 [ 748.924699][T13146] ? lock_acquire+0x179/0x350 [ 748.924761][T13146] ? is_bpf_text_address+0x8a/0x1a0 [ 748.924806][T13146] ? bpf_ksym_find+0x124/0x1c0 [ 748.924854][T13146] ? unwind_get_return_address+0x59/0xa0 [ 748.924888][T13146] ? arch_stack_walk+0xa6/0x100 [ 748.924938][T13146] ? stack_trace_save+0x8e/0xc0 [ 748.924973][T13146] ? __pfx_stack_trace_save+0x10/0x10 [ 748.925010][T13146] ? stack_depot_save_flags+0x29/0x9c0 [ 748.925072][T13146] ? __lock_acquire+0xb8a/0x1c90 [ 748.925179][T13146] ? proc_coredump_connector+0x2d1/0x4f0 [ 748.925211][T13146] ? __pfx_proc_coredump_connector+0x10/0x10 [ 748.925253][T13146] ? rcu_is_watching+0x12/0xc0 [ 748.925289][T13146] get_signal+0x22e1/0x26d0 [ 748.925339][T13146] ? __pfx_get_signal+0x10/0x10 [ 748.925374][T13146] ? rcu_is_watching+0x12/0xc0 [ 748.925439][T13146] arch_do_signal_or_restart+0x8f/0x790 [ 748.925480][T13146] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 748.925547][T13146] irqentry_exit_to_user_mode+0x176/0x310 [ 748.925589][T13146] asm_exc_page_fault+0x26/0x30 [ 748.925618][T13146] RIP: 0033:0x0 [ 748.925638][T13146] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 748.925652][T13146] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 748.925676][T13146] RAX: 0000000000000000 RBX: 00007f043d9e5fa0 RCX: 00007f043d78f749 [ 748.925695][T13146] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 748.925713][T13146] RBP: 00007f043d813f91 R08: 0000000000000002 R09: 0000000000000000 [ 748.925731][T13146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.925749][T13146] R13: 00007f043d9e6038 R14: 00007f043d9e5fa0 R15: 00007ffc85e08728 [ 748.925793][T13146] [ 748.925804][T13146] memory: usage 307200kB, limit 307200kB, failcnt 36617 [ 749.415181][T13146] memory+swap: usage 426384kB, limit 9007199254740988kB, failcnt 0 [ 749.430396][T13146] kmem: usage 7164kB, limit 9007199254740988kB, failcnt 0 [ 749.439275][T13146] Memory cgroup stats for /syz3: [ 749.439475][T13146] cache 305078272 [ 749.448626][T13146] rss 733184 [ 749.453420][T13146] rss_huge 0 [ 749.456661][T13146] shmem 305078272 [ 749.460337][T13146] mapped_file 146579456 [ 749.465194][T13146] dirty 0 [ 749.468162][T13146] writeback 0 [ 749.471470][T13146] workingset_refault_anon 7665 [ 749.491882][T13146] workingset_refault_file 13131 [ 749.496791][T13146] swap 122163200 [ 749.500359][T13146] swapcached 1306624 [ 749.502536][T13522] Invalid ELF header magic: != ELF [ 749.517888][T13146] pgpgin 958162 [ 749.521408][T13146] pgpgout 888881 [ 749.552668][T13146] pgfault 540123 [ 749.556309][T13146] pgmajfault 1292 [ 749.559971][T13146] inactive_anon 305438720 [ 749.578981][T13146] active_anon 1679360 [ 749.586088][T13146] inactive_file 0 [ 749.592144][T13146] active_file 0 [ 749.595656][T13146] unevictable 0 [ 749.599141][T13146] hierarchical_memory_limit 314572800 [ 749.648237][T13146] hierarchical_memsw_limit 9223372036854771712 [ 749.655967][T13146] total_cache 305078272 [ 749.664469][T13146] total_rss 733184 [ 749.674810][T13146] total_rss_huge 0 [ 749.678668][T13146] total_shmem 305078272 [ 749.722273][T13146] total_mapped_file 146579456 [ 749.731332][T13146] total_dirty 0 [ 749.741457][T13146] total_writeback 0 [ 749.763167][T13146] total_workingset_refault_anon 7665 [ 749.769716][T13146] total_workingset_refault_file 13131 [ 749.791918][T13146] total_swap 122163200 [ 749.796053][T13146] total_swapcached 1306624 [ 749.800493][T13146] total_pgpgin 958162 [ 749.810771][T13146] total_pgpgout 888881 [ 749.814991][T13146] total_pgfault 540123 [ 749.819093][T13146] total_pgmajfault 1292 [ 749.826849][T13146] total_inactive_anon 305438720 [ 749.831753][T13146] total_active_anon 1679360 [ 749.839568][T13146] total_inactive_file 0 [ 749.844227][T13146] total_active_file 0 [ 749.848247][T13146] total_unevictable 0 [ 749.852786][T13146] anon_cost 12664 [ 749.856455][T13146] file_cost 837 [ 749.859930][T13146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.2012,pid=13178,uid=0 [ 749.893624][T13146] Memory cgroup out of memory: Killed process 13178 (syz.3.2012) total-vm:134932kB, anon-rss:1148kB, file-rss:25452kB, shmem-rss:32768kB, UID:0 pgtables:208kB oom_score_adj:0 [ 750.002078][T13531] syz.2.2110 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 750.022146][T13531] CPU: 1 UID: 0 PID: 13531 Comm: syz.2.2110 Not tainted syzkaller #0 PREEMPT(full) [ 750.022188][T13531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 750.022217][T13531] Call Trace: [ 750.022226][T13531] [ 750.022238][T13531] dump_stack_lvl+0x16c/0x1f0 [ 750.022279][T13531] dump_header+0x101/0x930 [ 750.022324][T13531] oom_kill_process+0x272/0xa40 [ 750.022357][T13531] out_of_memory+0x350/0x1700 [ 750.022395][T13531] ? __pfx_out_of_memory+0x10/0x10 [ 750.022435][T13531] mem_cgroup_out_of_memory+0x118/0x130 [ 750.022481][T13531] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 750.022536][T13531] ? do_raw_spin_unlock+0x172/0x230 [ 750.022571][T13531] try_charge_memcg+0x695/0xd30 [ 750.022614][T13531] ? __pfx_try_charge_memcg+0x10/0x10 [ 750.022653][T13531] ? __print_lock_name+0xb1/0xe0 [ 750.022685][T13531] ? rcu_read_unlock+0x17/0x60 [ 750.022757][T13531] charge_memcg+0x8a/0x230 [ 750.022799][T13531] __mem_cgroup_charge+0x2b/0x1e0 [ 750.022847][T13531] shmem_alloc_and_add_folio+0x50c/0xc20 [ 750.022892][T13531] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 750.022927][T13531] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 750.022973][T13531] shmem_get_folio_gfp+0x67f/0x1610 [ 750.023013][T13531] ? filemap_map_pages+0x11a2/0x1d50 [ 750.023046][T13531] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 750.023081][T13531] ? filemap_map_pages+0x121f/0x1d50 [ 750.023119][T13531] shmem_fault+0x1fe/0xa30 [ 750.023154][T13531] ? __pfx_shmem_fault+0x10/0x10 [ 750.023193][T13531] ? __pfx_filemap_map_pages+0x10/0x10 [ 750.023238][T13531] ? __pfx_filemap_map_pages+0x10/0x10 [ 750.023267][T13531] __do_fault+0x10d/0x490 [ 750.023315][T13531] ? __pfx_filemap_map_pages+0x10/0x10 [ 750.023345][T13531] do_pte_missing+0xf4a/0x3ba0 [ 750.023396][T13531] ? find_held_lock+0x2b/0x80 [ 750.023430][T13531] ? __handle_mm_fault+0x1529/0x2aa0 [ 750.023488][T13531] __handle_mm_fault+0x1556/0x2aa0 [ 750.023553][T13531] ? __pfx___handle_mm_fault+0x10/0x10 [ 750.023608][T13531] ? __pte_offset_map_lock+0x174/0x310 [ 750.023650][T13531] ? find_held_lock+0x2b/0x80 [ 750.023697][T13531] ? follow_page_pte+0x5cf/0x1390 [ 750.023752][T13531] handle_mm_fault+0x589/0xd10 [ 750.023813][T13531] __get_user_pages+0x54e/0x3530 [ 750.023880][T13531] ? __pfx___get_user_pages+0x10/0x10 [ 750.023938][T13531] ? __kernel_write_iter+0x5a5/0xb10 [ 750.023994][T13531] get_dump_page+0x257/0x3d0 [ 750.024035][T13531] ? __pfx_get_dump_page+0x10/0x10 [ 750.024078][T13531] ? dump_user_range+0x756/0xb70 [ 750.024116][T13531] dump_user_range+0x195/0xb70 [ 750.024155][T13531] ? __pfx_dump_user_range+0x10/0x10 [ 750.024187][T13531] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 750.024241][T13531] ? __pfx_writenote+0x10/0x10 [ 750.024283][T13531] elf_core_dump+0x29c3/0x3c00 [ 750.024344][T13531] ? __pfx_elf_core_dump+0x10/0x10 [ 750.024375][T13531] ? kasan_save_stack+0x33/0x60 [ 750.024409][T13531] ? kasan_save_track+0x14/0x30 [ 750.024441][T13531] ? __kasan_kmalloc+0xaa/0xb0 [ 750.024472][T13531] ? __kvmalloc_node_noprof+0x3a3/0x9c0 [ 750.024505][T13531] ? vfs_coredump+0x1ddc/0x5670 [ 750.024531][T13531] ? arch_do_signal_or_restart+0x8f/0x790 [ 750.024566][T13531] ? irqentry_exit_to_user_mode+0x176/0x310 [ 750.024604][T13531] ? asm_exc_page_fault+0x26/0x30 [ 750.024641][T13531] ? 0xffffffffff600000 [ 750.024733][T13531] ? vfs_coredump+0x2b9f/0x5670 [ 750.024759][T13531] vfs_coredump+0x2b9f/0x5670 [ 750.024802][T13531] ? __pfx_vfs_coredump+0x10/0x10 [ 750.024834][T13531] ? __lock_acquire+0x622/0x1c90 [ 750.024890][T13531] ? lock_acquire+0x179/0x350 [ 750.024948][T13531] ? is_bpf_text_address+0x8a/0x1a0 [ 750.024990][T13531] ? bpf_ksym_find+0x124/0x1c0 [ 750.025034][T13531] ? unwind_get_return_address+0x59/0xa0 [ 750.025066][T13531] ? arch_stack_walk+0xa6/0x100 [ 750.025111][T13531] ? stack_trace_save+0x8e/0xc0 [ 750.025144][T13531] ? __pfx_stack_trace_save+0x10/0x10 [ 750.025179][T13531] ? stack_depot_save_flags+0x29/0x9c0 [ 750.025225][T13531] ? __lock_acquire+0xb8a/0x1c90 [ 750.025340][T13531] ? proc_coredump_connector+0x2d1/0x4f0 [ 750.025374][T13531] ? __pfx_proc_coredump_connector+0x10/0x10 [ 750.025416][T13531] ? rcu_is_watching+0x12/0xc0 [ 750.025455][T13531] get_signal+0x22e1/0x26d0 [ 750.025504][T13531] ? __pfx_get_signal+0x10/0x10 [ 750.025542][T13531] ? rcu_is_watching+0x12/0xc0 [ 750.025580][T13531] arch_do_signal_or_restart+0x8f/0x790 [ 750.025620][T13531] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 750.025682][T13531] irqentry_exit_to_user_mode+0x176/0x310 [ 750.025723][T13531] asm_exc_page_fault+0x26/0x30 [ 750.025752][T13531] RIP: 0033:0x0 [ 750.025772][T13531] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 750.025787][T13531] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 750.025810][T13531] RAX: 0000000000000000 RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 750.025828][T13531] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 750.025845][T13531] RBP: 00007f7976213f91 R08: 0000000000000002 R09: 0000000000000000 [ 750.025862][T13531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.025879][T13531] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 750.025920][T13531] [ 750.025931][T13531] memory: usage 3072kB, limit 3072kB, failcnt 76112 [ 750.034786][T12545] Bluetooth: hci5: command 0x0c1a tx timeout [ 750.057244][T13525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2106'. [ 750.212052][T13531] memory+swap: usage 3140kB, limit 9007199254740988kB, failcnt 0 [ 750.546391][T13525] bond0: entered allmulticast mode [ 750.590391][T13531] kmem: usage 2760kB, limit 9007199254740988kB, failcnt 0 [ 750.601972][T13531] Memory cgroup stats for /syz2: [ 750.602150][T13531] cache 73728 [ 750.610466][T13531] rss 200704 [ 750.615658][T13531] rss_huge 0 [ 750.618891][T13531] shmem 73728 [ 750.634436][T13525] bond_slave_0: entered allmulticast mode [ 750.656276][T13525] bond_slave_1: entered allmulticast mode [ 750.661864][T13531] mapped_file 32768 [ 750.666333][T13531] dirty 0 [ 750.669289][T13531] writeback 0 [ 750.691945][T13531] workingset_refault_anon 19801 [ 750.701891][T13531] workingset_refault_file 11101 [ 750.706876][T13531] swap 69632 [ 750.710101][T13531] swapcached 45056 [ 750.741885][T13531] pgpgin 582326 [ 750.745418][T13531] pgpgout 584306 [ 750.748992][T13531] pgfault 421629 [ 750.781888][T13531] pgmajfault 9741 [ 750.785593][T13531] inactive_anon 311296 [ 750.789689][T13531] active_anon 8192 [ 750.833295][T13531] inactive_file 0 [ 750.837003][T13531] active_file 0 [ 750.840494][T13531] unevictable 0 [ 750.861867][T13531] hierarchical_memory_limit 3145728 [ 750.867490][T13531] hierarchical_memsw_limit 9223372036854771712 [ 750.881892][T13531] total_cache 73728 [ 750.885747][T13531] total_rss 200704 [ 750.889497][T13531] total_rss_huge 0 [ 750.903632][T13531] total_shmem 73728 [ 750.907492][T13531] total_mapped_file 32768 [ 750.931900][T13531] total_dirty 0 [ 750.935439][T13531] total_writeback 0 [ 750.939354][T13531] total_workingset_refault_anon 19801 [ 750.962145][T13531] total_workingset_refault_file 11101 [ 750.969191][T13531] total_swap 69632 [ 750.982583][T13531] total_swapcached 45056 [ 750.986876][T13531] total_pgpgin 582326 [ 750.990875][T13531] total_pgpgout 584306 [ 751.007196][T13531] total_pgfault 421629 [ 751.011311][T13531] total_pgmajfault 9741 [ 751.017136][T13531] total_inactive_anon 311296 [ 751.021763][T13531] total_active_anon 8192 [ 751.026904][T13531] total_inactive_file 0 [ 751.031083][T13531] total_active_file 0 [ 751.035517][T13531] total_unevictable 0 [ 751.039528][T13531] anon_cost 239 [ 751.043474][T13531] file_cost 0 [ 751.046792][T13531] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2110,pid=13531,uid=0 [ 751.072513][T13531] Memory cgroup out of memory: Killed process 13531 (syz.2.2110) total-vm:134932kB, anon-rss:1268kB, file-rss:23028kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 751.718371][T13536] syz.2.2112 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), order=0, oom_score_adj=1000 [ 751.759723][T13536] CPU: 0 UID: 0 PID: 13536 Comm: syz.2.2112 Not tainted syzkaller #0 PREEMPT(full) [ 751.759762][T13536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 751.759779][T13536] Call Trace: [ 751.759788][T13536] [ 751.759798][T13536] dump_stack_lvl+0x16c/0x1f0 [ 751.759840][T13536] dump_header+0x101/0x930 [ 751.759892][T13536] oom_kill_process+0x272/0xa40 [ 751.759927][T13536] out_of_memory+0x350/0x1700 [ 751.759968][T13536] ? __pfx_out_of_memory+0x10/0x10 [ 751.760037][T13536] mem_cgroup_out_of_memory+0x118/0x130 [ 751.760089][T13536] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 751.760155][T13536] ? do_raw_spin_unlock+0x172/0x230 [ 751.760193][T13536] try_charge_memcg+0x695/0xd30 [ 751.760241][T13536] ? __pfx_try_charge_memcg+0x10/0x10 [ 751.760282][T13536] ? find_held_lock+0x2b/0x80 [ 751.760316][T13536] ? rcu_read_unlock+0x17/0x60 [ 751.760369][T13536] __memcg_kmem_charge_page+0xda/0x420 [ 751.760418][T13536] __alloc_frozen_pages_noprof+0x323/0x2470 [ 751.760477][T13536] ? kvm_sched_clock_read+0x11/0x20 [ 751.760514][T13536] ? sched_clock+0x38/0x60 [ 751.760570][T13536] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 751.760604][T13536] ? __lock_acquire+0x622/0x1c90 [ 751.760666][T13536] ? lock_acquire+0x179/0x350 [ 751.760711][T13536] ? find_held_lock+0x2b/0x80 [ 751.760744][T13536] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 751.760802][T13536] ? policy_nodemask+0xea/0x4e0 [ 751.760851][T13536] alloc_pages_mpol+0x1fb/0x550 [ 751.760899][T13536] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 751.760940][T13536] ? __page_table_check_ptes_set+0x1ae/0x420 [ 751.760979][T13536] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 751.761027][T13536] alloc_pages_noprof+0x131/0x390 [ 751.761073][T13536] pte_alloc_one+0x1e/0x350 [ 751.761110][T13536] __pte_alloc+0x6d/0x380 [ 751.761183][T13536] ? __pfx___pte_alloc+0x10/0x10 [ 751.761221][T13536] ? find_held_lock+0x2b/0x80 [ 751.761261][T13536] ? find_held_lock+0x2b/0x80 [ 751.761288][T13536] ? walk_to_pmd+0x305/0x4c0 [ 751.761332][T13536] __get_locked_pte+0xa1/0xc0 [ 751.761376][T13536] insert_page+0x101/0x200 [ 751.761418][T13536] ? __pfx_insert_page+0x10/0x10 [ 751.761457][T13536] ? do_raw_spin_lock+0x12c/0x2b0 [ 751.761502][T13536] ? __pfx___vma_enter_locked+0x10/0x10 [ 751.761574][T13536] vm_insert_page+0x2c1/0x440 [ 751.761615][T13536] ? vmalloc_to_page+0x471/0x650 [ 751.761671][T13536] kcov_mmap+0xbf/0x140 [ 751.761699][T13536] __mmap_region+0x1309/0x27a0 [ 751.761735][T13536] ? __pfx___mmap_region+0x10/0x10 [ 751.761769][T13536] ? __pfx_mt_validate_nulls+0x10/0x10 [ 751.761900][T13536] ? __lock_acquire+0xb8a/0x1c90 [ 751.761952][T13536] mmap_region+0x32b/0x3f0 [ 751.761990][T13536] do_mmap+0xa3e/0x1210 [ 751.762036][T13536] ? __pfx_do_mmap+0x10/0x10 [ 751.762075][T13536] ? __pfx_down_write_killable+0x10/0x10 [ 751.762126][T13536] vm_mmap_pgoff+0x29e/0x470 [ 751.762180][T13536] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 751.762227][T13536] ? __fget_files+0x20e/0x3c0 [ 751.762265][T13536] ksys_mmap_pgoff+0x32c/0x5c0 [ 751.762303][T13536] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 751.762355][T13536] __x64_sys_mmap+0x125/0x190 [ 751.762404][T13536] do_syscall_64+0xcd/0xfa0 [ 751.762444][T13536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.762473][T13536] RIP: 0033:0x7f797618f783 [ 751.762497][T13536] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 751.762544][T13536] RSP: 002b:00007ffcb7ced138 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 751.762573][T13536] RAX: ffffffffffffffda RBX: 00007f79763e6308 RCX: 00007f797618f783 [ 751.762594][T13536] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007f7973ff6000 [ 751.762612][T13536] RBP: 00007f79763e6270 R08: 00000000000000db R09: 0000000000000000 [ 751.762629][T13536] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000003 [ 751.762648][T13536] R13: 00007f79763e6270 R14: 000000000000122c R15: 0000000000000004 [ 751.762690][T13536] [ 752.193978][T13536] memory: usage 3072kB, limit 3072kB, failcnt 76200 [ 752.200633][T13536] memory+swap: usage 3140kB, limit 9007199254740988kB, failcnt 0 [ 752.208882][T13536] kmem: usage 2812kB, limit 9007199254740988kB, failcnt 0 [ 752.388753][T13536] Memory cgroup stats for /syz2: [ 752.389024][T13536] cache 12288 [ 752.436980][T13536] rss 217088 [ 752.440371][T13536] rss_huge 0 [ 752.448794][T13536] shmem 0 [ 752.451780][T13536] mapped_file 12288 [ 752.461945][T13536] dirty 0 [ 752.464916][T13536] writeback 0 [ 752.468200][T13536] workingset_refault_anon 19801 [ 752.501578][T13536] workingset_refault_file 11104 [ 752.561932][T13536] swap 69632 [ 752.565165][T13536] swapcached 45056 [ 752.615383][T13536] pgpgin 582369 [ 752.618883][T13536] pgpgout 584360 [ 752.662124][T13536] pgfault 421784 [ 752.665724][T13536] pgmajfault 9742 [ 752.669360][T13536] inactive_anon 253952 [ 752.721940][T13536] active_anon 0 [ 752.725459][T13536] inactive_file 12288 [ 752.729430][T13536] active_file 0 [ 752.768981][T13536] unevictable 0 [ 752.797583][T13536] hierarchical_memory_limit 3145728 [ 752.812249][T13553] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 752.825917][T13536] hierarchical_memsw_limit 9223372036854771712 [ 752.845096][T13536] total_cache 12288 [ 752.849034][T13536] total_rss 217088 [ 752.978461][T13536] total_rss_huge 0 [ 752.985916][T13536] total_shmem 0 [ 752.994975][T13536] total_mapped_file 12288 [ 753.011342][T13536] total_dirty 0 [ 753.015227][T13536] total_writeback 0 [ 753.020785][T13536] total_workingset_refault_anon 19801 [ 753.037731][T13536] total_workingset_refault_file 11104 [ 753.087912][T13536] total_swap 69632 [ 753.114117][T13536] total_swapcached 45056 [ 753.155964][T13536] total_pgpgin 582369 [ 753.212879][T13536] total_pgpgout 584360 [ 753.273442][T13536] total_pgfault 421784 [ 753.277560][T13536] total_pgmajfault 9742 [ 753.281708][T13536] total_inactive_anon 253952 [ 753.286459][T13536] total_active_anon 0 [ 753.343421][T13536] total_inactive_file 12288 [ 753.367649][T13536] total_active_file 0 [ 753.382075][T13536] total_unevictable 0 [ 753.386154][T13536] anon_cost 152 [ 753.389616][T13536] file_cost 1 [ 753.433367][T13536] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2112,pid=13536,uid=0 [ 753.509211][T13536] Memory cgroup out of memory: Killed process 13536 (syz.2.2112) total-vm:110496kB, anon-rss:1268kB, file-rss:25368kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 754.875468][T13568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2119'. [ 755.121361][T13560] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 756.923100][T13598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2130'. [ 756.969051][T13598] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2130'. [ 757.719127][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.727255][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.899414][T13607] can0: slcan on ttyS2. [ 758.885824][T13606] can0 (unregistered): slcan off ttyS2. [ 760.422280][T13643] Invalid ELF header magic: != ELF [ 761.445888][T13663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2140'. [ 761.472708][T13663] netlink: 'syz.2.2140': attribute type 1 has an invalid length. [ 761.498628][T13663] netlink: 'syz.2.2140': attribute type 6 has an invalid length. [ 761.726002][T13670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2141'. [ 761.784225][T13670] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2141'. [ 763.999872][T13686] random: crng reseeded on system resumption [ 764.694009][T13684] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 767.040649][T13691] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 767.453652][T13711] delete_channel: no stack [ 768.219602][ T32] oom_reaper: reaped process 13692 (syz.2.2148), now anon-rss:0kB, file-rss:26040kB, shmem-rss:0kB [ 772.574894][T13748] Invalid ELF header magic: != ELF [ 772.680445][T13746] can0: slcan on ptm0. [ 773.184295][T13745] can0 (unregistered): slcan off ptm0. [ 775.032866][T13769] Console: switching to colour frame buffer device 128x48 [ 776.020938][T13776] syz.2.2168 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 776.111737][T13776] CPU: 1 UID: 0 PID: 13776 Comm: syz.2.2168 Not tainted syzkaller #0 PREEMPT(full) [ 776.111785][T13776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 776.111803][T13776] Call Trace: [ 776.111813][T13776] [ 776.111824][T13776] dump_stack_lvl+0x16c/0x1f0 [ 776.111868][T13776] dump_header+0x101/0x930 [ 776.111905][T13776] oom_kill_process+0x272/0xa40 [ 776.111941][T13776] out_of_memory+0x350/0x1700 [ 776.111981][T13776] ? __pfx_out_of_memory+0x10/0x10 [ 776.112024][T13776] mem_cgroup_out_of_memory+0x118/0x130 [ 776.112074][T13776] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 776.112134][T13776] ? do_raw_spin_unlock+0x172/0x230 [ 776.112170][T13776] try_charge_memcg+0x695/0xd30 [ 776.112215][T13776] ? __pfx_try_charge_memcg+0x10/0x10 [ 776.112264][T13776] ? find_held_lock+0x2b/0x80 [ 776.112305][T13776] charge_memcg+0x8a/0x230 [ 776.112354][T13776] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 776.112409][T13776] __read_swap_cache_async+0x397/0x500 [ 776.112450][T13776] ? __pfx___read_swap_cache_async+0x10/0x10 [ 776.112487][T13776] ? __lock_acquire+0xb70/0x1c90 [ 776.112535][T13776] ? __xa_erase+0xee/0x150 [ 776.112584][T13776] swap_cluster_readahead+0x432/0x770 [ 776.112629][T13776] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 776.112675][T13776] ? move_cluster+0x39d/0x560 [ 776.112723][T13776] ? lock_acquire+0x179/0x350 [ 776.112768][T13776] ? get_vma_policy+0x242/0x3c0 [ 776.112819][T13776] swapin_readahead+0x160/0x1180 [ 776.112868][T13776] ? __pfx_swapin_readahead+0x10/0x10 [ 776.112905][T13776] ? find_held_lock+0x2b/0x80 [ 776.112937][T13776] ? swap_cache_get_folio+0x267/0x8e0 [ 776.112968][T13776] ? swap_cache_get_folio+0x267/0x8e0 [ 776.112998][T13776] ? swap_cache_get_folio+0x267/0x8e0 [ 776.113032][T13776] ? swap_cache_get_folio+0x267/0x8e0 [ 776.113063][T13776] ? swap_cache_get_folio+0x1f/0x8e0 [ 776.113092][T13776] ? swap_cache_get_folio+0x293/0x8e0 [ 776.113127][T13776] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 776.113157][T13776] ? __pfx_get_swap_device+0x10/0x10 [ 776.113201][T13776] ? do_swap_page+0x125/0x6340 [ 776.113250][T13776] ? do_swap_page+0x86c/0x6340 [ 776.113291][T13776] do_swap_page+0x86c/0x6340 [ 776.113360][T13776] ? __pfx_do_swap_page+0x10/0x10 [ 776.113410][T13776] ? __pfx_default_wake_function+0x10/0x10 [ 776.113449][T13776] ? __lock_acquire+0x622/0x1c90 [ 776.113497][T13776] ? rcu_is_watching+0x12/0xc0 [ 776.113532][T13776] ? ___pte_offset_map+0x2ad/0x4f0 [ 776.113580][T13776] __handle_mm_fault+0x17d1/0x2aa0 [ 776.113646][T13776] ? __pfx___handle_mm_fault+0x10/0x10 [ 776.113704][T13776] ? lock_vma_under_rcu+0x176/0x530 [ 776.113769][T13776] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 776.113834][T13776] handle_mm_fault+0x589/0xd10 [ 776.113888][T13776] ? __pkru_allows_pkey+0x21/0xb0 [ 776.113961][T13776] do_user_addr_fault+0x60c/0x1370 [ 776.113996][T13776] ? rcu_is_watching+0x12/0xc0 [ 776.114034][T13776] exc_page_fault+0x64/0xc0 [ 776.114072][T13776] asm_exc_page_fault+0x26/0x30 [ 776.114103][T13776] RIP: 0033:0x7f797606ef94 [ 776.114129][T13776] Code: 82 b5 03 00 00 c6 44 24 1e 01 45 31 ff 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 44 89 f9 49 8b 50 40 4c 89 f0 49 03 14 ca <80> 3d 0d 8e 37 00 00 49 89 d6 48 89 d5 74 28 25 ff 0f 00 00 83 f0 [ 776.114159][T13776] RSP: 002b:00007ffcb7ced0b0 EFLAGS: 00010286 [ 776.114184][T13776] RAX: ffffffff820c97e0 RBX: 00007f7976f15720 RCX: 00000000000000f7 [ 776.114204][T13776] RDX: ffffffff820c9884 RSI: 0000000000000008 RDI: 00007f7976f15720 [ 776.114223][T13776] RBP: ffffffff820c92cd R08: 00007f79763e6038 R09: 00007f79763d2000 [ 776.114243][T13776] R10: 00007f7975bff008 R11: 0000000000000000 R12: 0000000000000000 [ 776.114263][T13776] R13: 00000000000000e9 R14: ffffffff820c97e0 R15: 00000000000000f7 [ 776.114283][T13776] ? may_expand_vm+0x20/0x430 [ 776.114325][T13776] ? exit_mmap+0x6ad/0xb90 [ 776.114375][T13776] ? may_expand_vm+0x20/0x430 [ 776.114435][T13776] ? may_expand_vm+0xc4/0x430 [ 776.114487][T13776] [ 776.779957][T13776] memory: usage 3048kB, limit 3072kB, failcnt 81841 [ 776.814476][T13776] memory+swap: usage 8200kB, limit 9007199254740988kB, failcnt 0 [ 776.969569][T13776] kmem: usage 2936kB, limit 9007199254740988kB, failcnt 0 [ 777.052010][T13776] Memory cgroup stats for /syz2: [ 777.052216][T13776] cache 32768 [ 777.060520][T13776] rss 0 [ 777.133377][T13776] rss_huge 0 [ 777.136820][T13776] shmem 32768 [ 777.140149][T13776] mapped_file 32768 [ 777.181908][T13776] dirty 0 [ 777.184924][T13776] writeback 0 [ 777.188233][T13776] workingset_refault_anon 21622 [ 777.215390][T13776] workingset_refault_file 11104 [ 777.230867][T13776] swap 5406720 [ 777.251978][T13776] swapcached 61440 [ 777.255768][T13776] pgpgin 587256 [ 777.259293][T13776] pgpgout 589291 [ 777.291975][T13776] pgfault 427273 [ 777.295594][T13776] pgmajfault 11002 [ 777.299330][T13776] inactive_anon 32768 [ 777.334505][T13776] active_anon 61440 [ 777.338469][T13776] inactive_file 0 [ 777.342322][T13776] active_file 0 [ 777.352216][T13776] unevictable 0 [ 777.360885][T13776] hierarchical_memory_limit 3145728 [ 777.394949][T13776] hierarchical_memsw_limit 9223372036854771712 [ 777.432025][T13776] total_cache 32768 [ 777.436081][T13776] total_rss 0 [ 777.439540][T13776] total_rss_huge 0 [ 777.443426][T13776] total_shmem 32768 [ 777.447367][T13776] total_mapped_file 32768 [ 777.452908][T13776] total_dirty 0 [ 777.456492][T13776] total_writeback 0 [ 777.472877][T13776] total_workingset_refault_anon 21622 [ 777.482922][T13776] total_workingset_refault_file 11104 [ 777.521925][T13776] total_swap 5406720 [ 777.525982][T13776] total_swapcached 61440 [ 777.530347][T13776] total_pgpgin 587256 [ 777.534494][T13776] total_pgpgout 589291 [ 777.548454][T13776] total_pgfault 427273 [ 777.553027][T13776] total_pgmajfault 11002 [ 777.571548][T13776] total_inactive_anon 32768 [ 777.601948][T13776] total_active_anon 61440 [ 777.613260][T13776] total_inactive_file 0 [ 777.654262][T13776] total_active_file 0 [ 777.671924][T13776] total_unevictable 0 [ 777.676068][T13776] anon_cost 296 [ 777.690007][T13776] file_cost 0 [ 777.696787][T13776] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2160,pid=13730,uid=0 [ 777.733459][T13803] XFS: Clearing xfsstats [ 777.821947][T13776] Memory cgroup out of memory: Killed process 13730 (syz.2.2160) total-vm:135064kB, anon-rss:1268kB, file-rss:23164kB, shmem-rss:128kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 778.306241][T13816] Invalid ELF header magic: != ELF [ 779.168440][T13815] syz.2.2176 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 779.232187][T13815] CPU: 1 UID: 0 PID: 13815 Comm: syz.2.2176 Not tainted syzkaller #0 PREEMPT(full) [ 779.232224][T13815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 779.232239][T13815] Call Trace: [ 779.232247][T13815] [ 779.232255][T13815] dump_stack_lvl+0x16c/0x1f0 [ 779.232289][T13815] dump_header+0x101/0x930 [ 779.232316][T13815] oom_kill_process+0x272/0xa40 [ 779.232343][T13815] out_of_memory+0x350/0x1700 [ 779.232377][T13815] ? __pfx_out_of_memory+0x10/0x10 [ 779.232409][T13815] mem_cgroup_out_of_memory+0x118/0x130 [ 779.232466][T13815] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 779.232519][T13815] ? do_raw_spin_unlock+0x172/0x230 [ 779.232550][T13815] try_charge_memcg+0x695/0xd30 [ 779.232591][T13815] ? __pfx_try_charge_memcg+0x10/0x10 [ 779.232621][T13815] ? find_held_lock+0x2b/0x80 [ 779.232647][T13815] ? rcu_read_unlock+0x17/0x60 [ 779.232690][T13815] __memcg_kmem_charge_page+0xda/0x420 [ 779.232733][T13815] memcg_charge_kernel_stack+0xc3/0x1f0 [ 779.232768][T13815] copy_process+0x548/0x76a0 [ 779.232819][T13815] ? do_swap_page+0x7ae/0x6340 [ 779.232868][T13815] ? __pfx_copy_process+0x10/0x10 [ 779.232911][T13815] ? _copy_from_user+0x59/0xd0 [ 779.232959][T13815] kernel_clone+0xfc/0x930 [ 779.232995][T13815] ? __pfx_kernel_clone+0x10/0x10 [ 779.233038][T13815] ? __lock_acquire+0xb8a/0x1c90 [ 779.233080][T13815] __do_sys_clone3+0x212/0x290 [ 779.233124][T13815] ? __pfx___do_sys_clone3+0x10/0x10 [ 779.233209][T13815] do_syscall_64+0xcd/0xfa0 [ 779.233248][T13815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.233276][T13815] RIP: 0033:0x7f79761c3e89 [ 779.233299][T13815] Code: ef 08 00 48 8d 3d 5c ef 08 00 e8 12 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 779.233326][T13815] RSP: 002b:00007ffcb7cecf48 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 779.233351][T13815] RAX: ffffffffffffffda RBX: 00007f79761462a0 RCX: 00007f79761c3e89 [ 779.233368][T13815] RDX: 00007f79761462a0 RSI: 0000000000000058 RDI: 00007ffcb7cecf90 [ 779.233386][T13815] RBP: 00007f79770b46c0 R08: 00007f79770b46c0 R09: 00007ffcb7ced077 [ 779.233403][T13815] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 779.233420][T13815] R13: 000000000000006e R14: 00007ffcb7cecf90 R15: 00007ffcb7ced078 [ 779.233459][T13815] [ 779.233469][T13815] memory: usage 3072kB, limit 3072kB, failcnt 82348 [ 779.552727][T13815] memory+swap: usage 3316kB, limit 9007199254740988kB, failcnt 0 [ 779.560591][T13815] kmem: usage 3004kB, limit 9007199254740988kB, failcnt 0 [ 779.645250][T13815] Memory cgroup stats for /syz2: [ 779.645440][T13815] cache 0 [ 779.661963][T13815] rss 16384 [ 779.665228][T13815] rss_huge 0 [ 779.668447][T13815] shmem 0 [ 779.671401][T13815] mapped_file 0 [ 779.681860][T13815] dirty 0 [ 779.684855][T13815] writeback 0 [ 779.688175][T13815] workingset_refault_anon 21714 [ 779.702191][T13815] workingset_refault_file 11104 [ 779.707097][T13815] swap 237568 [ 779.710397][T13815] swapcached 77824 [ 779.732645][T13815] pgpgin 587616 [ 779.736188][T13815] pgpgout 589654 [ 779.741080][T13815] pgfault 427598 [ 779.751971][T13815] pgmajfault 11069 [ 779.755741][T13815] inactive_anon 0 [ 779.759405][T13815] active_anon 0 [ 779.771935][T13815] inactive_file 0 [ 779.775624][T13815] active_file 0 [ 779.779119][T13815] unevictable 0 [ 779.817435][T13815] hierarchical_memory_limit 3145728 [ 779.845890][T13815] hierarchical_memsw_limit 9223372036854771712 [ 779.856036][T13815] total_cache 0 [ 779.859552][T13815] total_rss 16384 [ 779.871936][T13815] total_rss_huge 0 [ 779.875914][T13815] total_shmem 0 [ 779.879429][T13815] total_mapped_file 0 [ 779.892174][T13815] total_dirty 0 [ 779.895784][T13815] total_writeback 0 [ 779.899623][T13815] total_workingset_refault_anon 21714 [ 779.932167][T13815] total_workingset_refault_file 11104 [ 779.937611][T13815] total_swap 237568 [ 779.951910][T13815] total_swapcached 77824 [ 779.962078][T13815] total_pgpgin 587616 [ 779.966126][T13815] total_pgpgout 589654 [ 779.970240][T13815] total_pgfault 427598 [ 779.991948][T13815] total_pgmajfault 11069 [ 779.996260][T13815] total_inactive_anon 0 [ 780.000448][T13815] total_active_anon 0 [ 780.021925][T13815] total_inactive_file 0 [ 780.026152][T13815] total_active_file 0 [ 780.030176][T13815] total_unevictable 0 [ 780.052418][T13815] anon_cost 335 [ 780.055945][T13815] file_cost 0 [ 780.059263][T13815] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2176,pid=13815,uid=0 [ 780.106245][T13815] Memory cgroup out of memory: Killed process 13815 (syz.2.2176) total-vm:137112kB, anon-rss:1140kB, file-rss:22744kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 780.525273][T13829] FAULT_INJECTION: forcing a failure. [ 780.525273][T13829] name failslab, interval 1, probability 0, space 0, times 0 [ 780.592253][T13829] CPU: 1 UID: 0 PID: 13829 Comm: syz.2.2179 Not tainted syzkaller #0 PREEMPT(full) [ 780.592298][T13829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 780.592317][T13829] Call Trace: [ 780.592327][T13829] [ 780.592340][T13829] dump_stack_lvl+0x16c/0x1f0 [ 780.592384][T13829] should_fail_ex+0x512/0x640 [ 780.592434][T13829] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 780.592476][T13829] should_failslab+0xc2/0x120 [ 780.592520][T13829] kmem_cache_alloc_node_noprof+0x78/0x770 [ 780.592553][T13829] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 780.592605][T13829] ? alloc_unbound_pwq+0x3ff/0xe10 [ 780.592649][T13829] ? alloc_unbound_pwq+0x3ff/0xe10 [ 780.592680][T13829] alloc_unbound_pwq+0x3ff/0xe10 [ 780.592734][T13829] apply_wqattrs_prepare+0x3af/0xbd0 [ 780.592811][T13829] apply_workqueue_attrs_locked+0x64/0xe0 [ 780.592851][T13829] __alloc_workqueue+0xf3f/0x1810 [ 780.592908][T13829] alloc_workqueue_noprof+0xd2/0x200 [ 780.592953][T13829] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 780.593002][T13829] ? rcu_is_watching+0x12/0xc0 [ 780.593045][T13829] ? trace_kmalloc+0x2b/0xd0 [ 780.593087][T13829] ? __kmalloc_noprof+0x34f/0x880 [ 780.593140][T13829] ? ieee80211_register_hw+0x15c9/0x4120 [ 780.593200][T13829] ieee80211_register_hw+0x1f1a/0x4120 [ 780.593265][T13829] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 780.593314][T13829] ? __pfx___debug_object_init+0x10/0x10 [ 780.593364][T13829] ? find_held_lock+0x2b/0x80 [ 780.593400][T13829] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 780.593456][T13829] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 780.593503][T13829] ? __hrtimer_setup+0x176/0x280 [ 780.593558][T13829] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 780.593623][T13829] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 780.593676][T13829] hwsim_new_radio_nl+0xba2/0x1330 [ 780.593718][T13829] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 780.593769][T13829] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 780.593815][T13829] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 780.593870][T13829] genl_family_rcv_msg_doit+0x209/0x2f0 [ 780.593917][T13829] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 780.593976][T13829] ? bpf_lsm_capable+0x9/0x10 [ 780.594027][T13829] ? security_capable+0x7e/0x260 [ 780.594077][T13829] ? ns_capable+0xd7/0x110 [ 780.594116][T13829] genl_rcv_msg+0x55c/0x800 [ 780.594165][T13829] ? __pfx_genl_rcv_msg+0x10/0x10 [ 780.594220][T13829] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 780.594261][T13829] ? __lock_acquire+0x622/0x1c90 [ 780.594312][T13829] netlink_rcv_skb+0x158/0x420 [ 780.594347][T13829] ? __pfx_genl_rcv_msg+0x10/0x10 [ 780.594391][T13829] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 780.594446][T13829] ? netlink_deliver_tap+0x1ae/0xd30 [ 780.594486][T13829] genl_rcv+0x28/0x40 [ 780.594522][T13829] netlink_unicast+0x5aa/0x870 [ 780.594563][T13829] ? __pfx_netlink_unicast+0x10/0x10 [ 780.594615][T13829] netlink_sendmsg+0x8c8/0xdd0 [ 780.594658][T13829] ? __pfx_netlink_sendmsg+0x10/0x10 [ 780.594700][T13829] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 780.594752][T13829] ____sys_sendmsg+0xa98/0xc70 [ 780.594794][T13829] ? copy_msghdr_from_user+0x10a/0x160 [ 780.594824][T13829] ? __pfx_____sys_sendmsg+0x10/0x10 [ 780.594863][T13829] ? preempt_schedule_thunk+0x16/0x30 [ 780.594921][T13829] ? try_to_wake_up+0xa67/0x1870 [ 780.594961][T13829] ___sys_sendmsg+0x134/0x1d0 [ 780.594989][T13829] ? find_held_lock+0x2b/0x80 [ 780.595033][T13829] ? __pfx____sys_sendmsg+0x10/0x10 [ 780.595062][T13829] ? __lock_acquire+0x622/0x1c90 [ 780.595159][T13829] __sys_sendmsg+0x16d/0x220 [ 780.595193][T13829] ? __pfx___sys_sendmsg+0x10/0x10 [ 780.595224][T13829] ? __x64_sys_futex+0x1e0/0x4c0 [ 780.595295][T13829] do_syscall_64+0xcd/0xfa0 [ 780.595339][T13829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.595371][T13829] RIP: 0033:0x7f797618f749 [ 780.595397][T13829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 780.595428][T13829] RSP: 002b:00007f79770b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 780.595459][T13829] RAX: ffffffffffffffda RBX: 00007f79763e6090 RCX: 00007f797618f749 [ 780.595480][T13829] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 780.595499][T13829] RBP: 00007f7976213f91 R08: 0000000000000000 R09: 0000000000000000 [ 780.595518][T13829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.595536][T13829] R13: 00007f79763e6128 R14: 00007f79763e6090 R15: 00007ffcb7ced078 [ 780.595581][T13829] [ 781.983593][T13826] syz.2.2179 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 782.020306][T13826] CPU: 1 UID: 0 PID: 13826 Comm: syz.2.2179 Not tainted syzkaller #0 PREEMPT(full) [ 782.020344][T13826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 782.020360][T13826] Call Trace: [ 782.020368][T13826] [ 782.020379][T13826] dump_stack_lvl+0x16c/0x1f0 [ 782.020420][T13826] dump_header+0x101/0x930 [ 782.020454][T13826] oom_kill_process+0x272/0xa40 [ 782.020488][T13826] out_of_memory+0x350/0x1700 [ 782.020527][T13826] ? __pfx_out_of_memory+0x10/0x10 [ 782.020567][T13826] mem_cgroup_out_of_memory+0x118/0x130 [ 782.020622][T13826] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 782.020677][T13826] ? do_raw_spin_unlock+0x172/0x230 [ 782.020712][T13826] try_charge_memcg+0x695/0xd30 [ 782.020776][T13826] ? __pfx_try_charge_memcg+0x10/0x10 [ 782.020825][T13826] ? find_held_lock+0x2b/0x80 [ 782.020865][T13826] charge_memcg+0x8a/0x230 [ 782.020905][T13826] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 782.020955][T13826] __read_swap_cache_async+0x397/0x500 [ 782.020995][T13826] ? __pfx___read_swap_cache_async+0x10/0x10 [ 782.021028][T13826] ? stack_trace_save+0x8e/0xc0 [ 782.021078][T13826] swap_cluster_readahead+0x528/0x770 [ 782.021121][T13826] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 782.021180][T13826] ? lock_acquire+0x179/0x350 [ 782.021223][T13826] ? get_vma_policy+0x242/0x3c0 [ 782.021273][T13826] swapin_readahead+0x160/0x1180 [ 782.021320][T13826] ? __pfx_swapin_readahead+0x10/0x10 [ 782.021356][T13826] ? find_held_lock+0x2b/0x80 [ 782.021385][T13826] ? swap_cache_get_folio+0x267/0x8e0 [ 782.021414][T13826] ? swap_cache_get_folio+0x267/0x8e0 [ 782.021442][T13826] ? swap_cache_get_folio+0x267/0x8e0 [ 782.021476][T13826] ? swap_cache_get_folio+0x267/0x8e0 [ 782.021507][T13826] ? swap_cache_get_folio+0x1f/0x8e0 [ 782.021534][T13826] ? swap_cache_get_folio+0x293/0x8e0 [ 782.021566][T13826] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 782.021601][T13826] ? __pfx_get_swap_device+0x10/0x10 [ 782.021654][T13826] ? do_swap_page+0x125/0x6340 [ 782.021716][T13826] ? do_swap_page+0x86c/0x6340 [ 782.021754][T13826] do_swap_page+0x86c/0x6340 [ 782.021819][T13826] ? __pfx_do_swap_page+0x10/0x10 [ 782.021864][T13826] ? __pfx_default_wake_function+0x10/0x10 [ 782.021899][T13826] ? __lock_acquire+0x622/0x1c90 [ 782.021955][T13826] ? rcu_is_watching+0x12/0xc0 [ 782.021985][T13826] ? ___pte_offset_map+0x2ad/0x4f0 [ 782.022027][T13826] __handle_mm_fault+0x17d1/0x2aa0 [ 782.022085][T13826] ? __pfx___handle_mm_fault+0x10/0x10 [ 782.022137][T13826] ? lock_vma_under_rcu+0x176/0x530 [ 782.022196][T13826] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 782.022253][T13826] handle_mm_fault+0x589/0xd10 [ 782.022300][T13826] ? __pkru_allows_pkey+0x21/0xb0 [ 782.022349][T13826] do_user_addr_fault+0x60c/0x1370 [ 782.022381][T13826] ? rcu_is_watching+0x12/0xc0 [ 782.022416][T13826] exc_page_fault+0x64/0xc0 [ 782.022453][T13826] asm_exc_page_fault+0x26/0x30 [ 782.022480][T13826] RIP: 0033:0x7f79761461a9 [ 782.022520][T13826] Code: 44 24 20 48 89 44 24 28 48 89 4c 24 38 4c 89 44 24 40 48 89 5c 24 48 0f 29 44 24 50 e8 10 ac 04 00 83 f8 ff 0f 84 8f 00 00 00 <41> c6 06 01 45 84 ed 74 2a 41 80 3c 24 00 0f 84 b7 00 00 00 48 8b [ 782.022550][T13826] RSP: 002b:00007ffcb7cecf80 EFLAGS: 00010217 [ 782.022575][T13826] RAX: 0000000000000673 RBX: 00007f79770936c0 RCX: 00007f79761c3e89 [ 782.022601][T13826] RDX: 00007f79761462a0 RSI: 0000000000000058 RDI: 00007ffcb7cecf90 [ 782.022622][T13826] RBP: 00007ffcb7ced170 R08: 00007f79770936c0 R09: 00007ffcb7ced077 [ 782.022641][T13826] R10: 0000000000000008 R11: 0000000000000206 R12: 00007ffcb7ced076 [ 782.022660][T13826] R13: 0000000000000000 R14: 00007ffcb7ced077 R15: 00007ffcb7ced078 [ 782.022702][T13826] [ 782.462035][T13826] memory: usage 3068kB, limit 3072kB, failcnt 82456 [ 782.468692][T13826] memory+swap: usage 3340kB, limit 9007199254740988kB, failcnt 0 [ 782.482022][T13826] kmem: usage 3012kB, limit 9007199254740988kB, failcnt 0 [ 782.522121][T13826] Memory cgroup stats for /syz2: [ 782.522362][T13826] cache 0 [ 782.530300][T13826] rss 4096 [ 782.562025][T13826] rss_huge 0 [ 782.565346][T13826] shmem 0 [ 782.568308][T13826] mapped_file 0 [ 782.609053][T13826] dirty 0 [ 782.615144][T13826] writeback 0 [ 782.618486][T13826] workingset_refault_anon 21745 [ 782.783370][T13826] workingset_refault_file 11104 [ 782.788290][T13826] swap 282624 [ 782.791601][T13826] swapcached 49152 [ 782.828484][T13826] pgpgin 587687 [ 782.838619][T13826] pgpgout 589732 [ 782.851883][T13826] pgfault 427790 [ 782.866679][T13826] pgmajfault 11100 [ 782.870427][T13826] inactive_anon 45056 [ 782.911746][T13826] active_anon 0 [ 782.915928][T13826] inactive_file 0 [ 782.919575][T13826] active_file 0 [ 782.958940][T13826] unevictable 0 [ 782.962785][T13826] hierarchical_memory_limit 3145728 [ 782.968017][T13826] hierarchical_memsw_limit 9223372036854771712 [ 783.031679][T13826] total_cache 0 [ 783.041909][T13826] total_rss 4096 [ 783.045530][T13826] total_rss_huge 0 [ 783.061949][T13826] total_shmem 0 [ 783.065508][T13826] total_mapped_file 0 [ 783.069529][T13826] total_dirty 0 [ 783.101963][T13826] total_writeback 0 [ 783.118617][T13826] total_workingset_refault_anon 21745 [ 783.131967][T13826] total_workingset_refault_file 11104 [ 783.142116][T13826] total_swap 282624 [ 783.145977][T13826] total_swapcached 49152 [ 783.161968][T13826] total_pgpgin 587687 [ 783.166010][T13826] total_pgpgout 589732 [ 783.181958][T13826] total_pgfault 427790 [ 783.186115][T13826] total_pgmajfault 11100 [ 783.190385][T13826] total_inactive_anon 45056 [ 783.231944][T13826] total_active_anon 0 [ 783.236018][T13826] total_inactive_file 0 [ 783.240209][T13826] total_active_file 0 [ 783.245142][T13826] total_unevictable 0 [ 783.249194][T13826] anon_cost 165 [ 783.253615][T13826] file_cost 0 [ 783.257108][T13826] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2179,pid=13826,uid=0 [ 783.295479][T13826] Memory cgroup out of memory: Killed process 13826 (syz.2.2179) total-vm:104404kB, anon-rss:1268kB, file-rss:23328kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 783.851455][T13830] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 784.680679][T13840] Invalid ELF header magic: != ELF [ 784.723391][T13852] FAULT_INJECTION: forcing a failure. [ 784.723391][T13852] name failslab, interval 1, probability 0, space 0, times 0 [ 784.768722][T13852] CPU: 0 UID: 0 PID: 13852 Comm: syz.5.2184 Not tainted syzkaller #0 PREEMPT(full) [ 784.768756][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 784.768771][T13852] Call Trace: [ 784.768785][T13852] [ 784.768794][T13852] dump_stack_lvl+0x16c/0x1f0 [ 784.768829][T13852] should_fail_ex+0x512/0x640 [ 784.768866][T13852] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 784.768893][T13852] should_failslab+0xc2/0x120 [ 784.768936][T13852] kmem_cache_alloc_noprof+0x75/0x6e0 [ 784.768958][T13852] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 784.768998][T13852] ? mas_preallocate+0xe6a/0x11f0 [ 784.769035][T13852] ? mas_preallocate+0xe6a/0x11f0 [ 784.769064][T13852] mas_preallocate+0xe6a/0x11f0 [ 784.769110][T13852] ? __pfx_mas_preallocate+0x10/0x10 [ 784.769140][T13852] ? rcu_is_watching+0x12/0xc0 [ 784.769175][T13852] ? anon_vma_name+0x81/0x2f0 [ 784.769214][T13852] __split_vma+0x34a/0x1070 [ 784.769245][T13852] ? __pfx___split_vma+0x10/0x10 [ 784.769274][T13852] ? __pfx_mas_prev+0x10/0x10 [ 784.769313][T13852] vms_gather_munmap_vmas+0x3aa/0x1340 [ 784.769341][T13852] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 784.769370][T13852] ? find_held_lock+0x2b/0x80 [ 784.769400][T13852] ? lock_acquire+0x179/0x350 [ 784.769445][T13852] do_vmi_align_munmap+0x286/0x7e0 [ 784.769470][T13852] ? rcu_is_watching+0x12/0xc0 [ 784.769496][T13852] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 784.769519][T13852] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 784.769590][T13852] do_vmi_munmap+0x204/0x3e0 [ 784.769623][T13852] do_munmap+0xb6/0xf0 [ 784.769655][T13852] ? __pfx_do_munmap+0x10/0x10 [ 784.769694][T13852] ? may_expand_vm+0xe8/0x430 [ 784.769734][T13852] mremap_to+0x236/0x450 [ 784.769768][T13852] do_mremap+0xd89/0x2020 [ 784.769794][T13852] ? futex_private_hash_put+0xd5/0x190 [ 784.769827][T13852] ? futex_wait+0x120/0x380 [ 784.769847][T13852] ? __pfx_futex_wait+0x10/0x10 [ 784.769868][T13852] ? __pfx_do_mremap+0x10/0x10 [ 784.769917][T13852] __do_sys_mremap+0x119/0x170 [ 784.769941][T13852] ? __pfx___do_sys_mremap+0x10/0x10 [ 784.769973][T13852] ? __x64_sys_futex+0x1e0/0x4c0 [ 784.770033][T13852] do_syscall_64+0xcd/0xfa0 [ 784.770065][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.770089][T13852] RIP: 0033:0x7fb69a38f749 [ 784.770108][T13852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.770131][T13852] RSP: 002b:00007fb69b190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 784.770161][T13852] RAX: ffffffffffffffda RBX: 00007fb69a5e6180 RCX: 00007fb69a38f749 [ 784.770176][T13852] RDX: 0000000000000101 RSI: 0000000000000000 RDI: 000000110c230000 [ 784.770190][T13852] RBP: 00007fb69a413f91 R08: 0000000000000000 R09: 0000000000000000 [ 784.770204][T13852] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 784.770218][T13852] R13: 00007fb69a5e6218 R14: 00007fb69a5e6180 R15: 00007ffe7304a038 [ 784.770249][T13852] [ 785.505799][T13858] netlink: 'syz.3.2188': attribute type 2 has an invalid length. [ 785.871615][T13864] Console: switching to colour VGA+ 80x25 [ 787.428981][T13874] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 787.436092][T13874] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 787.442269][T13874] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 788.825530][T13898] syz.2.2199 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 788.851933][T13898] CPU: 1 UID: 0 PID: 13898 Comm: syz.2.2199 Not tainted syzkaller #0 PREEMPT(full) [ 788.851977][T13898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 788.851996][T13898] Call Trace: [ 788.852006][T13898] [ 788.852018][T13898] dump_stack_lvl+0x16c/0x1f0 [ 788.852065][T13898] dump_header+0x101/0x930 [ 788.852103][T13898] oom_kill_process+0x272/0xa40 [ 788.852140][T13898] out_of_memory+0x350/0x1700 [ 788.852184][T13898] ? __pfx_out_of_memory+0x10/0x10 [ 788.852228][T13898] mem_cgroup_out_of_memory+0x118/0x130 [ 788.852280][T13898] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 788.852351][T13898] ? do_raw_spin_unlock+0x172/0x230 [ 788.852389][T13898] try_charge_memcg+0x695/0xd30 [ 788.852441][T13898] ? __pfx_try_charge_memcg+0x10/0x10 [ 788.852482][T13898] ? find_held_lock+0x2b/0x80 [ 788.852516][T13898] ? rcu_read_unlock+0x17/0x60 [ 788.852570][T13898] obj_cgroup_charge_account+0x292/0x500 [ 788.852618][T13898] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 788.852669][T13898] ? kasan_unpoison+0x27/0x60 [ 788.852708][T13898] __kmalloc_node_track_caller_noprof+0x698/0x8a0 [ 788.852769][T13898] ? __pfx___register_sysctl_table+0x10/0x10 [ 788.852818][T13898] ? __devinet_sysctl_register+0xbc/0x360 [ 788.852873][T13898] ? kmemdup_noprof+0x29/0x60 [ 788.852907][T13898] kmemdup_noprof+0x29/0x60 [ 788.852944][T13898] __devinet_sysctl_register+0xbc/0x360 [ 788.852991][T13898] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 788.853025][T13898] ? inetdev_init+0x245/0x5a0 [ 788.853066][T13898] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 788.853117][T13898] ? copy_net_ns+0x2f8/0x690 [ 788.853153][T13898] ? create_new_namespaces+0x3ea/0xa90 [ 788.853187][T13898] ? unshare_nsproxy_namespaces+0xc0/0x1f0 [ 788.853224][T13898] ? ksys_unshare+0x45b/0xa40 [ 788.853267][T13898] ? __x64_sys_unshare+0x31/0x40 [ 788.853308][T13898] ? do_syscall_64+0xcd/0xfa0 [ 788.853353][T13898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.853393][T13898] devinet_sysctl_register+0x17b/0x200 [ 788.853441][T13898] inetdev_init+0x2b8/0x5a0 [ 788.853486][T13898] inetdev_event+0xc5f/0x18a0 [ 788.853534][T13898] ? ib_netdevice_event+0xfc/0x330 [ 788.853567][T13898] ? __pfx_inetdev_event+0x10/0x10 [ 788.853612][T13898] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 788.853676][T13898] notifier_call_chain+0xbc/0x410 [ 788.853717][T13898] ? __pfx_inetdev_event+0x10/0x10 [ 788.853770][T13898] call_netdevice_notifiers_info+0xbe/0x140 [ 788.853815][T13898] register_netdevice+0x182e/0x2270 [ 788.853862][T13898] ? __pfx_register_netdevice+0x10/0x10 [ 788.853913][T13898] __ip_tunnel_create+0x540/0x6e0 [ 788.853956][T13898] ? __pfx___ip_tunnel_create+0x10/0x10 [ 788.854020][T13898] ip_tunnel_init_net+0x22f/0x7d0 [ 788.854077][T13898] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 788.854129][T13898] ? ops_init+0x77/0x5f0 [ 788.854164][T13898] ? __pfx_ipgre_init_net+0x10/0x10 [ 788.854196][T13898] ops_init+0x1e2/0x5f0 [ 788.854232][T13898] setup_net+0x100/0x390 [ 788.854266][T13898] ? __pfx_setup_net+0x10/0x10 [ 788.854302][T13898] ? debug_mutex_init+0x37/0x70 [ 788.854348][T13898] copy_net_ns+0x2f8/0x690 [ 788.854390][T13898] create_new_namespaces+0x3ea/0xa90 [ 788.854436][T13898] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 788.854478][T13898] ksys_unshare+0x45b/0xa40 [ 788.854521][T13898] ? __pfx_ksys_unshare+0x10/0x10 [ 788.854564][T13898] ? xfd_validate_state+0x61/0x180 [ 788.854621][T13898] __x64_sys_unshare+0x31/0x40 [ 788.854663][T13898] do_syscall_64+0xcd/0xfa0 [ 788.854704][T13898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.854736][T13898] RIP: 0033:0x7f797618f749 [ 788.854761][T13898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 788.854792][T13898] RSP: 002b:00007f79770d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 788.854823][T13898] RAX: ffffffffffffffda RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 788.854843][T13898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 788.854861][T13898] RBP: 00007f7976213f91 R08: 0000000000000000 R09: 0000000000000000 [ 788.854879][T13898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.854898][T13898] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 788.854942][T13898] [ 788.854954][T13898] memory: usage 3072kB, limit 3072kB, failcnt 83427 [ 789.314130][T12539] Bluetooth: hci0: command 0x0c1a tx timeout [ 789.441877][T13898] memory+swap: usage 3276kB, limit 9007199254740988kB, failcnt 0 [ 789.474449][T12539] Bluetooth: hci5: command 0x0c1a tx timeout [ 789.480558][T12539] Bluetooth: hci3: command 0x0c1a tx timeout [ 789.522680][T13898] kmem: usage 2964kB, limit 9007199254740988kB, failcnt 0 [ 789.529895][T13898] Memory cgroup stats for /syz2: [ 789.530246][T13898] cache 0 [ 789.651926][T13898] rss 0 [ 789.654765][T13898] rss_huge 0 [ 789.658011][T13898] shmem 0 [ 789.660989][T13898] mapped_file 0 [ 789.724105][T13898] dirty 0 [ 789.727178][T13898] writeback 0 [ 789.730495][T13898] workingset_refault_anon 22239 [ 789.842014][T13898] workingset_refault_file 11135 [ 789.846941][T13898] swap 225280 [ 789.850252][T13898] swapcached 94208 [ 789.865455][T13898] pgpgin 588585 [ 789.890078][T13898] pgpgout 590620 [ 789.900903][T13898] pgfault 428980 [ 789.925000][T13898] pgmajfault 11475 [ 789.943561][T13898] inactive_anon 94208 [ 789.947616][T13898] active_anon 0 [ 789.951098][T13898] inactive_file 0 [ 790.101942][T13898] active_file 0 [ 790.105478][T13898] unevictable 0 [ 790.108961][T13898] hierarchical_memory_limit 3145728 [ 790.192007][T13898] hierarchical_memsw_limit 9223372036854771712 [ 790.198246][T13898] total_cache 0 [ 790.212250][T13898] total_rss 0 [ 790.215617][T13898] total_rss_huge 0 [ 790.219365][T13898] total_shmem 0 [ 790.232339][T13898] total_mapped_file 0 [ 790.236379][T13898] total_dirty 0 [ 790.239863][T13898] total_writeback 0 [ 790.261881][T13898] total_workingset_refault_anon 22239 [ 790.267329][T13898] total_workingset_refault_file 11135 [ 790.291889][T13898] total_swap 225280 [ 790.295756][T13898] total_swapcached 94208 [ 790.300035][T13898] total_pgpgin 588585 [ 790.306080][T13898] total_pgpgout 590620 [ 790.310206][T13898] total_pgfault 428980 [ 790.322401][T13898] total_pgmajfault 11475 [ 790.326683][T13898] total_inactive_anon 94208 [ 790.331197][T13898] total_active_anon 0 [ 790.352000][T13898] total_inactive_file 0 [ 790.356212][T13898] total_active_file 0 [ 790.360218][T13898] total_unevictable 0 [ 790.371864][T13898] anon_cost 148 [ 790.375377][T13898] file_cost 0 [ 790.378706][T13898] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2199,pid=13897,uid=0 [ 790.414936][T13898] Memory cgroup out of memory: Killed process 13897 (syz.2.2199) total-vm:102360kB, anon-rss:1140kB, file-rss:22720kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 792.213668][T13920] Invalid ELF header magic: != ELF [ 792.955883][T13914] syz.2.2201 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 792.996645][T13914] CPU: 0 UID: 0 PID: 13914 Comm: syz.2.2201 Not tainted syzkaller #0 PREEMPT(full) [ 792.996691][T13914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 792.996710][T13914] Call Trace: [ 792.996721][T13914] [ 792.996733][T13914] dump_stack_lvl+0x16c/0x1f0 [ 792.996816][T13914] dump_header+0x101/0x930 [ 792.996853][T13914] oom_kill_process+0x272/0xa40 [ 792.996892][T13914] out_of_memory+0x350/0x1700 [ 792.996943][T13914] ? __pfx_out_of_memory+0x10/0x10 [ 792.996989][T13914] mem_cgroup_out_of_memory+0x118/0x130 [ 792.997044][T13914] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 792.997105][T13914] ? do_raw_spin_unlock+0x172/0x230 [ 792.997144][T13914] try_charge_memcg+0x695/0xd30 [ 792.997196][T13914] ? __pfx_try_charge_memcg+0x10/0x10 [ 792.997238][T13914] ? find_held_lock+0x2b/0x80 [ 792.997272][T13914] ? rcu_read_unlock+0x17/0x60 [ 792.997328][T13914] obj_cgroup_charge_account+0x292/0x500 [ 792.997378][T13914] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 792.997433][T13914] ? kasan_unpoison+0x27/0x60 [ 792.997473][T13914] __kmalloc_node_track_caller_noprof+0x698/0x8a0 [ 792.997516][T13914] ? __addrconf_sysctl_register+0xbb/0x360 [ 792.997569][T13914] ? kmemdup_noprof+0x29/0x60 [ 792.997601][T13914] kmemdup_noprof+0x29/0x60 [ 792.997637][T13914] __addrconf_sysctl_register+0xbb/0x360 [ 792.997685][T13914] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 792.997738][T13914] ? __asan_memcpy+0x3c/0x60 [ 792.997776][T13914] addrconf_init_net+0x50c/0x8e0 [ 792.997821][T13914] ? __pfx_addrconf_init_net+0x10/0x10 [ 792.997862][T13914] ops_init+0x1e2/0x5f0 [ 792.997902][T13914] setup_net+0x100/0x390 [ 792.997944][T13914] ? __pfx_setup_net+0x10/0x10 [ 792.997994][T13914] ? debug_mutex_init+0x37/0x70 [ 792.998040][T13914] copy_net_ns+0x2f8/0x690 [ 792.998083][T13914] create_new_namespaces+0x3ea/0xa90 [ 792.998130][T13914] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 792.998171][T13914] ksys_unshare+0x45b/0xa40 [ 792.998214][T13914] ? __pfx_ksys_unshare+0x10/0x10 [ 792.998272][T13914] __x64_sys_unshare+0x31/0x40 [ 792.998313][T13914] do_syscall_64+0xcd/0xfa0 [ 792.998356][T13914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.998389][T13914] RIP: 0033:0x7f797618f749 [ 792.998415][T13914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.998447][T13914] RSP: 002b:00007f79770d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 792.998477][T13914] RAX: ffffffffffffffda RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 792.998498][T13914] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 792.998516][T13914] RBP: 00007f7976213f91 R08: 0000000000000000 R09: 0000000000000000 [ 792.998536][T13914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.998555][T13914] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 792.998599][T13914] [ 792.998611][T13914] memory: usage 3064kB, limit 3072kB, failcnt 83889 [ 793.331919][T13914] memory+swap: usage 3228kB, limit 9007199254740988kB, failcnt 0 [ 793.417159][T13914] kmem: usage 2904kB, limit 9007199254740988kB, failcnt 0 [ 793.452037][T13914] Memory cgroup stats for /syz2: [ 793.452261][T13914] cache 0 [ 793.476950][T13914] rss 8192 [ 793.480057][T13914] rss_huge 0 [ 793.534325][T13914] shmem 0 [ 793.537646][T13914] mapped_file 0 [ 793.541166][T13914] dirty 0 [ 793.567304][T13914] writeback 0 [ 793.570673][T13914] workingset_refault_anon 22397 [ 793.581924][T13914] workingset_refault_file 11135 [ 793.586862][T13914] swap 196608 [ 793.590176][T13914] swapcached 131072 [ 793.621925][T13914] pgpgin 588785 [ 793.625460][T13914] pgpgout 590810 [ 793.643763][T13914] pgfault 429327 [ 793.647387][T13914] pgmajfault 11575 [ 793.651139][T13914] inactive_anon 61440 [ 793.681898][T13914] active_anon 73728 [ 793.685784][T13914] inactive_file 0 [ 793.689446][T13914] active_file 0 [ 793.721893][T13914] unevictable 0 [ 793.725432][T13914] hierarchical_memory_limit 3145728 [ 793.730672][T13914] hierarchical_memsw_limit 9223372036854771712 [ 793.781919][T13914] total_cache 0 [ 793.785452][T13914] total_rss 8192 [ 793.789029][T13914] total_rss_huge 0 [ 793.825970][T13914] total_shmem 0 [ 793.829544][T13914] total_mapped_file 0 [ 793.863157][T13914] total_dirty 0 [ 793.866690][T13914] total_writeback 0 [ 793.901928][T13914] total_workingset_refault_anon 22397 [ 793.918661][T13914] total_workingset_refault_file 11135 [ 793.938763][T13914] total_swap 196608 [ 793.955930][T13914] total_swapcached 131072 [ 793.960330][T13914] total_pgpgin 588785 [ 793.992176][T13914] total_pgpgout 590810 [ 793.996323][T13914] total_pgfault 429327 [ 794.000420][T13914] total_pgmajfault 11575 [ 794.046224][T13914] total_inactive_anon 61440 [ 794.072122][T13914] total_active_anon 73728 [ 794.077180][T13914] total_inactive_file 0 [ 794.081375][T13914] total_active_file 0 [ 794.112092][T13914] total_unevictable 0 [ 794.131949][T13914] anon_cost 189 [ 794.135524][T13914] file_cost 0 [ 794.138848][T13914] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2201,pid=13912,uid=0 [ 794.223631][T13914] Memory cgroup out of memory: Killed process 13912 (syz.2.2201) total-vm:137244kB, anon-rss:1132kB, file-rss:22996kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 794.876191][T13929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2202'. [ 795.116811][ T10] Process accounting resumed [ 798.735550][T13950] syz.2.2213 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 798.841886][T13950] CPU: 1 UID: 0 PID: 13950 Comm: syz.2.2213 Not tainted syzkaller #0 PREEMPT(full) [ 798.841928][T13950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 798.841949][T13950] Call Trace: [ 798.841962][T13950] [ 798.841975][T13950] dump_stack_lvl+0x16c/0x1f0 [ 798.842020][T13950] dump_header+0x101/0x930 [ 798.842057][T13950] oom_kill_process+0x272/0xa40 [ 798.842095][T13950] out_of_memory+0x350/0x1700 [ 798.842138][T13950] ? __pfx_out_of_memory+0x10/0x10 [ 798.842184][T13950] mem_cgroup_out_of_memory+0x118/0x130 [ 798.842249][T13950] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 798.842313][T13950] ? do_raw_spin_unlock+0x172/0x230 [ 798.842353][T13950] try_charge_memcg+0x695/0xd30 [ 798.842405][T13950] ? __pfx_try_charge_memcg+0x10/0x10 [ 798.842448][T13950] ? find_held_lock+0x2b/0x80 [ 798.842483][T13950] ? rcu_read_unlock+0x17/0x60 [ 798.842539][T13950] obj_cgroup_charge_account+0x292/0x500 [ 798.842591][T13950] __memcg_slab_post_alloc_hook+0x2ea/0x940 [ 798.842643][T13950] ? kasan_unpoison+0x27/0x60 [ 798.842683][T13950] __kmalloc_node_track_caller_noprof+0x698/0x8a0 [ 798.842724][T13950] ? is_module_address+0x69/0xf0 [ 798.842790][T13950] ? __addrconf_sysctl_register+0xbb/0x360 [ 798.842842][T13950] ? kmemdup_noprof+0x29/0x60 [ 798.842877][T13950] kmemdup_noprof+0x29/0x60 [ 798.842915][T13950] __addrconf_sysctl_register+0xbb/0x360 [ 798.842964][T13950] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 798.843013][T13950] ? lockdep_init_map_type+0x5c/0x280 [ 798.843060][T13950] ? mld_in_v1_mode+0x2b2/0x3a0 [ 798.843116][T13950] addrconf_sysctl_register+0x15f/0x1f0 [ 798.843163][T13950] ipv6_add_dev+0xb31/0x15f0 [ 798.843210][T13950] addrconf_notify+0x53e/0x19e0 [ 798.843270][T13950] ? ip6mr_device_event+0x1bc/0x230 [ 798.843311][T13950] notifier_call_chain+0xbc/0x410 [ 798.843354][T13950] ? __pfx_addrconf_notify+0x10/0x10 [ 798.843417][T13950] call_netdevice_notifiers_info+0xbe/0x140 [ 798.843468][T13950] register_netdevice+0x182e/0x2270 [ 798.843518][T13950] ? __pfx_register_netdevice+0x10/0x10 [ 798.843568][T13950] ? __pfx_loopback_net_init+0x10/0x10 [ 798.843609][T13950] register_netdev+0x34/0x50 [ 798.843648][T13950] loopback_net_init+0x7a/0x170 [ 798.843690][T13950] ? __pfx_loopback_net_init+0x10/0x10 [ 798.843728][T13950] ops_init+0x1e2/0x5f0 [ 798.843770][T13950] setup_net+0x100/0x390 [ 798.843806][T13950] ? __pfx_setup_net+0x10/0x10 [ 798.843845][T13950] ? debug_mutex_init+0x37/0x70 [ 798.843886][T13950] copy_net_ns+0x2f8/0x690 [ 798.843931][T13950] create_new_namespaces+0x3ea/0xa90 [ 798.843981][T13950] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 798.844041][T13950] ksys_unshare+0x45b/0xa40 [ 798.844085][T13950] ? __pfx_ksys_unshare+0x10/0x10 [ 798.844131][T13950] ? xfd_validate_state+0x61/0x180 [ 798.844193][T13950] __x64_sys_unshare+0x31/0x40 [ 798.844263][T13950] do_syscall_64+0xcd/0xfa0 [ 798.844309][T13950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.844343][T13950] RIP: 0033:0x7f797618f749 [ 798.844370][T13950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 798.844402][T13950] RSP: 002b:00007f79770d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 798.844434][T13950] RAX: ffffffffffffffda RBX: 00007f79763e5fa0 RCX: 00007f797618f749 [ 798.844456][T13950] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 798.844476][T13950] RBP: 00007f7976213f91 R08: 0000000000000000 R09: 0000000000000000 [ 798.844497][T13950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.844517][T13950] R13: 00007f79763e6038 R14: 00007f79763e5fa0 R15: 00007ffcb7ced078 [ 798.844565][T13950] [ 798.844578][T13950] memory: usage 3072kB, limit 3072kB, failcnt 84752 [ 799.251900][T13950] memory+swap: usage 3556kB, limit 9007199254740988kB, failcnt 0 [ 799.259689][T13950] kmem: usage 2968kB, limit 9007199254740988kB, failcnt 0 [ 799.301916][T13950] Memory cgroup stats for /syz2: [ 799.302140][T13950] cache 0 [ 799.310088][T13950] rss 0 [ 799.322303][T13950] rss_huge 0 [ 799.325558][T13950] shmem 0 [ 799.328522][T13950] mapped_file 0 [ 799.351883][T13950] dirty 0 [ 799.361888][T13950] writeback 0 [ 799.365275][T13950] workingset_refault_anon 22777 [ 799.370152][T13950] workingset_refault_file 11135 [ 799.423509][T13950] swap 499712 [ 799.432294][T13950] swapcached 90112 [ 799.436088][T13950] pgpgin 589269 [ 799.439581][T13950] pgpgout 591305 [ 799.472083][T13950] pgfault 429959 [ 799.475706][T13950] pgmajfault 11905 [ 799.496420][T13950] inactive_anon 90112 [ 799.501079][T13950] active_anon 0 [ 799.550013][T13950] inactive_file 0 [ 799.562726][T13950] active_file 0 [ 799.576631][T13950] unevictable 0 [ 799.580158][T13950] hierarchical_memory_limit 3145728 [ 799.616097][T13950] hierarchical_memsw_limit 9223372036854771712 [ 799.637709][T13950] total_cache 0 [ 799.641328][T13950] total_rss 0 [ 799.671897][T13950] total_rss_huge 0 [ 799.675686][T13950] total_shmem 0 [ 799.679174][T13950] total_mapped_file 0 [ 799.722064][T13950] total_dirty 0 [ 799.725594][T13950] total_writeback 0 [ 799.762444][T13950] total_workingset_refault_anon 22777 [ 799.767878][T13950] total_workingset_refault_file 11135 [ 799.821882][T13950] total_swap 499712 [ 799.825758][T13950] total_swapcached 90112 [ 799.852009][T13950] total_pgpgin 589269 [ 799.856070][T13950] total_pgpgout 591305 [ 799.860175][T13950] total_pgfault 429959 [ 799.921970][T13950] total_pgmajfault 11905 [ 799.926316][T13950] total_inactive_anon 90112 [ 799.930829][T13950] total_active_anon 0 [ 799.942419][T13950] total_inactive_file 0 [ 799.946635][T13950] total_active_file 0 [ 799.950671][T13950] total_unevictable 0 [ 799.962531][T13950] anon_cost 137 [ 799.966080][T13950] file_cost 0 [ 799.969391][T13950] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2213,pid=13948,uid=0 [ 800.002022][T13950] Memory cgroup out of memory: Killed process 13948 (syz.2.2213) total-vm:104472kB, anon-rss:1140kB, file-rss:23372kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 802.118526][ T32] oom_reaper: reaped process 13948 (syz.2.2213), now anon-rss:44kB, file-rss:22316kB, shmem-rss:0kB [ 805.990372][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2228'. [ 808.912490][ T31] INFO: task kworker/u10:1:12540 blocked for more than 143 seconds. [ 808.920552][ T31] Not tainted syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 808.962542][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 808.998047][ T31] task:kworker/u10:1 state:D stack:24872 pid:12540 tgid:12540 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 809.142409][ T31] Workqueue: netns cleanup_net [ 809.171096][ T31] Call Trace: [ 809.182886][ T31] [ 809.191865][ T31] __schedule+0x1190/0x5de0 [ 809.217195][ T31] ? __lock_acquire+0x622/0x1c90 [ 809.247634][ T31] ? __pfx___schedule+0x10/0x10 [ 809.278056][ T31] ? find_held_lock+0x2b/0x80 [ 809.302012][ T31] ? schedule+0x2d7/0x3a0 [ 809.306400][ T31] schedule+0xe7/0x3a0 [ 809.355015][ T31] schedule_timeout+0x257/0x290 [ 809.359922][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 809.416552][ T31] ? mark_held_locks+0x49/0x80 [ 809.421379][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 809.476474][ T31] __wait_for_common+0x2fc/0x4e0 [ 809.522059][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 809.542068][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 809.547676][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 809.622049][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 809.627953][ T31] __flush_workqueue+0x3e2/0x1230 [ 809.661934][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 809.667816][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 809.729763][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 809.782085][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 809.787652][ T31] rds_tcp_listen_stop+0x104/0x150 [ 809.831899][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 809.841005][ T31] rds_tcp_exit_net+0xcb/0x810 [ 809.851935][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 809.857393][ T31] ? __pfx___might_resched+0x10/0x10 [ 809.862824][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 809.868246][ T31] ops_undo_list+0x2ee/0xab0 [ 809.872941][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 809.878113][ T31] ? cleanup_net+0x347/0x8b0 [ 809.882802][ T31] ? idr_destroy+0x62/0x2e0 [ 809.887351][ T31] cleanup_net+0x41b/0x8b0 [ 809.891865][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 809.896862][ T31] ? rcu_is_watching+0x12/0xc0 [ 809.901673][ T31] process_one_work+0x9cf/0x1b70 [ 809.906734][ T31] ? __pfx_process_one_work+0x10/0x10 [ 809.912231][ T31] ? assign_work+0x1a0/0x250 [ 809.916907][ T31] worker_thread+0x6c8/0xf10 [ 809.921555][ T31] ? __pfx_worker_thread+0x10/0x10 [ 809.927039][ T31] kthread+0x3c5/0x780 [ 809.931192][ T31] ? __pfx_kthread+0x10/0x10 [ 809.935918][ T31] ? rcu_is_watching+0x12/0xc0 [ 809.940849][ T31] ? __pfx_kthread+0x10/0x10 [ 809.946449][ T31] ret_from_fork+0x675/0x7d0 [ 809.951102][ T31] ? __pfx_kthread+0x10/0x10 [ 809.991843][ T31] ret_from_fork_asm+0x1a/0x30 [ 810.032510][ T31] [ 810.058449][ T31] INFO: task syz.0.1856:12594 blocked for more than 144 seconds. [ 810.161844][ T31] Not tainted syzkaller #0 [ 810.166858][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 810.201905][ T31] task:syz.0.1856 state:D stack:24456 pid:12594 tgid:12593 ppid:5827 task_flags:0x400140 flags:0x00080003 [ 810.248726][ T31] Call Trace: [ 810.273392][ T31] [ 810.276407][ T31] __schedule+0x1190/0x5de0 [ 810.280986][ T31] ? __lock_acquire+0x622/0x1c90 [ 810.311976][ T31] ? __pfx___schedule+0x10/0x10 [ 810.316930][ T31] ? find_held_lock+0x2b/0x80 [ 810.321647][ T31] ? schedule+0x2d7/0x3a0 [ 810.332414][ T31] schedule+0xe7/0x3a0 [ 810.336562][ T31] schedule_timeout+0x257/0x290 [ 810.341454][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 810.373128][ T31] ? mark_held_locks+0x49/0x80 [ 810.378006][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 810.392251][ T31] __wait_for_common+0x2fc/0x4e0 [ 810.397279][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 810.421895][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 810.427466][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 810.451950][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 810.459456][ T31] __flush_workqueue+0x3e2/0x1230 [ 810.472198][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 810.477764][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 810.493299][ T31] ? release_sock+0x21/0x220 [ 810.497983][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 810.522025][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 810.527408][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 810.552298][ T31] rds_tcp_listen_stop+0x104/0x150 [ 810.557537][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 810.570000][ T31] rds_tcp_exit_net+0xcb/0x810 [ 810.582144][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 810.587766][ T31] ? __pfx___might_resched+0x10/0x10 [ 810.606930][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 810.618051][ T31] ops_undo_list+0x2ee/0xab0 [ 810.641888][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 810.647088][ T31] ? ops_init+0x2f0/0x5f0 [ 810.651477][ T31] ? ops_init+0x2fa/0x5f0 [ 810.662650][ T31] setup_net+0x1e2/0x390 [ 810.666999][ T31] ? __pfx_setup_net+0x10/0x10 [ 810.681871][ T31] ? debug_mutex_init+0x37/0x70 [ 810.686820][ T31] copy_net_ns+0x2f8/0x690 [ 810.691298][ T31] create_new_namespaces+0x3ea/0xa90 [ 810.712389][ T31] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 810.718130][ T31] ksys_unshare+0x45b/0xa40 [ 810.752297][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 810.757442][ T31] ? xfd_validate_state+0x61/0x180 [ 810.763091][ T31] __x64_sys_unshare+0x31/0x40 [ 810.769028][ T31] do_syscall_64+0xcd/0xfa0 [ 810.781856][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.787842][ T31] RIP: 0033:0x7fa80618f749 [ 810.803847][ T31] RSP: 002b:00007fa8070b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 810.822499][ T31] RAX: ffffffffffffffda RBX: 00007fa8063e5fa0 RCX: 00007fa80618f749 [ 810.830546][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 810.851929][ T31] RBP: 00007fa806213f91 R08: 0000000000000000 R09: 0000000000000000 [ 810.859989][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 810.881848][ T31] R13: 00007fa8063e6038 R14: 00007fa8063e5fa0 R15: 00007ffc123e4ef8 [ 810.889924][ T31] [ 810.932282][ T31] [ 810.932282][ T31] Showing all locks held in the system: [ 810.940140][ T31] 1 lock held by khungtaskd/31: [ 810.981935][ T31] #0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 811.001983][ T31] 2 locks held by getty/5589: [ 811.006731][ T31] #0: ffff8880346a40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 811.062402][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 811.075629][ T31] 1 lock held by syz.2.1695/11983: [ 811.080802][ T31] 3 locks held by kworker/u10:1/12540: [ 811.111863][ T31] #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 811.151870][ T31] #1: ffffc9000e57fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 811.171861][ T31] #2: ffffffff900d4fd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 [ 811.196061][ T31] 1 lock held by syz.0.1856/12594: [ 811.201242][ T31] #0: ffffffff900d4fd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 811.231886][ T31] 1 lock held by syz.4.1980/13072: [ 811.237075][ T31] #0: ffffffff900d4fd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 811.272228][ T31] 1 lock held by syz.1.2161/13734: [ 811.278417][ T31] 2 locks held by syz.5.2196/13888: [ 811.321939][ T31] 2 locks held by syz.5.2198/13896: [ 811.327210][ T31] 3 locks held by syz.5.2208/13903: [ 811.351911][ T31] 2 locks held by syz.5.2206/13939: [ 811.357191][ T31] 1 lock held by syz.3.2207/13942: [ 811.371917][ T31] 1 lock held by syz.3.2215/13962: [ 811.377089][ T31] 1 lock held by syz.3.2220/13977: [ 811.402301][ T31] #0: ffffffff8e3cfb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 811.431927][ T31] 5 locks held by syz.5.2228/14013: [ 811.437196][ T31] #0: ffff88805b44c148 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270 [ 811.481837][ T31] #1: ffffffff9018ce30 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x53/0xa0 [ 811.511921][ T31] #2: ffffffff900eb408 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x4d/0x3a0 [ 811.547061][ T31] #3: ffff88803c508788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x740 [ 811.591903][ T31] #4: ffffffff8e3cfb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 811.631901][ T31] [ 811.634299][ T31] ============================================= [ 811.634299][ T31] [ 811.661870][ T31] NMI backtrace for cpu 1 [ 811.661896][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 811.661932][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 811.661951][ T31] Call Trace: [ 811.661971][ T31] [ 811.661983][ T31] dump_stack_lvl+0x116/0x1f0 [ 811.662023][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 811.662068][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 811.662114][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 811.662159][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 811.662226][ T31] watchdog+0xf3f/0x1170 [ 811.662263][ T31] ? rcu_is_watching+0x12/0xc0 [ 811.662297][ T31] ? __pfx_watchdog+0x10/0x10 [ 811.662326][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 811.662367][ T31] ? __kthread_parkme+0x19e/0x250 [ 811.662409][ T31] ? __pfx_watchdog+0x10/0x10 [ 811.662439][ T31] kthread+0x3c5/0x780 [ 811.662486][ T31] ? __pfx_kthread+0x10/0x10 [ 811.662536][ T31] ? rcu_is_watching+0x12/0xc0 [ 811.662570][ T31] ? __pfx_kthread+0x10/0x10 [ 811.662616][ T31] ret_from_fork+0x675/0x7d0 [ 811.662661][ T31] ? __pfx_kthread+0x10/0x10 [ 811.662709][ T31] ret_from_fork_asm+0x1a/0x30 [ 811.662778][ T31] [ 811.662807][ T31] Sending NMI from CPU 1 to CPUs 0: [ 811.792037][ C0] NMI backtrace for cpu 0 [ 811.792058][ C0] CPU: 0 UID: 0 PID: 13962 Comm: syz.3.2215 Not tainted syzkaller #0 PREEMPT(full) [ 811.792089][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 811.792106][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x8/0x20 [ 811.792155][ C0] Code: bf 06 00 00 00 e9 b8 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <40> 0f b6 d6 40 0f b6 f7 bf 01 00 00 00 e9 86 fe ff ff 66 0f 1f 44 [ 811.792181][ C0] RSP: 0018:ffffc900000073f8 EFLAGS: 00000246 [ 811.792201][ C0] RAX: 0000000000000000 RBX: ffff888024d35000 RCX: ffffffff8ace746e [ 811.792218][ C0] RDX: ffff888020ec8000 RSI: 0000000000000000 RDI: 0000000000000000 [ 811.792234][ C0] RBP: ffff888031416068 R08: 0000000000000001 R09: 0000000000000000 [ 811.792250][ C0] R10: 0000000000000001 R11: ffff888024d35000 R12: ffffc90000007b20 [ 811.792267][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 811.792282][ C0] FS: 0000000000000000(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000 [ 811.792320][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 811.792347][ C0] CR2: 00007f79770d59a0 CR3: 000000000e182000 CR4: 00000000003526f0 [ 811.792364][ C0] Call Trace: [ 811.792372][ C0] [ 811.792381][ C0] ieee80211_inform_bss+0x9ae/0x1140 [ 811.792428][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 811.792473][ C0] ? cfg80211_inform_single_bss_data+0x53e/0x1df0 [ 811.792509][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 811.792550][ C0] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 811.792587][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 811.792619][ C0] ? __lock_acquire+0x622/0x1c90 [ 811.792667][ C0] ? __lock_acquire+0x622/0x1c90 [ 811.792705][ C0] ? cfg80211_inform_bss_data+0x22b/0x3be0 [ 811.792737][ C0] cfg80211_inform_bss_data+0x22b/0x3be0 [ 811.792792][ C0] ? lock_acquire+0x179/0x350 [ 811.792828][ C0] ? find_held_lock+0x2b/0x80 [ 811.792865][ C0] ? is_bpf_text_address+0x8a/0x1a0 [ 811.792915][ C0] ? bpf_ksym_find+0x124/0x1c0 [ 811.792948][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 811.792998][ C0] ? is_bpf_text_address+0x94/0x1a0 [ 811.793039][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 811.793070][ C0] ? unwind_get_return_address+0x59/0xa0 [ 811.793106][ C0] ? __kernel_text_address+0xd/0x40 [ 811.793134][ C0] ? unwind_get_return_address+0x59/0xa0 [ 811.793165][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 811.793209][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 811.793256][ C0] ? __lock_acquire+0x622/0x1c90 [ 811.793293][ C0] ? debug_object_activate+0x2ec/0x4c0 [ 811.793332][ C0] cfg80211_inform_bss_frame_data+0x26f/0x750 [ 811.793377][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 811.793421][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 811.793470][ C0] ? find_held_lock+0x2b/0x80 [ 811.793494][ C0] ? find_held_lock+0x2b/0x80 [ 811.793520][ C0] ? ieee80211_get_channel_khz+0x14a/0x1e0 [ 811.793576][ C0] ieee80211_scan_rx+0x4cf/0xb30 [ 811.793618][ C0] ? ieee80211_clean_skb+0x1a6/0x740 [ 811.793652][ C0] ieee80211_rx_list+0x1c15/0x2b20 [ 811.793694][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 811.793734][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 811.793784][ C0] ieee80211_rx_napi+0xdc/0x410 [ 811.793812][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 811.793848][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 811.793891][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 811.793938][ C0] ieee80211_handle_queued_frames+0xd5/0x130 [ 811.793985][ C0] tasklet_action_common+0x284/0x400 [ 811.794044][ C0] handle_softirqs+0x219/0x8e0 [ 811.794079][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 811.794113][ C0] __irq_exit_rcu+0x109/0x170 [ 811.794141][ C0] irq_exit_rcu+0x9/0x30 [ 811.794168][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 811.794197][ C0] [ 811.794205][ C0] [ 811.794215][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 811.794243][ C0] RIP: 0010:lock_acquire+0x7f/0x350 [ 811.794277][ C0] Code: 35 fa 29 ea 0e 85 f6 0f 85 8d 00 00 00 48 8b 44 24 30 65 48 2b 05 b9 dc 08 12 0f 85 c7 02 00 00 48 83 c4 38 5b 5d 41 5c 41 5d <41> 5e 41 5f c3 cc cc cc cc 65 8b 05 c5 dc 08 12 83 f8 07 0f 87 9b [ 811.794300][ C0] RSP: 0018:ffffc90019056f30 EFLAGS: 00000292 [ 811.794319][ C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000ef9d33e4 [ 811.794339][ C0] RDX: 0000000000000000 RSI: ffffffff8da0398a RDI: ffffffff8bf078c0 [ 811.794355][ C0] RBP: ffffc90019057058 R08: 0ac0d5affe09d4ff R09: 0000000000000000 [ 811.794371][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: fffff5200320ae04 [ 811.794387][ C0] R13: ffffc90019057010 R14: 0000000000000000 R15: 0000000000000000 [ 811.794416][ C0] unwind_next_frame+0xd1/0x20a0 [ 811.794442][ C0] ? unwind_next_frame+0xbd/0x20a0 [ 811.794467][ C0] ? __unwind_start+0x574/0x7f0 [ 811.794491][ C0] ? get_stack_info_noinstr+0x18/0x120 [ 811.794540][ C0] __unwind_start+0x45f/0x7f0 [ 811.794566][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 811.794598][ C0] arch_stack_walk+0x73/0x100 [ 811.794627][ C0] ? __unwind_start+0x574/0x7f0 [ 811.794655][ C0] stack_trace_save+0x8e/0xc0 [ 811.794683][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 811.794714][ C0] ? __lock_acquire+0x622/0x1c90 [ 811.794764][ C0] save_stack+0x160/0x1f0 [ 811.794832][ C0] ? __pfx_save_stack+0x10/0x10 [ 811.794871][ C0] ? page_ext_put+0x3e/0xd0 [ 811.794905][ C0] __reset_page_owner+0x84/0x1a0 [ 811.794965][ C0] free_unref_folios+0xa31/0x1610 [ 811.794999][ C0] ? rcu_is_watching+0x12/0xc0 [ 811.795030][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 811.795072][ C0] folios_put_refs+0x4be/0x750 [ 811.795105][ C0] ? __pfx_folios_put_refs+0x10/0x10 [ 811.795142][ C0] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 811.795180][ C0] shmem_undo_range+0x58f/0x1150 [ 811.795214][ C0] ? __pfx_shmem_undo_range+0x10/0x10 [ 811.795258][ C0] ? find_held_lock+0x2b/0x80 [ 811.795284][ C0] ? is_bpf_text_address+0x8a/0x1a0 [ 811.795320][ C0] ? bpf_ksym_find+0x124/0x1c0 [ 811.795369][ C0] ? stack_trace_save+0x8e/0xc0 [ 811.795403][ C0] shmem_evict_inode+0x3a1/0xbe0 [ 811.795431][ C0] ? kasan_save_stack+0x42/0x60 [ 811.795464][ C0] ? __pfx_shmem_evict_inode+0x10/0x10 [ 811.795491][ C0] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 811.795535][ C0] ? find_held_lock+0x2b/0x80 [ 811.795561][ C0] ? evict+0x3a2/0x920 [ 811.795595][ C0] ? __pfx_shmem_evict_inode+0x10/0x10 [ 811.795623][ C0] evict+0x3e6/0x920 [ 811.795655][ C0] ? __pfx_evict+0x10/0x10 [ 811.795691][ C0] ? iput.part.0+0x6a1/0xb00 [ 811.795728][ C0] iput.part.0+0x6a9/0xb00 [ 811.795760][ C0] ? __pfx_inode_just_drop+0x10/0x10 [ 811.795805][ C0] iput+0x35/0x40 [ 811.795836][ C0] dentry_unlink_inode+0x29c/0x480 [ 811.795875][ C0] __dentry_kill+0x1d0/0x600 [ 811.795920][ C0] dput.part.0+0x4b1/0x9b0 [ 811.795961][ C0] dput+0x1f/0x30 [ 811.796007][ C0] __fput+0x51c/0xb70 [ 811.796077][ C0] task_work_run+0x150/0x240 [ 811.796137][ C0] ? __pfx_task_work_run+0x10/0x10 [ 811.796225][ C0] do_exit+0x86f/0x2bf0 [ 811.796273][ C0] ? proc_coredump_connector+0x2d1/0x4f0 [ 811.796306][ C0] ? __pfx_do_exit+0x10/0x10 [ 811.796355][ C0] do_group_exit+0xd3/0x2a0 [ 811.796393][ C0] get_signal+0x2671/0x26d0 [ 811.796434][ C0] ? __pfx_get_signal+0x10/0x10 [ 811.796464][ C0] ? rcu_is_watching+0x12/0xc0 [ 811.796499][ C0] arch_do_signal_or_restart+0x8f/0x790 [ 811.796533][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 811.796577][ C0] irqentry_exit_to_user_mode+0x176/0x310 [ 811.796623][ C0] asm_exc_page_fault+0x26/0x30 [ 811.796647][ C0] RIP: 0033:0x0 [ 811.796663][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 811.796675][ C0] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 811.796693][ C0] RAX: 0000000000000000 RBX: 00007f043d9e5fa0 RCX: 00007f043d78f749 [ 811.796710][ C0] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 811.796726][ C0] RBP: 00007f043d813f91 R08: 0000000000000002 R09: 0000000000000000 [ 811.796742][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 811.796757][ C0] R13: 00007f043d9e6038 R14: 00007f043d9e5fa0 R15: 00007ffc85e08728 [ 811.796785][ C0]