last executing test programs: 6.527613188s ago: executing program 3 (id=4688): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x80, 0x4) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x0, 0x0) ioctl$auto_SG_SET_TIMEOUT2(r0, 0x2201, &(0x7f0000002680)) mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) clone$auto(0x2, 0x2, 0x0, 0x0, 0x2) r1 = socket(0xa, 0x5, 0x0) r2 = getsockopt$auto(r1, 0x84, 0x20, 0x0, 0x0) mmap$auto(0x0, 0x100002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') fcntl$auto_F_SET_RW_HINT(r2, 0x40c, 0x7fff) socket(0xa, 0xa, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x280, 0x0) socketpair$auto(0xc6, 0x4, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r3, 0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x7}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000140)={{@inferred, 0x0, 0x4, 0x8, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x3, 0x5, 0x4, @inferred, @enumerated={0x3, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x400, 0xc278}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) 4.981012241s ago: executing program 3 (id=4696): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, r0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r2, 0x5453, r2) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) madvise$auto(0x110c230000, 0x1, 0x9) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f00000007c0)=""/153, 0x99) r4 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x54b900, 0x0) mmap$auto(0x0, 0x8000000002a, 0xff, 0x9b74, r4, 0x4000028000) r5 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r5, 0xc0085504, &(0x7f00000001c0)={0x9, 0x1, 0x6}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) getrandom$auto(&(0x7f0000000100)='/sys/kernel/debug/percpu_stats\x00', 0x0, 0x9) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) 4.5017248s ago: executing program 1 (id=4704): r0 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x40040, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b86cbc01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)="205c2020027e0dc0023af10e9bfa1babfa203753ca9a20370a", 0x19) ioctl$auto_USBDEVFS_CONTROL32(r1, 0xc0105500, &(0x7f0000000140)={0xfa, 0x7d, 0x1ff, 0x0, 0xfc, 0x7, 0x4020000a}) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) setresuid$auto(0x0, 0x0, 0xffffffffffffffff) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200002) mmap$auto(0x0, 0x4028009, 0xdf, 0xeb1, 0x401, 0x7ffe) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) madvise$auto(0x110c230000, 0x8031ca, 0x9) r5 = socket$nl_generic(0x10, 0x3, 0x10) iopl$auto(0x1) poll$auto(&(0x7f0000003640)={r5, 0x7, 0x6}, 0x4, 0x100000) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto(0x3, 0x541b, 0x7f) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r6, r6, 0x0, 0x200) read$auto_ptdump_curusr_fops_(r0, &(0x7f0000001280)=""/4095, 0xfff) 3.493068809s ago: executing program 2 (id=4705): mmap$auto(0x2000000004000000, 0x1b, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) 2.975626239s ago: executing program 2 (id=4706): mmap$auto(0x80000000, 0x2000000004020009, 0x6, 0xeb3, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x189160, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder1\x00', 0x2101, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vlan0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000000)=@query={@target_ifindex=r0, 0x9, 0xfff, 0x7, 0x1, @count=0x12, 0x0, 0xb, 0x0, 0x5, 0x4}, 0x9f) ioctl$auto_MTDFILEMODE(0xffffffffffffffff, 0x4d13, 0x0) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x2000000, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x22, 0x2, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x4) listen$auto(0x3, 0x9) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000000c0), 0x10842, 0x0) 2.95762813s ago: executing program 0 (id=4707): iopl$auto(0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)="98", 0x1) set_mempolicy$auto(0x4, &(0x7f0000000080)=0x3, 0x21) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r1, 0x0, 0x44851) seccomp$auto(0x1, 0x8, 0x0) iopl$auto(0x5) get_mempolicy$auto(0x0, 0x0, 0x9, 0x0, 0x1) sendfile$auto(0x1, 0x3, 0x0, 0xc01) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) remap_file_pages$auto(0x6a29, 0x1000, 0x0, 0xb74, 0x66a) 2.831636133s ago: executing program 0 (id=4708): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x109482, 0x0) adjtimex$auto(&(0x7f00000004c0)={0x7, 0x0, 0xfff, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x8000, 0x0, 0x80000004, 0x80, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) open(0x0, 0x22042, 0x45) open(0x0, 0x12ba7e, 0x45) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x935198c759d4e4d4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0xa8, r1, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x10}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x4}, @NL802154_ATTR_WPAN_PHY_NAME={0x46, 0x2, '/sys/devices/platform/vhci_hcd.11/usb31/31-0:1.0/bInterfaceNumber\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'vlan1\x00'}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x7f}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x40480c0) sendmsg$auto_NL802154_CMD_STOP_BEACONS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="88000000c6d7773c7a596e109c20641e82c030c019565addfbc190736ea179e6517cc4f08117009e9f490f0b182dc7c281c4045de1a0424454d3cfc8129506363dfd9409e6261c898e6cb6c56fbf9ec8b68e53cf15c6673f4595c0c266ef90f533020e5f750af908e49c3b9023c83d05699dd3de4b45326c7f", @ANYRES16=r1, @ANYBLOB="11092cbd7000fedbdf252700000008000d000100000014002b800d0006002e5e5df4232b282100000000400019803b002880a4c28a99eae5dfb169fec5a8f794d9c55513ad49da83a5d0814834ddec982f040090000c00060005000000000000000400f18004009d800005000f00370000000800010003000000"], 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x4000800) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x149102, 0x0) sendfile$auto(r2, r2, 0x0, 0x10000800000003) 2.534730058s ago: executing program 0 (id=4709): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x109482, 0x0) adjtimex$auto(&(0x7f00000004c0)={0x7, 0x0, 0xfff, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x8000, 0x0, 0x80000004, 0x80, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) open(0x0, 0x22042, 0x45) open(0x0, 0x12ba7e, 0x45) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x935198c759d4e4d4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0xa8, r1, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x10}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x4}, @NL802154_ATTR_WPAN_PHY_NAME={0x46, 0x2, '/sys/devices/platform/vhci_hcd.11/usb31/31-0:1.0/bInterfaceNumber\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'vlan1\x00'}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x7f}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x40480c0) sendmsg$auto_NL802154_CMD_STOP_BEACONS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="88000000c6d7773c7a596e109c20641e82c030c019565addfbc190736ea179e6517cc4f08117009e9f490f0b182dc7c281c4045de1a0424454d3cfc8129506363dfd9409e6261c898e6cb6c56fbf9ec8b68e53cf15c6673f4595c0c266ef90f533020e5f750af908e49c3b9023c83d05699dd3de4b45326c7f", @ANYRES16=r1, @ANYBLOB="11092cbd7000fedbdf252700000008000d000100000014002b800d0006002e5e5df4232b282100000000400019803b002880a4c28a99eae5dfb169fec5a8f794d9c55513ad49da83a5d0814834ddec982f040090000c00060005000000000000000400f18004009d800005000f00370000000800010003000000"], 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x4000800) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x149102, 0x0) sendfile$auto(r2, r2, 0x0, 0x10000800000003) (fail_nth: 2) 2.534073549s ago: executing program 2 (id=4710): syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r0, 0x0, 0x1001) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fb\x00', 0x20002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000900)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/name\x00', 0x40000, 0x0) socket(0x2, 0x1, 0x106) socket(0x10, 0x2, 0x0) socket(0xa, 0x5, 0x84) socket(0x2, 0x80805, 0x0) io_uring_setup$auto(0x4011, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1, @ANYRES8], 0x18}}, 0x80) 2.223030833s ago: executing program 3 (id=4711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x54, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0xc}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) 2.172486297s ago: executing program 0 (id=4712): syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r0, 0x0, 0x1001) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fb\x00', 0x20002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x2, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000900)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/name\x00', 0x40000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = socket(0x2, 0x1, 0x106) getsockopt$auto(r3, 0x29, 0x4e, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000940)=""/4096, 0x1000) personality$auto(0x9) socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80805, 0x0) io_uring_setup$auto(0x4011, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1, @ANYRES8], 0x18}}, 0x80) 2.048702404s ago: executing program 2 (id=4713): connect$auto(0x3, 0x0, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40040}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.016958387s ago: executing program 0 (id=4714): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x1, 0xd4, 0x7fffffff, 0x6, 0x0, 0xa89e, 0x3690, 0x2, {0xfffffffc, 0x10000}, 0xa81e, 0x6, 0x8, 0x1008000, 0x0, 0x80000080000004, 0x84, 0xffffffffffff6291, 0xffff, 0xdeb1, 0x806}) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) modify_ldt$auto(0x1, 0x0, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) getpid() openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xffd8) 2.009026795s ago: executing program 3 (id=4715): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x1, 0xd4, 0x7fffffff, 0x6, 0x0, 0xa89e, 0x3690, 0x2, {0xfffffffc, 0x10000}, 0xa81e, 0x6, 0x8, 0x1008000, 0x0, 0x80000080000004, 0x84, 0xffffffffffff6291, 0xffff, 0xdeb1, 0x806}) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) modify_ldt$auto(0x1, 0x0, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) getpid() openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xffd8) 1.810751689s ago: executing program 2 (id=4716): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fstat$auto(r1, 0x0) ioctl$auto(0x3, 0x40081271, 0x38) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r3 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a712, 0x0) mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, r3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r4) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) sendfile$auto(r2, 0x3, 0x0, 0x7fffeffe) mmap$auto(0x0, 0xe9, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x840000000e, 0xf90000, 0x0, 0xfffffffffffffffd) 1.476552553s ago: executing program 1 (id=4717): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x167) mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) (fail_nth: 3) 1.028856013s ago: executing program 0 (id=4718): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xb, 0x800, 0x2c1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0xa8c2, 0x8000000000000e2, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) uname$auto(0x0) clone$auto(0x81000005, 0x3ff, 0xfffffffffffffffd, 0xffffffffffffffff, 0x7fffffff) move_pages$auto(0x0, 0xd0, 0x0, &(0x7f0000001140), 0x0, 0x2) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) futex_wait$auto(0x0, 0x0, 0x6, 0x4, 0x0, 0x1) r0 = socket(0x2, 0x3, 0xa) setsockopt$auto(r0, 0x0, 0x40, 0x0, 0x9) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x8004) mmap$auto(0x800000000000b9, 0x20009, 0x4000000000e0, 0xa7b4, 0x6, 0x8400) 1.028630425s ago: executing program 1 (id=4719): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x167) mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) 891.404825ms ago: executing program 1 (id=4720): mmap$auto(0x2000000004000000, 0x1b, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) (fail_nth: 3) 337.425169ms ago: executing program 3 (id=4721): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/edac_core/parameters/edac_mc_poll_msec\x00', 0x60301, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sda1\x00', 0x20800, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_OSS_ALSAEMULVER2(r1, 0x80044df9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x8, 0x5fa766c4e4749274, 0x2) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) epoll_create$auto(0x4) mmap$auto(0x0, 0x20009, 0xda, 0xebe, 0x401, 0x8000) writev$auto(0x8, &(0x7f0000000040)={&(0x7f0000000000), 0x2000000000001}, 0xabc) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/projid_map\x00', 0x100000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/query\x00', 0x20002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x208100, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x3ff, 0xf804, 0x1, 0x37, 0x948a, 0x101, 0x6, 0x1, 0x3, 0x300000000000604, 0x47f, 0x7, 0x8000000006d3c, 0x8, 0x9, 0xfffffffffffffffc]}, 0x0) write$auto(0x3, 0x0, 0xfdef) gettid() mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/devices/platform/i8042/serio0/softraw\x00', 0x1c1042, 0x0) getsockopt$auto(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) 156.695423ms ago: executing program 1 (id=4722): syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r0, 0x0, 0x1001) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fb\x00', 0x20002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000900)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/name\x00', 0x40000, 0x0) socket(0x2, 0x1, 0x106) socket(0x10, 0x2, 0x0) socket(0xa, 0x5, 0x84) socket(0x2, 0x80805, 0x0) io_uring_setup$auto(0x4011, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1, @ANYRES8], 0x18}}, 0x80) 105.833723ms ago: executing program 3 (id=4723): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x65f, 0x7fffffff, 0x2, 0x3, 0x20000002, 0x9, 0x3, 0x4, 0x4, 0xb4, 0x9, 0xa, 0x10003, 0x80, 0x4, 0x1, 0x7, 0x1002000, 0x203, 0x8, 0x84}, 0x3, 0xd) setreuid$auto(0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/ip_vs_conn_sync\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000380)=""/23, 0x17) r3 = socket(0x10, 0x2, 0xc) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/numa_zonelist_order\x00', 0x202, 0x0) sendfile$auto(r3, r4, &(0x7f0000000000)=0x4, 0x3) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x20201, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000000c0)="80d9575b9bede6dd68b6f7e92eb4f7f23d2508f9a8913d13fdeb19fd0e20118d6047af06e74862c495d774ec6a5d9b26ebecdb925f7c3374c9a402be", 0xb49, &(0x7f0000000100)={&(0x7f00000001c0)="1c789b6d2f0ce76cff9bc6a301fe820ec78d54d45b3811d0fc351d08475477c01eabe2ae47926f75ec9ee35b195ffb773ceb80be93f95e12be25e3ca21404752444aec5cb803329a535719964f33cc6976c7b46e07e98c1c6f955559206c167e2ae184662ea83f7481139a1d757dd87aa34b04f7a7ae2c2aba39c068d1c331885d4722079ef396dbc2ad63e1ab32dfd2f7a16afede30f4e63b3416ef923ace1876150ba21939b90837e7dd7245b85d40c32c89838c3223647332ad71c68595529e5274c732f5a6d9b40922eb6845d4dfd49e505e61f572c2eb214bea1d34ba2717e39a53352eb63beea19d95", 0x2}, 0x6, &(0x7f00000002c0)="61895e6a60c04485147a154456e29fc29cfe66ca882ffe85c20673c734eb952138720564656d7350432b39f5bc8be1a5730f417b69d703fd7bb14a10fa59ebf8b7ee871fced3cba2", 0xfffffffffffffff0, 0x2}, 0x12bd}, 0x1, 0xd) ioctl$auto(0x3, 0x4020940c, 0xffffffffffffffff) mbind$auto(0x2000, 0x10001, 0x100000000, 0x0, 0x6, 0x2) semget$auto(0x0, 0x13c, 0x1ff) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x200, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) 23.880184ms ago: executing program 2 (id=4724): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x54, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0xc}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) 0s ago: executing program 1 (id=4725): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x65f, 0x7fffffff, 0x2, 0x3, 0x20000002, 0x9, 0x3, 0x4, 0x4, 0xb4, 0x9, 0xa, 0x10003, 0x80, 0x4, 0x1, 0x7, 0x1002000, 0x203, 0x8, 0x84}, 0x3, 0xd) setreuid$auto(0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/ip_vs_conn_sync\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000380)=""/23, 0x17) r3 = socket(0x10, 0x2, 0xc) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/numa_zonelist_order\x00', 0x202, 0x0) sendfile$auto(r3, r4, 0x0, 0x3) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000440), 0x20201, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000000c0)="80d9575b9bede6dd68b6f7e92eb4f7f23d2508f9a8913d13fdeb19fd0e20118d6047af06e74862c495d774ec6a5d9b26ebecdb925f7c3374c9a402be", 0xb49, &(0x7f0000000100)={&(0x7f00000001c0)="1c789b6d2f0ce76cff9bc6a301fe820ec78d54d45b3811d0fc351d08475477c01eabe2ae47926f75ec9ee35b195ffb773ceb80be93f95e12be25e3ca21404752444aec5cb803329a535719964f33cc6976c7b46e07e98c1c6f955559206c167e2ae184662ea83f7481139a1d757dd87aa34b04f7a7ae2c2aba39c068d1c331885d4722079ef396dbc2ad63e1ab32dfd2f7a16afede30f4e63b3416ef923ace1876150ba21939b90837e7dd7245b85d40c32c89838c3223647332ad71c68595529e5274c732f5a6d9b40922eb6845d4dfd49e505e61f572c2eb214bea1d34ba2717e39a53352eb63beea19d95", 0x2}, 0x6, &(0x7f00000002c0)="61895e6a60c04485147a154456e29fc29cfe66ca882ffe85c20673c734eb952138720564656d7350432b39f5bc8be1a5730f417b69d703fd7bb14a10fa59ebf8b7ee871fced3cba2", 0xfffffffffffffff0, 0x2}, 0x12bd}, 0x1, 0xd) ioctl$auto(0x3, 0x4020940c, 0xffffffffffffffff) mbind$auto(0x2000, 0x10001, 0x100000000, 0x0, 0x6, 0x2) semget$auto(0x0, 0x13c, 0x1ff) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x200, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) kernel console output (not intermixed with test programs): 86][T23665] do_syscall_64+0xcd/0x230 [ 1185.438929][T23665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1185.438959][T23665] RIP: 0033:0x7f3b2978e969 [ 1185.438982][T23665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1185.439012][T23665] RSP: 002b:00007f3b275f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1185.439040][T23665] RAX: ffffffffffffffda RBX: 00007f3b299b5fa0 RCX: 00007f3b2978e969 [ 1185.439060][T23665] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 1185.439078][T23665] RBP: 00007f3b275f6090 R08: 0000000000000004 R09: 0000300000000000 [ 1185.439102][T23665] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000001 [ 1185.439120][T23665] R13: 0000000000000000 R14: 00007f3b299b5fa0 R15: 00007ffd7103b008 [ 1185.439147][T23665] [ 1185.632188][ C0] vkms_vblank_simulate: vblank timer overrun [ 1187.743823][T23703] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4389'. [ 1188.396878][T23720] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4396'. [ 1190.076579][ T5831] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 1190.615669][T23764] FAULT_INJECTION: forcing a failure. [ 1190.615669][T23764] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1190.657353][T23764] CPU: 0 UID: 0 PID: 23764 Comm: syz.3.4407 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1190.657393][T23764] Tainted: [U]=USER [ 1190.657402][T23764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1190.657416][T23764] Call Trace: [ 1190.657423][T23764] [ 1190.657432][T23764] dump_stack_lvl+0x16c/0x1f0 [ 1190.657468][T23764] should_fail_ex+0x512/0x640 [ 1190.657504][T23764] should_fail_alloc_page+0xe7/0x130 [ 1190.657535][T23764] prepare_alloc_pages+0x3c2/0x610 [ 1190.657571][T23764] ? rcu_is_watching+0x12/0xc0 [ 1190.657595][T23764] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1190.657622][T23764] ? __kernel_text_address+0xd/0x40 [ 1190.657660][T23764] ? unwind_get_return_address+0x59/0xa0 [ 1190.657687][T23764] ? arch_stack_walk+0xa6/0x100 [ 1190.657723][T23764] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1190.657751][T23764] ? stack_trace_save+0x8e/0xc0 [ 1190.657774][T23764] ? __pfx_stack_trace_save+0x10/0x10 [ 1190.657798][T23764] ? stack_depot_save_flags+0x28/0xa50 [ 1190.657835][T23764] ? kasan_save_stack+0x42/0x60 [ 1190.657858][T23764] ? kasan_save_stack+0x33/0x60 [ 1190.657881][T23764] ? kasan_save_track+0x14/0x30 [ 1190.657904][T23764] ? __kasan_slab_alloc+0x89/0x90 [ 1190.657929][T23764] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1190.657954][T23764] ? alloc_vmap_area+0x613/0x2970 [ 1190.657987][T23764] ? __get_vm_area_node+0x1a7/0x300 [ 1190.658021][T23764] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1190.658060][T23764] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1190.658083][T23764] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1190.658116][T23764] ? policy_nodemask+0xea/0x4e0 [ 1190.658145][T23764] alloc_pages_mpol+0x1fb/0x550 [ 1190.658174][T23764] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1190.658201][T23764] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1190.658230][T23764] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1190.658252][T23764] ? rcu_is_watching+0x12/0xc0 [ 1190.658274][T23764] alloc_pages_noprof+0x131/0x390 [ 1190.658303][T23764] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1190.658331][T23764] get_free_pages_noprof+0xc/0x40 [ 1190.658363][T23764] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1190.658386][T23764] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1190.658410][T23764] __apply_to_page_range+0x617/0xd60 [ 1190.658448][T23764] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1190.658474][T23764] ? __pfx___apply_to_page_range+0x10/0x10 [ 1190.658510][T23764] ? alloc_vmap_area+0x872/0x2970 [ 1190.658543][T23764] ? lock_release+0x201/0x2f0 [ 1190.658575][T23764] alloc_vmap_area+0x919/0x2970 [ 1190.658613][T23764] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1190.658649][T23764] __get_vm_area_node+0x1a7/0x300 [ 1190.658688][T23764] __vmalloc_node_range_noprof+0x277/0x1540 [ 1190.658727][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1190.658766][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1190.658803][T23764] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1190.658848][T23764] __kvmalloc_node_noprof+0x2ff/0x600 [ 1190.658872][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1190.658906][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1190.658942][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1190.658975][T23764] __do_sys_listmount+0x1c2/0xed0 [ 1190.659012][T23764] ? __x64_sys_futex+0x1e0/0x4c0 [ 1190.659036][T23764] ? __x64_sys_futex+0x1e9/0x4c0 [ 1190.659063][T23764] ? __pfx___do_sys_listmount+0x10/0x10 [ 1190.659099][T23764] ? xfd_validate_state+0x5d/0x180 [ 1190.659154][T23764] ? rcu_is_watching+0x12/0xc0 [ 1190.659182][T23764] do_syscall_64+0xcd/0x230 [ 1190.659217][T23764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1190.659240][T23764] RIP: 0033:0x7f3b2978e969 [ 1190.659258][T23764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1190.659282][T23764] RSP: 002b:00007f3b275d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1190.659304][T23764] RAX: ffffffffffffffda RBX: 00007f3b299b6080 RCX: 00007f3b2978e969 [ 1190.659327][T23764] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1190.659342][T23764] RBP: 00007f3b29810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1190.659357][T23764] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1190.659372][T23764] R13: 0000000000000000 R14: 00007f3b299b6080 R15: 00007ffd7103b008 [ 1190.659397][T23764] [ 1191.075638][ C0] vkms_vblank_simulate: vblank timer overrun [ 1191.153626][T23764] syz.3.4407: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1191.168950][T23764] CPU: 1 UID: 0 PID: 23764 Comm: syz.3.4407 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1191.169005][T23764] Tainted: [U]=USER [ 1191.169018][T23764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1191.169038][T23764] Call Trace: [ 1191.169049][T23764] [ 1191.169063][T23764] dump_stack_lvl+0x16c/0x1f0 [ 1191.169116][T23764] warn_alloc+0x248/0x3a0 [ 1191.169152][T23764] ? __pfx_warn_alloc+0x10/0x10 [ 1191.169187][T23764] ? kfree+0x2b6/0x4d0 [ 1191.169240][T23764] ? __get_vm_area_node+0x1e5/0x300 [ 1191.169300][T23764] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1191.169360][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1191.169418][T23764] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1191.169480][T23764] __kvmalloc_node_noprof+0x2ff/0x600 [ 1191.169514][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1191.169562][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1191.169610][T23764] ? __do_sys_listmount+0x1c2/0xed0 [ 1191.169656][T23764] __do_sys_listmount+0x1c2/0xed0 [ 1191.169706][T23764] ? __x64_sys_futex+0x1e0/0x4c0 [ 1191.169739][T23764] ? __x64_sys_futex+0x1e9/0x4c0 [ 1191.169773][T23764] ? __pfx___do_sys_listmount+0x10/0x10 [ 1191.169819][T23764] ? xfd_validate_state+0x5d/0x180 [ 1191.169874][T23764] ? rcu_is_watching+0x12/0xc0 [ 1191.169907][T23764] do_syscall_64+0xcd/0x230 [ 1191.169952][T23764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.169985][T23764] RIP: 0033:0x7f3b2978e969 [ 1191.170011][T23764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.170043][T23764] RSP: 002b:00007f3b275d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1191.170076][T23764] RAX: ffffffffffffffda RBX: 00007f3b299b6080 RCX: 00007f3b2978e969 [ 1191.170098][T23764] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1191.170119][T23764] RBP: 00007f3b29810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1191.170140][T23764] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1191.170161][T23764] R13: 0000000000000000 R14: 00007f3b299b6080 R15: 00007ffd7103b008 [ 1191.170192][T23764] [ 1191.396100][T23764] Mem-Info: [ 1191.399370][T23764] active_anon:28339 inactive_anon:0 isolated_anon:0 [ 1191.399370][T23764] active_file:22818 inactive_file:42738 isolated_file:0 [ 1191.399370][T23764] unevictable:768 dirty:1248 writeback:0 [ 1191.399370][T23764] slab_reclaimable:11561 slab_unreclaimable:97926 [ 1191.399370][T23764] mapped:26935 shmem:1401 pagetables:857 [ 1191.399370][T23764] sec_pagetables:0 bounce:0 [ 1191.399370][T23764] kernel_misc_reclaimable:0 [ 1191.399370][T23764] free:778236 free_pcp:3556 free_cma:0 [ 1191.536477][T23764] Node 0 active_anon:113056kB inactive_anon:0kB active_file:83172kB inactive_file:170948kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107740kB dirty:4992kB writeback:0kB shmem:4068kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10404kB pagetables:3428kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1191.536575][T23764] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1191.536660][T23764] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1191.536749][T23764] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1191.536810][T23764] Node 0 DMA32 free:1298544kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:113012kB inactive_anon:0kB active_file:83172kB inactive_file:169132kB unevictable:1536kB writepending:4992kB present:3129332kB managed:2544180kB mlocked:0kB bounce:0kB free_pcp:12460kB local_pcp:11200kB free_cma:0kB [ 1191.536903][T23764] lowmem_reserve[]: 0 0 1 1 1 [ 1191.536959][T23764] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:20kB free_cma:0kB [ 1191.537077][T23764] lowmem_reserve[]: 0 0 0 0 0 [ 1191.537136][T23764] Node 1 Normal free:1806676kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2644kB local_pcp:2408kB free_cma:0kB [ 1191.537227][T23764] lowmem_reserve[]: 0 0 0 0 0 [ 1191.537294][T23764] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1191.537486][T23764] Node 0 DMA32: 2580*4kB (UM) 1428*8kB (UM) 648*16kB (ME) 949*32kB (UME) 696*64kB (UME) 178*128kB (UME) 189*256kB (UME) 140*512kB (UME) 88*1024kB (UME) 14*2048kB (UME) 227*4096kB (UM) = 1298448kB [ 1191.537750][T23764] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1191.537919][T23764] Node 1 Normal: 121*4kB (UME) 68*8kB (UME) 49*16kB (UME) 238*32kB (UME) 104*64kB (UME) 33*128kB (UME) 12*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 8*2048kB (UME) 430*4096kB (M) = 1806676kB [ 1191.538187][T23764] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1191.538213][T23764] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1191.538239][T23764] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 1191.538270][T23764] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1191.538296][T23764] 64932 total pagecache pages [ 1191.538308][T23764] 0 pages in swap cache [ 1191.538319][T23764] Free swap = 124996kB [ 1191.538331][T23764] Total swap = 124996kB [ 1191.538344][T23764] 2097051 pages RAM [ 1191.538355][T23764] 0 pages HighMem/MovableOnly [ 1191.538366][T23764] 428900 pages reserved [ 1191.538377][T23764] 0 pages cma reserved [ 1191.811758][T23771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4410'. [ 1192.007937][ C0] vkms_vblank_simulate: vblank timer overrun [ 1192.094712][T23778] FAULT_INJECTION: forcing a failure. [ 1192.094712][T23778] name failslab, interval 1, probability 0, space 0, times 0 [ 1192.094766][T23778] CPU: 1 UID: 0 PID: 23778 Comm: syz.0.4412 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1192.094815][T23778] Tainted: [U]=USER [ 1192.094827][T23778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1192.094846][T23778] Call Trace: [ 1192.094856][T23778] [ 1192.094868][T23778] dump_stack_lvl+0x16c/0x1f0 [ 1192.094916][T23778] should_fail_ex+0x512/0x640 [ 1192.094971][T23778] should_failslab+0xc2/0x120 [ 1192.095012][T23778] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1192.095054][T23778] ? ima_alloc_tfm+0x21a/0x2e0 [ 1192.095102][T23778] ? ima_collect_measurement+0x4b5/0xa40 [ 1192.095136][T23778] krealloc_noprof+0x1fb/0x380 [ 1192.095175][T23778] ima_collect_measurement+0x4b5/0xa40 [ 1192.095206][T23778] ? security_mmap_file+0x88c/0x990 [ 1192.095252][T23778] ? __pfx_ima_collect_measurement+0x10/0x10 [ 1192.095294][T23778] ? lock_release+0x201/0x2f0 [ 1192.095337][T23778] ? do_raw_read_unlock+0x44/0xe0 [ 1192.095397][T23778] ? vfs_getxattr_alloc+0xec/0x340 [ 1192.095451][T23778] ? ima_get_hash_algo+0x27c/0x400 [ 1192.095496][T23778] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1192.095545][T23778] ? process_measurement+0x11fa/0x23e0 [ 1192.095595][T23778] process_measurement+0x11fa/0x23e0 [ 1192.095649][T23778] ? __pfx_process_measurement+0x10/0x10 [ 1192.095698][T23778] ? _kstrtoull+0x145/0x200 [ 1192.095733][T23778] ? aa_file_perm+0x4c7/0xfb0 [ 1192.095777][T23778] ? rcu_is_watching+0x12/0xc0 [ 1192.095810][T23778] ? rcu_is_watching+0x12/0xc0 [ 1192.095857][T23778] ? mtree_load+0x325/0xa40 [ 1192.095903][T23778] ima_file_mmap+0x1b1/0x1d0 [ 1192.095955][T23778] ? __pfx_ima_file_mmap+0x10/0x10 [ 1192.096009][T23778] security_mmap_file+0x88c/0x990 [ 1192.096052][T23778] __do_sys_remap_file_pages+0x2e2/0xac0 [ 1192.096108][T23778] ? __fget_files+0x20e/0x3c0 [ 1192.096159][T23778] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 1192.096213][T23778] ? fput+0x70/0xf0 [ 1192.096251][T23778] ? ksys_write+0x1b9/0x240 [ 1192.096281][T23778] ? __pfx_ksys_write+0x10/0x10 [ 1192.096309][T23778] ? rcu_is_watching+0x12/0xc0 [ 1192.096337][T23778] ? rcu_is_watching+0x12/0xc0 [ 1192.096370][T23778] do_syscall_64+0xcd/0x230 [ 1192.096416][T23778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.096449][T23778] RIP: 0033:0x7f579478e969 [ 1192.096475][T23778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1192.096509][T23778] RSP: 002b:00007f57956b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 1192.096541][T23778] RAX: ffffffffffffffda RBX: 00007f57949b5fa0 RCX: 00007f579478e969 [ 1192.096564][T23778] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000006a27 [ 1192.096584][T23778] RBP: 00007f57956b5090 R08: 000000000000066a R09: 0000000000000000 [ 1192.096605][T23778] R10: 0000000000000b74 R11: 0000000000000246 R12: 0000000000000001 [ 1192.096624][T23778] R13: 0000000000000000 R14: 00007f57949b5fa0 R15: 00007ffd1ea44798 [ 1192.096654][T23778] [ 1192.096808][ T30] audit: type=1800 audit(6041210544.387:20): pid=23778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4412" name="dev/zero" dev="tmpfs" ino=4135 res=0 errno=0 [ 1192.176344][ C0] vkms_vblank_simulate: vblank timer overrun [ 1194.724595][T23832] FAULT_INJECTION: forcing a failure. [ 1194.724595][T23832] name failslab, interval 1, probability 0, space 0, times 0 [ 1194.765126][T23832] CPU: 1 UID: 0 PID: 23832 Comm: syz.3.4427 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1194.765179][T23832] Tainted: [U]=USER [ 1194.765190][T23832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1194.765208][T23832] Call Trace: [ 1194.765217][T23832] [ 1194.765229][T23832] dump_stack_lvl+0x16c/0x1f0 [ 1194.765274][T23832] should_fail_ex+0x512/0x640 [ 1194.765319][T23832] ? alloc_pipe_info+0x1ec/0x590 [ 1194.765351][T23832] should_failslab+0xc2/0x120 [ 1194.765388][T23832] __kmalloc_noprof+0xd2/0x510 [ 1194.765426][T23832] alloc_pipe_info+0x1ec/0x590 [ 1194.765460][T23832] splice_direct_to_actor+0x77d/0xa30 [ 1194.765508][T23832] ? __pfx_direct_splice_actor+0x10/0x10 [ 1194.765557][T23832] ? __pfx_aa_file_perm+0x10/0x10 [ 1194.765600][T23832] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1194.765645][T23832] ? lock_release+0x201/0x2f0 [ 1194.765689][T23832] do_splice_direct+0x174/0x240 [ 1194.765743][T23832] ? __pfx_do_splice_direct+0x10/0x10 [ 1194.765788][T23832] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1194.765834][T23832] ? bpf_lsm_file_permission+0x9/0x10 [ 1194.765883][T23832] ? security_file_permission+0x71/0x210 [ 1194.765924][T23832] ? rw_verify_area+0xcf/0x680 [ 1194.765979][T23832] do_sendfile+0xafd/0xe50 [ 1194.766030][T23832] ? __pfx_do_sendfile+0x10/0x10 [ 1194.766089][T23832] ? __pfx___might_resched+0x10/0x10 [ 1194.766129][T23832] __x64_sys_sendfile64+0x1d8/0x220 [ 1194.766163][T23832] ? ksys_write+0x1b9/0x240 [ 1194.766190][T23832] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1194.766223][T23832] ? rcu_is_watching+0x12/0xc0 [ 1194.766251][T23832] ? rcu_is_watching+0x12/0xc0 [ 1194.766281][T23832] do_syscall_64+0xcd/0x230 [ 1194.766323][T23832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.766353][T23832] RIP: 0033:0x7f3b2978e969 [ 1194.766374][T23832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.766422][T23832] RSP: 002b:00007f3b275d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1194.766451][T23832] RAX: ffffffffffffffda RBX: 00007f3b299b6080 RCX: 00007f3b2978e969 [ 1194.766479][T23832] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 1194.766497][T23832] RBP: 00007f3b275d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.766514][T23832] R10: 0010000800000003 R11: 0000000000000246 R12: 0000000000000001 [ 1194.766531][T23832] R13: 0000000000000000 R14: 00007f3b299b6080 R15: 00007ffd7103b008 [ 1194.766558][T23832] [ 1195.071580][T23830] futex_wake_op: syz.3.4427 tries to shift op by 64; fix this program [ 1195.193272][T23837] FAULT_INJECTION: forcing a failure. [ 1195.193272][T23837] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1195.206839][T23837] CPU: 1 UID: 0 PID: 23837 Comm: syz.1.4429 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1195.206880][T23837] Tainted: [U]=USER [ 1195.206888][T23837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1195.206905][T23837] Call Trace: [ 1195.206913][T23837] [ 1195.206925][T23837] dump_stack_lvl+0x16c/0x1f0 [ 1195.206961][T23837] should_fail_ex+0x512/0x640 [ 1195.206995][T23837] should_fail_alloc_page+0xe7/0x130 [ 1195.207025][T23837] prepare_alloc_pages+0x3c2/0x610 [ 1195.207060][T23837] ? rcu_is_watching+0x12/0xc0 [ 1195.207083][T23837] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1195.207109][T23837] ? __kernel_text_address+0xd/0x40 [ 1195.207145][T23837] ? unwind_get_return_address+0x59/0xa0 [ 1195.207171][T23837] ? arch_stack_walk+0xa6/0x100 [ 1195.207201][T23837] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1195.207228][T23837] ? stack_trace_save+0x8e/0xc0 [ 1195.207250][T23837] ? __pfx_stack_trace_save+0x10/0x10 [ 1195.207273][T23837] ? stack_depot_save_flags+0x28/0xa50 [ 1195.207308][T23837] ? kasan_save_stack+0x42/0x60 [ 1195.207330][T23837] ? kasan_save_stack+0x33/0x60 [ 1195.207352][T23837] ? kasan_save_track+0x14/0x30 [ 1195.207374][T23837] ? __kasan_slab_alloc+0x89/0x90 [ 1195.207398][T23837] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1195.207429][T23837] ? alloc_vmap_area+0x613/0x2970 [ 1195.207470][T23837] ? __get_vm_area_node+0x1a7/0x300 [ 1195.207508][T23837] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1195.207546][T23837] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1195.207569][T23837] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1195.207602][T23837] ? policy_nodemask+0xea/0x4e0 [ 1195.207631][T23837] alloc_pages_mpol+0x1fb/0x550 [ 1195.207669][T23837] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1195.207696][T23837] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1195.207726][T23837] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1195.207749][T23837] ? rcu_is_watching+0x12/0xc0 [ 1195.207771][T23837] alloc_pages_noprof+0x131/0x390 [ 1195.207799][T23837] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1195.207822][T23837] get_free_pages_noprof+0xc/0x40 [ 1195.207853][T23837] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1195.207876][T23837] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1195.207899][T23837] __apply_to_page_range+0x617/0xd60 [ 1195.207938][T23837] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1195.207963][T23837] ? __pfx___apply_to_page_range+0x10/0x10 [ 1195.208000][T23837] ? alloc_vmap_area+0x872/0x2970 [ 1195.208033][T23837] ? lock_release+0x201/0x2f0 [ 1195.208065][T23837] alloc_vmap_area+0x919/0x2970 [ 1195.208103][T23837] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1195.208140][T23837] __get_vm_area_node+0x1a7/0x300 [ 1195.208178][T23837] __vmalloc_node_range_noprof+0x277/0x1540 [ 1195.208217][T23837] ? __do_sys_listmount+0x1c2/0xed0 [ 1195.208255][T23837] ? __do_sys_listmount+0x1c2/0xed0 [ 1195.208304][T23837] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1195.208348][T23837] __kvmalloc_node_noprof+0x2ff/0x600 [ 1195.208371][T23837] ? __do_sys_listmount+0x1c2/0xed0 [ 1195.208404][T23837] ? __do_sys_listmount+0x1c2/0xed0 [ 1195.208438][T23837] ? __do_sys_listmount+0x1c2/0xed0 [ 1195.208470][T23837] __do_sys_listmount+0x1c2/0xed0 [ 1195.208505][T23837] ? __x64_sys_futex+0x1e0/0x4c0 [ 1195.208529][T23837] ? __x64_sys_futex+0x1e9/0x4c0 [ 1195.208553][T23837] ? __pfx___do_sys_listmount+0x10/0x10 [ 1195.208586][T23837] ? xfd_validate_state+0x5d/0x180 [ 1195.208625][T23837] ? rcu_is_watching+0x12/0xc0 [ 1195.208648][T23837] do_syscall_64+0xcd/0x230 [ 1195.208686][T23837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.208717][T23837] RIP: 0033:0x7f5d1fb8e969 [ 1195.208739][T23837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1195.208770][T23837] RSP: 002b:00007f5d1d9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1195.208798][T23837] RAX: ffffffffffffffda RBX: 00007f5d1fdb5fa0 RCX: 00007f5d1fb8e969 [ 1195.208817][T23837] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1195.208834][T23837] RBP: 00007f5d1fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1195.208851][T23837] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1195.208870][T23837] R13: 0000000000000000 R14: 00007f5d1fdb5fa0 R15: 00007ffe74051e88 [ 1195.208916][T23837] [ 1196.021254][T23841] netlink: 266 bytes leftover after parsing attributes in process `syz.3.4430'. [ 1196.072420][T23841] IPv6: NLM_F_CREATE should be specified when creating new route [ 1196.261674][T23851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4433'. [ 1196.721435][ T5831] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 1197.107234][T23872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4440'. [ 1197.407042][T23876] FAULT_INJECTION: forcing a failure. [ 1197.407042][T23876] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1197.561142][T23876] CPU: 0 UID: 0 PID: 23876 Comm: syz.0.4441 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1197.561201][T23876] Tainted: [U]=USER [ 1197.561213][T23876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1197.561233][T23876] Call Trace: [ 1197.561244][T23876] [ 1197.561256][T23876] dump_stack_lvl+0x16c/0x1f0 [ 1197.561305][T23876] should_fail_ex+0x512/0x640 [ 1197.561355][T23876] should_fail_alloc_page+0xe7/0x130 [ 1197.561396][T23876] prepare_alloc_pages+0x3c2/0x610 [ 1197.561447][T23876] ? rcu_is_watching+0x12/0xc0 [ 1197.561479][T23876] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1197.561517][T23876] ? rcu_is_watching+0x12/0xc0 [ 1197.561545][T23876] ? trace_sched_exit_tp+0xde/0x130 [ 1197.561584][T23876] ? __schedule+0x1186/0x5de0 [ 1197.561620][T23876] ? rcu_is_watching+0x12/0xc0 [ 1197.561653][T23876] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1197.561702][T23876] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1197.561746][T23876] ? policy_nodemask+0xea/0x4e0 [ 1197.561795][T23876] alloc_pages_mpol+0x1fb/0x550 [ 1197.561834][T23876] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1197.561870][T23876] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1197.561909][T23876] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1197.561938][T23876] ? rcu_is_watching+0x12/0xc0 [ 1197.561969][T23876] alloc_pages_noprof+0x131/0x390 [ 1197.562008][T23876] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1197.562039][T23876] get_free_pages_noprof+0xc/0x40 [ 1197.562080][T23876] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1197.562112][T23876] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1197.562143][T23876] __apply_to_page_range+0x617/0xd60 [ 1197.562195][T23876] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1197.562230][T23876] ? __pfx___apply_to_page_range+0x10/0x10 [ 1197.562280][T23876] ? alloc_vmap_area+0x872/0x2970 [ 1197.562324][T23876] ? lock_release+0x201/0x2f0 [ 1197.562367][T23876] alloc_vmap_area+0x919/0x2970 [ 1197.562419][T23876] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1197.562468][T23876] __get_vm_area_node+0x1a7/0x300 [ 1197.562519][T23876] __vmalloc_node_range_noprof+0x277/0x1540 [ 1197.562572][T23876] ? __do_sys_listmount+0x1c2/0xed0 [ 1197.562622][T23876] ? plist_check_head+0xa3/0x150 [ 1197.562655][T23876] ? futex_wake+0x432/0x4e0 [ 1197.562695][T23876] ? __do_sys_listmount+0x1c2/0xed0 [ 1197.562742][T23876] ? wake_up_q+0xb0/0x160 [ 1197.562781][T23876] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1197.562842][T23876] __kvmalloc_node_noprof+0x2ff/0x600 [ 1197.562876][T23876] ? __do_sys_listmount+0x1c2/0xed0 [ 1197.562923][T23876] ? __do_sys_listmount+0x1c2/0xed0 [ 1197.562973][T23876] ? __do_sys_listmount+0x1c2/0xed0 [ 1197.563018][T23876] __do_sys_listmount+0x1c2/0xed0 [ 1197.563067][T23876] ? __x64_sys_futex+0x1e0/0x4c0 [ 1197.563100][T23876] ? __x64_sys_futex+0x1e9/0x4c0 [ 1197.563135][T23876] ? __pfx___do_sys_listmount+0x10/0x10 [ 1197.563181][T23876] ? xfd_validate_state+0x5d/0x180 [ 1197.563236][T23876] ? rcu_is_watching+0x12/0xc0 [ 1197.563268][T23876] do_syscall_64+0xcd/0x230 [ 1197.563314][T23876] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.563347][T23876] RIP: 0033:0x7f579478e969 [ 1197.563371][T23876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1197.563405][T23876] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1197.563438][T23876] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1197.563461][T23876] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1197.563482][T23876] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1197.563501][T23876] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1197.563519][T23876] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1197.563549][T23876] [ 1197.940040][ C0] vkms_vblank_simulate: vblank timer overrun [ 1198.822168][T23888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4443'. [ 1199.938047][ T5831] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 1200.795298][T23932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4462'. [ 1201.848675][T23947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4460'. [ 1201.873845][T23950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4459'. [ 1202.465652][T23965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4472'. [ 1203.843923][T23999] FAULT_INJECTION: forcing a failure. [ 1203.843923][T23999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1203.889462][T23999] CPU: 0 UID: 0 PID: 23999 Comm: syz.0.4474 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1203.889523][T23999] Tainted: [U]=USER [ 1203.889535][T23999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1203.889556][T23999] Call Trace: [ 1203.889567][T23999] [ 1203.889580][T23999] dump_stack_lvl+0x16c/0x1f0 [ 1203.889630][T23999] should_fail_ex+0x512/0x640 [ 1203.889677][T23999] should_fail_alloc_page+0xe7/0x130 [ 1203.889719][T23999] prepare_alloc_pages+0x3c2/0x610 [ 1203.889768][T23999] ? rcu_is_watching+0x12/0xc0 [ 1203.889799][T23999] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1203.889836][T23999] ? __kernel_text_address+0xd/0x40 [ 1203.889886][T23999] ? unwind_get_return_address+0x59/0xa0 [ 1203.889931][T23999] ? arch_stack_walk+0xa6/0x100 [ 1203.889976][T23999] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1203.890014][T23999] ? stack_trace_save+0x8e/0xc0 [ 1203.890045][T23999] ? __pfx_stack_trace_save+0x10/0x10 [ 1203.890077][T23999] ? stack_depot_save_flags+0x28/0xa50 [ 1203.890126][T23999] ? kasan_save_stack+0x42/0x60 [ 1203.890158][T23999] ? kasan_save_stack+0x33/0x60 [ 1203.890189][T23999] ? kasan_save_track+0x14/0x30 [ 1203.890220][T23999] ? __kasan_slab_alloc+0x89/0x90 [ 1203.890254][T23999] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1203.890289][T23999] ? alloc_vmap_area+0x613/0x2970 [ 1203.890331][T23999] ? __get_vm_area_node+0x1a7/0x300 [ 1203.890375][T23999] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1203.890425][T23999] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1203.890456][T23999] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1203.890501][T23999] ? policy_nodemask+0xea/0x4e0 [ 1203.890540][T23999] alloc_pages_mpol+0x1fb/0x550 [ 1203.890579][T23999] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1203.890615][T23999] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1203.890653][T23999] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1203.890684][T23999] ? rcu_is_watching+0x12/0xc0 [ 1203.890716][T23999] alloc_pages_noprof+0x131/0x390 [ 1203.890754][T23999] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1203.890786][T23999] get_free_pages_noprof+0xc/0x40 [ 1203.890826][T23999] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1203.890858][T23999] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1203.890889][T23999] __apply_to_page_range+0x617/0xd60 [ 1203.890948][T23999] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1203.890984][T23999] ? __pfx___apply_to_page_range+0x10/0x10 [ 1203.891033][T23999] ? alloc_vmap_area+0x872/0x2970 [ 1203.891077][T23999] ? lock_release+0x201/0x2f0 [ 1203.891120][T23999] alloc_vmap_area+0x919/0x2970 [ 1203.891173][T23999] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1203.891221][T23999] __get_vm_area_node+0x1a7/0x300 [ 1203.891271][T23999] __vmalloc_node_range_noprof+0x277/0x1540 [ 1203.891325][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1203.891378][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1203.891427][T23999] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1203.891488][T23999] __kvmalloc_node_noprof+0x2ff/0x600 [ 1203.891520][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1203.891568][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1203.891614][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1203.891657][T23999] __do_sys_listmount+0x1c2/0xed0 [ 1203.891720][T23999] ? __x64_sys_futex+0x1e0/0x4c0 [ 1203.891770][T23999] ? __x64_sys_futex+0x1e9/0x4c0 [ 1203.891806][T23999] ? __pfx___do_sys_listmount+0x10/0x10 [ 1203.891852][T23999] ? xfd_validate_state+0x5d/0x180 [ 1203.891906][T23999] ? rcu_is_watching+0x12/0xc0 [ 1203.891949][T23999] do_syscall_64+0xcd/0x230 [ 1203.891995][T23999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.892029][T23999] RIP: 0033:0x7f579478e969 [ 1203.892054][T23999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1203.892088][T23999] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1203.892120][T23999] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1203.892142][T23999] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1203.892162][T23999] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1203.892182][T23999] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1203.892202][T23999] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1203.892232][T23999] [ 1204.162568][T23999] warn_alloc: 2 callbacks suppressed [ 1204.162595][T23999] syz.0.4474: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 1204.163132][ C0] vkms_vblank_simulate: vblank timer overrun [ 1204.168460][T23999] ,cpuset=/,mems_allowed=0-1 [ 1204.524945][T23999] CPU: 0 UID: 0 PID: 23999 Comm: syz.0.4474 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1204.524990][T23999] Tainted: [U]=USER [ 1204.524998][T23999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1204.525013][T23999] Call Trace: [ 1204.525021][T23999] [ 1204.525030][T23999] dump_stack_lvl+0x16c/0x1f0 [ 1204.525071][T23999] warn_alloc+0x248/0x3a0 [ 1204.525097][T23999] ? __pfx_warn_alloc+0x10/0x10 [ 1204.525123][T23999] ? kfree+0x2b6/0x4d0 [ 1204.525162][T23999] ? __get_vm_area_node+0x1e5/0x300 [ 1204.525201][T23999] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1204.525245][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1204.525282][T23999] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1204.525327][T23999] __kvmalloc_node_noprof+0x2ff/0x600 [ 1204.525351][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1204.525385][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1204.525421][T23999] ? __do_sys_listmount+0x1c2/0xed0 [ 1204.525454][T23999] __do_sys_listmount+0x1c2/0xed0 [ 1204.525490][T23999] ? __x64_sys_futex+0x1e0/0x4c0 [ 1204.525515][T23999] ? __x64_sys_futex+0x1e9/0x4c0 [ 1204.525540][T23999] ? __pfx___do_sys_listmount+0x10/0x10 [ 1204.525574][T23999] ? xfd_validate_state+0x5d/0x180 [ 1204.525615][T23999] ? rcu_is_watching+0x12/0xc0 [ 1204.525640][T23999] do_syscall_64+0xcd/0x230 [ 1204.525673][T23999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.525697][T23999] RIP: 0033:0x7f579478e969 [ 1204.525715][T23999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1204.525740][T23999] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1204.525763][T23999] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1204.525779][T23999] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1204.525795][T23999] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1204.525810][T23999] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1204.525833][T23999] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1204.525854][T23999] [ 1204.525925][T23999] Mem-Info: [ 1204.809521][T23999] active_anon:28958 inactive_anon:0 isolated_anon:0 [ 1204.809521][T23999] active_file:22894 inactive_file:42744 isolated_file:0 [ 1204.809521][T23999] unevictable:768 dirty:1004 writeback:0 [ 1204.809521][T23999] slab_reclaimable:11546 slab_unreclaimable:97886 [ 1204.809521][T23999] mapped:33879 shmem:2126 pagetables:874 [ 1204.809521][T23999] sec_pagetables:0 bounce:0 [ 1204.809521][T23999] kernel_misc_reclaimable:0 [ 1204.809521][T23999] free:776448 free_pcp:4033 free_cma:0 [ 1204.854733][ C0] vkms_vblank_simulate: vblank timer overrun [ 1204.863027][T23999] Node 0 active_anon:115832kB inactive_anon:0kB active_file:91576kB inactive_file:170972kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135516kB dirty:4016kB writeback:0kB shmem:6968kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10680kB pagetables:3496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1204.896536][ C0] vkms_vblank_simulate: vblank timer overrun [ 1204.994672][T23999] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1205.026277][ C0] vkms_vblank_simulate: vblank timer overrun [ 1205.171719][T23999] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1205.199215][T23999] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1205.199279][T23999] Node 0 DMA32 free:1283968kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:118020kB inactive_anon:0kB active_file:91640kB inactive_file:169156kB unevictable:1536kB writepending:4012kB present:3129332kB managed:2544180kB mlocked:0kB bounce:0kB free_pcp:12876kB local_pcp:12628kB free_cma:0kB [ 1205.199368][T23999] lowmem_reserve[]: 0 0 1 1 1 [ 1205.199422][T23999] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:20kB free_cma:0kB [ 1205.199503][T23999] lowmem_reserve[]: 0 0 0 0 0 [ 1205.199557][T23999] Node 1 Normal free:1806908kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2440kB local_pcp:2440kB free_cma:0kB [ 1205.199646][T23999] lowmem_reserve[]: 0 0 0 0 0 [ 1205.199700][T23999] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1205.199878][T23999] Node 0 DMA32: 432*4kB (U) 875*8kB (UM) 571*16kB (UME) 808*32kB (UME) 664*64kB (UME) 187*128kB (UME) 195*256kB (UME) 137*512kB (UME) 87*1024kB (UME) 15*2048kB (UME) 228*4096kB (UM) = 1283912kB [ 1205.200137][T23999] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1205.200293][T23999] Node 1 Normal: 179*4kB (UME) 68*8kB (UME) 49*16kB (UME) 238*32kB (UME) 104*64kB (UME) 33*128kB (UME) 12*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 8*2048kB (UME) 430*4096kB (M) = 1806908kB [ 1205.200548][T23999] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1205.200576][T23999] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1205.200603][T23999] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 1205.200629][T23999] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1205.200656][T23999] 68324 total pagecache pages [ 1205.200669][T23999] 0 pages in swap cache [ 1205.200680][T23999] Free swap = 124996kB [ 1205.200692][T23999] Total swap = 124996kB [ 1205.200706][T23999] 2097051 pages RAM [ 1205.200717][T23999] 0 pages HighMem/MovableOnly [ 1205.200729][T23999] 428900 pages reserved [ 1205.200740][T23999] 0 pages cma reserved [ 1205.606842][ C0] vkms_vblank_simulate: vblank timer overrun [ 1205.735674][ C0] vkms_vblank_simulate: vblank timer overrun [ 1206.020645][T24026] FAULT_INJECTION: forcing a failure. [ 1206.020645][T24026] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1206.057455][T24026] CPU: 1 UID: 0 PID: 24026 Comm: syz.3.4480 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1206.057513][T24026] Tainted: [U]=USER [ 1206.057524][T24026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1206.057545][T24026] Call Trace: [ 1206.057556][T24026] [ 1206.057568][T24026] dump_stack_lvl+0x16c/0x1f0 [ 1206.057615][T24026] should_fail_ex+0x512/0x640 [ 1206.057664][T24026] should_fail_alloc_page+0xe7/0x130 [ 1206.057709][T24026] prepare_alloc_pages+0x3c2/0x610 [ 1206.057767][T24026] ? rcu_is_watching+0x12/0xc0 [ 1206.057798][T24026] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1206.057834][T24026] ? __kernel_text_address+0xd/0x40 [ 1206.057879][T24026] ? unwind_get_return_address+0x59/0xa0 [ 1206.057913][T24026] ? arch_stack_walk+0xa6/0x100 [ 1206.057954][T24026] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1206.057989][T24026] ? stack_trace_save+0x8e/0xc0 [ 1206.058019][T24026] ? __pfx_stack_trace_save+0x10/0x10 [ 1206.058048][T24026] ? stack_depot_save_flags+0x28/0xa50 [ 1206.058097][T24026] ? kasan_save_stack+0x42/0x60 [ 1206.058127][T24026] ? kasan_save_stack+0x33/0x60 [ 1206.058156][T24026] ? kasan_save_track+0x14/0x30 [ 1206.058185][T24026] ? __kasan_slab_alloc+0x89/0x90 [ 1206.058217][T24026] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1206.058250][T24026] ? alloc_vmap_area+0x613/0x2970 [ 1206.058292][T24026] ? __get_vm_area_node+0x1a7/0x300 [ 1206.058337][T24026] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1206.058389][T24026] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1206.058420][T24026] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1206.058472][T24026] ? policy_nodemask+0xea/0x4e0 [ 1206.058513][T24026] alloc_pages_mpol+0x1fb/0x550 [ 1206.058553][T24026] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1206.058589][T24026] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1206.058627][T24026] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1206.058658][T24026] ? rcu_is_watching+0x12/0xc0 [ 1206.058689][T24026] alloc_pages_noprof+0x131/0x390 [ 1206.058737][T24026] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1206.058769][T24026] get_free_pages_noprof+0xc/0x40 [ 1206.058812][T24026] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1206.058845][T24026] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1206.058876][T24026] __apply_to_page_range+0x617/0xd60 [ 1206.058929][T24026] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1206.058963][T24026] ? __pfx___apply_to_page_range+0x10/0x10 [ 1206.059013][T24026] ? alloc_vmap_area+0x872/0x2970 [ 1206.059057][T24026] ? lock_release+0x201/0x2f0 [ 1206.059099][T24026] alloc_vmap_area+0x919/0x2970 [ 1206.059148][T24026] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1206.059197][T24026] __get_vm_area_node+0x1a7/0x300 [ 1206.059246][T24026] __vmalloc_node_range_noprof+0x277/0x1540 [ 1206.059297][T24026] ? __do_sys_listmount+0x1c2/0xed0 [ 1206.059344][T24026] ? plist_check_head+0xa3/0x150 [ 1206.059377][T24026] ? futex_wake+0x432/0x4e0 [ 1206.059416][T24026] ? __do_sys_listmount+0x1c2/0xed0 [ 1206.059462][T24026] ? wake_up_q+0xb0/0x160 [ 1206.059492][T24026] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1206.059552][T24026] __kvmalloc_node_noprof+0x2ff/0x600 [ 1206.059586][T24026] ? __do_sys_listmount+0x1c2/0xed0 [ 1206.059632][T24026] ? __do_sys_listmount+0x1c2/0xed0 [ 1206.059681][T24026] ? __do_sys_listmount+0x1c2/0xed0 [ 1206.059731][T24026] __do_sys_listmount+0x1c2/0xed0 [ 1206.059780][T24026] ? __x64_sys_futex+0x1e0/0x4c0 [ 1206.059808][T24026] ? __x64_sys_futex+0x1e9/0x4c0 [ 1206.059836][T24026] ? __pfx___do_sys_listmount+0x10/0x10 [ 1206.059875][T24026] ? xfd_validate_state+0x5d/0x180 [ 1206.059919][T24026] ? rcu_is_watching+0x12/0xc0 [ 1206.059946][T24026] do_syscall_64+0xcd/0x230 [ 1206.059983][T24026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.060010][T24026] RIP: 0033:0x7f3b2978e969 [ 1206.060031][T24026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1206.060057][T24026] RSP: 002b:00007f3b275d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1206.060084][T24026] RAX: ffffffffffffffda RBX: 00007f3b299b6080 RCX: 00007f3b2978e969 [ 1206.060102][T24026] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1206.060119][T24026] RBP: 00007f3b29810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1206.060135][T24026] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1206.060150][T24026] R13: 0000000000000000 R14: 00007f3b299b6080 R15: 00007ffd7103b008 [ 1206.060175][T24026] [ 1207.824736][T24060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4488'. [ 1208.679932][T24087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4496'. [ 1209.637861][T24107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4501'. [ 1210.054006][T24117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4507'. [ 1211.001865][ T5831] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 1211.916440][T24153] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4519'. [ 1215.992228][T24219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4537'. [ 1216.532572][T24235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4541'. [ 1218.222902][T24258] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4547'. [ 1218.301351][T24255] FAULT_INJECTION: forcing a failure. [ 1218.301351][T24255] name failslab, interval 1, probability 0, space 0, times 0 [ 1218.358374][T24255] CPU: 1 UID: 0 PID: 24255 Comm: syz.2.4545 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1218.358427][T24255] Tainted: [U]=USER [ 1218.358438][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1218.358457][T24255] Call Trace: [ 1218.358466][T24255] [ 1218.358478][T24255] dump_stack_lvl+0x16c/0x1f0 [ 1218.358526][T24255] should_fail_ex+0x512/0x640 [ 1218.358573][T24255] should_failslab+0xc2/0x120 [ 1218.358623][T24255] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1218.358658][T24255] ? security_inode_alloc+0x3b/0x2b0 [ 1218.358694][T24255] security_inode_alloc+0x3b/0x2b0 [ 1218.358727][T24255] inode_init_always_gfp+0xce4/0x1030 [ 1218.358779][T24255] alloc_inode+0x86/0x240 [ 1218.358818][T24255] sock_alloc+0x40/0x280 [ 1218.358855][T24255] __sock_create+0xc1/0x8d0 [ 1218.358900][T24255] __sys_socket+0x14d/0x260 [ 1218.358944][T24255] ? __pfx___sys_socket+0x10/0x10 [ 1218.358989][T24255] ? rcu_is_watching+0x12/0xc0 [ 1218.359022][T24255] __x64_sys_socket+0x72/0xb0 [ 1218.359068][T24255] do_syscall_64+0xcd/0x230 [ 1218.359115][T24255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.359146][T24255] RIP: 0033:0x7f5b4c78e969 [ 1218.359170][T24255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1218.359201][T24255] RSP: 002b:00007f5b4d60b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1218.359232][T24255] RAX: ffffffffffffffda RBX: 00007f5b4c9b6080 RCX: 00007f5b4c78e969 [ 1218.359252][T24255] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1218.359270][T24255] RBP: 00007f5b4c810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1218.359288][T24255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1218.359306][T24255] R13: 0000000000000000 R14: 00007f5b4c9b6080 R15: 00007ffda3b10638 [ 1218.359336][T24255] [ 1218.561928][T24255] socket: no more sockets [ 1218.953178][T24269] FAULT_INJECTION: forcing a failure. [ 1218.953178][T24269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1218.967226][T24267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4551'. [ 1219.027136][T24269] CPU: 1 UID: 0 PID: 24269 Comm: syz.0.4550 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1219.027189][T24269] Tainted: [U]=USER [ 1219.027200][T24269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1219.027218][T24269] Call Trace: [ 1219.027228][T24269] [ 1219.027240][T24269] dump_stack_lvl+0x16c/0x1f0 [ 1219.027286][T24269] should_fail_ex+0x512/0x640 [ 1219.027330][T24269] _copy_to_user+0x32/0xd0 [ 1219.027376][T24269] simple_read_from_buffer+0xcb/0x170 [ 1219.027422][T24269] proc_fail_nth_read+0x197/0x270 [ 1219.027464][T24269] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1219.027506][T24269] ? security_file_permission+0x71/0x210 [ 1219.027554][T24269] ? rw_verify_area+0xcf/0x680 [ 1219.027597][T24269] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1219.027640][T24269] vfs_read+0x1de/0xc70 [ 1219.027668][T24269] ? __pfx___mutex_lock+0x10/0x10 [ 1219.027710][T24269] ? __pfx_vfs_read+0x10/0x10 [ 1219.027736][T24269] ? __fget_files+0x204/0x3c0 [ 1219.027781][T24269] ? rcu_is_watching+0x12/0xc0 [ 1219.027813][T24269] ? __fget_files+0x20e/0x3c0 [ 1219.027864][T24269] ksys_read+0x12a/0x240 [ 1219.027891][T24269] ? __pfx_ksys_read+0x10/0x10 [ 1219.027920][T24269] ? rcu_is_watching+0x12/0xc0 [ 1219.027949][T24269] do_syscall_64+0xcd/0x230 [ 1219.027992][T24269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1219.028023][T24269] RIP: 0033:0x7f579478d37c [ 1219.028046][T24269] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1219.028077][T24269] RSP: 002b:00007f57956b5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1219.028107][T24269] RAX: ffffffffffffffda RBX: 00007f57949b5fa0 RCX: 00007f579478d37c [ 1219.028128][T24269] RDX: 000000000000000f RSI: 00007f57956b50a0 RDI: 0000000000000003 [ 1219.028147][T24269] RBP: 00007f57956b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1219.028171][T24269] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1219.028190][T24269] R13: 0000000000000001 R14: 00007f57949b5fa0 R15: 00007ffd1ea44798 [ 1219.028218][T24269] [ 1220.231351][T24288] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4557'. [ 1220.943622][T24310] FAULT_INJECTION: forcing a failure. [ 1220.943622][T24310] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1221.006199][T24310] CPU: 1 UID: 0 PID: 24310 Comm: syz.0.4561 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1221.006255][T24310] Tainted: [U]=USER [ 1221.006267][T24310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1221.006287][T24310] Call Trace: [ 1221.006297][T24310] [ 1221.006310][T24310] dump_stack_lvl+0x16c/0x1f0 [ 1221.006359][T24310] should_fail_ex+0x512/0x640 [ 1221.006406][T24310] should_fail_alloc_page+0xe7/0x130 [ 1221.006448][T24310] prepare_alloc_pages+0x3c2/0x610 [ 1221.006497][T24310] ? rcu_is_watching+0x12/0xc0 [ 1221.006528][T24310] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1221.006564][T24310] ? __kernel_text_address+0xd/0x40 [ 1221.006616][T24310] ? unwind_get_return_address+0x59/0xa0 [ 1221.006661][T24310] ? arch_stack_walk+0xa6/0x100 [ 1221.006707][T24310] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1221.006745][T24310] ? stack_trace_save+0x8e/0xc0 [ 1221.006778][T24310] ? __pfx_stack_trace_save+0x10/0x10 [ 1221.006810][T24310] ? stack_depot_save_flags+0x28/0xa50 [ 1221.006860][T24310] ? kasan_save_stack+0x42/0x60 [ 1221.006892][T24310] ? kasan_save_stack+0x33/0x60 [ 1221.006923][T24310] ? kasan_save_track+0x14/0x30 [ 1221.006954][T24310] ? __kasan_slab_alloc+0x89/0x90 [ 1221.006988][T24310] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1221.007023][T24310] ? alloc_vmap_area+0xd9a/0x2970 [ 1221.007066][T24310] ? __get_vm_area_node+0x1a7/0x300 [ 1221.007110][T24310] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1221.007161][T24310] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1221.007192][T24310] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1221.007236][T24310] ? policy_nodemask+0xea/0x4e0 [ 1221.007274][T24310] alloc_pages_mpol+0x1fb/0x550 [ 1221.007315][T24310] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1221.007352][T24310] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1221.007391][T24310] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1221.007422][T24310] ? rcu_is_watching+0x12/0xc0 [ 1221.007453][T24310] alloc_pages_noprof+0x131/0x390 [ 1221.007491][T24310] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1221.007523][T24310] get_free_pages_noprof+0xc/0x40 [ 1221.007564][T24310] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1221.007594][T24310] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1221.007625][T24310] __apply_to_page_range+0x617/0xd60 [ 1221.007682][T24310] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1221.007717][T24310] ? __pfx___apply_to_page_range+0x10/0x10 [ 1221.007764][T24310] ? alloc_vmap_area+0x872/0x2970 [ 1221.007807][T24310] ? lock_release+0x201/0x2f0 [ 1221.007848][T24310] alloc_vmap_area+0x919/0x2970 [ 1221.007898][T24310] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1221.007945][T24310] __get_vm_area_node+0x1a7/0x300 [ 1221.007994][T24310] __vmalloc_node_range_noprof+0x277/0x1540 [ 1221.008045][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1221.008094][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1221.008142][T24310] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1221.008199][T24310] __kvmalloc_node_noprof+0x2ff/0x600 [ 1221.008231][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1221.008275][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1221.008321][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1221.008364][T24310] __do_sys_listmount+0x1c2/0xed0 [ 1221.008412][T24310] ? __x64_sys_futex+0x1e0/0x4c0 [ 1221.008457][T24310] ? __x64_sys_futex+0x1e9/0x4c0 [ 1221.008490][T24310] ? __pfx___do_sys_listmount+0x10/0x10 [ 1221.008538][T24310] ? xfd_validate_state+0x5d/0x180 [ 1221.008589][T24310] ? rcu_is_watching+0x12/0xc0 [ 1221.008620][T24310] do_syscall_64+0xcd/0x230 [ 1221.008669][T24310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.008701][T24310] RIP: 0033:0x7f579478e969 [ 1221.008727][T24310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1221.008759][T24310] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1221.008790][T24310] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1221.008811][T24310] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1221.008830][T24310] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1221.008849][T24310] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1221.008868][T24310] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1221.008897][T24310] [ 1221.008948][T24310] warn_alloc: 1 callbacks suppressed [ 1221.008966][T24310] syz.0.4561: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1222.169287][T24310] CPU: 0 UID: 0 PID: 24310 Comm: syz.0.4561 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1222.169341][T24310] Tainted: [U]=USER [ 1222.169353][T24310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1222.169372][T24310] Call Trace: [ 1222.169383][T24310] [ 1222.169395][T24310] dump_stack_lvl+0x16c/0x1f0 [ 1222.169447][T24310] warn_alloc+0x248/0x3a0 [ 1222.169481][T24310] ? __pfx_warn_alloc+0x10/0x10 [ 1222.169517][T24310] ? kfree+0x2b6/0x4d0 [ 1222.169569][T24310] ? __get_vm_area_node+0x1e5/0x300 [ 1222.169633][T24310] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1222.169689][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1222.169728][T24310] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1222.169772][T24310] __kvmalloc_node_noprof+0x2ff/0x600 [ 1222.169796][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1222.169831][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1222.169867][T24310] ? __do_sys_listmount+0x1c2/0xed0 [ 1222.169899][T24310] __do_sys_listmount+0x1c2/0xed0 [ 1222.169936][T24310] ? __x64_sys_futex+0x1e0/0x4c0 [ 1222.169961][T24310] ? __x64_sys_futex+0x1e9/0x4c0 [ 1222.169986][T24310] ? __pfx___do_sys_listmount+0x10/0x10 [ 1222.170021][T24310] ? xfd_validate_state+0x5d/0x180 [ 1222.170062][T24310] ? rcu_is_watching+0x12/0xc0 [ 1222.170086][T24310] do_syscall_64+0xcd/0x230 [ 1222.170136][T24310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.170160][T24310] RIP: 0033:0x7f579478e969 [ 1222.170178][T24310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1222.170201][T24310] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1222.170224][T24310] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1222.170240][T24310] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1222.170255][T24310] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1222.170270][T24310] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1222.170285][T24310] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1222.170308][T24310] [ 1222.170316][T24310] Mem-Info: [ 1222.332584][ C0] vkms_vblank_simulate: vblank timer overrun [ 1222.612374][T24310] active_anon:62052 inactive_anon:0 isolated_anon:0 [ 1222.612374][T24310] active_file:21602 inactive_file:42750 isolated_file:0 [ 1222.612374][T24310] unevictable:768 dirty:917 writeback:0 [ 1222.612374][T24310] slab_reclaimable:11292 slab_unreclaimable:98641 [ 1222.612374][T24310] mapped:45268 shmem:35203 pagetables:956 [ 1222.612374][T24310] sec_pagetables:0 bounce:0 [ 1222.612374][T24310] kernel_misc_reclaimable:0 [ 1222.612374][T24310] free:746891 free_pcp:1237 free_cma:0 [ 1222.612460][T24310] Node 0 active_anon:248208kB inactive_anon:0kB active_file:86408kB inactive_file:170996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:181072kB dirty:3668kB writeback:0kB shmem:139276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10512kB pagetables:3824kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1222.612545][T24310] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1222.612628][T24310] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.612714][T24310] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1222.612774][T24310] Node 0 DMA32 free:1165280kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:248164kB inactive_anon:0kB active_file:86408kB inactive_file:169180kB unevictable:1536kB writepending:3668kB present:3129332kB managed:2544180kB mlocked:0kB bounce:0kB free_pcp:2464kB local_pcp:1840kB free_cma:0kB [ 1222.612862][T24310] lowmem_reserve[]: 0 0 1 1 1 [ 1222.612947][T24310] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:20kB free_cma:0kB [ 1222.613035][T24310] lowmem_reserve[]: 0 0 0 0 0 [ 1222.613091][T24310] Node 1 Normal free:1806908kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2440kB local_pcp:2440kB free_cma:0kB [ 1222.613180][T24310] lowmem_reserve[]: 0 0 0 0 0 [ 1222.613236][T24310] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1222.613433][T24310] Node 0 DMA32: 435*4kB (UME) 431*8kB (UE) 107*16kB (UME) 429*32kB (UME) 402*64kB (UME) 157*128kB (UME) 120*256kB (UME) 92*512kB (UME) 63*1024kB (UME) 13*2048kB (UME) 227*4096kB (UM) = 1165204kB [ 1222.613694][T24310] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1222.613862][T24310] Node 1 Normal: 179*4kB (UME) 68*8kB (UME) 49*16kB (UME) 238*32kB (UME) 104*64kB (UME) 33*128kB (UME) 12*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 8*2048kB (UME) 430*4096kB (M) = 1806908kB [ 1222.614119][T24310] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1222.614146][T24310] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1222.614171][T24310] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 1222.614197][T24310] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1222.614223][T24310] 99655 total pagecache pages [ 1222.614236][T24310] 0 pages in swap cache [ 1222.614255][T24310] Free swap = 124996kB [ 1222.614267][T24310] Total swap = 124996kB [ 1222.614280][T24310] 2097051 pages RAM [ 1222.614291][T24310] 0 pages HighMem/MovableOnly [ 1222.614303][T24310] 428900 pages reserved [ 1222.614314][T24310] 0 pages cma reserved [ 1222.765051][T24326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4568'. [ 1223.033680][ C0] vkms_vblank_simulate: vblank timer overrun [ 1223.176576][ C0] vkms_vblank_simulate: vblank timer overrun [ 1223.426978][ C0] vkms_vblank_simulate: vblank timer overrun [ 1223.583014][ C0] vkms_vblank_simulate: vblank timer overrun [ 1225.778293][T24381] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4581'. [ 1225.892935][T24385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4584'. [ 1225.965392][T24387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4585'. [ 1226.149367][T24393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4589'. [ 1226.167130][T24396] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4588'. [ 1228.096917][T24425] netlink: 266 bytes leftover after parsing attributes in process `syz.3.4595'. [ 1228.131731][T24427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4596'. [ 1228.264249][T24430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4597'. [ 1228.395042][T24437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4599'. [ 1228.507690][T24440] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4600'. [ 1229.515888][T24462] netlink: 266 bytes leftover after parsing attributes in process `syz.1.4608'. [ 1229.544346][T24462] IPv6: NLM_F_CREATE should be specified when creating new route [ 1229.976245][T24469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4609'. [ 1230.058487][T24471] FAULT_INJECTION: forcing a failure. [ 1230.058487][T24471] name failslab, interval 1, probability 0, space 0, times 0 [ 1230.128165][T24471] CPU: 1 UID: 0 PID: 24471 Comm: syz.1.4610 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1230.128217][T24471] Tainted: [U]=USER [ 1230.128227][T24471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1230.128245][T24471] Call Trace: [ 1230.128255][T24471] [ 1230.128266][T24471] dump_stack_lvl+0x16c/0x1f0 [ 1230.128308][T24471] should_fail_ex+0x512/0x640 [ 1230.128352][T24471] should_failslab+0xc2/0x120 [ 1230.128387][T24471] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1230.128437][T24471] ? snd_pcm_oss_change_params_locked+0x211/0x3b40 [ 1230.128483][T24471] ? kasan_save_track+0x14/0x30 [ 1230.128516][T24471] snd_pcm_oss_change_params_locked+0x211/0x3b40 [ 1230.128568][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.128598][T24471] ? __mutex_lock+0x1ca/0xb90 [ 1230.128639][T24471] ? __pfx_stack_trace_save+0x10/0x10 [ 1230.128670][T24471] ? stack_depot_save_flags+0x28/0xa50 [ 1230.128713][T24471] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1230.128760][T24471] ? __pfx___mutex_lock+0x10/0x10 [ 1230.128821][T24471] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 1230.128863][T24471] snd_pcm_oss_set_trigger.isra.0+0x211/0x6b0 [ 1230.128907][T24471] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1230.128950][T24471] snd_pcm_oss_poll+0x549/0xaf0 [ 1230.128986][T24471] ? lock_release+0x201/0x2f0 [ 1230.129026][T24471] ? __pfx___pollwait+0x10/0x10 [ 1230.129076][T24471] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 1230.129121][T24471] ? __fget_files+0x20e/0x3c0 [ 1230.129174][T24471] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 1230.129219][T24471] do_select+0xd67/0x17d0 [ 1230.129281][T24471] ? __pfx_do_select+0x10/0x10 [ 1230.129327][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.129357][T24471] ? unwind_next_frame+0x3f4/0x20a0 [ 1230.129393][T24471] ? __pfx___pollwait+0x10/0x10 [ 1230.129459][T24471] ? __pfx_pollwake+0x10/0x10 [ 1230.129506][T24471] ? __pfx_pollwake+0x10/0x10 [ 1230.129553][T24471] ? __pfx_pollwake+0x10/0x10 [ 1230.129600][T24471] ? __pfx_pollwake+0x10/0x10 [ 1230.129647][T24471] ? __pfx_pollwake+0x10/0x10 [ 1230.129708][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.129738][T24471] ? __might_fault+0xe3/0x190 [ 1230.129773][T24471] ? __might_fault+0x13b/0x190 [ 1230.129816][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.129844][T24471] ? __might_fault+0xe3/0x190 [ 1230.129879][T24471] ? lock_release+0x201/0x2f0 [ 1230.129925][T24471] ? core_sys_select+0x440/0xbe0 [ 1230.129973][T24471] core_sys_select+0x440/0xbe0 [ 1230.130026][T24471] ? __pfx_core_sys_select+0x10/0x10 [ 1230.130079][T24471] ? proc_fail_nth_write+0x9f/0x250 [ 1230.130139][T24471] ? __fget_files+0x204/0x3c0 [ 1230.130186][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.130216][T24471] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1230.130268][T24471] kern_select+0x15d/0x1e0 [ 1230.130316][T24471] ? __pfx_kern_select+0x10/0x10 [ 1230.130367][T24471] ? __pfx_ksys_write+0x10/0x10 [ 1230.130397][T24471] ? rcu_is_watching+0x12/0xc0 [ 1230.130429][T24471] __x64_sys_select+0xbd/0x160 [ 1230.130479][T24471] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1230.130524][T24471] do_syscall_64+0xcd/0x230 [ 1230.130569][T24471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.130603][T24471] RIP: 0033:0x7f5d1fb8e969 [ 1230.130629][T24471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1230.130661][T24471] RSP: 002b:00007f5d1d9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1230.130692][T24471] RAX: ffffffffffffffda RBX: 00007f5d1fdb5fa0 RCX: 00007f5d1fb8e969 [ 1230.130714][T24471] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1230.130734][T24471] RBP: 00007f5d1d9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1230.130754][T24471] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 1230.130774][T24471] R13: 0000000000000000 R14: 00007f5d1fdb5fa0 R15: 00007ffe74051e88 [ 1230.130812][T24471] [ 1230.316638][T24476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4611'. [ 1230.425988][T24478] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4612'. [ 1231.243353][T24507] FAULT_INJECTION: forcing a failure. [ 1231.243353][T24507] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1231.468562][T24507] CPU: 1 UID: 0 PID: 24507 Comm: syz.0.4619 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1231.468621][T24507] Tainted: [U]=USER [ 1231.468632][T24507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1231.468652][T24507] Call Trace: [ 1231.468662][T24507] [ 1231.468674][T24507] dump_stack_lvl+0x16c/0x1f0 [ 1231.468723][T24507] should_fail_ex+0x512/0x640 [ 1231.468772][T24507] should_fail_alloc_page+0xe7/0x130 [ 1231.468811][T24507] prepare_alloc_pages+0x3c2/0x610 [ 1231.468858][T24507] ? rcu_is_watching+0x12/0xc0 [ 1231.468889][T24507] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1231.468926][T24507] ? __kernel_text_address+0xd/0x40 [ 1231.468976][T24507] ? unwind_get_return_address+0x59/0xa0 [ 1231.469012][T24507] ? arch_stack_walk+0xa6/0x100 [ 1231.469053][T24507] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1231.469093][T24507] ? stack_trace_save+0x8e/0xc0 [ 1231.469127][T24507] ? __pfx_stack_trace_save+0x10/0x10 [ 1231.469160][T24507] ? stack_depot_save_flags+0x28/0xa50 [ 1231.469208][T24507] ? kasan_save_stack+0x42/0x60 [ 1231.469241][T24507] ? kasan_save_stack+0x33/0x60 [ 1231.469273][T24507] ? kasan_save_track+0x14/0x30 [ 1231.469317][T24507] ? __kasan_slab_alloc+0x89/0x90 [ 1231.469350][T24507] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1231.469385][T24507] ? alloc_vmap_area+0x613/0x2970 [ 1231.469433][T24507] ? __get_vm_area_node+0x1a7/0x300 [ 1231.469477][T24507] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1231.469533][T24507] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1231.469565][T24507] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1231.469608][T24507] ? policy_nodemask+0xea/0x4e0 [ 1231.469646][T24507] alloc_pages_mpol+0x1fb/0x550 [ 1231.469685][T24507] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1231.469722][T24507] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1231.469761][T24507] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1231.469793][T24507] ? rcu_is_watching+0x12/0xc0 [ 1231.469824][T24507] alloc_pages_noprof+0x131/0x390 [ 1231.469863][T24507] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1231.469893][T24507] get_free_pages_noprof+0xc/0x40 [ 1231.469933][T24507] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1231.469966][T24507] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1231.469998][T24507] __apply_to_page_range+0x617/0xd60 [ 1231.470049][T24507] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1231.470084][T24507] ? __pfx___apply_to_page_range+0x10/0x10 [ 1231.470133][T24507] ? alloc_vmap_area+0x872/0x2970 [ 1231.470177][T24507] ? lock_release+0x201/0x2f0 [ 1231.470221][T24507] alloc_vmap_area+0x919/0x2970 [ 1231.470271][T24507] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1231.470320][T24507] __get_vm_area_node+0x1a7/0x300 [ 1231.470371][T24507] __vmalloc_node_range_noprof+0x277/0x1540 [ 1231.470423][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.470474][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.470533][T24507] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1231.470591][T24507] __kvmalloc_node_noprof+0x2ff/0x600 [ 1231.470625][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.470671][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.470719][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.470765][T24507] __do_sys_listmount+0x1c2/0xed0 [ 1231.470814][T24507] ? __x64_sys_futex+0x1e0/0x4c0 [ 1231.470848][T24507] ? __x64_sys_futex+0x1e9/0x4c0 [ 1231.470883][T24507] ? __pfx___do_sys_listmount+0x10/0x10 [ 1231.470929][T24507] ? xfd_validate_state+0x5d/0x180 [ 1231.470984][T24507] ? rcu_is_watching+0x12/0xc0 [ 1231.471016][T24507] do_syscall_64+0xcd/0x230 [ 1231.471060][T24507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.471092][T24507] RIP: 0033:0x7f579478e969 [ 1231.471118][T24507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1231.471152][T24507] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1231.471183][T24507] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1231.471206][T24507] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1231.471225][T24507] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1231.471245][T24507] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1231.471264][T24507] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1231.471295][T24507] [ 1231.945723][T24507] syz.0.4619: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1231.965181][T24507] CPU: 0 UID: 0 PID: 24507 Comm: syz.0.4619 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1231.965241][T24507] Tainted: [U]=USER [ 1231.965253][T24507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1231.965273][T24507] Call Trace: [ 1231.965283][T24507] [ 1231.965295][T24507] dump_stack_lvl+0x16c/0x1f0 [ 1231.965342][T24507] warn_alloc+0x248/0x3a0 [ 1231.965377][T24507] ? __pfx_warn_alloc+0x10/0x10 [ 1231.965411][T24507] ? kfree+0x2b6/0x4d0 [ 1231.965476][T24507] ? __get_vm_area_node+0x1e5/0x300 [ 1231.965534][T24507] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1231.965591][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.965638][T24507] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1231.965716][T24507] __kvmalloc_node_noprof+0x2ff/0x600 [ 1231.965749][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.965795][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.965844][T24507] ? __do_sys_listmount+0x1c2/0xed0 [ 1231.965887][T24507] __do_sys_listmount+0x1c2/0xed0 [ 1231.965936][T24507] ? __x64_sys_futex+0x1e0/0x4c0 [ 1231.965969][T24507] ? __x64_sys_futex+0x1e9/0x4c0 [ 1231.966003][T24507] ? __pfx___do_sys_listmount+0x10/0x10 [ 1231.966049][T24507] ? xfd_validate_state+0x5d/0x180 [ 1231.966102][T24507] ? rcu_is_watching+0x12/0xc0 [ 1231.966134][T24507] do_syscall_64+0xcd/0x230 [ 1231.966179][T24507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.966211][T24507] RIP: 0033:0x7f579478e969 [ 1231.966235][T24507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1231.966269][T24507] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1231.966301][T24507] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1231.966322][T24507] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1231.966342][T24507] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1231.966360][T24507] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1231.966379][T24507] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1231.966408][T24507] [ 1231.966421][T24507] Mem-Info: [ 1232.129175][ C0] vkms_vblank_simulate: vblank timer overrun [ 1232.382542][T24507] active_anon:45609 inactive_anon:0 isolated_anon:0 [ 1232.382542][T24507] active_file:21713 inactive_file:42754 isolated_file:0 [ 1232.382542][T24507] unevictable:768 dirty:772 writeback:219 [ 1232.382542][T24507] slab_reclaimable:11284 slab_unreclaimable:98416 [ 1232.382542][T24507] mapped:31961 shmem:18589 pagetables:975 [ 1232.382542][T24507] sec_pagetables:0 bounce:0 [ 1232.382542][T24507] kernel_misc_reclaimable:0 [ 1232.382542][T24507] free:752675 free_pcp:10438 free_cma:0 [ 1232.456356][T24507] Node 0 active_anon:180836kB inactive_anon:0kB active_file:86852kB inactive_file:171012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127844kB dirty:3088kB writeback:76kB shmem:71220kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10772kB pagetables:3700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1232.490047][ C0] vkms_vblank_simulate: vblank timer overrun [ 1232.498960][T24507] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1232.530075][ C0] vkms_vblank_simulate: vblank timer overrun [ 1232.536579][T24507] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1232.563658][ C0] vkms_vblank_simulate: vblank timer overrun [ 1232.846304][T24507] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1232.846369][T24507] Node 0 DMA32 free:1251852kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:150892kB inactive_anon:0kB active_file:83152kB inactive_file:169196kB unevictable:1536kB writepending:3164kB present:3129332kB managed:2544180kB mlocked:0kB bounce:0kB free_pcp:15468kB local_pcp:9728kB free_cma:0kB [ 1232.846452][T24507] lowmem_reserve[]: 0 0 1 1 1 [ 1232.846504][T24507] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:20kB free_cma:0kB [ 1232.846584][T24507] lowmem_reserve[]: 0 0 0 0 0 [ 1232.846644][T24507] Node 1 Normal free:1806656kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2696kB local_pcp:2444kB free_cma:0kB [ 1232.846727][T24507] lowmem_reserve[]: 0 0 0 0 0 [ 1232.846779][T24507] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1232.846947][T24507] Node 0 DMA32: 3577*4kB (UME) 885*8kB (UME) 502*16kB (UME) 463*32kB (UME) 845*64kB (UME) 404*128kB (UME) 252*256kB (UME) 126*512kB (UME) 74*1024kB (UME) 8*2048kB (UME) 215*4096kB (UM) = 1251852kB [ 1232.847142][T24507] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1232.847258][T24507] Node 1 Normal: 178*4kB (UE) 67*8kB (UE) 48*16kB (UE) 237*32kB (UE) 103*64kB (UE) 32*128kB (UE) 12*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 8*2048kB (UME) 430*4096kB (M) = 1806656kB [ 1232.847438][T24507] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1232.847456][T24507] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1232.847474][T24507] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 1232.847493][T24507] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1232.847511][T24507] 74306 total pagecache pages [ 1232.847520][T24507] 0 pages in swap cache [ 1232.847528][T24507] Free swap = 124996kB [ 1232.847536][T24507] Total swap = 124996kB [ 1232.847545][T24507] 2097051 pages RAM [ 1232.847552][T24507] 0 pages HighMem/MovableOnly [ 1232.847560][T24507] 428900 pages reserved [ 1232.847568][T24507] 0 pages cma reserved [ 1233.205458][ C0] vkms_vblank_simulate: vblank timer overrun [ 1233.233514][T24520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4623'. [ 1233.318957][T24526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4625'. [ 1233.518246][T24535] FAULT_INJECTION: forcing a failure. [ 1233.518246][T24535] name failslab, interval 1, probability 0, space 0, times 0 [ 1233.518293][T24535] CPU: 0 UID: 0 PID: 24535 Comm: syz.3.4628 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1233.518339][T24535] Tainted: [U]=USER [ 1233.518349][T24535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1233.518368][T24535] Call Trace: [ 1233.518377][T24535] [ 1233.518388][T24535] dump_stack_lvl+0x16c/0x1f0 [ 1233.518432][T24535] should_fail_ex+0x512/0x640 [ 1233.518478][T24535] should_failslab+0xc2/0x120 [ 1233.518523][T24535] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1233.518558][T24535] ? copy_net_ns+0xe8/0x5f0 [ 1233.518598][T24535] copy_net_ns+0xe8/0x5f0 [ 1233.518640][T24535] ? copy_cgroup_ns+0xa4/0x6f0 [ 1233.518670][T24535] create_new_namespaces+0x3ea/0xad0 [ 1233.518708][T24535] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1233.518741][T24535] ksys_unshare+0x45b/0xa40 [ 1233.518783][T24535] ? __pfx_ksys_unshare+0x10/0x10 [ 1233.518824][T24535] ? ksys_write+0x1b9/0x240 [ 1233.518852][T24535] ? rcu_is_watching+0x12/0xc0 [ 1233.518881][T24535] ? rcu_is_watching+0x12/0xc0 [ 1233.518911][T24535] __x64_sys_unshare+0x31/0x40 [ 1233.518952][T24535] do_syscall_64+0xcd/0x230 [ 1233.518993][T24535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1233.519025][T24535] RIP: 0033:0x7f3b2978e969 [ 1233.519048][T24535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1233.519079][T24535] RSP: 002b:00007f3b275f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1233.519106][T24535] RAX: ffffffffffffffda RBX: 00007f3b299b5fa0 RCX: 00007f3b2978e969 [ 1233.519126][T24535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1233.519144][T24535] RBP: 00007f3b275f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1233.519161][T24535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1233.519178][T24535] R13: 0000000000000000 R14: 00007f3b299b5fa0 R15: 00007ffd7103b008 [ 1233.519206][T24535] [ 1234.204195][T24553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4634'. [ 1235.825273][T24579] FAULT_INJECTION: forcing a failure. [ 1235.825273][T24579] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1235.856374][T24579] CPU: 0 UID: 0 PID: 24579 Comm: syz.2.4642 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1235.856425][T24579] Tainted: [U]=USER [ 1235.856435][T24579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1235.856454][T24579] Call Trace: [ 1235.856462][T24579] [ 1235.856474][T24579] dump_stack_lvl+0x16c/0x1f0 [ 1235.856518][T24579] should_fail_ex+0x512/0x640 [ 1235.856562][T24579] should_fail_alloc_page+0xe7/0x130 [ 1235.856601][T24579] prepare_alloc_pages+0x3c2/0x610 [ 1235.856648][T24579] ? rcu_is_watching+0x12/0xc0 [ 1235.856677][T24579] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1235.856715][T24579] ? __kernel_text_address+0xd/0x40 [ 1235.856765][T24579] ? unwind_get_return_address+0x59/0xa0 [ 1235.856801][T24579] ? arch_stack_walk+0xa6/0x100 [ 1235.856842][T24579] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1235.856879][T24579] ? stack_trace_save+0x8e/0xc0 [ 1235.856910][T24579] ? __pfx_stack_trace_save+0x10/0x10 [ 1235.856941][T24579] ? stack_depot_save_flags+0x28/0xa50 [ 1235.856990][T24579] ? kasan_save_stack+0x42/0x60 [ 1235.857021][T24579] ? kasan_save_stack+0x33/0x60 [ 1235.857052][T24579] ? kasan_save_track+0x14/0x30 [ 1235.857082][T24579] ? __kasan_slab_alloc+0x89/0x90 [ 1235.857137][T24579] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1235.857171][T24579] ? alloc_vmap_area+0xd9a/0x2970 [ 1235.857212][T24579] ? __get_vm_area_node+0x1a7/0x300 [ 1235.857255][T24579] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1235.857303][T24579] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1235.857334][T24579] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1235.857378][T24579] ? policy_nodemask+0xea/0x4e0 [ 1235.857415][T24579] alloc_pages_mpol+0x1fb/0x550 [ 1235.857452][T24579] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1235.857487][T24579] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1235.857524][T24579] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1235.857555][T24579] ? rcu_is_watching+0x12/0xc0 [ 1235.857585][T24579] alloc_pages_noprof+0x131/0x390 [ 1235.857641][T24579] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1235.857673][T24579] get_free_pages_noprof+0xc/0x40 [ 1235.857716][T24579] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1235.857748][T24579] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1235.857778][T24579] __apply_to_page_range+0x617/0xd60 [ 1235.857830][T24579] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1235.857865][T24579] ? __pfx___apply_to_page_range+0x10/0x10 [ 1235.857915][T24579] ? alloc_vmap_area+0x872/0x2970 [ 1235.857959][T24579] ? lock_release+0x201/0x2f0 [ 1235.858002][T24579] alloc_vmap_area+0x919/0x2970 [ 1235.858054][T24579] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1235.858114][T24579] __get_vm_area_node+0x1a7/0x300 [ 1235.858167][T24579] __vmalloc_node_range_noprof+0x277/0x1540 [ 1235.858221][T24579] ? __do_sys_listmount+0x1c2/0xed0 [ 1235.858271][T24579] ? plist_check_head+0xa3/0x150 [ 1235.858305][T24579] ? futex_wake+0x432/0x4e0 [ 1235.858343][T24579] ? __do_sys_listmount+0x1c2/0xed0 [ 1235.858389][T24579] ? wake_up_q+0xb0/0x160 [ 1235.858420][T24579] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1235.858481][T24579] __kvmalloc_node_noprof+0x2ff/0x600 [ 1235.858514][T24579] ? __do_sys_listmount+0x1c2/0xed0 [ 1235.858560][T24579] ? __do_sys_listmount+0x1c2/0xed0 [ 1235.858610][T24579] ? __do_sys_listmount+0x1c2/0xed0 [ 1235.858654][T24579] __do_sys_listmount+0x1c2/0xed0 [ 1235.858703][T24579] ? __x64_sys_futex+0x1e0/0x4c0 [ 1235.858736][T24579] ? __x64_sys_futex+0x1e9/0x4c0 [ 1235.858771][T24579] ? __pfx___do_sys_listmount+0x10/0x10 [ 1235.858817][T24579] ? xfd_validate_state+0x5d/0x180 [ 1235.858872][T24579] ? rcu_is_watching+0x12/0xc0 [ 1235.858904][T24579] do_syscall_64+0xcd/0x230 [ 1235.858950][T24579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.858983][T24579] RIP: 0033:0x7f5b4c78e969 [ 1235.859008][T24579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1235.859042][T24579] RSP: 002b:00007f5b4d60b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1235.859079][T24579] RAX: ffffffffffffffda RBX: 00007f5b4c9b6080 RCX: 00007f5b4c78e969 [ 1235.859108][T24579] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1235.859128][T24579] RBP: 00007f5b4c810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1235.859148][T24579] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1235.859169][T24579] R13: 0000000000000000 R14: 00007f5b4c9b6080 R15: 00007ffda3b10638 [ 1235.859196][T24579] [ 1236.290112][ C0] vkms_vblank_simulate: vblank timer overrun [ 1236.816243][T24580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4644'. [ 1237.004295][T24591] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4647'. [ 1237.034323][T24593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4648'. [ 1237.263432][T24601] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4653'. [ 1237.393453][T24604] FAULT_INJECTION: forcing a failure. [ 1237.393453][T24604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1237.497351][T24604] CPU: 1 UID: 0 PID: 24604 Comm: syz.3.4654 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1237.497391][T24604] Tainted: [U]=USER [ 1237.497398][T24604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1237.497412][T24604] Call Trace: [ 1237.497419][T24604] [ 1237.497427][T24604] dump_stack_lvl+0x16c/0x1f0 [ 1237.497461][T24604] should_fail_ex+0x512/0x640 [ 1237.497493][T24604] _copy_from_user+0x2e/0xd0 [ 1237.497526][T24604] copy_msghdr_from_user+0x98/0x160 [ 1237.497550][T24604] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1237.497576][T24604] ? __pfx__kstrtoull+0x10/0x10 [ 1237.497599][T24604] ? aa_file_perm+0x4c7/0xfb0 [ 1237.497629][T24604] ___sys_sendmsg+0xfe/0x1d0 [ 1237.497651][T24604] ? __pfx____sys_sendmsg+0x10/0x10 [ 1237.497678][T24604] ? rcu_is_watching+0x12/0xc0 [ 1237.497707][T24604] __sys_sendmmsg+0x200/0x420 [ 1237.497731][T24604] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1237.497753][T24604] ? lock_release+0x201/0x2f0 [ 1237.497784][T24604] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1237.497820][T24604] ? fput+0x70/0xf0 [ 1237.497843][T24604] ? ksys_write+0x1b9/0x240 [ 1237.497863][T24604] ? __pfx_ksys_write+0x10/0x10 [ 1237.497883][T24604] ? rcu_is_watching+0x12/0xc0 [ 1237.497905][T24604] __x64_sys_sendmmsg+0x9c/0x100 [ 1237.497929][T24604] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1237.497960][T24604] do_syscall_64+0xcd/0x230 [ 1237.497991][T24604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1237.498032][T24604] RIP: 0033:0x7f3b2978e969 [ 1237.498050][T24604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1237.498073][T24604] RSP: 002b:00007f3b275f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1237.498095][T24604] RAX: ffffffffffffffda RBX: 00007f3b299b5fa0 RCX: 00007f3b2978e969 [ 1237.498111][T24604] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 1237.498125][T24604] RBP: 00007f3b275f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1237.498146][T24604] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 1237.498160][T24604] R13: 0000000000000000 R14: 00007f3b299b5fa0 R15: 00007ffd7103b008 [ 1237.498182][T24604] [ 1237.772536][T24612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4657'. [ 1238.467372][T24634] FAULT_INJECTION: forcing a failure. [ 1238.467372][T24634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1239.079694][T24634] CPU: 0 UID: 0 PID: 24634 Comm: syz.0.4663 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1239.079746][T24634] Tainted: [U]=USER [ 1239.079757][T24634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1239.079777][T24634] Call Trace: [ 1239.079794][T24634] [ 1239.079807][T24634] dump_stack_lvl+0x16c/0x1f0 [ 1239.079853][T24634] should_fail_ex+0x512/0x640 [ 1239.079900][T24634] _copy_from_user+0x2e/0xd0 [ 1239.079946][T24634] copy_msghdr_from_user+0x98/0x160 [ 1239.079980][T24634] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1239.080017][T24634] ? __pfx__kstrtoull+0x10/0x10 [ 1239.080051][T24634] ? aa_file_perm+0x4c7/0xfb0 [ 1239.080094][T24634] ___sys_sendmsg+0xfe/0x1d0 [ 1239.080126][T24634] ? __pfx____sys_sendmsg+0x10/0x10 [ 1239.080165][T24634] ? rcu_is_watching+0x12/0xc0 [ 1239.080207][T24634] __sys_sendmmsg+0x200/0x420 [ 1239.080242][T24634] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1239.080274][T24634] ? lock_release+0x201/0x2f0 [ 1239.080319][T24634] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1239.080370][T24634] ? fput+0x70/0xf0 [ 1239.080405][T24634] ? ksys_write+0x1b9/0x240 [ 1239.080432][T24634] ? __pfx_ksys_write+0x10/0x10 [ 1239.080459][T24634] ? rcu_is_watching+0x12/0xc0 [ 1239.080489][T24634] __x64_sys_sendmmsg+0x9c/0x100 [ 1239.080521][T24634] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1239.080563][T24634] do_syscall_64+0xcd/0x230 [ 1239.080605][T24634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.080636][T24634] RIP: 0033:0x7f579478e969 [ 1239.080659][T24634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1239.080691][T24634] RSP: 002b:00007f57956b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1239.080721][T24634] RAX: ffffffffffffffda RBX: 00007f57949b5fa0 RCX: 00007f579478e969 [ 1239.080741][T24634] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1239.080760][T24634] RBP: 00007f57956b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1239.080778][T24634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1239.080805][T24634] R13: 0000000000000000 R14: 00007f57949b5fa0 R15: 00007ffd1ea44798 [ 1239.080835][T24634] [ 1239.307195][ C0] vkms_vblank_simulate: vblank timer overrun [ 1239.644282][T24638] FAULT_INJECTION: forcing a failure. [ 1239.644282][T24638] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1239.662485][T24638] CPU: 0 UID: 0 PID: 24638 Comm: syz.2.4664 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1239.662526][T24638] Tainted: [U]=USER [ 1239.662534][T24638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1239.662549][T24638] Call Trace: [ 1239.662557][T24638] [ 1239.662565][T24638] dump_stack_lvl+0x16c/0x1f0 [ 1239.662602][T24638] should_fail_ex+0x512/0x640 [ 1239.662639][T24638] should_fail_alloc_page+0xe7/0x130 [ 1239.662683][T24638] prepare_alloc_pages+0x3c2/0x610 [ 1239.662718][T24638] ? rcu_is_watching+0x12/0xc0 [ 1239.662740][T24638] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1239.662766][T24638] ? __kernel_text_address+0xd/0x40 [ 1239.662803][T24638] ? unwind_get_return_address+0x59/0xa0 [ 1239.662829][T24638] ? arch_stack_walk+0xa6/0x100 [ 1239.662859][T24638] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1239.662886][T24638] ? stack_trace_save+0x8e/0xc0 [ 1239.662908][T24638] ? __pfx_stack_trace_save+0x10/0x10 [ 1239.662931][T24638] ? stack_depot_save_flags+0x28/0xa50 [ 1239.662967][T24638] ? kasan_save_stack+0x42/0x60 [ 1239.662998][T24638] ? kasan_save_stack+0x33/0x60 [ 1239.663020][T24638] ? kasan_save_track+0x14/0x30 [ 1239.663043][T24638] ? __kasan_slab_alloc+0x89/0x90 [ 1239.663068][T24638] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1239.663094][T24638] ? alloc_vmap_area+0xd9a/0x2970 [ 1239.663125][T24638] ? __get_vm_area_node+0x1a7/0x300 [ 1239.663158][T24638] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1239.663194][T24638] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1239.663216][T24638] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1239.663247][T24638] ? policy_nodemask+0xea/0x4e0 [ 1239.663275][T24638] alloc_pages_mpol+0x1fb/0x550 [ 1239.663302][T24638] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1239.663328][T24638] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1239.663356][T24638] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1239.663378][T24638] ? rcu_is_watching+0x12/0xc0 [ 1239.663399][T24638] alloc_pages_noprof+0x131/0x390 [ 1239.663426][T24638] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1239.663449][T24638] get_free_pages_noprof+0xc/0x40 [ 1239.663478][T24638] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1239.663501][T24638] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1239.663523][T24638] __apply_to_page_range+0x617/0xd60 [ 1239.663561][T24638] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1239.663585][T24638] ? __pfx___apply_to_page_range+0x10/0x10 [ 1239.663620][T24638] ? alloc_vmap_area+0x872/0x2970 [ 1239.663651][T24638] ? lock_release+0x201/0x2f0 [ 1239.663682][T24638] alloc_vmap_area+0x919/0x2970 [ 1239.663719][T24638] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1239.663754][T24638] __get_vm_area_node+0x1a7/0x300 [ 1239.663791][T24638] __vmalloc_node_range_noprof+0x277/0x1540 [ 1239.663828][T24638] ? __do_sys_listmount+0x1c2/0xed0 [ 1239.663863][T24638] ? plist_check_head+0xa3/0x150 [ 1239.663886][T24638] ? futex_wake+0x432/0x4e0 [ 1239.663914][T24638] ? __do_sys_listmount+0x1c2/0xed0 [ 1239.663947][T24638] ? wake_up_q+0xb0/0x160 [ 1239.663968][T24638] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1239.664018][T24638] __kvmalloc_node_noprof+0x2ff/0x600 [ 1239.664042][T24638] ? __do_sys_listmount+0x1c2/0xed0 [ 1239.664076][T24638] ? __do_sys_listmount+0x1c2/0xed0 [ 1239.664111][T24638] ? __do_sys_listmount+0x1c2/0xed0 [ 1239.664143][T24638] __do_sys_listmount+0x1c2/0xed0 [ 1239.664178][T24638] ? __x64_sys_futex+0x1e0/0x4c0 [ 1239.664202][T24638] ? __x64_sys_futex+0x1e9/0x4c0 [ 1239.664226][T24638] ? __pfx___do_sys_listmount+0x10/0x10 [ 1239.664259][T24638] ? xfd_validate_state+0x5d/0x180 [ 1239.664298][T24638] ? rcu_is_watching+0x12/0xc0 [ 1239.664320][T24638] do_syscall_64+0xcd/0x230 [ 1239.664353][T24638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.664376][T24638] RIP: 0033:0x7f5b4c78e969 [ 1239.664394][T24638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1239.664417][T24638] RSP: 002b:00007f5b4d60b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1239.664440][T24638] RAX: ffffffffffffffda RBX: 00007f5b4c9b6080 RCX: 00007f5b4c78e969 [ 1239.664456][T24638] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1239.664470][T24638] RBP: 00007f5b4c810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1239.664486][T24638] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1239.664500][T24638] R13: 0000000000000000 R14: 00007f5b4c9b6080 R15: 00007ffda3b10638 [ 1239.664522][T24638] [ 1240.099286][ C0] vkms_vblank_simulate: vblank timer overrun [ 1240.338035][T24649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4668'. [ 1240.368810][T24648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4669'. [ 1240.685762][ T5831] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 1240.695919][T24660] FAULT_INJECTION: forcing a failure. [ 1240.695919][T24660] name failslab, interval 1, probability 0, space 0, times 0 [ 1240.740648][T24660] CPU: 0 UID: 0 PID: 24660 Comm: syz.3.4674 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1240.740697][T24660] Tainted: [U]=USER [ 1240.740708][T24660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1240.740726][T24660] Call Trace: [ 1240.740736][T24660] [ 1240.740747][T24660] dump_stack_lvl+0x16c/0x1f0 [ 1240.740793][T24660] should_fail_ex+0x512/0x640 [ 1240.740836][T24660] should_failslab+0xc2/0x120 [ 1240.740873][T24660] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1240.740907][T24660] ? trace_cap_capable+0x18d/0x200 [ 1240.740935][T24660] ? create_new_namespaces+0x30/0xad0 [ 1240.740971][T24660] create_new_namespaces+0x30/0xad0 [ 1240.741004][T24660] ? bpf_lsm_capable+0x9/0x10 [ 1240.741035][T24660] ? security_capable+0x7e/0x260 [ 1240.741083][T24660] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1240.741120][T24660] ksys_unshare+0x45b/0xa40 [ 1240.741163][T24660] ? __pfx_ksys_unshare+0x10/0x10 [ 1240.741203][T24660] ? ksys_write+0x1b9/0x240 [ 1240.741231][T24660] ? rcu_is_watching+0x12/0xc0 [ 1240.741259][T24660] ? rcu_is_watching+0x12/0xc0 [ 1240.741289][T24660] __x64_sys_unshare+0x31/0x40 [ 1240.741330][T24660] do_syscall_64+0xcd/0x230 [ 1240.741372][T24660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1240.741403][T24660] RIP: 0033:0x7f3b2978e969 [ 1240.741425][T24660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1240.741456][T24660] RSP: 002b:00007f3b275f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1240.741485][T24660] RAX: ffffffffffffffda RBX: 00007f3b299b5fa0 RCX: 00007f3b2978e969 [ 1240.741505][T24660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 1240.741523][T24660] RBP: 00007f3b275f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1240.741541][T24660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1240.741558][T24660] R13: 0000000000000000 R14: 00007f3b299b5fa0 R15: 00007ffd7103b008 [ 1240.741586][T24660] [ 1240.947108][ C0] vkms_vblank_simulate: vblank timer overrun [ 1241.002553][T24664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4676'. [ 1241.272998][T24673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4680'. [ 1241.311529][T24677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4682'. [ 1241.324442][T24679] FAULT_INJECTION: forcing a failure. [ 1241.324442][T24679] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.340260][T24679] CPU: 0 UID: 0 PID: 24679 Comm: syz.1.4683 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1241.340309][T24679] Tainted: [U]=USER [ 1241.340320][T24679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1241.340338][T24679] Call Trace: [ 1241.340347][T24679] [ 1241.340359][T24679] dump_stack_lvl+0x16c/0x1f0 [ 1241.340403][T24679] should_fail_ex+0x512/0x640 [ 1241.340448][T24679] should_failslab+0xc2/0x120 [ 1241.340486][T24679] __kvmalloc_node_noprof+0x135/0x600 [ 1241.340518][T24679] ? kstrtouint_from_user+0x13c/0x1d0 [ 1241.340551][T24679] ? seq_read_iter+0x826/0x12c0 [ 1241.340599][T24679] ? seq_read_iter+0x826/0x12c0 [ 1241.340639][T24679] seq_read_iter+0x826/0x12c0 [ 1241.340680][T24679] ? lock_release+0x201/0x2f0 [ 1241.340719][T24679] ? __mutex_trylock_common+0xe9/0x250 [ 1241.340762][T24679] ? apparmor_file_permission+0x251/0x400 [ 1241.340799][T24679] kernfs_fop_read_iter+0x40f/0x5a0 [ 1241.340845][T24679] ? rw_verify_area+0xcf/0x680 [ 1241.340888][T24679] ? trace_contention_end+0xdd/0x130 [ 1241.340931][T24679] vfs_read+0x8c8/0xc70 [ 1241.340961][T24679] ? __pfx___mutex_lock+0x10/0x10 [ 1241.341001][T24679] ? __pfx_vfs_read+0x10/0x10 [ 1241.341041][T24679] ksys_read+0x12a/0x240 [ 1241.341067][T24679] ? __pfx_ksys_read+0x10/0x10 [ 1241.341094][T24679] ? rcu_is_watching+0x12/0xc0 [ 1241.341122][T24679] ? rcu_is_watching+0x12/0xc0 [ 1241.341153][T24679] do_syscall_64+0xcd/0x230 [ 1241.341197][T24679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.341228][T24679] RIP: 0033:0x7f5d1fb8e969 [ 1241.341252][T24679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1241.341283][T24679] RSP: 002b:00007f5d1d9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1241.341313][T24679] RAX: ffffffffffffffda RBX: 00007f5d1fdb5fa0 RCX: 00007f5d1fb8e969 [ 1241.341332][T24679] RDX: 0000000000001018 RSI: 0000200000002140 RDI: 0000000000000003 [ 1241.341352][T24679] RBP: 00007f5d1d9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1241.341370][T24679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1241.341388][T24679] R13: 0000000000000000 R14: 00007f5d1fdb5fa0 R15: 00007ffe74051e88 [ 1241.341415][T24679] [ 1241.572413][ C0] vkms_vblank_simulate: vblank timer overrun [ 1241.628584][ T5831] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 1241.836451][T24691] FAULT_INJECTION: forcing a failure. [ 1241.836451][T24691] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1241.916335][T24691] CPU: 1 UID: 0 PID: 24691 Comm: syz.0.4686 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1241.916394][T24691] Tainted: [U]=USER [ 1241.916405][T24691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1241.916425][T24691] Call Trace: [ 1241.916436][T24691] [ 1241.916447][T24691] dump_stack_lvl+0x16c/0x1f0 [ 1241.916492][T24691] should_fail_ex+0x512/0x640 [ 1241.916536][T24691] should_fail_alloc_page+0xe7/0x130 [ 1241.916577][T24691] prepare_alloc_pages+0x3c2/0x610 [ 1241.916625][T24691] ? rcu_is_watching+0x12/0xc0 [ 1241.916655][T24691] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1241.916688][T24691] ? __kernel_text_address+0xd/0x40 [ 1241.916731][T24691] ? unwind_get_return_address+0x59/0xa0 [ 1241.916773][T24691] ? arch_stack_walk+0xa6/0x100 [ 1241.916816][T24691] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1241.916848][T24691] ? stack_trace_save+0x8e/0xc0 [ 1241.916875][T24691] ? __pfx_stack_trace_save+0x10/0x10 [ 1241.916901][T24691] ? stack_depot_save_flags+0x28/0xa50 [ 1241.916943][T24691] ? kasan_save_stack+0x42/0x60 [ 1241.916969][T24691] ? kasan_save_stack+0x33/0x60 [ 1241.916995][T24691] ? kasan_save_track+0x14/0x30 [ 1241.917021][T24691] ? __kasan_slab_alloc+0x89/0x90 [ 1241.917048][T24691] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1241.917077][T24691] ? alloc_vmap_area+0x613/0x2970 [ 1241.917112][T24691] ? __get_vm_area_node+0x1a7/0x300 [ 1241.917150][T24691] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1241.917192][T24691] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1241.917217][T24691] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1241.917254][T24691] ? policy_nodemask+0xea/0x4e0 [ 1241.917287][T24691] alloc_pages_mpol+0x1fb/0x550 [ 1241.917318][T24691] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1241.917349][T24691] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1241.917381][T24691] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1241.917407][T24691] ? rcu_is_watching+0x12/0xc0 [ 1241.917432][T24691] alloc_pages_noprof+0x131/0x390 [ 1241.917464][T24691] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1241.917490][T24691] get_free_pages_noprof+0xc/0x40 [ 1241.917525][T24691] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1241.917552][T24691] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1241.917578][T24691] __apply_to_page_range+0x617/0xd60 [ 1241.917621][T24691] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1241.917650][T24691] ? __pfx___apply_to_page_range+0x10/0x10 [ 1241.917691][T24691] ? alloc_vmap_area+0x872/0x2970 [ 1241.917727][T24691] ? lock_release+0x201/0x2f0 [ 1241.917763][T24691] alloc_vmap_area+0x919/0x2970 [ 1241.917815][T24691] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1241.917857][T24691] __get_vm_area_node+0x1a7/0x300 [ 1241.917900][T24691] __vmalloc_node_range_noprof+0x277/0x1540 [ 1241.917944][T24691] ? __do_sys_listmount+0x1c2/0xed0 [ 1241.917987][T24691] ? __do_sys_listmount+0x1c2/0xed0 [ 1241.918027][T24691] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1241.918077][T24691] __kvmalloc_node_noprof+0x2ff/0x600 [ 1241.918104][T24691] ? __do_sys_listmount+0x1c2/0xed0 [ 1241.918142][T24691] ? __do_sys_listmount+0x1c2/0xed0 [ 1241.918182][T24691] ? __do_sys_listmount+0x1c2/0xed0 [ 1241.918218][T24691] __do_sys_listmount+0x1c2/0xed0 [ 1241.918259][T24691] ? __x64_sys_futex+0x1e0/0x4c0 [ 1241.918286][T24691] ? __x64_sys_futex+0x1e9/0x4c0 [ 1241.918314][T24691] ? __pfx___do_sys_listmount+0x10/0x10 [ 1241.918352][T24691] ? xfd_validate_state+0x5d/0x180 [ 1241.918396][T24691] ? rcu_is_watching+0x12/0xc0 [ 1241.918429][T24691] do_syscall_64+0xcd/0x230 [ 1241.918468][T24691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.918495][T24691] RIP: 0033:0x7f579478e969 [ 1241.918516][T24691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1241.918545][T24691] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1241.918571][T24691] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1241.918590][T24691] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1241.918609][T24691] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1241.918625][T24691] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1241.918641][T24691] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1241.918666][T24691] [ 1242.501773][T24700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4690'. [ 1243.077042][T24710] bond0: no command found in slaves file - use +ifname or -ifname [ 1243.305360][ T5831] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 1243.318952][T24720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4698'. [ 1243.431029][T24726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4699'. [ 1243.443375][T24724] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4697'. [ 1243.938931][T24744] FAULT_INJECTION: forcing a failure. [ 1243.938931][T24744] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1243.959486][T24744] CPU: 0 UID: 0 PID: 24744 Comm: syz.1.4704 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1243.959545][T24744] Tainted: [U]=USER [ 1243.959558][T24744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1243.959579][T24744] Call Trace: [ 1243.959589][T24744] [ 1243.959602][T24744] dump_stack_lvl+0x16c/0x1f0 [ 1243.959659][T24744] should_fail_ex+0x512/0x640 [ 1243.959707][T24744] should_fail_alloc_page+0xe7/0x130 [ 1243.959749][T24744] prepare_alloc_pages+0x3c2/0x610 [ 1243.959798][T24744] ? rcu_is_watching+0x12/0xc0 [ 1243.959829][T24744] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1243.959867][T24744] ? __kernel_text_address+0xd/0x40 [ 1243.959918][T24744] ? unwind_get_return_address+0x59/0xa0 [ 1243.959954][T24744] ? arch_stack_walk+0xa6/0x100 [ 1243.959997][T24744] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1243.960034][T24744] ? stack_trace_save+0x8e/0xc0 [ 1243.960065][T24744] ? __pfx_stack_trace_save+0x10/0x10 [ 1243.960097][T24744] ? stack_depot_save_flags+0x28/0xa50 [ 1243.960148][T24744] ? kasan_save_stack+0x42/0x60 [ 1243.960179][T24744] ? kasan_save_stack+0x33/0x60 [ 1243.960210][T24744] ? kasan_save_track+0x14/0x30 [ 1243.960240][T24744] ? __kasan_slab_alloc+0x89/0x90 [ 1243.960275][T24744] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1243.960309][T24744] ? alloc_vmap_area+0x613/0x2970 [ 1243.960350][T24744] ? __get_vm_area_node+0x1a7/0x300 [ 1243.960395][T24744] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 1243.960445][T24744] ? __kvmalloc_node_noprof+0x2ff/0x600 [ 1243.960475][T24744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1243.960519][T24744] ? policy_nodemask+0xea/0x4e0 [ 1243.960558][T24744] alloc_pages_mpol+0x1fb/0x550 [ 1243.960596][T24744] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1243.960653][T24744] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1243.960692][T24744] ? kasan_populate_vmalloc_pte+0x117/0x160 [ 1243.960722][T24744] ? rcu_is_watching+0x12/0xc0 [ 1243.960752][T24744] alloc_pages_noprof+0x131/0x390 [ 1243.960790][T24744] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1243.960821][T24744] get_free_pages_noprof+0xc/0x40 [ 1243.960860][T24744] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1243.960892][T24744] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1243.960922][T24744] __apply_to_page_range+0x617/0xd60 [ 1243.960970][T24744] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1243.961004][T24744] ? __pfx___apply_to_page_range+0x10/0x10 [ 1243.961050][T24744] ? alloc_vmap_area+0x872/0x2970 [ 1243.961090][T24744] ? lock_release+0x201/0x2f0 [ 1243.961131][T24744] alloc_vmap_area+0x919/0x2970 [ 1243.961181][T24744] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1243.961230][T24744] __get_vm_area_node+0x1a7/0x300 [ 1243.961279][T24744] __vmalloc_node_range_noprof+0x277/0x1540 [ 1243.961330][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1243.961378][T24744] ? plist_check_head+0xa3/0x150 [ 1243.961410][T24744] ? futex_wake+0x432/0x4e0 [ 1243.961448][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1243.961493][T24744] ? wake_up_q+0xb0/0x160 [ 1243.961526][T24744] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1243.961586][T24744] __kvmalloc_node_noprof+0x2ff/0x600 [ 1243.961624][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1243.961668][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1243.961715][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1243.961758][T24744] __do_sys_listmount+0x1c2/0xed0 [ 1243.961806][T24744] ? __x64_sys_futex+0x1e0/0x4c0 [ 1243.961838][T24744] ? __x64_sys_futex+0x1e9/0x4c0 [ 1243.961871][T24744] ? __pfx___do_sys_listmount+0x10/0x10 [ 1243.961916][T24744] ? xfd_validate_state+0x5d/0x180 [ 1243.961968][T24744] ? rcu_is_watching+0x12/0xc0 [ 1243.962000][T24744] do_syscall_64+0xcd/0x230 [ 1243.962044][T24744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.962076][T24744] RIP: 0033:0x7f5d1fb8e969 [ 1243.962101][T24744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1243.962132][T24744] RSP: 002b:00007f5d1d9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1243.962162][T24744] RAX: ffffffffffffffda RBX: 00007f5d1fdb6080 RCX: 00007f5d1fb8e969 [ 1243.962183][T24744] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1243.962202][T24744] RBP: 00007f5d1fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1243.962221][T24744] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1243.962239][T24744] R13: 0000000000000000 R14: 00007f5d1fdb6080 R15: 00007ffe74051e88 [ 1243.962268][T24744] [ 1243.962344][T24744] warn_alloc: 3 callbacks suppressed [ 1243.962360][T24744] syz.1.4704: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 1244.281038][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.429730][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.437696][T24744] ,cpuset=/,mems_allowed=0-1 [ 1244.442454][T24744] CPU: 1 UID: 0 PID: 24744 Comm: syz.1.4704 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1244.442501][T24744] Tainted: [U]=USER [ 1244.442511][T24744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1244.442527][T24744] Call Trace: [ 1244.442537][T24744] [ 1244.442547][T24744] dump_stack_lvl+0x16c/0x1f0 [ 1244.442588][T24744] warn_alloc+0x248/0x3a0 [ 1244.442617][T24744] ? __pfx_warn_alloc+0x10/0x10 [ 1244.442645][T24744] ? kfree+0x2b6/0x4d0 [ 1244.442690][T24744] ? __get_vm_area_node+0x1e5/0x300 [ 1244.442735][T24744] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1244.442788][T24744] ? plist_check_head+0xa3/0x150 [ 1244.442814][T24744] ? futex_wake+0x432/0x4e0 [ 1244.442847][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1244.442886][T24744] ? wake_up_q+0xb0/0x160 [ 1244.442911][T24744] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1244.442961][T24744] __kvmalloc_node_noprof+0x2ff/0x600 [ 1244.442987][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1244.443025][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1244.443065][T24744] ? __do_sys_listmount+0x1c2/0xed0 [ 1244.443102][T24744] __do_sys_listmount+0x1c2/0xed0 [ 1244.443142][T24744] ? __x64_sys_futex+0x1e0/0x4c0 [ 1244.443170][T24744] ? __x64_sys_futex+0x1e9/0x4c0 [ 1244.443197][T24744] ? __pfx___do_sys_listmount+0x10/0x10 [ 1244.443235][T24744] ? xfd_validate_state+0x5d/0x180 [ 1244.443286][T24744] ? rcu_is_watching+0x12/0xc0 [ 1244.443312][T24744] do_syscall_64+0xcd/0x230 [ 1244.443350][T24744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.443376][T24744] RIP: 0033:0x7f5d1fb8e969 [ 1244.443396][T24744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1244.443422][T24744] RSP: 002b:00007f5d1d9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1244.443447][T24744] RAX: ffffffffffffffda RBX: 00007f5d1fdb6080 RCX: 00007f5d1fb8e969 [ 1244.443465][T24744] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1244.443481][T24744] RBP: 00007f5d1fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1244.443497][T24744] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1244.443513][T24744] R13: 0000000000000000 R14: 00007f5d1fdb6080 R15: 00007ffe74051e88 [ 1244.443540][T24744] [ 1244.443552][T24744] Mem-Info: [ 1244.798810][T24744] active_anon:63329 inactive_anon:0 isolated_anon:0 [ 1244.798810][T24744] active_file:20809 inactive_file:42760 isolated_file:0 [ 1244.798810][T24744] unevictable:768 dirty:647 writeback:0 [ 1244.798810][T24744] slab_reclaimable:11362 slab_unreclaimable:98746 [ 1244.798810][T24744] mapped:45943 shmem:36170 pagetables:1016 [ 1244.798810][T24744] sec_pagetables:0 bounce:0 [ 1244.798810][T24744] kernel_misc_reclaimable:0 [ 1244.798810][T24744] free:744198 free_pcp:1690 free_cma:0 [ 1244.903466][T24744] Node 0 active_anon:257816kB inactive_anon:0kB active_file:83236kB inactive_file:171036kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:187572kB dirty:2588kB writeback:0kB shmem:146944kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10580kB pagetables:4064kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1244.990430][T24744] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1245.067827][T24744] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.168045][T24744] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1245.168143][T24744] Node 0 DMA32 free:1152464kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:257268kB inactive_anon:0kB active_file:83236kB inactive_file:169220kB unevictable:1536kB writepending:2788kB present:3129332kB managed:2544180kB mlocked:0kB bounce:0kB free_pcp:7852kB local_pcp:588kB free_cma:0kB [ 1245.168243][T24744] lowmem_reserve[]: 0 0 1 1 1 [ 1245.168300][T24744] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:28kB free_cma:0kB [ 1245.168387][T24744] lowmem_reserve[]: 0 0 0 0 0 [ 1245.168444][T24744] Node 1 Normal free:1809352kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.168533][T24744] lowmem_reserve[]: 0 0 0 0 0 [ 1245.168589][T24744] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1245.168772][T24744] Node 0 DMA32: 763*4kB (UME) 616*8kB (UE) 298*16kB (UME) 198*32kB (UME) 299*64kB (UME) 124*128kB (UME) 112*256kB (UME) 91*512kB (UME) 85*1024kB (UME) 21*2048kB (UME) 218*4096kB (UM) = 1152332kB [ 1245.169030][T24744] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 1245.169622][T24744] Node 1 Normal: 238*4kB (UME) 68*8kB (UME) 49*16kB (UME) 235*32kB (UME) 104*64kB (UME) 35*128kB (UME) 12*256kB (UME) 7*512kB (UM) 2*1024kB (ME) 7*2048kB (UME) 431*4096kB (M) = 1809352kB [ 1245.169879][T24744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1245.169907][T24744] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1245.169934][T24744] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 1245.169961][T24744] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1245.169987][T24744] 100564 total pagecache pages [ 1245.170000][T24744] 0 pages in swap cache [ 1245.170011][T24744] Free swap = 124996kB [ 1245.170023][T24744] Total swap = 124996kB [ 1245.170036][T24744] 2097051 pages RAM [ 1245.170047][T24744] 0 pages HighMem/MovableOnly [ 1245.170059][T24744] 428900 pages reserved [ 1245.170071][T24744] 0 pages cma reserved [ 1245.361638][ T5831] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 1245.448686][ C0] vkms_vblank_simulate: vblank timer overrun [ 1245.501569][ C0] vkms_vblank_simulate: vblank timer overrun [ 1245.802825][T24759] FAULT_INJECTION: forcing a failure. [ 1245.802825][T24759] name failslab, interval 1, probability 0, space 0, times 0 [ 1245.802874][T24759] CPU: 0 UID: 0 PID: 24759 Comm: syz.0.4709 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1245.802921][T24759] Tainted: [U]=USER [ 1245.802932][T24759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1245.802951][T24759] Call Trace: [ 1245.802961][T24759] [ 1245.802972][T24759] dump_stack_lvl+0x16c/0x1f0 [ 1245.803017][T24759] should_fail_ex+0x512/0x640 [ 1245.803063][T24759] ? alloc_pipe_info+0x1ec/0x590 [ 1245.803093][T24759] should_failslab+0xc2/0x120 [ 1245.803131][T24759] __kmalloc_noprof+0xd2/0x510 [ 1245.803169][T24759] alloc_pipe_info+0x1ec/0x590 [ 1245.803202][T24759] splice_direct_to_actor+0x77d/0xa30 [ 1245.803247][T24759] ? __pfx_direct_splice_actor+0x10/0x10 [ 1245.803297][T24759] ? __pfx_aa_file_perm+0x10/0x10 [ 1245.803341][T24759] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1245.803387][T24759] ? lock_release+0x201/0x2f0 [ 1245.803438][T24759] do_splice_direct+0x174/0x240 [ 1245.803484][T24759] ? __pfx_do_splice_direct+0x10/0x10 [ 1245.803530][T24759] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1245.803577][T24759] ? bpf_lsm_file_permission+0x9/0x10 [ 1245.803627][T24759] ? security_file_permission+0x71/0x210 [ 1245.803668][T24759] ? rw_verify_area+0xcf/0x680 [ 1245.803714][T24759] do_sendfile+0xafd/0xe50 [ 1245.803765][T24759] ? __pfx_do_sendfile+0x10/0x10 [ 1245.803813][T24759] ? __pfx___might_resched+0x10/0x10 [ 1245.803854][T24759] __x64_sys_sendfile64+0x1d8/0x220 [ 1245.803890][T24759] ? ksys_write+0x1b9/0x240 [ 1245.803918][T24759] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1245.803955][T24759] ? rcu_is_watching+0x12/0xc0 [ 1245.803983][T24759] ? rcu_is_watching+0x12/0xc0 [ 1245.804015][T24759] do_syscall_64+0xcd/0x230 [ 1245.804059][T24759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1245.804091][T24759] RIP: 0033:0x7f579478e969 [ 1245.804114][T24759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1245.804144][T24759] RSP: 002b:00007f5795694038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1245.804174][T24759] RAX: ffffffffffffffda RBX: 00007f57949b6080 RCX: 00007f579478e969 [ 1245.804196][T24759] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 1245.804214][T24759] RBP: 00007f5795694090 R08: 0000000000000000 R09: 0000000000000000 [ 1245.804233][T24759] R10: 0010000800000003 R11: 0000000000000246 R12: 0000000000000001 [ 1245.804252][T24759] R13: 0000000000000000 R14: 00007f57949b6080 R15: 00007ffd1ea44798 [ 1245.804280][T24759] [ 1245.999763][T24761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4710'. [ 1246.132514][T24764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4712'. [ 1246.346432][T24768] netlink: 266 bytes leftover after parsing attributes in process `syz.2.4713'. [ 1246.346458][T24768] IPv6: NLM_F_CREATE should be specified when creating new route [ 1246.805847][T24783] FAULT_INJECTION: forcing a failure. [ 1246.805847][T24783] name failslab, interval 1, probability 0, space 0, times 0 [ 1246.849335][T24783] CPU: 0 UID: 0 PID: 24783 Comm: syz.1.4717 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1246.849388][T24783] Tainted: [U]=USER [ 1246.849399][T24783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1246.849416][T24783] Call Trace: [ 1246.849426][T24783] [ 1246.849437][T24783] dump_stack_lvl+0x16c/0x1f0 [ 1246.849501][T24783] should_fail_ex+0x512/0x640 [ 1246.849546][T24783] should_failslab+0xc2/0x120 [ 1246.849584][T24783] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1246.849617][T24783] ? __might_fault+0xe3/0x190 [ 1246.849650][T24783] ? lock_release+0x201/0x2f0 [ 1246.849688][T24783] ? getname_flags.part.0+0x4c/0x550 [ 1246.849732][T24783] getname_flags.part.0+0x4c/0x550 [ 1246.849775][T24783] getname_flags+0x93/0xf0 [ 1246.849820][T24783] user_path_at+0x24/0x60 [ 1246.849869][T24783] __x64_sys_mount+0x1fc/0x310 [ 1246.849903][T24783] ? __pfx___x64_sys_mount+0x10/0x10 [ 1246.849934][T24783] ? rcu_is_watching+0x12/0xc0 [ 1246.849963][T24783] ? rcu_is_watching+0x12/0xc0 [ 1246.849994][T24783] do_syscall_64+0xcd/0x230 [ 1246.850037][T24783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1246.850069][T24783] RIP: 0033:0x7f5d1fb8e969 [ 1246.850099][T24783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1246.850131][T24783] RSP: 002b:00007f5d1d9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1246.850160][T24783] RAX: ffffffffffffffda RBX: 00007f5d1fdb5fa0 RCX: 00007f5d1fb8e969 [ 1246.850181][T24783] RDX: 0000200000000140 RSI: 0000200000000040 RDI: 0000000000000000 [ 1246.850200][T24783] RBP: 00007f5d1d9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1246.850218][T24783] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 1246.850235][T24783] R13: 0000000000000000 R14: 00007f5d1fdb5fa0 R15: 00007ffe74051e88 [ 1246.850262][T24783] [ 1247.046331][ C0] vkms_vblank_simulate: vblank timer overrun [ 1247.580054][T24793] FAULT_INJECTION: forcing a failure. [ 1247.580054][T24793] name failslab, interval 1, probability 0, space 0, times 0 [ 1247.659242][T24793] CPU: 1 UID: 0 PID: 24793 Comm: syz.1.4720 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1247.659296][T24793] Tainted: [U]=USER [ 1247.659307][T24793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1247.659326][T24793] Call Trace: [ 1247.659336][T24793] [ 1247.659347][T24793] dump_stack_lvl+0x16c/0x1f0 [ 1247.659394][T24793] should_fail_ex+0x512/0x640 [ 1247.659438][T24793] ? anon_vma_name_alloc+0x56/0x110 [ 1247.659480][T24793] should_failslab+0xc2/0x120 [ 1247.659516][T24793] __kmalloc_noprof+0xd2/0x510 [ 1247.659553][T24793] anon_vma_name_alloc+0x56/0x110 [ 1247.659594][T24793] __do_sys_prctl+0x1365/0x24a0 [ 1247.659641][T24793] ? __pfx___do_sys_prctl+0x10/0x10 [ 1247.659690][T24793] ? rcu_is_watching+0x12/0xc0 [ 1247.659721][T24793] do_syscall_64+0xcd/0x230 [ 1247.659766][T24793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1247.659795][T24793] RIP: 0033:0x7f5d1fb8e969 [ 1247.659815][T24793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1247.659842][T24793] RSP: 002b:00007f5d1d9d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1247.659871][T24793] RAX: ffffffffffffffda RBX: 00007f5d1fdb6080 RCX: 00007f5d1fb8e969 [ 1247.659890][T24793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000053564d41 [ 1247.659908][T24793] RBP: 00007f5d1d9d5090 R08: 0000000000000002 R09: 0000000000000000 [ 1247.659925][T24793] R10: 0000000000008002 R11: 0000000000000246 R12: 0000000000000001 [ 1247.659942][T24793] R13: 0000000000000001 R14: 00007f5d1fdb6080 R15: 00007ffe74051e88 [ 1247.659969][T24793] [ 1248.169829][T24802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4722'. [ 1248.331980][T24788] ------------[ cut here ]------------ [ 1248.337512][T24788] WARNING: CPU: 1 PID: 24788 at kernel/tracepoint.c:358 tracepoint_probe_unregister+0x894/0xd70 [ 1248.348262][T24788] Modules linked in: [ 1248.352416][T24788] CPU: 1 UID: 0 PID: 24788 Comm: syz.0.4718 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1248.366562][T24788] Tainted: [U]=USER [ 1248.370511][T24788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1248.380617][T24788] RIP: 0010:tracepoint_probe_unregister+0x894/0xd70 [ 1248.387264][T24788] Code: 41 5e 41 5f c3 cc cc cc cc e8 38 1e fe ff 48 c7 c6 70 7d bc 81 48 89 df e8 e9 29 e5 ff eb 9f bb fe ff ff ff e8 1d 1e fe ff 90 <0f> 0b 90 eb 91 e8 12 1e fe ff 48 89 da 48 b8 00 00 00 00 00 fc ff [ 1248.406965][T24788] RSP: 0018:ffffc900047af890 EFLAGS: 00010283 [ 1248.413176][T24788] RAX: 000000000000948c RBX: 00000000fffffffe RCX: ffffc900181c9000 [ 1248.421214][T24788] RDX: 0000000000080000 RSI: ffffffff81bc8eb3 RDI: 0000000000000005 [ 1248.429236][T24788] RBP: ffffffff8f305620 R08: 0000000000000005 R09: 0000000000000000 [ 1248.437243][T24788] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff81c26040 [ 1248.445306][T24788] R13: ffff88801be80dc8 R14: 0000000000000002 R15: ffff88801be80d80 [ 1248.453474][T24788] FS: 00007f57956b56c0(0000) GS:ffff888124aec000(0000) knlGS:0000000000000000 [ 1248.462709][T24788] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1248.469345][T24788] CR2: 0000200000000100 CR3: 00000000606d2000 CR4: 00000000003526f0 [ 1248.477342][T24788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1248.485367][T24788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1248.493404][T24788] Call Trace: [ 1248.496693][T24788] [ 1248.499669][T24788] ? __pfx_tracepoint_probe_unregister+0x10/0x10 [ 1248.506034][T24788] tracing_stop_cmdline_record+0x66/0xa0 [ 1248.511717][T24788] __ftrace_event_enable_disable+0x762/0x8b0 [ 1248.517744][T24788] ftrace_event_set_open+0x232/0x380 [ 1248.523149][T24788] do_dentry_open+0x741/0x1c10 [ 1248.527967][T24788] ? __pfx_ftrace_event_set_open+0x10/0x10 [ 1248.533843][T24788] vfs_open+0x82/0x3f0 [ 1248.537939][T24788] path_openat+0x1e5e/0x2d40 [ 1248.542611][T24788] ? __pfx_path_openat+0x10/0x10 [ 1248.547571][T24788] do_filp_open+0x20b/0x470 [ 1248.552287][T24788] ? __pfx_do_filp_open+0x10/0x10 [ 1248.557446][T24788] ? alloc_fd+0x471/0x7d0 [ 1248.561961][T24788] do_sys_openat2+0x11b/0x1d0 [ 1248.566667][T24788] ? __pfx_do_sys_openat2+0x10/0x10 [ 1248.572019][T24788] __x64_sys_openat+0x174/0x210 [ 1248.576989][T24788] ? __pfx___x64_sys_openat+0x10/0x10 [ 1248.582419][T24788] ? rcu_is_watching+0x12/0xc0 [ 1248.587213][T24788] ? rcu_is_watching+0x12/0xc0 [ 1248.592024][T24788] do_syscall_64+0xcd/0x230 [ 1248.596553][T24788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.602491][T24788] RIP: 0033:0x7f579478e969 [ 1248.606912][T24788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1248.626613][T24788] RSP: 002b:00007f57956b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1248.635083][T24788] RAX: ffffffffffffffda RBX: 00007f57949b5fa0 RCX: 00007f579478e969 [ 1248.643103][T24788] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1248.651102][T24788] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1248.659256][T24788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1248.667242][T24788] R13: 0000000000000000 R14: 00007f57949b5fa0 R15: 00007ffd1ea44798 [ 1248.675357][T24788] [ 1248.678387][T24788] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1248.685678][T24788] CPU: 1 UID: 0 PID: 24788 Comm: syz.0.4718 Tainted: G U 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) [ 1248.699322][T24788] Tainted: [U]=USER [ 1248.703124][T24788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1248.713193][T24788] Call Trace: [ 1248.716475][T24788] [ 1248.719411][T24788] dump_stack_lvl+0x3d/0x1f0 [ 1248.724047][T24788] panic+0x71c/0x800 [ 1248.728052][T24788] ? __pfx_panic+0x10/0x10 [ 1248.732496][T24788] ? show_trace_log_lvl+0x29b/0x3e0 [ 1248.737710][T24788] ? tracepoint_probe_unregister+0x894/0xd70 [ 1248.743710][T24788] check_panic_on_warn+0xab/0xb0 [ 1248.748674][T24788] __warn+0xf6/0x3c0 [ 1248.752605][T24788] ? tracepoint_probe_unregister+0x894/0xd70 [ 1248.758617][T24788] report_bug+0x3c3/0x580 [ 1248.762972][T24788] ? tracepoint_probe_unregister+0x894/0xd70 [ 1248.768983][T24788] handle_bug+0x184/0x210 [ 1248.773342][T24788] exc_invalid_op+0x17/0x50 [ 1248.777884][T24788] asm_exc_invalid_op+0x1a/0x20 [ 1248.782778][T24788] RIP: 0010:tracepoint_probe_unregister+0x894/0xd70 [ 1248.789388][T24788] Code: 41 5e 41 5f c3 cc cc cc cc e8 38 1e fe ff 48 c7 c6 70 7d bc 81 48 89 df e8 e9 29 e5 ff eb 9f bb fe ff ff ff e8 1d 1e fe ff 90 <0f> 0b 90 eb 91 e8 12 1e fe ff 48 89 da 48 b8 00 00 00 00 00 fc ff [ 1248.809010][T24788] RSP: 0018:ffffc900047af890 EFLAGS: 00010283 [ 1248.815090][T24788] RAX: 000000000000948c RBX: 00000000fffffffe RCX: ffffc900181c9000 [ 1248.823069][T24788] RDX: 0000000000080000 RSI: ffffffff81bc8eb3 RDI: 0000000000000005 [ 1248.831065][T24788] RBP: ffffffff8f305620 R08: 0000000000000005 R09: 0000000000000000 [ 1248.839043][T24788] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff81c26040 [ 1248.847027][T24788] R13: ffff88801be80dc8 R14: 0000000000000002 R15: ffff88801be80d80 [ 1248.855008][T24788] ? __pfx_probe_sched_switch+0x10/0x10 [ 1248.860575][T24788] ? tracepoint_probe_unregister+0x893/0xd70 [ 1248.866582][T24788] ? __pfx_tracepoint_probe_unregister+0x10/0x10 [ 1248.873032][T24788] tracing_stop_cmdline_record+0x66/0xa0 [ 1248.878700][T24788] __ftrace_event_enable_disable+0x762/0x8b0 [ 1248.884706][T24788] ftrace_event_set_open+0x232/0x380 [ 1248.890017][T24788] do_dentry_open+0x741/0x1c10 [ 1248.894793][T24788] ? __pfx_ftrace_event_set_open+0x10/0x10 [ 1248.900641][T24788] vfs_open+0x82/0x3f0 [ 1248.904729][T24788] path_openat+0x1e5e/0x2d40 [ 1248.909345][T24788] ? __pfx_path_openat+0x10/0x10 [ 1248.914296][T24788] do_filp_open+0x20b/0x470 [ 1248.918807][T24788] ? __pfx_do_filp_open+0x10/0x10 [ 1248.923852][T24788] ? alloc_fd+0x471/0x7d0 [ 1248.928215][T24788] do_sys_openat2+0x11b/0x1d0 [ 1248.932939][T24788] ? __pfx_do_sys_openat2+0x10/0x10 [ 1248.938161][T24788] __x64_sys_openat+0x174/0x210 [ 1248.943155][T24788] ? __pfx___x64_sys_openat+0x10/0x10 [ 1248.948562][T24788] ? rcu_is_watching+0x12/0xc0 [ 1248.953348][T24788] ? rcu_is_watching+0x12/0xc0 [ 1248.958134][T24788] do_syscall_64+0xcd/0x230 [ 1248.962668][T24788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.968575][T24788] RIP: 0033:0x7f579478e969 [ 1248.973001][T24788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1248.992629][T24788] RSP: 002b:00007f57956b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1249.001074][T24788] RAX: ffffffffffffffda RBX: 00007f57949b5fa0 RCX: 00007f579478e969 [ 1249.009056][T24788] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1249.017052][T24788] RBP: 00007f5794810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1249.025042][T24788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1249.033033][T24788] R13: 0000000000000000 R14: 00007f57949b5fa0 R15: 00007ffd1ea44798 [ 1249.041026][T24788] [ 1249.044376][T24788] Kernel Offset: disabled [ 1249.048732][T24788] Rebooting in 86400 seconds..