last executing test programs: 3.074468503s ago: executing program 1 (id=13415): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) 2.294020551s ago: executing program 1 (id=13425): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000029, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 1.871368729s ago: executing program 1 (id=13433): r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x7, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 1.566827795s ago: executing program 3 (id=13437): socket(0xa, 0x3, 0x3a) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4) 1.478002503s ago: executing program 1 (id=13440): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\'], 0x5c}, 0x1, 0x0, 0x0, 0x840}, 0x9534061cbeae7643) bpf$auto(0xfffff001, 0x0, 0xa3) r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xc8b, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) 1.198960352s ago: executing program 0 (id=13442): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') mknod$auto(&(0x7f0000000080)='}[,&*}\x00', 0x5, 0x3ff) 1.061910784s ago: executing program 1 (id=13443): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wg0\x00', 0x0}) r2 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), 0xffffffffffffffff) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x24, r2, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r1}, @WGDEVICE_A_PEERS={0x8, 0x8, 0x0, 0x1, [@generic="85c171eb"]}]}, 0x24}}, 0x810) 1.010871747s ago: executing program 0 (id=13444): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) sendto$auto(r0, 0x0, 0xb, 0xc, &(0x7f0000000000), 0x1c) 963.612491ms ago: executing program 2 (id=13445): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x20, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 827.589817ms ago: executing program 0 (id=13446): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000002c0)={0x30, r1, 0x1, 0x74bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 807.036966ms ago: executing program 2 (id=13447): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) 774.514284ms ago: executing program 3 (id=13448): mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x5, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) 600.975753ms ago: executing program 2 (id=13449): shmctl$auto_SHM_LOCK(0x7ff, 0xb, &(0x7f0000000140)={{0x6, 0xffffffffffffffff, 0xee01, 0xaf1, 0xa, 0x6, 0x1}, 0xca, 0xe42, 0x1, 0x8000000000000001, @raw=0x5, @raw=0x10000, 0x6, 0x0, 0x0, &(0x7f00000000c0)}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) 578.379979ms ago: executing program 0 (id=13450): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x801, 0x84) listen$auto(r0, 0x3) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d) 573.132953ms ago: executing program 3 (id=13451): openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB='j\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 527.591403ms ago: executing program 1 (id=13452): ioperm$auto(0x7, 0x6, 0x90c) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) acct$auto(0x0) ioperm$auto(0xc, 0x4, 0x2007) 420.263206ms ago: executing program 2 (id=13453): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x400, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x4, 0x10000000000, 0x11, 0x3, 0x100000000) 401.187708ms ago: executing program 0 (id=13454): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) mmap$auto(0x0, 0x5810, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x400008, 0xe3, 0x9b72, 0x2, 0x8000) 288.262575ms ago: executing program 3 (id=13455): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) mprotect$auto(0x200000000000, 0x806122, 0xc) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)="978693dc87b1c1fd2f1e", 0xa) 269.997242ms ago: executing program 2 (id=13456): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x7ffe) 144.55494ms ago: executing program 3 (id=13457): r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r0, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}}) r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r1, 0x0) 133.571301ms ago: executing program 2 (id=13458): mmap$auto(0x0, 0x2000d, 0x4000000200de, 0xeb1, 0x404, 0x8000) socket(0xa, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x72, 0x0, 0xc) 56.73593ms ago: executing program 0 (id=13459): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 0s ago: executing program 3 (id=13460): mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r0 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r0, 0x11b, 0x7, 0x0, 0x0) kernel console output (not intermixed with test programs): _dest: Unknown node [ 571.963529][T30533] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek 260 [ 572.165665][T20988] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 572.180466][T20988] Bluetooth: hci3: Dropping invalid advertising data [ 572.187159][T20988] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 572.187180][T20988] Bluetooth: hci3: Dropping invalid advertising data [ 572.201813][T20988] Bluetooth: hci3: Malformed LE Event: 0x02 [ 573.951958][T30657] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 574.526083][T20988] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 574.526118][T20988] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 574.542888][T20988] Bluetooth: hci0: Dropping invalid advertising data [ 574.549817][T20988] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 574.549836][T20988] Bluetooth: hci0: Dropping invalid advertising data [ 574.564209][T20988] Bluetooth: hci0: Malformed LE Event: 0x02 [ 574.592937][T30687] netlink: 'syz.2.10300': attribute type 11 has an invalid length. [ 574.631874][T30687] netlink: 'syz.2.10300': attribute type 11 has an invalid length. [ 574.672229][T30687] netlink: 'syz.2.10300': attribute type 11 has an invalid length. [ 575.093447][T30727] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10307'. [ 576.323642][T30810] openvswitch: netlink: IP tunnel dst address not specified [ 577.888297][T30888] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 578.158073][T30899] sg_write: process 5300 (syz.3.10350) changed security contexts after opening file descriptor, this is not allowed. [ 578.407308][T30909] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 578.649255][T30938] netlink: 'syz.0.10357': attribute type 2 has an invalid length. [ 578.978390][T20988] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 578.978414][T20988] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 578.994528][T20988] Bluetooth: hci1: Dropping invalid advertising data [ 579.001249][T20988] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 579.001270][T20988] Bluetooth: hci1: Dropping invalid advertising data [ 579.015616][T20988] Bluetooth: hci1: Malformed LE Event: 0x02 [ 580.490128][T20988] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 580.490152][T20988] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 580.506824][T20988] Bluetooth: hci2: Dropping invalid advertising data [ 580.514980][T20988] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 580.515002][T20988] Bluetooth: hci2: Dropping invalid advertising data [ 580.531884][T20988] Bluetooth: hci2: Malformed LE Event: 0x02 [ 580.685350][ T5979] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 580.844177][ T5979] CPU: 0 UID: 0 PID: 5979 Comm: syz-executor Tainted: G U I L syzkaller #0 PREEMPT(full) [ 580.844205][ T5979] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 580.844211][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 580.844219][ T5979] Call Trace: [ 580.844225][ T5979] [ 580.844231][ T5979] dump_stack_lvl+0x100/0x190 [ 580.844251][ T5979] dump_header+0xfb/0x606 [ 580.844268][ T5979] oom_kill_process.cold+0xd/0x330 [ 580.844286][ T5979] out_of_memory+0x340/0x14f0 [ 580.844313][ T5979] ? __pfx_out_of_memory+0x10/0x10 [ 580.844340][ T5979] mem_cgroup_out_of_memory+0xc6/0x130 [ 580.844361][ T5979] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 580.844381][ T5979] ? find_held_lock+0x2b/0x80 [ 580.844403][ T5979] ? do_raw_spin_unlock+0x145/0x1e0 [ 580.844420][ T5979] ? _raw_spin_unlock+0x28/0x50 [ 580.844444][ T5979] try_charge_memcg+0x6e5/0xdf0 [ 580.844464][ T5979] ? __pfx_try_charge_memcg+0x10/0x10 [ 580.844480][ T5979] ? find_held_lock+0x2b/0x80 [ 580.844496][ T5979] ? rcu_read_unlock+0x17/0x60 [ 580.844513][ T5979] ? rcu_read_unlock+0x17/0x60 [ 580.844529][ T5979] ? find_held_lock+0x2b/0x80 [ 580.844547][ T5979] ? rcu_read_unlock+0x17/0x60 [ 580.844568][ T5979] charge_memcg+0x187/0x1e0 [ 580.844585][ T5979] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 580.844608][ T5979] __swap_cache_prepare_and_add+0x842/0xa20 [ 580.844630][ T5979] ? alloc_pages_mpol+0x25a/0x540 [ 580.844650][ T5979] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 580.844671][ T5979] ? __pfx_swap_entry_swapped+0x10/0x10 [ 580.844692][ T5979] swap_cache_alloc_folio+0x1cb/0x300 [ 580.844715][ T5979] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 580.844735][ T5979] ? lockdep_hardirqs_on+0x78/0x100 [ 580.844750][ T5979] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 580.844773][ T5979] swap_cluster_readahead+0x411/0x770 [ 580.844800][ T5979] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 580.844831][ T5979] ? do_raw_spin_unlock+0x145/0x1e0 [ 580.844849][ T5979] ? get_vma_policy+0x23d/0x3b0 [ 580.844867][ T5979] swapin_readahead+0x160/0x12c0 [ 580.844887][ T5979] ? do_raw_spin_lock+0x128/0x260 [ 580.844909][ T5979] ? __pfx_swapin_readahead+0x10/0x10 [ 580.844930][ T5979] ? find_held_lock+0x2b/0x80 [ 580.844947][ T5979] ? swap_table_get+0x103/0x2c0 [ 580.844970][ T5979] ? swap_table_get+0x10d/0x2c0 [ 580.844990][ T5979] ? swap_cache_get_folio+0x286/0x350 [ 580.845012][ T5979] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 580.845032][ T5979] ? __pfx_get_swap_device+0x10/0x10 [ 580.845051][ T5979] ? do_swap_page+0x931/0x6180 [ 580.845075][ T5979] do_swap_page+0x931/0x6180 [ 580.845105][ T5979] ? __pfx_do_swap_page+0x10/0x10 [ 580.845126][ T5979] ? __free_object+0x2a8/0x3f0 [ 580.845142][ T5979] ? lockdep_hardirqs_on+0x78/0x100 [ 580.845157][ T5979] ? rcu_is_watching+0x12/0xc0 [ 580.845174][ T5979] ? __pte_offset_map+0x179/0x310 [ 580.845192][ T5979] __handle_mm_fault+0x192f/0x2a00 [ 580.845216][ T5979] ? reacquire_held_locks+0xce/0x1e0 [ 580.845239][ T5979] ? __pfx___handle_mm_fault+0x10/0x10 [ 580.845263][ T5979] ? lock_vma_under_rcu+0x17c/0x590 [ 580.845294][ T5979] handle_mm_fault+0x36d/0xa20 [ 580.845318][ T5979] do_user_addr_fault+0x5a3/0x12f0 [ 580.845341][ T5979] exc_page_fault+0x6f/0xd0 [ 580.845356][ T5979] asm_exc_page_fault+0x26/0x30 [ 580.845370][ T5979] RIP: 0033:0x7fa9c3d5d04e [ 580.845383][ T5979] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 580.845396][ T5979] RSP: 002b:00007ffd7d607878 EFLAGS: 00010246 [ 580.845408][ T5979] RAX: 0000000000000000 RBX: 000055558a3aa500 RCX: 00007fa9c3d5d04e [ 580.845417][ T5979] RDX: 00007ffd7d6078d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 580.845425][ T5979] RBP: 00007ffd7d60793c R08: 0000000000000000 R09: 0000000000000000 [ 580.845433][ T5979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 580.845442][ T5979] R13: 00000000000927c0 R14: 000000000008e381 R15: 00007ffd7d607990 [ 580.845461][ T5979] [ 580.845466][ T5979] memory: usage 3072kB, limit 3072kB, failcnt 39922 [ 581.252225][T31059] mmap: syz.0.10385 (31059): VmData 37597184 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 581.928874][T31083] netlink: 'syz.3.10396': attribute type 1 has an invalid length. [ 582.033246][ T5979] memory+swap: usage 3364kB, limit 9007199254740988kB, failcnt 0 [ 582.072165][ T5979] kmem: usage 3072kB, limit 9007199254740988kB, failcnt 0 [ 582.103481][ T5979] Memory cgroup stats for /syz2: [ 582.103585][ T5979] cache 0 [ 582.182640][ T5979] rss 0 [ 582.194230][ T5979] rss_huge 0 [ 582.206072][ T5979] shmem 0 [ 582.215254][ T5979] mapped_file 0 [ 582.225312][ T5979] dirty 0 [ 582.243963][ T5979] writeback 0 [ 582.257033][ T5979] workingset_refault_anon 2744 [ 582.279150][ T5979] workingset_refault_file 17433 [ 582.297029][ T5979] swap 294912 [ 582.303112][T31097] ptrace attach of "./syz-executor exec"[27563] was attempted by ""[31097] [ 582.315493][ T5979] swapcached 132190208 [ 582.325735][ T5979] pgpgin 179629 [ 582.335206][ T5979] pgpgout 184511 [ 582.347484][ T5979] pgfault 326753 [ 582.363387][ T5979] pgmajfault 1500 [ 582.372149][ T5979] inactive_anon 4096 [ 582.387629][ T5979] active_anon 0 [ 582.402213][ T5979] inactive_file 0 [ 582.421367][ T5979] active_file 0 [ 582.432538][ T5979] unevictable 0 [ 582.444913][ T5979] hierarchical_memory_limit 3145728 [ 582.461735][ T5979] hierarchical_memsw_limit 9223372036854771712 [ 582.481848][ T5979] total_cache 0 [ 582.512262][ T5979] total_rss 0 [ 582.546902][ T5979] total_rss_huge 0 [ 582.570479][ T5979] total_shmem 0 [ 582.590154][ T5979] total_mapped_file 0 [ 582.624932][ T5979] total_dirty 0 [ 582.645037][ T5979] total_writeback 0 [ 582.668220][ T5979] total_workingset_refault_anon 2744 [ 582.687120][ T5979] total_workingset_refault_file 17433 [ 582.725228][ T5979] total_swap 294912 [ 582.743219][ T5979] total_swapcached 132190208 [ 582.766701][ T5979] total_pgpgin 179629 [ 582.777560][ T5979] total_pgpgout 184511 [ 582.790037][ T5979] total_pgfault 326753 [ 582.806780][ T5979] total_pgmajfault 1500 [ 582.820606][ T5979] total_inactive_anon 4096 [ 582.853844][ T5979] total_active_anon 0 [ 582.862453][T31111] HSR: entered promiscuous mode [ 582.872304][ T5979] total_inactive_file 0 [ 582.879760][ T5979] total_active_file 0 [ 582.900709][ T5979] total_unevictable 0 [ 582.914042][ T5979] anon_cost 221 [ 582.940496][ T5979] file_cost 0 [ 582.950720][ T5979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.10377,pid=31011,uid=0 [ 583.006288][ T5979] Memory cgroup out of memory: Killed process 31011 (syz.2.10377) total-vm:137308kB, anon-rss:1236kB, file-rss:22424kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 583.436028][T31152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10413'. [ 584.063104][T31176] openvswitch: netlink: IP tunnel dst address not specified [ 584.314126][T31185] openvswitch: netlink: Missing valid actions attribute. [ 584.456409][T20988] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 584.456432][T20988] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 584.471523][T20988] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 584.471540][T20988] Bluetooth: hci0: Unknown advertising packet type: 0x37 [ 584.479316][T20988] Bluetooth: hci0: adv larger than maximum supported [ 584.486412][T20988] Bluetooth: hci0: Unknown advertising packet type: 0x5d [ 584.493115][T20988] Bluetooth: hci0: adv larger than maximum supported [ 584.500131][T20988] Bluetooth: hci0: Malformed LE Event: 0x0d [ 586.619349][T31247] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10451'. [ 588.278406][T31319] netlink: 'syz.1.10481': attribute type 4 has an invalid length. [ 588.328633][T31319] netlink: 'syz.1.10481': attribute type 1 has an invalid length. [ 588.581998][T31332] netlink: set zone limit has 8 unknown bytes [ 588.766418][T31340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10498'. [ 590.393031][T20988] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 590.393055][T20988] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 590.408032][T20988] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 590.408053][T20988] Bluetooth: hci2: Unknown advertising packet type: 0x5f [ 590.415324][T20988] Bluetooth: hci2: Unknown advertising packet type: 0x32 [ 590.422442][T20988] Bluetooth: hci2: adv larger than maximum supported [ 590.429447][T20988] Bluetooth: hci2: Malformed LE Event: 0x0d [ 590.454207][T31416] openvswitch: netlink: IP tunnel TTL not specified. [ 590.982877][T31433] openvswitch: netlink: Flow key attribute not present in set flow. [ 591.190961][T31440] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 592.477398][T31499] NFSD: Failed to start, no listeners configured. [ 592.816868][T31527] netlink: 338 bytes leftover after parsing attributes in process `syz.1.10561'. [ 592.845993][T31528] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10562'. [ 592.870418][T31527] netlink: 338 bytes leftover after parsing attributes in process `syz.1.10561'. [ 593.136162][T31538] nbd: must specify a device to reconfigure [ 593.525189][T20988] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 593.525312][T20988] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 593.540339][T20988] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 593.540357][T20988] Bluetooth: hci3: adv larger than maximum supported [ 593.547950][T20988] Bluetooth: hci3: adv larger than maximum supported [ 593.557523][T20988] Bluetooth: hci3: Unknown advertising packet type: 0x16 [ 593.564244][T20988] Bluetooth: hci3: adv larger than maximum supported [ 593.572120][T20988] Bluetooth: hci3: adv larger than maximum supported [ 593.579470][T20988] Bluetooth: hci3: Malformed LE Event: 0x0d [ 593.892958][T31575] netlink: 3 bytes leftover after parsing attributes in process `syz.3.10581'. [ 594.702649][T31598] netlink: 148 bytes leftover after parsing attributes in process `syz.2.10591'. [ 595.036757][T31608] netlink: 'syz.2.10604': attribute type 1 has an invalid length. [ 595.105707][T20988] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 595.105731][T20988] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 595.123924][T20988] Bluetooth: hci1: Malformed LE Event: 0x0d [ 595.450761][T31622] netlink: Setting conntrack mark requires 'commit' flag. [ 596.776725][T31672] netlink: 'syz.3.10623': attribute type 3 has an invalid length. [ 598.427628][T31739] sctp: [Deprecated]: syz.2.10648 (pid 31739) Use of struct sctp_assoc_value in delayed_ack socket option. [ 598.427628][T31739] Use struct sctp_sack_info instead [ 599.344375][T31779] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 599.994204][T31801] FAULT_INJECTION: forcing a failure. [ 599.994204][T31801] name failslab, interval 1, probability 0, space 0, times 0 [ 600.047060][T31801] CPU: 0 UID: 0 PID: 31801 Comm: syz.0.10673 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 600.047091][T31801] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 600.047099][T31801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 600.047108][T31801] Call Trace: [ 600.047145][T31801] [ 600.047152][T31801] dump_stack_lvl+0x100/0x190 [ 600.047174][T31801] should_fail_ex.cold+0x5/0xa [ 600.047194][T31801] should_failslab+0xc2/0x120 [ 600.047211][T31801] __kvmalloc_node_noprof+0xfa/0xa00 [ 600.047234][T31801] ? io_alloc_cache_init+0x38/0x170 [ 600.047251][T31801] ? lockdep_init_map_type+0x5c/0x250 [ 600.047278][T31801] io_alloc_cache_init+0x38/0x170 [ 600.047296][T31801] io_uring_setup.cold+0x3cd/0x1c6e [ 600.047322][T31801] ? __pfx_io_uring_setup+0x10/0x10 [ 600.047345][T31801] ? do_futex+0x192/0x350 [ 600.047364][T31801] ? __pfx_do_futex+0x10/0x10 [ 600.047387][T31801] ? xfd_validate_state+0x129/0x190 [ 600.047401][T31801] ? ksys_write+0x1ac/0x250 [ 600.047421][T31801] __x64_sys_io_uring_setup+0xc2/0x170 [ 600.047445][T31801] do_syscall_64+0x10b/0xf80 [ 600.047460][T31801] ? clear_bhb_loop+0x40/0x90 [ 600.047478][T31801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.047493][T31801] RIP: 0033:0x7f346c59c819 [ 600.047507][T31801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 600.047521][T31801] RSP: 002b:00007f346d4cb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 600.047536][T31801] RAX: ffffffffffffffda RBX: 00007f346c815fa0 RCX: 00007f346c59c819 [ 600.047546][T31801] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001 [ 600.047554][T31801] RBP: 00007f346c632c91 R08: 0000000000000000 R09: 0000000000000000 [ 600.047563][T31801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.047571][T31801] R13: 00007f346c816038 R14: 00007f346c815fa0 R15: 00007ffe73122c68 [ 600.047590][T31801] [ 601.761038][T31865] nbd: must specify an index to disconnect [ 602.138105][T31886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10704'. [ 602.786619][T31912] netlink: 'syz.1.10716': attribute type 1 has an invalid length. [ 602.882446][T20988] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7 [ 604.463625][T31980] netlink: 'syz.0.10743': attribute type 12 has an invalid length. [ 604.480955][T31979] nbd: illegal input index 37139 [ 604.762873][T31988] netlink: 'syz.3.10746': attribute type 1 has an invalid length. [ 605.344823][T32012] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 605.563848][T32022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10759'. [ 607.498332][T32104] netlink: NAT attribute has 4 unknown bytes [ 608.029058][T32133] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10805'. [ 608.592197][T32155] netlink: 'syz.3.10812': attribute type 2 has an invalid length. [ 608.637157][T32155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10812'. [ 608.955401][T32180] netlink: 'syz.1.10822': attribute type 1 has an invalid length. [ 609.002775][T32180] netlink: 'syz.1.10822': attribute type 1 has an invalid length. [ 609.046299][T32180] netlink: 124 bytes leftover after parsing attributes in process `syz.1.10822'. [ 609.108520][T32180] netlink: 100 bytes leftover after parsing attributes in process `syz.1.10822'. [ 609.310177][T32198] netlink: 'syz.1.10829': attribute type 1 has an invalid length. [ 609.362560][T32198] nbd: error processing sock list [ 609.551631][T32210] queue_state_write: unsupported operation '' [ 609.596164][T32210] queue_state_write: use 'run', 'start' or 'kick' [ 609.833260][T32227] openvswitch: netlink: IPv4 tunnel dst address is zero [ 610.075394][T32239] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 610.293347][T32251] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10850'. [ 612.715908][T32375] netlink: 'syz.0.10899': attribute type 11 has an invalid length. [ 612.763569][T32375] netlink: 'syz.0.10899': attribute type 11 has an invalid length. [ 612.796800][T32375] netlink: 'syz.0.10899': attribute type 11 has an invalid length. [ 614.249242][T32428] openvswitch: netlink: IPv4 tunnel dst address is zero [ 614.531052][T32437] tc_dump_action: action bad kind [ 617.591204][T32571] netlink: Conntrack attr has 5 unknown bytes [ 618.214176][T20988] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 618.222098][T20988] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 620.817637][T32698] FAULT_INJECTION: forcing a failure. [ 620.817637][T32698] name failslab, interval 1, probability 0, space 0, times 0 [ 620.880229][T32698] CPU: 0 UID: 0 PID: 32698 Comm: syz.1.11028 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 620.880277][T32698] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 620.880285][T32698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 620.880294][T32698] Call Trace: [ 620.880299][T32698] [ 620.880305][T32698] dump_stack_lvl+0x100/0x190 [ 620.880325][T32698] should_fail_ex.cold+0x5/0xa [ 620.880345][T32698] should_failslab+0xc2/0x120 [ 620.880361][T32698] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 620.880384][T32698] ? alloc_empty_file+0x5b/0x1c0 [ 620.880407][T32698] alloc_empty_file+0x5b/0x1c0 [ 620.880427][T32698] alloc_file_pseudo+0x13a/0x230 [ 620.880448][T32698] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 620.880467][T32698] ? alloc_fd+0x476/0x790 [ 620.880484][T32698] ? do_raw_spin_unlock+0x145/0x1e0 [ 620.880502][T32698] __anon_inode_getfile+0xe8/0x280 [ 620.880525][T32698] anon_inode_getfile_fmode+0x37/0xa0 [ 620.880546][T32698] __do_sys_fanotify_init+0xab8/0xe80 [ 620.880564][T32698] do_syscall_64+0x10b/0xf80 [ 620.880579][T32698] ? clear_bhb_loop+0x40/0x90 [ 620.880596][T32698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.880611][T32698] RIP: 0033:0x7f6d09d9c819 [ 620.880625][T32698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 620.880639][T32698] RSP: 002b:00007f6d0ac4d028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 620.880653][T32698] RAX: ffffffffffffffda RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 620.880662][T32698] RDX: 0000000000000000 RSI: 0002010000000000 RDI: 0000000000000200 [ 620.880671][T32698] RBP: 00007f6d09e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 620.880679][T32698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.880688][T32698] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 620.880706][T32698] [ 621.818885][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 621.825711][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.516227][ T351] delete_channel: no stack [ 624.587372][ T400] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 625.352486][ T437] dyndbg: expected <4096 bytes into control [ 625.487893][ T442] nfs: Unknown parameter 'm?LH>「^eko}* ' [ 629.274319][ T637] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.327561][ T637] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.374150][ T637] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.417305][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.457387][ T635] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.596434][ T649] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.665043][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.710414][ T654] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.764962][ T654] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.818403][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.867346][ T10] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 629.909332][ T647] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 630.229366][ T679] openvswitch: netlink: Duplicate or invalid key (type 0). [ 632.141867][ T784] openvswitch: netlink: IP tunnel dst address not specified [ 632.410271][ T794] nfs: Unknown parameter 'nl802154' [ 633.356523][ T837] netlink: 'syz.3.11266': attribute type 11 has an invalid length. [ 633.388373][ T837] netlink: 'syz.3.11266': attribute type 11 has an invalid length. [ 633.416780][ T837] netlink: 'syz.3.11266': attribute type 11 has an invalid length. [ 634.054862][T20988] Bluetooth: hci0: command 0x0406 tx timeout [ 634.204790][ T881] tc_dump_action: action bad kind [ 634.744138][ T906] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11295'. [ 634.805259][ T906] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11295'. [ 635.029227][ T917] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 635.035664][ T917] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 635.381696][ T946] vivid-005: ================= START STATUS ================= [ 635.420254][ T946] vivid-005: Radio HW Seek Mode: Bounded [ 635.455411][ T946] vivid-005: Radio Programmable HW Seek: false [ 635.491429][ T946] vivid-005: RDS Rx I/O Mode: Block I/O [ 635.522093][ T946] vivid-005: Generate RBDS Instead of RDS: false [ 635.554085][ T946] vivid-005: RDS Reception: true [ 635.579159][ T946] vivid-005: RDS Program Type: 0 inactive [ 635.610141][ T946] vivid-005: RDS PS Name: inactive [ 635.639176][ T946] vivid-005: RDS Radio Text: inactive [ 635.670879][ T946] vivid-005: RDS Traffic Announcement: false inactive [ 635.704785][ T946] vivid-005: RDS Traffic Program: false inactive [ 635.735219][ T946] vivid-005: RDS Music: false inactive [ 635.765681][ T946] vivid-005: ================== END STATUS ================== [ 637.641053][ T1053] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 638.609653][ T1110] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11366'. [ 638.669040][ T1110] netlink: 29 bytes leftover after parsing attributes in process `syz.3.11366'. [ 640.326287][T16044] Bluetooth: hci2: ACL packet too small [ 641.524449][ T1265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11431'. [ 641.703198][ T1259] syz.1.11429 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 641.753652][ T1259] CPU: 0 UID: 0 PID: 1259 Comm: syz.1.11429 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 641.753681][ T1259] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 641.753687][ T1259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 641.753696][ T1259] Call Trace: [ 641.753701][ T1259] [ 641.753707][ T1259] dump_stack_lvl+0x100/0x190 [ 641.753726][ T1259] dump_header+0xfb/0x606 [ 641.753745][ T1259] oom_kill_process.cold+0xd/0x330 [ 641.753763][ T1259] out_of_memory+0x340/0x14f0 [ 641.753790][ T1259] ? __pfx_out_of_memory+0x10/0x10 [ 641.753816][ T1259] mem_cgroup_out_of_memory+0xc6/0x130 [ 641.753838][ T1259] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 641.753858][ T1259] ? find_held_lock+0x2b/0x80 [ 641.753880][ T1259] ? do_raw_spin_unlock+0x145/0x1e0 [ 641.753897][ T1259] ? _raw_spin_unlock+0x28/0x50 [ 641.753921][ T1259] try_charge_memcg+0x6e5/0xdf0 [ 641.753941][ T1259] ? __pfx_try_charge_memcg+0x10/0x10 [ 641.753963][ T1259] ? find_held_lock+0x2b/0x80 [ 641.753981][ T1259] ? rcu_read_unlock+0x17/0x60 [ 641.753998][ T1259] ? rcu_read_unlock+0x17/0x60 [ 641.754014][ T1259] ? find_held_lock+0x2b/0x80 [ 641.754032][ T1259] ? rcu_read_unlock+0x17/0x60 [ 641.754056][ T1259] charge_memcg+0x187/0x1e0 [ 641.754074][ T1259] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 641.754097][ T1259] __swap_cache_prepare_and_add+0x842/0xa20 [ 641.754120][ T1259] ? alloc_pages_mpol+0x25a/0x540 [ 641.754140][ T1259] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 641.754161][ T1259] ? __pfx_swap_entry_swapped+0x10/0x10 [ 641.754183][ T1259] swap_cache_alloc_folio+0x1cb/0x300 [ 641.754206][ T1259] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 641.754226][ T1259] ? lockdep_hardirqs_on+0x78/0x100 [ 641.754241][ T1259] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 641.754265][ T1259] swap_cluster_readahead+0x53b/0x770 [ 641.754292][ T1259] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 641.754317][ T1259] ? ktime_get+0x9f/0x320 [ 641.754342][ T1259] ? do_raw_spin_unlock+0x145/0x1e0 [ 641.754360][ T1259] ? get_vma_policy+0x23d/0x3b0 [ 641.754379][ T1259] swapin_readahead+0x160/0x12c0 [ 641.754402][ T1259] ? do_raw_spin_lock+0x128/0x260 [ 641.754424][ T1259] ? __pfx_swapin_readahead+0x10/0x10 [ 641.754445][ T1259] ? find_held_lock+0x2b/0x80 [ 641.754468][ T1259] ? swap_table_get+0x103/0x2c0 [ 641.754495][ T1259] ? swap_table_get+0x10d/0x2c0 [ 641.754516][ T1259] ? swap_cache_get_folio+0x286/0x350 [ 641.754538][ T1259] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 641.754558][ T1259] ? __pfx_get_swap_device+0x10/0x10 [ 641.754577][ T1259] ? do_swap_page+0x931/0x6180 [ 641.754597][ T1259] do_swap_page+0x931/0x6180 [ 641.754627][ T1259] ? __pfx_do_swap_page+0x10/0x10 [ 641.754648][ T1259] ? __free_object+0x2a8/0x3f0 [ 641.754664][ T1259] ? lockdep_hardirqs_on+0x78/0x100 [ 641.754680][ T1259] ? rcu_is_watching+0x12/0xc0 [ 641.754697][ T1259] ? __pte_offset_map+0x179/0x310 [ 641.754715][ T1259] __handle_mm_fault+0x192f/0x2a00 [ 641.754739][ T1259] ? reacquire_held_locks+0xce/0x1e0 [ 641.754762][ T1259] ? __pfx___handle_mm_fault+0x10/0x10 [ 641.754786][ T1259] ? lock_vma_under_rcu+0x17c/0x590 [ 641.754819][ T1259] handle_mm_fault+0x36d/0xa20 [ 641.754843][ T1259] do_user_addr_fault+0x5a3/0x12f0 [ 641.754866][ T1259] exc_page_fault+0x6f/0xd0 [ 641.754882][ T1259] asm_exc_page_fault+0x26/0x30 [ 641.754896][ T1259] RIP: 0033:0x7f6d09c6a190 [ 641.754909][ T1259] Code: c4 4c 0f 42 e0 83 3d 3a dc 3a 00 00 0f 8e d9 fd ff ff e8 33 83 fe ff 49 39 c4 0f 82 82 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 <69> 3d fe b4 ed 00 e8 03 00 00 48 8d 1d ff bd 3a 00 e8 8a 31 13 00 [ 641.754923][ T1259] RSP: 002b:00007ffd826a6090 EFLAGS: 00010202 [ 641.754935][ T1259] RAX: 000000000009d4a2 RBX: 00007f6d0a017da0 RCX: 000000000009d3a0 [ 641.754945][ T1259] RDX: 0000000000000102 RSI: 00007ffd826a6070 RDI: 00007f6d0ac4e010 [ 641.754959][ T1259] RBP: 00007f6d0a017da0 R08: 000e77561846e6b4 R09: 0000000000000001 [ 641.754968][ T1259] R10: 000000000001ec12 R11: 0000000000000246 R12: 000000000009d6ee [ 641.754976][ T1259] R13: 00007f6d0a015fac R14: 000000000009d402 R15: 00007ffd826a6190 [ 641.754996][ T1259] [ 643.454409][ T1259] memory: usage 3072kB, limit 3072kB, failcnt 81673 [ 643.489852][ T1259] memory+swap: usage 3260kB, limit 9007199254740988kB, failcnt 0 [ 643.525876][ T1259] kmem: usage 3044kB, limit 9007199254740988kB, failcnt 0 [ 643.558761][ T1259] Memory cgroup stats for /syz1: [ 643.558867][ T1259] cache 0 [ 643.603595][ T1259] rss 28672 [ 643.623573][ T1259] rss_huge 0 [ 643.643956][ T1259] shmem 0 [ 643.661197][ T1259] mapped_file 0 [ 643.678477][ T1259] dirty 0 [ 643.690663][ T1259] writeback 0 [ 643.707070][ T1259] workingset_refault_anon 4544 [ 643.732652][ T1259] workingset_refault_file 23759 [ 643.761960][ T1259] swap 192512 [ 643.782698][ T1259] swapcached 281747456 [ 643.799401][ T1259] pgpgin 287423 [ 643.811983][ T1259] pgpgout 305777 [ 643.824508][ T1259] pgfault 366723 [ 643.836870][ T1259] pgmajfault 2067 [ 643.851680][ T1259] inactive_anon 0 [ 643.876971][ T1259] active_anon 28672 [ 643.898132][ T1259] inactive_file 0 [ 643.919759][ T1259] active_file 0 [ 643.936706][ T1259] unevictable 0 [ 643.951239][ T1259] hierarchical_memory_limit 3145728 [ 643.968532][ T1259] hierarchical_memsw_limit 9223372036854771712 [ 643.998177][ T1259] total_cache 0 [ 644.012551][ T1259] total_rss 28672 [ 644.041712][ T1259] total_rss_huge 0 [ 644.073231][ T1259] total_shmem 0 [ 644.087198][ T1259] total_mapped_file 0 [ 644.106317][ T1259] total_dirty 0 [ 644.121300][ T1259] total_writeback 0 [ 644.138204][ T1259] total_workingset_refault_anon 4544 [ 644.159272][ T1259] total_workingset_refault_file 23759 [ 644.186060][ T1259] total_swap 192512 [ 644.223828][ T1259] total_swapcached 281747456 [ 644.240516][ T1259] total_pgpgin 287423 [ 644.260264][ T1259] total_pgpgout 305777 [ 644.280325][ T1259] total_pgfault 366723 [ 644.300384][ T1259] total_pgmajfault 2067 [ 644.331584][ T1259] total_inactive_anon 0 [ 644.365380][ T1259] total_active_anon 28672 [ 644.396999][ T1259] total_inactive_file 0 [ 644.429614][ T1259] total_active_file 0 [ 644.458116][ T1259] total_unevictable 0 [ 644.476565][ T1259] anon_cost 449 [ 644.496433][ T1259] file_cost 0 [ 644.504709][ T1391] ALSA: mixer_oss: invalid OSS volume '' [ 644.514752][ T1259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11429,pid=1259,uid=0 [ 644.597075][ T1259] Memory cgroup out of memory: Killed process 1259 (syz.1.11429) total-vm:104280kB, anon-rss:1236kB, file-rss:22516kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 644.915739][ T1412] netlink: zone id is out of range [ 644.945199][ T1412] netlink: zone id is out of range [ 644.963982][ T1412] netlink: zone id is out of range [ 644.988910][ T1412] netlink: zone id is out of range [ 645.010791][ T1412] netlink: zone id is out of range [ 645.030993][ T1412] netlink: zone id is out of range [ 645.064595][ T1412] netlink: zone id is out of range [ 645.085126][ T1412] netlink: set zone limit has 4 unknown bytes [ 645.292090][ T1428] openvswitch: netlink: Flow actions attr not present in new flow. [ 646.383538][ T1482] ucma_write: process 1272 (syz.0.11521) changed security contexts after opening file descriptor, this is not allowed. [ 646.632020][ T1496] tc_dump_action: action bad kind [ 647.895665][ T1560] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11555'. [ 648.584832][ T1593] __vm_enough_memory: pid: 1593, comm: syz.1.11569, bytes: 4398046511104 not enough memory for the allocation [ 649.062193][ T1617] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11580'. [ 650.686107][ T1683] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 653.085149][ T1797] netlink: zone id is out of range [ 653.131195][ T1801] netlink: 342 bytes leftover after parsing attributes in process `syz.2.11656'. [ 654.262439][ T1843] openvswitch: netlink: Message has 4 unknown bytes. [ 655.927399][ T1916] netlink: 'syz.2.11699': attribute type 1 has an invalid length. [ 656.275279][ T1933] netlink: ct_mark mask cannot be 0 [ 657.624785][ T1990] openvswitch: netlink: Multiple metadata blocks provided [ 658.272481][ T2021] random: crng reseeded on system resumption [ 659.232016][ T2068] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 659.349703][ T2073] tc_dump_action: action bad kind [ 661.259061][ T2165] netlink: 'syz.2.11801': attribute type 9 has an invalid length. [ 661.438497][ T2175] netlink: Invalid conntrack timeout [ 663.067379][ T2260] netlink: Failed to add  helper -22 [ 663.188554][ T2271] sctp: [Deprecated]: syz.3.11844 (pid 2271) Use of int in max_burst socket option deprecated. [ 663.188554][ T2271] Use struct sctp_assoc_value instead [ 665.349457][ T2363] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 665.831362][ T2382] netlink: 'syz.3.11883': attribute type 11 has an invalid length. [ 665.895754][ T2382] netlink: 'syz.3.11883': attribute type 11 has an invalid length. [ 665.943248][ T2382] netlink: 'syz.3.11883': attribute type 11 has an invalid length. [ 665.985602][ T2382] netlink: 'syz.3.11883': attribute type 11 has an invalid length. [ 666.799852][ T2423] netlink: 'syz.2.11895': attribute type 1 has an invalid length. [ 668.073511][ T2479] netlink: 'syz.3.11917': attribute type 11 has an invalid length. [ 668.122281][ T2479] netlink: 'syz.3.11917': attribute type 11 has an invalid length. [ 668.169918][ T2479] netlink: 'syz.3.11917': attribute type 11 has an invalid length. [ 675.182689][ T2875] FAULT_INJECTION: forcing a failure. [ 675.182689][ T2875] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 675.214977][T16044] Bluetooth: hci2: SCO packet too small [ 675.253306][ T2875] CPU: 0 UID: 0 PID: 2875 Comm: syz.3.12045 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 675.253336][ T2875] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 675.253344][ T2875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 675.253352][ T2875] Call Trace: [ 675.253358][ T2875] [ 675.253364][ T2875] dump_stack_lvl+0x100/0x190 [ 675.253385][ T2875] should_fail_ex.cold+0x5/0xa [ 675.253402][ T2875] ? prepare_alloc_pages+0x16d/0x5f0 [ 675.253421][ T2875] should_fail_alloc_page+0xeb/0x140 [ 675.253438][ T2875] prepare_alloc_pages+0x1f0/0x5f0 [ 675.253460][ T2875] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 675.253487][ T2875] ? stack_trace_save+0x8e/0xc0 [ 675.253506][ T2875] ? __pfx_stack_trace_save+0x10/0x10 [ 675.253525][ T2875] ? stack_depot_save_flags+0x27/0x9d0 [ 675.253545][ T2875] ? _raw_spin_lock_irqsave+0x52/0x60 [ 675.253582][ T2875] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 675.253605][ T2875] ? kasan_save_track+0x14/0x30 [ 675.253618][ T2875] ? __kasan_slab_alloc+0x89/0x90 [ 675.253632][ T2875] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 675.253654][ T2875] ? move_page_tables+0x3224/0x4500 [ 675.253676][ T2875] ? move_vma+0x574/0x1920 [ 675.253695][ T2875] ? mremap_to+0x234/0x4c0 [ 675.253714][ T2875] ? __do_sys_mremap+0xa7a/0x1850 [ 675.253734][ T2875] ? do_syscall_64+0x10b/0xf80 [ 675.253748][ T2875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.253772][ T2875] ? __lock_acquire+0x4a5/0x2630 [ 675.253794][ T2875] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.253815][ T2875] ? policy_nodemask+0xed/0x4f0 [ 675.253833][ T2875] alloc_pages_mpol+0x1fb/0x540 [ 675.253849][ T2875] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 675.253871][ T2875] alloc_pages_noprof+0x1a/0x160 [ 675.253889][ T2875] pte_alloc_one+0x1c/0x3d0 [ 675.253909][ T2875] __pte_alloc+0x6d/0x3e0 [ 675.253924][ T2875] ? __pfx___pte_alloc+0x10/0x10 [ 675.253940][ T2875] ? _raw_spin_unlock+0x28/0x50 [ 675.253960][ T2875] ? __pmd_alloc+0x3fb/0x950 [ 675.253979][ T2875] move_page_tables+0x257e/0x4500 [ 675.254002][ T2875] ? __pfx_copy_vma+0x10/0x10 [ 675.254030][ T2875] ? __pfx_move_page_tables+0x10/0x10 [ 675.254069][ T2875] copy_vma_and_data+0x25c/0x7c0 [ 675.254092][ T2875] ? __pfx_copy_vma_and_data+0x10/0x10 [ 675.254122][ T2875] ? __vma_start_write+0x17f/0x280 [ 675.254141][ T2875] ? __pfx___vma_start_write+0x10/0x10 [ 675.254160][ T2875] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 675.254182][ T2875] move_vma+0x574/0x1920 [ 675.254207][ T2875] ? __pfx_move_vma+0x10/0x10 [ 675.254229][ T2875] ? thp_get_unmapped_area_vmflags+0x27f/0x2d0 [ 675.254250][ T2875] ? cap_mmap_addr+0x4b/0x120 [ 675.254267][ T2875] ? bpf_lsm_mmap_addr+0x9/0x30 [ 675.254280][ T2875] ? security_mmap_addr+0x71/0x1e0 [ 675.254302][ T2875] ? __get_unmapped_area+0x255/0x3e0 [ 675.254321][ T2875] ? vrm_set_new_addr+0x204/0x290 [ 675.254343][ T2875] mremap_to+0x234/0x4c0 [ 675.254363][ T2875] ? mas_walk+0x6ef/0x9b0 [ 675.254377][ T2875] ? __pfx_mremap_to+0x10/0x10 [ 675.254403][ T2875] __do_sys_mremap+0xa7a/0x1850 [ 675.254430][ T2875] ? __pfx___do_sys_mremap+0x10/0x10 [ 675.254455][ T2875] ? do_futex+0x192/0x350 [ 675.254470][ T2875] ? __pfx_do_futex+0x10/0x10 [ 675.254490][ T2875] ? __x64_sys_futex+0x34f/0x4d0 [ 675.254513][ T2875] ? rcu_is_watching+0x12/0xc0 [ 675.254532][ T2875] do_syscall_64+0x10b/0xf80 [ 675.254546][ T2875] ? clear_bhb_loop+0x40/0x90 [ 675.254570][ T2875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.254586][ T2875] RIP: 0033:0x7fbd29f9c819 [ 675.254600][ T2875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.254614][ T2875] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 675.254630][ T2875] RAX: ffffffffffffffda RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 675.254640][ T2875] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 000000110c231000 [ 675.254649][ T2875] RBP: 00007fbd2a032c91 R08: 0000000100000000 R09: 0000000000000000 [ 675.254659][ T2875] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 675.254668][ T2875] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 675.254688][ T2875] [ 676.580520][ T2923] : entered promiscuous mode [ 676.885637][ T2936] __vm_enough_memory: pid: 2936, comm: syz.1.12068, bytes: 4398046457856 not enough memory for the allocation [ 677.116590][ T2946] netlink: 'syz.1.12072': attribute type 2 has an invalid length. [ 678.499406][ T2990] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 680.840268][ T3091] FAULT_INJECTION: forcing a failure. [ 680.840268][ T3091] name failslab, interval 1, probability 0, space 0, times 0 [ 680.976787][ T3091] CPU: 0 UID: 0 PID: 3091 Comm: syz.3.12133 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 680.976819][ T3091] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 680.976826][ T3091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 680.976835][ T3091] Call Trace: [ 680.976840][ T3091] [ 680.976847][ T3091] dump_stack_lvl+0x100/0x190 [ 680.976868][ T3091] should_fail_ex.cold+0x5/0xa [ 680.976888][ T3091] should_failslab+0xc2/0x120 [ 680.976908][ T3091] __kmalloc_cache_noprof+0x7a/0x6f0 [ 680.976928][ T3091] ? vkms_plane_duplicate_state+0x87/0x130 [ 680.976954][ T3091] vkms_plane_duplicate_state+0x87/0x130 [ 680.976982][ T3091] drm_atomic_get_plane_state+0x279/0x760 [ 680.977003][ T3091] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 680.977024][ T3091] ? rcu_is_watching+0x12/0xc0 [ 680.977044][ T3091] ? __mutex_lock+0x26d/0x1b10 [ 680.977062][ T3091] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 680.977083][ T3091] ? drm_master_internal_acquire+0x21/0x80 [ 680.977120][ T3091] drm_client_modeset_commit_locked+0x14d/0x580 [ 680.977143][ T3091] drm_client_modeset_commit+0x4f/0x80 [ 680.977164][ T3091] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 680.977187][ T3091] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 680.977208][ T3091] drm_fbdev_client_restore+0x1b/0x30 [ 680.977223][ T3091] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 680.977237][ T3091] drm_client_dev_restore+0x205/0x2a0 [ 680.977260][ T3091] drm_release+0x2c6/0x360 [ 680.977278][ T3091] ? __pfx_drm_release+0x10/0x10 [ 680.977295][ T3091] __fput+0x3ff/0xb50 [ 680.977319][ T3091] task_work_run+0x150/0x240 [ 680.977335][ T3091] ? __pfx_task_work_run+0x10/0x10 [ 680.977351][ T3091] ? rcu_is_watching+0x12/0xc0 [ 680.977370][ T3091] exit_to_user_mode_loop+0x100/0x4a0 [ 680.977393][ T3091] ? do_syscall_64+0x519/0xf80 [ 680.977409][ T3091] do_syscall_64+0x6f2/0xf80 [ 680.977424][ T3091] ? clear_bhb_loop+0x40/0x90 [ 680.977442][ T3091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.977457][ T3091] RIP: 0033:0x7fbd29f9c819 [ 680.977471][ T3091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 680.977486][ T3091] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 680.977501][ T3091] RAX: 0000000000000000 RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 680.977511][ T3091] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 680.977520][ T3091] RBP: 00007fbd2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 680.977529][ T3091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.977538][ T3091] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 680.977559][ T3091] [ 682.881947][ T3141] FAULT_INJECTION: forcing a failure. [ 682.881947][ T3141] name failslab, interval 1, probability 0, space 0, times 0 [ 682.926927][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 682.937799][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 682.963601][ T3141] CPU: 0 UID: 0 PID: 3141 Comm: syz.0.12152 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 682.963632][ T3141] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 682.963640][ T3141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 682.963649][ T3141] Call Trace: [ 682.963654][ T3141] [ 682.963661][ T3141] dump_stack_lvl+0x100/0x190 [ 682.963680][ T3141] should_fail_ex.cold+0x5/0xa [ 682.963700][ T3141] should_failslab+0xc2/0x120 [ 682.963717][ T3141] __kmalloc_cache_noprof+0x7a/0x6f0 [ 682.963737][ T3141] ? snd_seq_port_connect+0x61/0x550 [ 682.963757][ T3141] ? snd_seq_port_use_ptr+0x136/0x1a0 [ 682.963776][ T3141] ? snd_seq_port_use_ptr+0x136/0x1a0 [ 682.963808][ T3141] snd_seq_port_connect+0x61/0x550 [ 682.963829][ T3141] ? _raw_read_unlock+0x28/0x50 [ 682.963843][ T3141] ? check_subscription_permission.isra.0+0x146/0x240 [ 682.963867][ T3141] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 682.963891][ T3141] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 682.963921][ T3141] call_seq_client_ctl+0xa3/0x130 [ 682.963942][ T3141] snd_seq_kernel_client_ctl+0x77/0xd0 [ 682.963963][ T3141] snd_seq_oss_midi_open+0x474/0x690 [ 682.963981][ T3141] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 682.963996][ T3141] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 682.964019][ T3141] ? __mutex_lock+0x26d/0x1b10 [ 682.964041][ T3141] snd_seq_oss_synth_reset+0x439/0x890 [ 682.964058][ T3141] ? __pfx___mutex_lock+0x10/0x10 [ 682.964073][ T3141] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 682.964091][ T3141] ? __pfx___fsnotify_parent+0x10/0x10 [ 682.964114][ T3141] snd_seq_oss_reset+0x73/0x290 [ 682.964135][ T3141] ? __pfx_odev_release+0x10/0x10 [ 682.964156][ T3141] snd_seq_oss_release+0x7c/0x180 [ 682.964181][ T3141] ? __pfx_odev_release+0x10/0x10 [ 682.964200][ T3141] odev_release+0x4c/0x70 [ 682.964219][ T3141] __fput+0x3ff/0xb50 [ 682.964242][ T3141] task_work_run+0x150/0x240 [ 682.964258][ T3141] ? __pfx_task_work_run+0x10/0x10 [ 682.964274][ T3141] ? rcu_is_watching+0x12/0xc0 [ 682.964294][ T3141] exit_to_user_mode_loop+0x100/0x4a0 [ 682.964317][ T3141] ? do_syscall_64+0x519/0xf80 [ 682.964333][ T3141] do_syscall_64+0x6f2/0xf80 [ 682.964347][ T3141] ? clear_bhb_loop+0x40/0x90 [ 682.964365][ T3141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.964380][ T3141] RIP: 0033:0x7f346c59c819 [ 682.964393][ T3141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 682.964407][ T3141] RSP: 002b:00007f346d4cb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 682.964422][ T3141] RAX: 0000000000000000 RBX: 00007f346c815fa0 RCX: 00007f346c59c819 [ 682.964432][ T3141] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 682.964440][ T3141] RBP: 00007f346c632c91 R08: 0000000000000000 R09: 0000000000000000 [ 682.964450][ T3141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.964458][ T3141] R13: 00007f346c816038 R14: 00007f346c815fa0 R15: 00007ffe73122c68 [ 682.964479][ T3141] [ 683.362697][ T3146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12156'. [ 686.888179][ T3307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12198'. [ 687.130881][ T3318] [U] ^C [ 688.597455][ T3364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12217'. [ 693.256860][ T3542] FAULT_INJECTION: forcing a failure. [ 693.256860][ T3542] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 693.328721][ T3542] CPU: 0 UID: 0 PID: 3542 Comm: syz.0.12258 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 693.328753][ T3542] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 693.328760][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 693.328770][ T3542] Call Trace: [ 693.328776][ T3542] [ 693.328787][ T3542] dump_stack_lvl+0x100/0x190 [ 693.328808][ T3542] should_fail_ex.cold+0x5/0xa [ 693.328828][ T3542] _copy_from_user+0x2e/0xd0 [ 693.328849][ T3542] restore_altstack+0x98/0x170 [ 693.328871][ T3542] ? __pfx_restore_altstack+0x10/0x10 [ 693.328893][ T3542] ? _raw_spin_unlock_irq+0x23/0x50 [ 693.328916][ T3542] ? lockdep_hardirqs_on+0x78/0x100 [ 693.328931][ T3542] ? _raw_spin_unlock_irq+0x2e/0x50 [ 693.328954][ T3542] __do_sys_rt_sigreturn+0x1ab/0x2c0 [ 693.328976][ T3542] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 693.328996][ T3542] ? rcu_is_watching+0x12/0xc0 [ 693.329013][ T3542] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 693.329036][ T3542] ? rcu_is_watching+0x12/0xc0 [ 693.329055][ T3542] do_syscall_64+0x10b/0xf80 [ 693.329069][ T3542] ? clear_bhb_loop+0x40/0x90 [ 693.329087][ T3542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.329102][ T3542] RIP: 0033:0x7f346c53db99 [ 693.329115][ T3542] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25 [ 693.329130][ T3542] RSP: 002b:00007f346d4caa80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 693.329145][ T3542] RAX: ffffffffffffffda RBX: 00007f346c815fa0 RCX: 00007f346c53db99 [ 693.329154][ T3542] RDX: 00007f346d4caa80 RSI: 00007f346d4cabb0 RDI: 0000000000000011 [ 693.329163][ T3542] RBP: 00007f346c632c91 R08: 0000000000000000 R09: 0000000000000000 [ 693.329172][ T3542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 693.329181][ T3542] R13: 00007f346c816038 R14: 00007f346c815fa0 R15: 00007ffe73122c68 [ 693.329201][ T3542] [ 693.847835][ T3551] random: crng reseeded on system resumption [ 694.639560][ T3600] GUP no longer grows the stack in syz.3.12273 (3600): 5000-401000 (4000) [ 694.707806][ T3600] CPU: 0 UID: 0 PID: 3600 Comm: syz.3.12273 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 694.707836][ T3600] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 694.707843][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 694.707852][ T3600] Call Trace: [ 694.707858][ T3600] [ 694.707864][ T3600] dump_stack_lvl+0x100/0x190 [ 694.707885][ T3600] gup_vma_lookup.cold+0x83/0x96 [ 694.707907][ T3600] __get_user_pages+0x241/0x32a0 [ 694.707931][ T3600] ? register_lock_class+0x40/0x560 [ 694.707954][ T3600] ? __kmalloc_noprof+0x301/0x850 [ 694.707976][ T3600] ? __pfx___get_user_pages+0x10/0x10 [ 694.707992][ T3600] ? do_syscall_64+0x10b/0xf80 [ 694.708013][ T3600] __gup_longterm_locked+0x87d/0x16f0 [ 694.708031][ T3600] ? __lock_acquire+0x4a5/0x2630 [ 694.708056][ T3600] ? __pfx___gup_longterm_locked+0x10/0x10 [ 694.708084][ T3600] pin_user_pages_remote+0xed/0x140 [ 694.708103][ T3600] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 694.708129][ T3600] process_vm_rw_core.constprop.0+0x412/0x950 [ 694.708154][ T3600] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 694.708170][ T3600] ? import_ubuf+0x1b6/0x220 [ 694.708196][ T3600] ? iovec_from_user+0xda/0x140 [ 694.708217][ T3600] process_vm_rw+0x226/0x2d0 [ 694.708233][ T3600] ? __pfx_process_vm_rw+0x10/0x10 [ 694.708252][ T3600] ? __pfx___do_sys_mremap+0x10/0x10 [ 694.708290][ T3600] ? xfd_validate_state+0x129/0x190 [ 694.708307][ T3600] ? __task_pid_nr_ns+0x1ca/0x510 [ 694.708332][ T3600] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 694.708347][ T3600] ? do_syscall_64+0x90/0xf80 [ 694.708361][ T3600] ? lockdep_hardirqs_on+0x78/0x100 [ 694.708376][ T3600] do_syscall_64+0x10b/0xf80 [ 694.708390][ T3600] ? clear_bhb_loop+0x40/0x90 [ 694.708407][ T3600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.708423][ T3600] RIP: 0033:0x7fbd29f9c819 [ 694.708436][ T3600] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 694.708450][ T3600] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 694.708466][ T3600] RAX: ffffffffffffffda RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 694.708475][ T3600] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 00000000000018f5 [ 694.708484][ T3600] RBP: 00007fbd2a032c91 R08: 0000000000000006 R09: 0000000000000000 [ 694.708493][ T3600] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000000 [ 694.708501][ T3600] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 694.708521][ T3600] [ 696.230555][ T3656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12282'. [ 698.711826][ T3750] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 698.905683][ T3754] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 699.777777][T16044] Bluetooth: hci0: unexpected event 0x03 length: 43 > 11 [ 700.681762][ T3821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12336'. [ 705.750750][ T3996] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 707.903091][T16044] bt_err_ratelimited: 3 callbacks suppressed [ 707.903107][T16044] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 708.689944][ T4106] FAULT_INJECTION: forcing a failure. [ 708.689944][ T4106] name failslab, interval 1, probability 0, space 0, times 0 [ 708.913637][ T4106] CPU: 0 UID: 0 PID: 4106 Comm: syz.3.12433 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 708.913667][ T4106] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 708.913674][ T4106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 708.913683][ T4106] Call Trace: [ 708.913689][ T4106] [ 708.913695][ T4106] dump_stack_lvl+0x100/0x190 [ 708.913716][ T4106] should_fail_ex.cold+0x5/0xa [ 708.913736][ T4106] should_failslab+0xc2/0x120 [ 708.913753][ T4106] __kmalloc_cache_noprof+0x7a/0x6f0 [ 708.913772][ T4106] ? percpu_ref_init+0xec/0x3f0 [ 708.913791][ T4106] ? __pfx_free_ioctx_reqs+0x10/0x10 [ 708.913808][ T4106] percpu_ref_init+0xec/0x3f0 [ 708.913822][ T4106] ? __init_waitqueue_head+0xca/0x150 [ 708.913842][ T4106] ioctx_alloc+0x3ee/0x21a0 [ 708.913867][ T4106] ? find_held_lock+0x2b/0x80 [ 708.913885][ T4106] ? __pfx_ioctx_alloc+0x10/0x10 [ 708.913909][ T4106] __x64_sys_io_setup+0xc9/0x220 [ 708.913929][ T4106] do_syscall_64+0x10b/0xf80 [ 708.913944][ T4106] ? clear_bhb_loop+0x40/0x90 [ 708.913962][ T4106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.913978][ T4106] RIP: 0033:0x7fbd29f9c819 [ 708.913991][ T4106] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 708.914005][ T4106] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 708.914020][ T4106] RAX: ffffffffffffffda RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 708.914030][ T4106] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 708.914043][ T4106] RBP: 00007fbd2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 708.914055][ T4106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 708.914064][ T4106] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 708.914084][ T4106] [ 710.009212][T16044] Bluetooth: hci0: Malformed Event: 0x13 [ 711.137978][ T5975] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 711.203396][ T5975] CPU: 0 UID: 0 PID: 5975 Comm: syz-executor Tainted: G U I L syzkaller #0 PREEMPT(full) [ 711.203425][ T5975] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 711.203432][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 711.203440][ T5975] Call Trace: [ 711.203446][ T5975] [ 711.203452][ T5975] dump_stack_lvl+0x100/0x190 [ 711.203471][ T5975] dump_header+0xfb/0x606 [ 711.203488][ T5975] oom_kill_process.cold+0xd/0x330 [ 711.203506][ T5975] out_of_memory+0x340/0x14f0 [ 711.203533][ T5975] ? __pfx_out_of_memory+0x10/0x10 [ 711.203563][ T5975] mem_cgroup_out_of_memory+0xc6/0x130 [ 711.203584][ T5975] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 711.203604][ T5975] ? find_held_lock+0x2b/0x80 [ 711.203625][ T5975] ? do_raw_spin_unlock+0x145/0x1e0 [ 711.203642][ T5975] ? _raw_spin_unlock+0x28/0x50 [ 711.203667][ T5975] try_charge_memcg+0x6e5/0xdf0 [ 711.203687][ T5975] ? __pfx_try_charge_memcg+0x10/0x10 [ 711.203703][ T5975] ? find_held_lock+0x2b/0x80 [ 711.203720][ T5975] ? rcu_read_unlock+0x17/0x60 [ 711.203736][ T5975] ? rcu_read_unlock+0x17/0x60 [ 711.203753][ T5975] ? find_held_lock+0x2b/0x80 [ 711.203771][ T5975] ? rcu_read_unlock+0x17/0x60 [ 711.203791][ T5975] charge_memcg+0x187/0x1e0 [ 711.203808][ T5975] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 711.203831][ T5975] __swap_cache_prepare_and_add+0x842/0xa20 [ 711.203854][ T5975] ? alloc_pages_mpol+0x25a/0x540 [ 711.203873][ T5975] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 711.203895][ T5975] ? __pfx_swap_entry_swapped+0x10/0x10 [ 711.203916][ T5975] swap_cache_alloc_folio+0x1cb/0x300 [ 711.203946][ T5975] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 711.203974][ T5975] swap_cluster_readahead+0x53b/0x770 [ 711.204001][ T5975] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 711.204031][ T5975] ? do_raw_spin_unlock+0x145/0x1e0 [ 711.204053][ T5975] ? get_vma_policy+0x23d/0x3b0 [ 711.204072][ T5975] swapin_readahead+0x160/0x12c0 [ 711.204092][ T5975] ? do_raw_spin_lock+0x128/0x260 [ 711.204114][ T5975] ? __pfx_swapin_readahead+0x10/0x10 [ 711.204135][ T5975] ? find_held_lock+0x2b/0x80 [ 711.204151][ T5975] ? swap_table_get+0x103/0x2c0 [ 711.204175][ T5975] ? swap_table_get+0x10d/0x2c0 [ 711.204196][ T5975] ? swap_cache_get_folio+0x286/0x350 [ 711.204217][ T5975] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 711.204237][ T5975] ? __pfx_get_swap_device+0x10/0x10 [ 711.204256][ T5975] ? do_swap_page+0x931/0x6180 [ 711.204276][ T5975] do_swap_page+0x931/0x6180 [ 711.204305][ T5975] ? __pfx_do_swap_page+0x10/0x10 [ 711.204326][ T5975] ? __free_object+0x2a8/0x3f0 [ 711.204342][ T5975] ? lockdep_hardirqs_on+0x78/0x100 [ 711.204358][ T5975] ? rcu_is_watching+0x12/0xc0 [ 711.204375][ T5975] ? __pte_offset_map+0x179/0x310 [ 711.204394][ T5975] __handle_mm_fault+0x192f/0x2a00 [ 711.204418][ T5975] ? reacquire_held_locks+0xce/0x1e0 [ 711.204441][ T5975] ? __pfx___handle_mm_fault+0x10/0x10 [ 711.204464][ T5975] ? lock_vma_under_rcu+0x17c/0x590 [ 711.204496][ T5975] handle_mm_fault+0x36d/0xa20 [ 711.204521][ T5975] do_user_addr_fault+0x5a3/0x12f0 [ 711.204544][ T5975] exc_page_fault+0x6f/0xd0 [ 711.204559][ T5975] asm_exc_page_fault+0x26/0x30 [ 711.204573][ T5975] RIP: 0033:0x7f6d09d5d04e [ 711.204586][ T5975] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 711.204601][ T5975] RSP: 002b:00007ffd826a6208 EFLAGS: 00010246 [ 711.204613][ T5975] RAX: 0000000000000000 RBX: 000055557af95500 RCX: 00007f6d09d5d04e [ 711.204622][ T5975] RDX: 00007ffd826a6260 RSI: 0000000000000000 RDI: 0000000000000000 [ 711.204631][ T5975] RBP: 00007ffd826a62cc R08: 0000000000000000 R09: 0000000000000000 [ 711.204640][ T5975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 711.204648][ T5975] R13: 00000000000927c0 R14: 00000000000ae3fb R15: 00007ffd826a6320 [ 711.204668][ T5975] [ 711.210621][ T5975] memory: usage 3072kB, limit 3072kB, failcnt 97575 [ 711.817692][ T4198] openvswitch: netlink: IP tunnel TTL not specified. [ 712.284552][ T4216] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 712.532102][ T4230] bridge0: port 3(dummy0) entered blocking state [ 712.550317][ T4230] bridge0: port 3(dummy0) entered disabled state [ 712.574159][ T4230] dummy0: entered allmulticast mode [ 712.590316][ T4230] dummy0: entered promiscuous mode [ 712.613265][ T4230] bridge0: port 3(dummy0) entered blocking state [ 712.620994][ T4230] bridge0: port 3(dummy0) entered forwarding state [ 713.225510][ T5975] memory+swap: usage 3320kB, limit 9007199254740988kB, failcnt 0 [ 713.267373][ T5975] kmem: usage 1164kB, limit 9007199254740988kB, failcnt 0 [ 713.287680][ T5975] Memory cgroup stats for /syz1: [ 713.287783][ T5975] cache 4096 [ 713.328059][ T5975] rss 1945600 [ 713.340926][ T5975] rss_huge 0 [ 713.356684][ T5975] shmem 0 [ 713.373692][ T5975] mapped_file 0 [ 713.386713][ T5975] dirty 0 [ 713.403093][ T5975] writeback 0 [ 713.418638][ T5975] workingset_refault_anon 6181 [ 713.441307][ T5975] workingset_refault_file 24704 [ 713.463836][ T5975] swap 253952 [ 713.481811][ T5975] swapcached 360636416 [ 713.503534][ T5975] pgpgin 323909 [ 713.523843][ T5975] pgpgout 343902 [ 713.544238][ T5975] pgfault 419151 [ 713.560360][ T5975] pgmajfault 2767 [ 713.580319][ T5975] inactive_anon 0 [ 713.598586][ T5975] active_anon 0 [ 713.613018][ T5975] inactive_file 0 [ 713.629875][ T5975] active_file 0 [ 713.652299][ T5975] unevictable 1945600 [ 713.670101][ T5975] hierarchical_memory_limit 3145728 [ 713.700933][ T5975] hierarchical_memsw_limit 9223372036854771712 [ 713.732810][ T5975] total_cache 4096 [ 713.747161][ T5975] total_rss 1945600 [ 713.758576][ T5975] total_rss_huge 0 [ 713.771766][ T5975] total_shmem 0 [ 713.784844][ T5975] total_mapped_file 0 [ 713.799008][ T5975] total_dirty 0 [ 713.821596][ T5975] total_writeback 0 [ 713.839255][ T5975] total_workingset_refault_anon 6181 [ 713.867667][ T5975] total_workingset_refault_file 24704 [ 713.906393][ T5975] total_swap 253952 [ 713.940065][ T5975] total_swapcached 360636416 [ 713.961442][ T5975] total_pgpgin 323909 [ 713.981315][ T5975] total_pgpgout 343902 [ 713.989747][ T29] audit: type=1326 audit(4295033119.670:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4274 comm="syz.0.12495" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f346c59c819 code=0x0 [ 714.025934][ T5975] total_pgfault 419151 [ 714.043766][ T5975] total_pgmajfault 2767 [ 714.067090][ T5975] total_inactive_anon 0 [ 714.092238][ T5975] total_active_anon 0 [ 714.109842][ T5975] total_inactive_file 0 [ 714.129747][ T5975] total_active_file 0 [ 714.142927][ T4280] bridge0: port 3(ipvlan1) entered blocking state [ 714.152646][ T5975] total_unevictable 1945600 [ 714.167464][ T5975] anon_cost 443 [ 714.176708][ T4280] bridge0: port 3(ipvlan1) entered disabled state [ 714.188266][ T5975] file_cost 1 [ 714.200806][ T5975] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.12458,pid=4167,uid=0 [ 714.222435][ T4280] ipvlan1: entered allmulticast mode [ 714.244502][ T4280] veth0_vlan: entered allmulticast mode [ 714.270602][ T5975] Memory cgroup out of memory: Killed process 4167 (syz.1.12458) total-vm:112668kB, anon-rss:3132kB, file-rss:22544kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 714.290740][ T4280] ipvlan1: left allmulticast mode [ 714.304371][ T4280] veth0_vlan: left allmulticast mode [ 715.740667][T16044] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 715.772649][ T4337] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 715.790072][ T4336] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12507'. [ 715.836835][ T4348] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 716.479079][ T4387] netlink: 21 bytes leftover after parsing attributes in process `syz.0.12513'. [ 716.849336][ T4400] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12518'. [ 719.322794][ T29] audit: type=1807 audit(4295033125.028:44): UNKNOWN= [ 719.322988][ T29] audit: type=1802 audit(4295033125.028:45): pid=4491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.12556" res=0 errno=0 [ 719.441334][ T4489] ima: policy update failed [ 720.033711][ T29] audit: type=1802 audit(4295033125.179:46): pid=4489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.12556" res=0 errno=0 [ 720.273793][ T4540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12557'. [ 721.010892][T16044] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 721.532880][ T4606] bridge0: port 3(dummy0) entered blocking state [ 721.593418][ T4606] bridge0: port 3(dummy0) entered disabled state [ 721.622265][ T4606] dummy0: entered allmulticast mode [ 721.666317][ T4606] dummy0: entered promiscuous mode [ 721.694191][ T4606] bridge0: port 3(dummy0) entered blocking state [ 721.700673][ T4606] bridge0: port 3(dummy0) entered forwarding state [ 722.907845][ T4642] netlink: 'syz.1.12588': attribute type 2 has an invalid length. [ 724.109589][ T4683] NFSD: Failed to start, no listeners configured. [ 725.364191][ T29] audit: type=1807 audit(4295033131.089:47): UNKNOWN= [ 725.364534][ T29] audit: type=1802 audit(4295033131.109:48): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.12616" res=0 errno=0 [ 725.489165][ T4730] ima: policy update failed [ 725.547560][ T4735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12618'. [ 725.964395][ T4755] netlink: 338 bytes leftover after parsing attributes in process `syz.1.12627'. [ 726.010909][ T29] audit: type=1802 audit(4295033131.260:49): pid=4730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.12616" res=0 errno=0 [ 726.479533][ T4774] netlink: 'syz.0.12635': attribute type 2 has an invalid length. [ 727.894622][ T5979] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 727.973779][ T5979] CPU: 0 UID: 0 PID: 5979 Comm: syz-executor Tainted: G U I L syzkaller #0 PREEMPT(full) [ 727.973808][ T5979] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 727.973815][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 727.973824][ T5979] Call Trace: [ 727.973829][ T5979] [ 727.973836][ T5979] dump_stack_lvl+0x100/0x190 [ 727.973856][ T5979] dump_header+0xfb/0x606 [ 727.973874][ T5979] oom_kill_process.cold+0xd/0x330 [ 727.973892][ T5979] out_of_memory+0x340/0x14f0 [ 727.973920][ T5979] ? __pfx_out_of_memory+0x10/0x10 [ 727.973947][ T5979] mem_cgroup_out_of_memory+0xc6/0x130 [ 727.973969][ T5979] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 727.973989][ T5979] ? find_held_lock+0x2b/0x80 [ 727.974011][ T5979] ? do_raw_spin_unlock+0x145/0x1e0 [ 727.974028][ T5979] ? _raw_spin_unlock+0x28/0x50 [ 727.974057][ T5979] try_charge_memcg+0x6e5/0xdf0 [ 727.974078][ T5979] ? __pfx_try_charge_memcg+0x10/0x10 [ 727.974093][ T5979] ? find_held_lock+0x2b/0x80 [ 727.974110][ T5979] ? rcu_read_unlock+0x17/0x60 [ 727.974127][ T5979] ? rcu_read_unlock+0x17/0x60 [ 727.974143][ T5979] ? find_held_lock+0x2b/0x80 [ 727.974161][ T5979] ? rcu_read_unlock+0x17/0x60 [ 727.974182][ T5979] charge_memcg+0x187/0x1e0 [ 727.974199][ T5979] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 727.974222][ T5979] __swap_cache_prepare_and_add+0x842/0xa20 [ 727.974245][ T5979] ? alloc_pages_mpol+0x25a/0x540 [ 727.974270][ T5979] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 727.974294][ T5979] ? __pfx_swap_entry_swapped+0x10/0x10 [ 727.974316][ T5979] swap_cache_alloc_folio+0x1cb/0x300 [ 727.974339][ T5979] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 727.974360][ T5979] ? lockdep_hardirqs_on+0x78/0x100 [ 727.974375][ T5979] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 727.974399][ T5979] swap_cluster_readahead+0x411/0x770 [ 727.974425][ T5979] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 727.974456][ T5979] ? do_raw_spin_unlock+0x145/0x1e0 [ 727.974474][ T5979] ? get_vma_policy+0x23d/0x3b0 [ 727.974494][ T5979] swapin_readahead+0x160/0x12c0 [ 727.974514][ T5979] ? do_raw_spin_lock+0x128/0x260 [ 727.974536][ T5979] ? __pfx_swapin_readahead+0x10/0x10 [ 727.974557][ T5979] ? find_held_lock+0x2b/0x80 [ 727.974574][ T5979] ? swap_table_get+0x103/0x2c0 [ 727.974598][ T5979] ? swap_table_get+0x10d/0x2c0 [ 727.974618][ T5979] ? swap_cache_get_folio+0x286/0x350 [ 727.974639][ T5979] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 727.974659][ T5979] ? __pfx_get_swap_device+0x10/0x10 [ 727.974679][ T5979] ? do_swap_page+0x931/0x6180 [ 727.974698][ T5979] do_swap_page+0x931/0x6180 [ 727.974728][ T5979] ? __pfx_do_swap_page+0x10/0x10 [ 727.974749][ T5979] ? __free_object+0x2a8/0x3f0 [ 727.974765][ T5979] ? lockdep_hardirqs_on+0x78/0x100 [ 727.974781][ T5979] ? rcu_is_watching+0x12/0xc0 [ 727.974798][ T5979] ? __pte_offset_map+0x179/0x310 [ 727.974816][ T5979] __handle_mm_fault+0x192f/0x2a00 [ 727.974841][ T5979] ? reacquire_held_locks+0xce/0x1e0 [ 727.974864][ T5979] ? __pfx___handle_mm_fault+0x10/0x10 [ 727.974888][ T5979] ? lock_vma_under_rcu+0x17c/0x590 [ 727.974921][ T5979] handle_mm_fault+0x36d/0xa20 [ 727.974945][ T5979] do_user_addr_fault+0x5a3/0x12f0 [ 727.974968][ T5979] exc_page_fault+0x6f/0xd0 [ 727.974983][ T5979] asm_exc_page_fault+0x26/0x30 [ 727.974998][ T5979] RIP: 0033:0x7fa9c3d5d04e [ 727.975011][ T5979] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 727.975025][ T5979] RSP: 002b:00007ffd7d607878 EFLAGS: 00010246 [ 727.975038][ T5979] RAX: 0000000000000000 RBX: 000055558a3aa500 RCX: 00007fa9c3d5d04e [ 727.975048][ T5979] RDX: 00007ffd7d6078d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 727.975057][ T5979] RBP: 00007ffd7d60793c R08: 0000000000000000 R09: 0000000000000000 [ 727.975065][ T5979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 727.975074][ T5979] R13: 00000000000927c0 R14: 00000000000b2518 R15: 00007ffd7d607990 [ 727.975093][ T5979] [ 728.367421][ T5979] memory: usage 3072kB, limit 3072kB, failcnt 95468 [ 728.374065][ T5979] memory+swap: usage 7476kB, limit 9007199254740988kB, failcnt 0 [ 728.381764][ T5979] kmem: usage 3072kB, limit 9007199254740988kB, failcnt 0 [ 728.388879][ T5979] Memory cgroup stats for /syz2: [ 728.388975][ T5979] cache 0 [ 728.397258][ T5979] rss 4096 [ 728.400269][ T5979] rss_huge 0 [ 728.403444][ T5979] shmem 0 [ 728.406401][ T5979] mapped_file 0 [ 728.409835][ T5979] dirty 0 [ 728.412748][ T5979] writeback 4096 [ 728.416328][ T5979] workingset_refault_anon 6077 [ 728.421068][ T5979] workingset_refault_file 25510 [ 728.425913][ T5979] swap 4501504 [ 728.429391][ T5979] swapcached 354422784 [ 728.433438][ T5979] pgpgin 279439 [ 728.436917][ T5979] pgpgout 285479 [ 728.440454][ T5979] pgfault 436948 [ 728.444055][ T5979] pgmajfault 3078 [ 728.447725][ T5979] inactive_anon 4096 [ 728.451597][ T5979] active_anon 4096 [ 728.455337][ T5979] inactive_file 0 [ 728.458963][ T5979] active_file 0 [ 728.462398][ T5979] unevictable 0 [ 728.466946][ T5979] hierarchical_memory_limit 3145728 [ 728.472133][ T5979] hierarchical_memsw_limit 9223372036854771712 [ 728.478450][ T5979] total_cache 0 [ 728.481940][ T5979] total_rss 4096 [ 728.485488][ T5979] total_rss_huge 0 [ 728.489183][ T5979] total_shmem 0 [ 728.493018][ T5979] total_mapped_file 0 [ 728.497050][ T5979] total_dirty 0 [ 728.500486][ T5979] total_writeback 4096 [ 728.504560][ T5979] total_workingset_refault_anon 6077 [ 728.509821][ T5979] total_workingset_refault_file 25510 [ 728.515200][ T5979] total_swap 4501504 [ 728.519070][ T5979] total_swapcached 354422784 [ 728.523667][ T5979] total_pgpgin 279439 [ 728.527626][ T5979] total_pgpgout 285479 [ 728.531666][ T5979] total_pgfault 436948 [ 728.535735][ T5979] total_pgmajfault 3078 [ 728.539882][ T5979] total_inactive_anon 4096 [ 728.544308][ T5979] total_active_anon 4096 [ 728.548539][ T5979] total_inactive_file 0 [ 728.552669][ T5979] total_active_file 0 [ 728.556666][ T5979] total_unevictable 0 [ 728.560716][ T5979] anon_cost 243 [ 728.564289][ T5979] file_cost 0 [ 728.568642][ T5979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.9607,pid=28740,uid=0 [ 728.586650][ T5979] Memory cgroup out of memory: Killed process 28740 (syz.2.9607) total-vm:104276kB, anon-rss:1240kB, file-rss:20804kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 728.614098][ T4788] syz.2.12639 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 728.625147][ T4788] CPU: 0 UID: 0 PID: 4788 Comm: syz.2.12639 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 728.625174][ T4788] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 728.625181][ T4788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 728.625196][ T4788] Call Trace: [ 728.625203][ T4788] [ 728.625209][ T4788] dump_stack_lvl+0x100/0x190 [ 728.625229][ T4788] dump_header+0xfb/0x606 [ 728.625246][ T4788] oom_kill_process.cold+0xd/0x330 [ 728.625264][ T4788] out_of_memory+0x340/0x14f0 [ 728.625291][ T4788] ? __pfx_out_of_memory+0x10/0x10 [ 728.625317][ T4788] mem_cgroup_out_of_memory+0xc6/0x130 [ 728.625340][ T4788] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 728.625360][ T4788] ? find_held_lock+0x2b/0x80 [ 728.625382][ T4788] ? do_raw_spin_unlock+0x145/0x1e0 [ 728.625399][ T4788] ? _raw_spin_unlock+0x28/0x50 [ 728.625424][ T4788] try_charge_memcg+0x6e5/0xdf0 [ 728.625444][ T4788] ? __pfx_try_charge_memcg+0x10/0x10 [ 728.625459][ T4788] ? find_held_lock+0x2b/0x80 [ 728.625477][ T4788] ? rcu_read_unlock+0x17/0x60 [ 728.625493][ T4788] ? rcu_read_unlock+0x17/0x60 [ 728.625510][ T4788] ? find_held_lock+0x2b/0x80 [ 728.625528][ T4788] ? rcu_read_unlock+0x17/0x60 [ 728.625548][ T4788] charge_memcg+0x187/0x1e0 [ 728.625565][ T4788] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 728.625588][ T4788] __swap_cache_prepare_and_add+0x842/0xa20 [ 728.625611][ T4788] ? alloc_pages_mpol+0x25a/0x540 [ 728.625632][ T4788] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 728.625652][ T4788] ? __pfx_swap_entry_swapped+0x10/0x10 [ 728.625674][ T4788] swap_cache_alloc_folio+0x1cb/0x300 [ 728.625696][ T4788] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 728.625718][ T4788] ? kernel_text_address+0x8d/0x100 [ 728.625734][ T4788] ? __kernel_text_address+0xd/0x30 [ 728.625747][ T4788] ? unwind_get_return_address+0x59/0xa0 [ 728.625769][ T4788] swap_cluster_readahead+0x411/0x770 [ 728.625795][ T4788] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 728.625820][ T4788] ? css_rstat_updated+0x1ce/0x5a0 [ 728.625850][ T4788] ? get_vma_policy+0x23d/0x3b0 [ 728.625869][ T4788] swapin_readahead+0x160/0x12c0 [ 728.625896][ T4788] ? __pfx_swapin_readahead+0x10/0x10 [ 728.625918][ T4788] ? find_held_lock+0x2b/0x80 [ 728.625935][ T4788] ? swap_table_get+0x103/0x2c0 [ 728.625959][ T4788] ? swap_table_get+0x10d/0x2c0 [ 728.625979][ T4788] ? swap_cache_get_folio+0x286/0x350 [ 728.626000][ T4788] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 728.626020][ T4788] ? __pfx_get_swap_device+0x10/0x10 [ 728.626039][ T4788] ? do_swap_page+0x931/0x6180 [ 728.626059][ T4788] do_swap_page+0x931/0x6180 [ 728.626081][ T4788] ? __lock_acquire+0x4a5/0x2630 [ 728.626103][ T4788] ? do_raw_spin_unlock+0x145/0x1e0 [ 728.626123][ T4788] ? __pfx_do_swap_page+0x10/0x10 [ 728.626145][ T4788] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 728.626162][ T4788] ? rcu_is_watching+0x12/0xc0 [ 728.626179][ T4788] ? __pte_offset_map+0x179/0x310 [ 728.626202][ T4788] __handle_mm_fault+0x192f/0x2a00 [ 728.626226][ T4788] ? reacquire_held_locks+0xce/0x1e0 [ 728.626249][ T4788] ? __pfx___handle_mm_fault+0x10/0x10 [ 728.626273][ T4788] ? lock_vma_under_rcu+0x17c/0x590 [ 728.626305][ T4788] handle_mm_fault+0x36d/0xa20 [ 728.626329][ T4788] do_user_addr_fault+0x5a3/0x12f0 [ 728.626352][ T4788] exc_page_fault+0x6f/0xd0 [ 728.626367][ T4788] asm_exc_page_fault+0x26/0x30 [ 728.626382][ T4788] RIP: 0033:0x7fa9c3c6cd39 [ 728.626395][ T4788] Code: f0 0f 83 c0 00 00 00 48 89 75 00 49 89 4c 24 f8 48 8b 4d 08 48 8b 55 00 eb 91 0f 1f 80 00 00 00 00 4c 89 ea 4c 89 e6 48 89 df 02 ff ff ff 48 89 d8 48 29 e8 48 3d 80 00 00 00 0f 8e 7d 00 00 [ 728.626409][ T4788] RSP: 002b:00007ffd7d607550 EFLAGS: 00010212 [ 728.626422][ T4788] RAX: 00007fa9c3aba0c8 RBX: 00007fa9c3aba0d0 RCX: ffffffff826d0620 [ 728.626432][ T4788] RDX: 0000000000000015 RSI: 00007fa9c3ababd0 RDI: 00007fa9c3aba0d0 [ 728.626441][ T4788] RBP: 00007fa9c3ab9058 R08: 00007fa9c4000000 R09: 00007fa9c4016038 [ 728.626450][ T4788] R10: 0000000000000001 R11: 0000000000000003 R12: 00007fa9c3ababd0 [ 728.626458][ T4788] R13: 0000000000000015 R14: 000000000000036f R15: 0000000000000001 [ 728.626472][ T4788] ? swap_dup_entries_cluster+0x280/0xc10 [ 728.626492][ T4788] [ 728.626497][ T4788] memory: usage 3072kB, limit 3072kB, failcnt 95468 [ 729.071958][ T4788] memory+swap: usage 7368kB, limit 9007199254740988kB, failcnt 0 [ 729.080399][ T4788] kmem: usage 3016kB, limit 9007199254740988kB, failcnt 0 [ 729.088280][ T4788] Memory cgroup stats for /syz2: [ 729.088486][ T4788] cache 0 [ 729.096398][ T4788] rss 4096 [ 729.099461][ T4788] rss_huge 0 [ 729.102681][ T4788] shmem 0 [ 729.106008][ T4788] mapped_file 0 [ 729.109451][ T4788] dirty 0 [ 729.114005][ T4788] writeback 0 [ 729.118542][ T4788] workingset_refault_anon 6080 [ 729.125271][ T4788] workingset_refault_file 25510 [ 729.130403][ T4788] swap 4399104 [ 729.133853][ T4788] swapcached 354435072 [ 729.137961][ T4788] pgpgin 279442 [ 729.141459][ T4788] pgpgout 285481 [ 729.144996][ T4788] pgfault 436952 [ 729.148653][ T4788] pgmajfault 3079 [ 729.152927][ T4788] inactive_anon 12288 [ 729.156976][ T4788] active_anon 0 [ 729.160750][ T4788] inactive_file 0 [ 729.165394][ T4788] active_file 0 [ 729.169361][ T4788] unevictable 0 [ 729.173446][ T4788] hierarchical_memory_limit 3145728 [ 729.180286][ T4788] hierarchical_memsw_limit 9223372036854771712 [ 729.186504][ T4788] total_cache 0 [ 729.190204][ T4788] total_rss 4096 [ 729.193746][ T4788] total_rss_huge 0 [ 729.200627][ T4788] total_shmem 0 [ 729.209823][ T4788] total_mapped_file 0 [ 729.219907][ T4788] total_dirty 0 [ 729.223813][ T4788] total_writeback 0 [ 729.239590][ T4788] total_workingset_refault_anon 6080 [ 729.244885][ T4788] total_workingset_refault_file 25510 [ 729.259574][ T4788] total_swap 4399104 [ 729.263482][ T4788] total_swapcached 354435072 [ 729.268049][ T4788] total_pgpgin 279442 [ 729.282031][ T4788] total_pgpgout 285481 [ 729.290895][ T4788] total_pgfault 436952 [ 729.299360][ T4788] total_pgmajfault 3079 [ 729.308218][ T4788] total_inactive_anon 12288 [ 729.319136][ T4788] total_active_anon 0 [ 729.329308][ T4788] total_inactive_file 0 [ 729.333477][ T4788] total_active_file 0 [ 729.337457][ T4788] total_unevictable 0 [ 729.350490][ T4788] anon_cost 243 [ 729.359037][ T4788] file_cost 0 [ 729.363836][ T4788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.12639,pid=4788,uid=0 [ 729.402992][ T4788] Memory cgroup out of memory: Killed process 4788 (syz.2.12639) total-vm:108508kB, anon-rss:1236kB, file-rss:22812kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:0 [ 729.548931][ T4846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12659'. [ 730.223747][T16044] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 731.665286][ T4946] netlink: 'syz.2.12672': attribute type 1 has an invalid length. [ 731.969246][ T29] audit: type=1800 audit(4295033137.744:50): pid=4953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.12674" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 734.088326][ T5027] FAULT_INJECTION: forcing a failure. [ 734.088326][ T5027] name failslab, interval 1, probability 0, space 0, times 0 [ 734.160010][ T5027] CPU: 0 UID: 0 PID: 5027 Comm: syz.0.12703 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 734.160066][ T5027] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 734.160081][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 734.160092][ T5027] Call Trace: [ 734.160098][ T5027] [ 734.160104][ T5027] dump_stack_lvl+0x100/0x190 [ 734.160124][ T5027] should_fail_ex.cold+0x5/0xa [ 734.160144][ T5027] should_failslab+0xc2/0x120 [ 734.160162][ T5027] __kmalloc_cache_noprof+0x7a/0x6f0 [ 734.160182][ T5027] ? do_getname+0x238/0x390 [ 734.160202][ T5027] ? strncpy_from_user+0x19d/0x2d0 [ 734.160224][ T5027] do_getname+0x238/0x390 [ 734.160246][ T5027] __x64_sys_symlink+0x57/0xb0 [ 734.160265][ T5027] do_syscall_64+0x10b/0xf80 [ 734.160280][ T5027] ? clear_bhb_loop+0x40/0x90 [ 734.160298][ T5027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.160313][ T5027] RIP: 0033:0x7f346c59c819 [ 734.160326][ T5027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 734.160340][ T5027] RSP: 002b:00007f346d4cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 734.160354][ T5027] RAX: ffffffffffffffda RBX: 00007f346c815fa0 RCX: 00007f346c59c819 [ 734.160364][ T5027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 734.160373][ T5027] RBP: 00007f346c632c91 R08: 0000000000000000 R09: 0000000000000000 [ 734.160382][ T5027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 734.160390][ T5027] R13: 00007f346c816038 R14: 00007f346c815fa0 R15: 00007ffe73122c68 [ 734.160409][ T5027] [ 735.143665][ T5050] ptrace attach of "./syz-executor exec"[27563] was attempted by "JMePm-y#K?5Ќ\x0dZSpenW.UtL$Aj긓ہq՘`oizjiv΂CĘfF,t\x22~Wmt`}^Zh\x22gSڛ[ؾ$_\x07F)TLyk\x1br>U58uNEhZ:\x1bw'ffOWǠֹ-ZoJP5;ńDZz[}r69x{'_PKyFYve$;5\x07(`>Kӽ*L\x0bDaTKeL@Sm v@B>_ \x5c\x0c {<{a\x09f8-\x0a꠷Bp^FyrR>ăE]к6c γAԏȠψtQ2.\x1b- 8-Y^\x0a\x0be\x0d%'Q3\x07J1{.@E•>,P况AAbKy'r1͂48]\x09PW`uPYN/&4 㒩]\x07;;^Y(\x09w;Is\x0aLzd?ȡNr,1z{76,޻!r,Xn&ܢ\x0b\x0dJ>̽%.ՊQ<({UI<ϲ\x0d܈ER=9kVϣ[p [ 737.790947][ T5152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12750'. [ 739.145459][ T5217] netlink: 346 bytes leftover after parsing attributes in process `syz.3.12772'. [ 740.717768][ T5263] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 740.724230][ T5263] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 740.790082][ T5266] netlink: 206 bytes leftover after parsing attributes in process `syz.1.12793'. [ 741.888940][ T5306] block nbd1: Unsupported socket: should be TCP or UNIX. [ 743.510461][ T5351] IPVS: length: 7562853 != 24 [ 743.821347][ T5364] sctp: [Deprecated]: syz.0.12830 (pid 5364) Use of int in maxseg socket option. [ 743.821347][ T5364] Use struct sctp_assoc_value instead [ 744.046341][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 744.053513][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 744.623704][ T5404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12846'. [ 744.637745][ T5405] bridge0: port 3(veth0_to_bridge) entered blocking state [ 744.665659][ T5405] bridge0: port 3(veth0_to_bridge) entered disabled state [ 744.684102][ T5405] veth0_to_bridge: entered allmulticast mode [ 744.700239][ T5405] veth0_to_bridge: entered promiscuous mode [ 744.711276][ T5405] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 744.768341][ T5405] bridge0: port 3(veth0_to_bridge) entered blocking state [ 744.775589][ T5405] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 745.341889][ T5434] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12859'. [ 746.240809][ T5478] FAULT_INJECTION: forcing a failure. [ 746.240809][ T5478] name failslab, interval 1, probability 0, space 0, times 0 [ 746.308888][ T5478] CPU: 0 UID: 0 PID: 5478 Comm: syz.1.12877 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 746.308919][ T5478] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 746.308926][ T5478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 746.308935][ T5478] Call Trace: [ 746.308941][ T5478] [ 746.308947][ T5478] dump_stack_lvl+0x100/0x190 [ 746.308967][ T5478] should_fail_ex.cold+0x5/0xa [ 746.308988][ T5478] should_failslab+0xc2/0x120 [ 746.309004][ T5478] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 746.309026][ T5478] ? mpol_new+0x11b/0x2d0 [ 746.309042][ T5478] mpol_new+0x11b/0x2d0 [ 746.309057][ T5478] do_set_mempolicy+0x85/0x3d0 [ 746.309074][ T5478] ? __pfx_do_set_mempolicy+0x10/0x10 [ 746.309093][ T5478] ? __x64_sys_futex+0x34f/0x4d0 [ 746.309111][ T5478] kernel_set_mempolicy+0x198/0x1e0 [ 746.309128][ T5478] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 746.309146][ T5478] ? rcu_is_watching+0x12/0xc0 [ 746.309165][ T5478] do_syscall_64+0x10b/0xf80 [ 746.309180][ T5478] ? clear_bhb_loop+0x40/0x90 [ 746.309198][ T5478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.309213][ T5478] RIP: 0033:0x7f6d09d9c819 [ 746.309226][ T5478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 746.309241][ T5478] RSP: 002b:00007f6d0ac4d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ee [ 746.309257][ T5478] RAX: ffffffffffffffda RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 746.309266][ T5478] RDX: 0000000000000009 RSI: 0000200000000000 RDI: 0000000000000006 [ 746.309275][ T5478] RBP: 00007f6d09e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 746.309284][ T5478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 746.309292][ T5478] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 746.309311][ T5478] [ 748.732028][ T5574] FAULT_INJECTION: forcing a failure. [ 748.732028][ T5574] name failslab, interval 1, probability 0, space 0, times 0 [ 748.794427][ T5574] CPU: 0 UID: 0 PID: 5574 Comm: syz.3.12914 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 748.794458][ T5574] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 748.794464][ T5574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 748.794474][ T5574] Call Trace: [ 748.794480][ T5574] [ 748.794485][ T5574] dump_stack_lvl+0x100/0x190 [ 748.794506][ T5574] should_fail_ex.cold+0x5/0xa [ 748.794527][ T5574] should_failslab+0xc2/0x120 [ 748.794547][ T5574] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 748.794569][ T5574] ? prepare_creds+0x2c/0x950 [ 748.794588][ T5574] prepare_creds+0x2c/0x950 [ 748.794604][ T5574] __sys_setuid+0x9c/0x440 [ 748.794621][ T5574] do_syscall_64+0x10b/0xf80 [ 748.794636][ T5574] ? clear_bhb_loop+0x40/0x90 [ 748.794654][ T5574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.794669][ T5574] RIP: 0033:0x7fbd29f9c819 [ 748.794681][ T5574] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 748.794696][ T5574] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 748.794711][ T5574] RAX: ffffffffffffffda RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 748.794720][ T5574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 748.794729][ T5574] RBP: 00007fbd2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 748.794737][ T5574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.794746][ T5574] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 748.794765][ T5574] [ 750.420099][ T5624] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ekl*[GCHFx^ĒPktkyve' [ 750.462723][ T5625] sctp: [Deprecated]: syz.1.12933 (pid 5625) Use of struct sctp_assoc_value in delayed_ack socket option. [ 750.462723][ T5625] Use struct sctp_sack_info instead [ 750.968299][ T5649] FAULT_INJECTION: forcing a failure. [ 750.968299][ T5649] name failslab, interval 1, probability 0, space 0, times 0 [ 751.031924][ T5649] CPU: 0 UID: 0 PID: 5649 Comm: syz.1.12942 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 751.031954][ T5649] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 751.031961][ T5649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 751.031976][ T5649] Call Trace: [ 751.031982][ T5649] [ 751.031988][ T5649] dump_stack_lvl+0x100/0x190 [ 751.032009][ T5649] should_fail_ex.cold+0x5/0xa [ 751.032029][ T5649] ? sk_prot_alloc+0x10b/0x2a0 [ 751.032049][ T5649] should_failslab+0xc2/0x120 [ 751.032065][ T5649] __kmalloc_noprof+0xe0/0x850 [ 751.032092][ T5649] sk_prot_alloc+0x10b/0x2a0 [ 751.032113][ T5649] sk_alloc+0x36/0xe80 [ 751.032131][ T5649] pfkey_create+0x105/0x600 [ 751.032149][ T5649] __sock_create+0x339/0x860 [ 751.032174][ T5649] __sys_socket+0x14d/0x260 [ 751.032188][ T5649] ? __pfx___sys_socket+0x10/0x10 [ 751.032208][ T5649] __x64_sys_socket+0x72/0xb0 [ 751.032221][ T5649] ? lockdep_hardirqs_on+0x78/0x100 [ 751.032236][ T5649] do_syscall_64+0x10b/0xf80 [ 751.032250][ T5649] ? clear_bhb_loop+0x40/0x90 [ 751.032268][ T5649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.032283][ T5649] RIP: 0033:0x7f6d09d9c819 [ 751.032297][ T5649] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.032311][ T5649] RSP: 002b:00007f6d0ac4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 751.032326][ T5649] RAX: ffffffffffffffda RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 751.032336][ T5649] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 751.032344][ T5649] RBP: 00007f6d09e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 751.032353][ T5649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.032361][ T5649] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 751.032381][ T5649] [ 752.637242][ T5715] Invalid ELF header magic: != ELF [ 752.735248][ T5706] zswap: compressor not available [ 753.542843][ T5749] FAULT_INJECTION: forcing a failure. [ 753.542843][ T5749] name failslab, interval 1, probability 0, space 0, times 0 [ 753.668600][ T5749] CPU: 0 UID: 0 PID: 5749 Comm: syz.3.12979 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 753.668631][ T5749] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 753.668637][ T5749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 753.668647][ T5749] Call Trace: [ 753.668652][ T5749] [ 753.668659][ T5749] dump_stack_lvl+0x100/0x190 [ 753.668679][ T5749] should_fail_ex.cold+0x5/0xa [ 753.668702][ T5749] should_failslab+0xc2/0x120 [ 753.668725][ T5749] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 753.668748][ T5749] ? __d_alloc+0x34/0xa80 [ 753.668770][ T5749] __d_alloc+0x34/0xa80 [ 753.668791][ T5749] d_alloc_pseudo+0x1c/0xc0 [ 753.668813][ T5749] alloc_file_pseudo+0xcf/0x230 [ 753.668834][ T5749] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 753.668854][ T5749] ? alloc_fd+0x476/0x790 [ 753.668873][ T5749] sock_alloc_file+0x50/0x210 [ 753.668893][ T5749] __sys_socket+0x1c0/0x260 [ 753.668907][ T5749] ? __pfx___sys_socket+0x10/0x10 [ 753.668919][ T5749] ? ksys_write+0x1ac/0x250 [ 753.668939][ T5749] __x64_sys_socket+0x72/0xb0 [ 753.668952][ T5749] ? lockdep_hardirqs_on+0x78/0x100 [ 753.668968][ T5749] do_syscall_64+0x10b/0xf80 [ 753.668982][ T5749] ? clear_bhb_loop+0x40/0x90 [ 753.669000][ T5749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.669016][ T5749] RIP: 0033:0x7fbd29f9c819 [ 753.669028][ T5749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.669043][ T5749] RSP: 002b:00007fbd2ad99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 753.669058][ T5749] RAX: ffffffffffffffda RBX: 00007fbd2a215fa0 RCX: 00007fbd29f9c819 [ 753.669068][ T5749] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d [ 753.669076][ T5749] RBP: 00007fbd2a032c91 R08: 0000000000000000 R09: 0000000000000000 [ 753.669085][ T5749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 753.669094][ T5749] R13: 00007fbd2a216038 R14: 00007fbd2a215fa0 R15: 00007ffc869a9ab8 [ 753.669112][ T5749] [ 754.032264][ T5760] overlayfs: missing 'lowerdir' [ 754.315173][ T5770] sctp: [Deprecated]: syz.0.12988 (pid 5770) Use of int in maxseg socket option. [ 754.315173][ T5770] Use struct sctp_assoc_value instead [ 756.844060][ T5847] syz.1.13018 (5847) used obsolete PPPIOCDETACH ioctl [ 760.964816][ T5950] netlink: 29 bytes leftover after parsing attributes in process `syz.1.13058'. [ 761.201296][ T5955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13060'. [ 763.081363][ T6018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13073'. [ 764.523689][ T5999] kexec: Could not allocate control_code_buffer [ 766.906455][ T6116] FAULT_INJECTION: forcing a failure. [ 766.906455][ T6116] name failslab, interval 1, probability 0, space 0, times 0 [ 767.079801][ T6116] CPU: 0 UID: 0 PID: 6116 Comm: syz.1.13104 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 767.079831][ T6116] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 767.079838][ T6116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 767.079847][ T6116] Call Trace: [ 767.079852][ T6116] [ 767.079858][ T6116] dump_stack_lvl+0x100/0x190 [ 767.079879][ T6116] should_fail_ex.cold+0x5/0xa [ 767.079899][ T6116] should_failslab+0xc2/0x120 [ 767.079918][ T6116] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 767.079940][ T6116] ? mas_preallocate+0x1105/0x14a0 [ 767.079963][ T6116] mas_preallocate+0x1105/0x14a0 [ 767.079984][ T6116] ? __pfx_mas_preallocate+0x10/0x10 [ 767.080006][ T6116] ? vm_area_alloc+0x1f/0x160 [ 767.080028][ T6116] ? lockdep_init_map_type+0x5c/0x250 [ 767.080054][ T6116] __mmap_region+0x124a/0x2da0 [ 767.080078][ T6116] ? __pfx___mmap_region+0x10/0x10 [ 767.080100][ T6116] ? __lock_acquire+0x4a5/0x2630 [ 767.080123][ T6116] ? rcu_is_watching+0x12/0xc0 [ 767.080139][ T6116] ? trace_pelt_se_tp+0x13b/0x190 [ 767.080170][ T6116] ? __lock_acquire+0x4a5/0x2630 [ 767.080191][ T6116] ? do_raw_spin_unlock+0x145/0x1e0 [ 767.080224][ T6116] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 767.080255][ T6116] ? find_held_lock+0x2b/0x80 [ 767.080274][ T6116] ? rcu_is_watching+0x12/0xc0 [ 767.080299][ T6116] ? rcu_is_watching+0x12/0xc0 [ 767.080316][ T6116] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 767.080341][ T6116] ? lockdep_hardirqs_on+0x78/0x100 [ 767.080387][ T6116] mmap_region+0x35d/0x620 [ 767.080410][ T6116] ? rcu_is_watching+0x12/0xc0 [ 767.080427][ T6116] ? __pfx_mmap_region+0x10/0x10 [ 767.080451][ T6116] ? cap_mmap_addr+0x4b/0x120 [ 767.080468][ T6116] ? bpf_lsm_mmap_addr+0x9/0x30 [ 767.080481][ T6116] ? security_mmap_addr+0x71/0x1e0 [ 767.080502][ T6116] ? __get_unmapped_area+0x255/0x3e0 [ 767.080522][ T6116] do_mmap+0xc63/0x12f0 [ 767.080543][ T6116] ? __pfx_do_mmap+0x10/0x10 [ 767.080560][ T6116] ? __pfx_down_write_killable+0x10/0x10 [ 767.080582][ T6116] vm_mmap_pgoff+0x29e/0x470 [ 767.080603][ T6116] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 767.080621][ T6116] ? do_futex+0x192/0x350 [ 767.080637][ T6116] ? __pfx_do_futex+0x10/0x10 [ 767.080656][ T6116] ksys_mmap_pgoff+0xe4/0x610 [ 767.080673][ T6116] ? __x64_sys_futex+0x358/0x4d0 [ 767.080688][ T6116] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 767.080704][ T6116] ? xfd_validate_state+0x129/0x190 [ 767.080723][ T6116] __x64_sys_mmap+0x125/0x190 [ 767.080740][ T6116] do_syscall_64+0x10b/0xf80 [ 767.080754][ T6116] ? clear_bhb_loop+0x40/0x90 [ 767.080773][ T6116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 767.080789][ T6116] RIP: 0033:0x7f6d09d9c819 [ 767.080802][ T6116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 767.080817][ T6116] RSP: 002b:00007f6d0ac4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 767.080835][ T6116] RAX: ffffffffffffffda RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 767.080845][ T6116] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 767.080854][ T6116] RBP: 00007f6d09e32c91 R08: fffffffffffffffa R09: 0000000000008000 [ 767.080864][ T6116] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 767.080873][ T6116] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 767.080892][ T6116] [ 770.410749][ T5940] syz.1.13053 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 770.463234][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: syz.1.13053 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 770.463266][ T5940] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 770.463272][ T5940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 770.463281][ T5940] Call Trace: [ 770.463286][ T5940] [ 770.463292][ T5940] dump_stack_lvl+0x100/0x190 [ 770.463312][ T5940] dump_header+0xfb/0x606 [ 770.463330][ T5940] oom_kill_process.cold+0xd/0x330 [ 770.463348][ T5940] out_of_memory+0x340/0x14f0 [ 770.463377][ T5940] ? __pfx_out_of_memory+0x10/0x10 [ 770.463404][ T5940] mem_cgroup_out_of_memory+0xc6/0x130 [ 770.463426][ T5940] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 770.463446][ T5940] ? find_held_lock+0x2b/0x80 [ 770.463469][ T5940] ? do_raw_spin_unlock+0x145/0x1e0 [ 770.463486][ T5940] ? _raw_spin_unlock+0x28/0x50 [ 770.463514][ T5940] try_charge_memcg+0x6e5/0xdf0 [ 770.463534][ T5940] ? __pfx_try_charge_memcg+0x10/0x10 [ 770.463550][ T5940] ? find_held_lock+0x2b/0x80 [ 770.463566][ T5940] ? rcu_read_unlock+0x17/0x60 [ 770.463583][ T5940] ? rcu_read_unlock+0x17/0x60 [ 770.463600][ T5940] ? find_held_lock+0x2b/0x80 [ 770.463618][ T5940] ? rcu_read_unlock+0x17/0x60 [ 770.463638][ T5940] charge_memcg+0x187/0x1e0 [ 770.463656][ T5940] __mem_cgroup_charge+0x2b/0x1c0 [ 770.463676][ T5940] shmem_alloc_and_add_folio+0x451/0xd40 [ 770.463705][ T5940] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 770.463730][ T5940] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 770.463757][ T5940] shmem_get_folio_gfp+0x6ab/0x1900 [ 770.463784][ T5940] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 770.463812][ T5940] shmem_write_begin+0x1a4/0x420 [ 770.463838][ T5940] ? __pfx_shmem_write_begin+0x10/0x10 [ 770.463862][ T5940] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 770.463880][ T5940] ? lockdep_hardirqs_on+0x78/0x100 [ 770.463897][ T5940] generic_perform_write+0x292/0xa40 [ 770.463924][ T5940] ? __pfx_generic_perform_write+0x10/0x10 [ 770.463948][ T5940] ? file_update_time_flags+0x373/0x500 [ 770.463970][ T5940] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 770.463992][ T5940] shmem_file_write_iter+0x10e/0x140 [ 770.464011][ T5940] __kernel_write_iter+0x2ac/0x920 [ 770.464028][ T5940] ? __pfx___kernel_write_iter+0x10/0x10 [ 770.464047][ T5940] ? __up_read+0x2c1/0x6e0 [ 770.464064][ T5940] ? dump_user_range+0x65e/0xad0 [ 770.464089][ T5940] dump_user_range+0x3f9/0xad0 [ 770.464112][ T5940] ? __pfx_dump_user_range+0x10/0x10 [ 770.464138][ T5940] ? __pfx_writenote+0x10/0x10 [ 770.464166][ T5940] elf_core_dump+0x2d5f/0x3d10 [ 770.464199][ T5940] ? __pfx_elf_core_dump+0x10/0x10 [ 770.464219][ T5940] ? kasan_save_stack+0x3f/0x50 [ 770.464232][ T5940] ? kasan_save_stack+0x30/0x50 [ 770.464244][ T5940] ? __kasan_kmalloc+0xaa/0xb0 [ 770.464266][ T5940] ? __kvmalloc_node_noprof+0x360/0xa00 [ 770.464288][ T5940] ? vfs_coredump+0x22db/0x5770 [ 770.464308][ T5940] ? asm_exc_page_fault+0x26/0x30 [ 770.464325][ T5940] ? 0xffffffffff600000 [ 770.464369][ T5940] ? vfs_coredump+0x29a0/0x5770 [ 770.464387][ T5940] vfs_coredump+0x29a0/0x5770 [ 770.464414][ T5940] ? __pfx_vfs_coredump+0x10/0x10 [ 770.464434][ T5940] ? __lock_acquire+0x4a5/0x2630 [ 770.464464][ T5940] ? lock_acquire+0x1b1/0x370 [ 770.464494][ T5940] ? is_bpf_text_address+0x8a/0x1a0 [ 770.464513][ T5940] ? bpf_ksym_find+0x124/0x1c0 [ 770.464532][ T5940] ? __kernel_text_address+0xd/0x30 [ 770.464547][ T5940] ? unwind_get_return_address+0x59/0xa0 [ 770.464566][ T5940] ? arch_stack_walk+0xa6/0xf0 [ 770.464590][ T5940] ? __sigqueue_free+0xbe/0x2a0 [ 770.464611][ T5940] ? stack_trace_save+0x8e/0xc0 [ 770.464630][ T5940] ? __pfx_stack_trace_save+0x10/0x10 [ 770.464650][ T5940] ? stack_depot_save_flags+0x27/0x9d0 [ 770.464673][ T5940] ? __lock_acquire+0x4a5/0x2630 [ 770.464726][ T5940] ? proc_coredump_connector+0x2d3/0x4f0 [ 770.464748][ T5940] ? __pfx_proc_coredump_connector+0x10/0x10 [ 770.464769][ T5940] ? rcu_is_watching+0x12/0xc0 [ 770.464790][ T5940] get_signal+0x1f2a/0x21e0 [ 770.464815][ T5940] ? __pfx_get_signal+0x10/0x10 [ 770.464832][ T5940] ? bad_area_access_error+0xab/0x1d0 [ 770.464849][ T5940] ? fixup_vdso_exception+0x2d1/0x370 [ 770.464874][ T5940] arch_do_signal_or_restart+0x91/0x770 [ 770.464896][ T5940] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 770.464925][ T5940] ? rcu_is_watching+0x12/0xc0 [ 770.464944][ T5940] irqentry_exit+0x403/0x790 [ 770.464961][ T5940] asm_exc_page_fault+0x26/0x30 [ 770.464975][ T5940] RIP: 0033:0x0 [ 770.464990][ T5940] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 770.464997][ T5940] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 770.465009][ T5940] RAX: 0000000000000000 RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 770.465018][ T5940] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 770.465027][ T5940] RBP: 00007f6d09e32c91 R08: 0000000000000002 R09: 0000000000000000 [ 770.465035][ T5940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.465044][ T5940] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 770.465063][ T5940] [ 771.641954][ T5940] memory: usage 3072kB, limit 3072kB, failcnt 124108 [ 771.675045][ T5940] memory+swap: usage 55056kB, limit 9007199254740988kB, failcnt 0 [ 771.697012][ T5940] kmem: usage 1644kB, limit 9007199254740988kB, failcnt 0 [ 771.714294][ T5940] Memory cgroup stats for /syz1: [ 771.714623][ T5940] cache 1388544 [ 771.740660][ T5940] rss 73728 [ 771.754358][ T5940] rss_huge 0 [ 771.765716][ T5940] shmem 1388544 [ 771.773629][ T5940] mapped_file 0 [ 771.781769][ T5940] dirty 0 [ 771.788071][ T5940] writeback 0 [ 771.795957][ T5940] workingset_refault_anon 7411 [ 771.805997][ T5940] workingset_refault_file 24841 [ 771.824700][ T5940] swap 53231616 [ 771.838976][ T5940] swapcached 479428608 [ 771.853534][ T5940] pgpgin 370899 [ 771.864289][ T5940] pgpgout 391520 [ 771.873641][ T5940] pgfault 465320 [ 771.882971][ T5940] pgmajfault 3426 [ 771.891049][ T5940] inactive_anon 1372160 [ 771.900698][ T5940] active_anon 77824 [ 771.911650][ T5940] inactive_file 0 [ 771.921366][ T5940] active_file 0 [ 771.929411][ T5940] unevictable 0 [ 771.936188][ T5940] hierarchical_memory_limit 3145728 [ 771.947995][ T5940] hierarchical_memsw_limit 9223372036854771712 [ 771.960383][ T5940] total_cache 1388544 [ 771.968847][ T5940] total_rss 73728 [ 771.972586][ T5940] total_rss_huge 0 [ 771.976412][ T5940] total_shmem 1388544 [ 771.982211][ T5940] total_mapped_file 0 [ 771.988491][ T5940] total_dirty 0 [ 771.992101][ T5940] total_writeback 0 [ 771.995930][ T5940] total_workingset_refault_anon 7411 [ 772.010934][ T5940] total_workingset_refault_file 24841 [ 772.034560][ T5940] total_swap 53231616 [ 772.060016][ T5940] total_swapcached 479428608 [ 772.080286][ T5940] total_pgpgin 370899 [ 772.088512][ T5940] total_pgpgout 391520 [ 772.095682][ T5940] total_pgfault 465320 [ 772.100820][ T5940] total_pgmajfault 3426 [ 772.105088][ T5940] total_inactive_anon 1372160 [ 772.110305][ T5940] total_active_anon 77824 [ 772.114671][ T5940] total_inactive_file 0 [ 772.119528][ T5940] total_active_file 0 [ 772.123619][ T5940] total_unevictable 0 [ 772.127895][ T5940] anon_cost 758 [ 772.131453][ T5940] file_cost 0 [ 772.134817][ T5940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.13053,pid=5940,uid=0 [ 772.166882][ T5940] Memory cgroup out of memory: Killed process 5940 (syz.1.13053) total-vm:135128kB, anon-rss:1232kB, file-rss:41824kB, shmem-rss:0kB, UID:0 pgtables:244kB oom_score_adj:1000 [ 772.231572][ T6146] syz.2.13113 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 772.252588][ T6146] CPU: 0 UID: 0 PID: 6146 Comm: syz.2.13113 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 772.252617][ T6146] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 772.252624][ T6146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 772.252634][ T6146] Call Trace: [ 772.252639][ T6146] [ 772.252645][ T6146] dump_stack_lvl+0x100/0x190 [ 772.252665][ T6146] dump_header+0xfb/0x606 [ 772.252683][ T6146] oom_kill_process.cold+0xd/0x330 [ 772.252701][ T6146] out_of_memory+0x340/0x14f0 [ 772.252728][ T6146] ? __pfx_out_of_memory+0x10/0x10 [ 772.252755][ T6146] mem_cgroup_out_of_memory+0xc6/0x130 [ 772.252777][ T6146] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 772.252797][ T6146] ? find_held_lock+0x2b/0x80 [ 772.252826][ T6146] ? do_raw_spin_unlock+0x145/0x1e0 [ 772.252843][ T6146] ? _raw_spin_unlock+0x28/0x50 [ 772.252871][ T6146] try_charge_memcg+0x6e5/0xdf0 [ 772.252892][ T6146] ? __pfx_try_charge_memcg+0x10/0x10 [ 772.252908][ T6146] ? find_held_lock+0x2b/0x80 [ 772.252925][ T6146] ? rcu_read_unlock+0x17/0x60 [ 772.252942][ T6146] ? rcu_read_unlock+0x17/0x60 [ 772.252958][ T6146] ? find_held_lock+0x2b/0x80 [ 772.252977][ T6146] ? rcu_read_unlock+0x17/0x60 [ 772.252998][ T6146] charge_memcg+0x187/0x1e0 [ 772.253015][ T6146] __mem_cgroup_charge+0x2b/0x1c0 [ 772.253035][ T6146] shmem_alloc_and_add_folio+0x451/0xd40 [ 772.253064][ T6146] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 772.253088][ T6146] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 772.253116][ T6146] shmem_get_folio_gfp+0x6ab/0x1900 [ 772.253143][ T6146] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 772.253166][ T6146] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 772.253182][ T6146] ? lockdep_hardirqs_on+0x78/0x100 [ 772.253201][ T6146] shmem_fault+0x1f9/0xa20 [ 772.253222][ T6146] ? __lock_acquire+0x4a5/0x2630 [ 772.253246][ T6146] ? __pfx_shmem_fault+0x10/0x10 [ 772.253268][ T6146] ? __up_read+0x2c1/0x6e0 [ 772.253292][ T6146] ? __pfx_filemap_map_pages+0x10/0x10 [ 772.253313][ T6146] __do_fault+0x10b/0x440 [ 772.253326][ T6146] ? find_held_lock+0x2b/0x80 [ 772.253345][ T6146] do_fault+0x2db/0x1750 [ 772.253365][ T6146] __handle_mm_fault+0x187d/0x2a00 [ 772.253388][ T6146] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 772.253407][ T6146] ? __pfx___handle_mm_fault+0x10/0x10 [ 772.253429][ T6146] ? pte_offset_map_lock+0x174/0x320 [ 772.253446][ T6146] ? find_held_lock+0x2b/0x80 [ 772.253470][ T6146] ? follow_page_pte+0x4d0/0x13f0 [ 772.253491][ T6146] handle_mm_fault+0x36d/0xa20 [ 772.253515][ T6146] __get_user_pages+0x1178/0x32a0 [ 772.253538][ T6146] ? down_read_killable+0x307/0x4b0 [ 772.253557][ T6146] ? __pfx___get_user_pages+0x10/0x10 [ 772.253580][ T6146] faultin_page_range+0x1f1/0x9e0 [ 772.253602][ T6146] madvise_do_behavior+0x354/0x510 [ 772.253624][ T6146] ? __pfx_madvise_do_behavior+0x10/0x10 [ 772.253654][ T6146] do_madvise+0x195/0x240 [ 772.253672][ T6146] ? __pfx_do_madvise+0x10/0x10 [ 772.253690][ T6146] ? do_futex+0x192/0x350 [ 772.253723][ T6146] __x64_sys_madvise+0xa9/0x110 [ 772.253742][ T6146] ? lockdep_hardirqs_on+0x78/0x100 [ 772.253757][ T6146] do_syscall_64+0x10b/0xf80 [ 772.253771][ T6146] ? clear_bhb_loop+0x40/0x90 [ 772.253789][ T6146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.253804][ T6146] RIP: 0033:0x7fa9c3d9c819 [ 772.253822][ T6146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 772.253837][ T6146] RSP: 002b:00007fa9c4bbc028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 772.253852][ T6146] RAX: ffffffffffffffda RBX: 00007fa9c4015fa0 RCX: 00007fa9c3d9c819 [ 772.253862][ T6146] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 772.253871][ T6146] RBP: 00007fa9c3e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 772.253880][ T6146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.253888][ T6146] R13: 00007fa9c4016038 R14: 00007fa9c4015fa0 R15: 00007ffd7d607598 [ 772.253908][ T6146] [ 772.742312][ T6146] memory: usage 2824kB, limit 3072kB, failcnt 128856 [ 772.749147][ T6146] memory+swap: usage 76056kB, limit 9007199254740988kB, failcnt 0 [ 772.757011][ T6146] kmem: usage 2112kB, limit 9007199254740988kB, failcnt 0 [ 772.765391][ T6146] Memory cgroup stats for /syz2: [ 772.765571][ T6146] cache 520192 [ 772.773977][ T6146] rss 77824 [ 772.777120][ T6146] rss_huge 0 [ 772.780951][ T6146] shmem 520192 [ 772.784782][ T6146] mapped_file 409600 [ 772.788709][ T6146] dirty 0 [ 772.791676][ T6146] writeback 24576 [ 772.795368][ T6146] workingset_refault_anon 6999 [ 772.800161][ T6146] workingset_refault_file 41584 [ 772.805067][ T6146] swap 75001856 [ 772.808664][ T6146] swapcached 466968576 [ 772.812765][ T6146] pgpgin 328782 [ 772.816291][ T6146] pgpgout 335370 [ 772.819866][ T6146] pgfault 461757 [ 772.823463][ T6146] pgmajfault 3729 [ 772.827133][ T6146] inactive_anon 274432 [ 772.831380][ T6146] active_anon 348160 [ 772.835467][ T6146] inactive_file 0 [ 772.839131][ T6146] active_file 0 [ 772.842615][ T6146] unevictable 0 [ 772.846117][ T6146] hierarchical_memory_limit 3145728 [ 772.851378][ T6146] hierarchical_memsw_limit 9223372036854771712 [ 772.857650][ T6146] total_cache 520192 [ 772.861587][ T6146] total_rss 77824 [ 772.865281][ T6146] total_rss_huge 0 [ 772.869041][ T6146] total_shmem 520192 [ 772.872997][ T6146] total_mapped_file 409600 [ 772.877451][ T6146] total_dirty 0 [ 772.881539][ T6146] total_writeback 24576 [ 772.886154][ T6146] total_workingset_refault_anon 6999 [ 772.891482][ T6146] total_workingset_refault_file 41584 [ 772.896942][ T6146] total_swap 75001856 [ 772.900977][ T6146] total_swapcached 466968576 [ 772.905628][ T6146] total_pgpgin 328782 [ 772.909756][ T6146] total_pgpgout 335370 [ 772.913921][ T6146] total_pgfault 461757 [ 772.918016][ T6146] total_pgmajfault 3729 [ 772.922193][ T6146] total_inactive_anon 274432 [ 772.926836][ T6146] total_active_anon 348160 [ 772.931279][ T6146] total_inactive_file 0 [ 772.935666][ T6146] total_active_file 0 [ 772.939832][ T6146] total_unevictable 0 [ 772.943861][ T6146] anon_cost 836 [ 772.947366][ T6146] file_cost 0 [ 772.950673][ T6146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.12908,pid=5543,uid=0 [ 772.969365][ T6146] Memory cgroup out of memory: Killed process 5543 (syz.2.12908) total-vm:104276kB, anon-rss:1276kB, file-rss:49656kB, shmem-rss:0kB, UID:0 pgtables:208kB oom_score_adj:0 [ 773.542734][ T6203] syz.2.13141 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 773.585763][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz.2.13141 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 773.585798][ T6203] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 773.585805][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 773.585814][ T6203] Call Trace: [ 773.585819][ T6203] [ 773.585825][ T6203] dump_stack_lvl+0x100/0x190 [ 773.585845][ T6203] dump_header+0xfb/0x606 [ 773.585862][ T6203] oom_kill_process.cold+0xd/0x330 [ 773.585880][ T6203] out_of_memory+0x340/0x14f0 [ 773.585907][ T6203] ? __pfx_out_of_memory+0x10/0x10 [ 773.585934][ T6203] mem_cgroup_out_of_memory+0xc6/0x130 [ 773.585956][ T6203] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 773.585976][ T6203] ? find_held_lock+0x2b/0x80 [ 773.586001][ T6203] ? do_raw_spin_unlock+0x145/0x1e0 [ 773.586018][ T6203] ? _raw_spin_unlock+0x28/0x50 [ 773.586042][ T6203] try_charge_memcg+0x6e5/0xdf0 [ 773.586062][ T6203] ? __pfx_try_charge_memcg+0x10/0x10 [ 773.586077][ T6203] ? find_held_lock+0x2b/0x80 [ 773.586094][ T6203] ? rcu_read_unlock+0x17/0x60 [ 773.586111][ T6203] ? rcu_read_unlock+0x17/0x60 [ 773.586127][ T6203] ? find_held_lock+0x2b/0x80 [ 773.586145][ T6203] ? rcu_read_unlock+0x17/0x60 [ 773.586166][ T6203] charge_memcg+0x187/0x1e0 [ 773.586183][ T6203] __mem_cgroup_charge+0x2b/0x1c0 [ 773.586203][ T6203] do_wp_page+0xda4/0x4350 [ 773.586227][ T6203] ? __pfx_do_wp_page+0x10/0x10 [ 773.586246][ T6203] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 773.586268][ T6203] __handle_mm_fault+0x1ab6/0x2a00 [ 773.586293][ T6203] ? reacquire_held_locks+0xce/0x1e0 [ 773.586315][ T6203] ? __pfx___handle_mm_fault+0x10/0x10 [ 773.586339][ T6203] ? lock_vma_under_rcu+0x17c/0x590 [ 773.586371][ T6203] handle_mm_fault+0x36d/0xa20 [ 773.586395][ T6203] do_user_addr_fault+0x5a3/0x12f0 [ 773.586418][ T6203] exc_page_fault+0x6f/0xd0 [ 773.586433][ T6203] asm_exc_page_fault+0x26/0x30 [ 773.586451][ T6203] RIP: 0033:0x7fa9c3c507fc [ 773.586465][ T6203] Code: 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 41 38 3c 10 74 0b 41 88 3c 10 31 c0 <49> 89 34 d1 c3 b8 01 00 00 00 c3 66 0f 1f 84 00 00 00 00 00 48 83 [ 773.586479][ T6203] RSP: 002b:00007ffd7d6075d8 EFLAGS: 00010246 [ 773.586491][ T6203] RAX: 0000000000000000 RBX: ffffffff84a87177 RCX: 0000000000000000 [ 773.586500][ T6203] RDX: 0000000000001177 RSI: ffffffff84a87177 RDI: 0000000000000001 [ 773.586509][ T6203] RBP: 0000000000000010 R08: 00007fa9c4000000 R09: 00007fa9c4002000 [ 773.586518][ T6203] R10: 0000000084a8717b R11: 0000000000000001 R12: 00007fa9c4016128 [ 773.586527][ T6203] R13: 0000000000000010 R14: ffffffff84a87eb0 R15: 00007fa9c4b45720 [ 773.586536][ T6203] ? cap_capable+0x20/0x440 [ 773.586554][ T6203] ? __traceiter_cap_capable+0xa7/0xe0 [ 773.586573][ T6203] ? __traceiter_cap_capable+0xa7/0xe0 [ 773.586592][ T6203] [ 773.586606][ T6203] memory: usage 3072kB, limit 3072kB, failcnt 129502 [ 774.371774][T16044] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 774.617582][ T6203] memory+swap: usage 6148kB, limit 9007199254740988kB, failcnt 0 [ 774.636818][ T6203] kmem: usage 1636kB, limit 9007199254740988kB, failcnt 0 [ 774.653012][ T6203] Memory cgroup stats for /syz2: [ 774.653114][ T6203] cache 0 [ 774.712295][ T6203] rss 1409024 [ 774.727221][ T6203] rss_huge 0 [ 774.738476][ T6203] shmem 0 [ 774.747769][ T6203] mapped_file 0 [ 774.760932][ T6203] dirty 0 [ 774.773977][ T6203] writeback 0 [ 774.786031][ T6203] workingset_refault_anon 7048 [ 774.801079][ T6203] workingset_refault_file 41584 [ 774.826268][ T6203] swap 3145728 [ 774.843942][ T6203] swapcached 470056960 [ 774.864068][ T6203] pgpgin 329877 [ 774.877281][ T6203] pgpgout 336225 [ 774.884580][ T6278] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13158'. [ 774.896972][ T6203] pgfault 462876 [ 774.903859][ T6203] pgmajfault 3761 [ 774.908332][ T6203] inactive_anon 0 [ 774.939960][ T6203] active_anon 4096 [ 774.954524][ T6203] inactive_file 0 [ 774.966339][ T6203] active_file 0 [ 774.983119][ T6203] unevictable 1404928 [ 775.004487][ T6203] hierarchical_memory_limit 3145728 [ 775.029757][ T6203] hierarchical_memsw_limit 9223372036854771712 [ 775.056038][ T6203] total_cache 0 [ 775.069230][ T6203] total_rss 1409024 [ 775.093607][ T6203] total_rss_huge 0 [ 775.123423][ T6203] total_shmem 0 [ 775.146846][ T6203] total_mapped_file 0 [ 775.162527][ T6203] total_dirty 0 [ 775.179558][ T6203] total_writeback 0 [ 775.196969][ T6203] total_workingset_refault_anon 7048 [ 775.221901][ T6203] total_workingset_refault_file 41584 [ 775.254798][ T6203] total_swap 3145728 [ 775.291583][ T6203] total_swapcached 470056960 [ 775.305742][ T6203] total_pgpgin 329877 [ 775.331392][ T6203] total_pgpgout 336225 [ 775.348963][ T6203] total_pgfault 462876 [ 775.369459][ T6203] total_pgmajfault 3761 [ 775.379236][ T6297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13166'. [ 775.395750][ T6203] total_inactive_anon 0 [ 775.411041][ T6203] total_active_anon 4096 [ 775.433834][ T6203] total_inactive_file 0 [ 775.466582][ T6203] total_active_file 0 [ 775.486623][ T6203] total_unevictable 1404928 [ 775.505844][ T6203] anon_cost 268 [ 775.520965][ T6203] file_cost 0 [ 775.536700][ T6203] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.13141,pid=6203,uid=0 [ 775.637410][ T6203] Memory cgroup out of memory: Killed process 6203 (syz.2.13141) total-vm:108508kB, anon-rss:2640kB, file-rss:21788kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:0 [ 775.926495][T20988] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 776.000423][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13174'. [ 776.030591][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13174'. [ 776.315375][ T29] audit: type=1804 audit(4295033182.314:51): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.13175" name="/newroot/3139/file0" dev="tmpfs" ino=15791 res=1 errno=0 [ 777.454481][ T6321] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 777.797391][ T6379] netlink: 350 bytes leftover after parsing attributes in process `syz.3.13198'. [ 778.929934][ T6422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13216'. [ 779.015810][ T6426] netlink: 334 bytes leftover after parsing attributes in process `syz.0.13217'. [ 779.043972][ T6428] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 779.390065][ T6442] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13223'. [ 779.647719][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13228'. [ 779.696888][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13228'. [ 782.009948][ T6527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13253'. [ 782.111754][ T6527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13253'. [ 783.544071][ T29] audit: type=1804 audit(4295051533.586:52): pid=6597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.13281" name="/newroot/3405/file0" dev="tmpfs" ino=17126 res=1 errno=0 [ 784.738916][ T29] audit: type=1804 audit(4295051534.783:53): pid=6646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.13300" name="/newroot/1111/file0" dev="tmpfs" ino=5623 res=1 errno=0 [ 785.331199][ T6669] bridge0: port 4(syz_tun) entered blocking state [ 785.373984][ T6669] bridge0: port 4(syz_tun) entered disabled state [ 785.404171][ T6669] syz_tun: entered allmulticast mode [ 785.434935][ T6669] syz_tun: entered promiscuous mode [ 785.913023][ T29] audit: type=1804 audit(4295051535.969:54): pid=6691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.13318" name="file0" dev="tmpfs" ino=16208 res=1 errno=0 [ 786.299293][ T6703] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13324'. [ 786.917545][ T6713] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13329'. [ 787.091660][ T6718] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input35 [ 788.102416][ T29] audit: type=1804 audit(4295051538.170:55): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.13344" name="file0" dev="tmpfs" ino=16255 res=1 errno=0 [ 788.893075][ T6781] openvswitch: netlink: IPv4 tunnel dst address is zero [ 789.525748][ T6804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13364'. [ 790.453401][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13378'. [ 790.631514][ T6852] netlink: 350 bytes leftover after parsing attributes in process `syz.2.13383'. [ 790.658773][ T29] audit: type=1800 audit(4295051540.733:56): pid=6854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.13384" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 791.076655][ T6866] FAULT_INJECTION: forcing a failure. [ 791.076655][ T6866] name failslab, interval 1, probability 0, space 0, times 0 [ 791.118321][ T6870] __vm_enough_memory: pid: 6870, comm: syz.0.13391, bytes: 4398046511104 not enough memory for the allocation [ 791.201632][ T6866] CPU: 0 UID: 0 PID: 6866 Comm: syz.1.13387 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 791.201663][ T6866] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 791.201670][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 791.201679][ T6866] Call Trace: [ 791.201684][ T6866] [ 791.201690][ T6866] dump_stack_lvl+0x100/0x190 [ 791.201710][ T6866] should_fail_ex.cold+0x5/0xa [ 791.201731][ T6866] should_failslab+0xc2/0x120 [ 791.201748][ T6866] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 791.201771][ T6866] ? sk_prot_alloc+0x60/0x2a0 [ 791.201795][ T6866] sk_prot_alloc+0x60/0x2a0 [ 791.201817][ T6866] sk_alloc+0x36/0xe80 [ 791.201834][ T6866] kcm_create+0xfc/0x6a0 [ 791.201851][ T6866] __sock_create+0x339/0x860 [ 791.201877][ T6866] __sys_socket+0x14d/0x260 [ 791.201891][ T6866] ? __pfx___sys_socket+0x10/0x10 [ 791.201904][ T6866] ? ksys_write+0x1ac/0x250 [ 791.201925][ T6866] __x64_sys_socket+0x72/0xb0 [ 791.201938][ T6866] ? lockdep_hardirqs_on+0x78/0x100 [ 791.201953][ T6866] do_syscall_64+0x10b/0xf80 [ 791.201967][ T6866] ? clear_bhb_loop+0x40/0x90 [ 791.201985][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.202005][ T6866] RIP: 0033:0x7f6d09d9c819 [ 791.202018][ T6866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 791.202033][ T6866] RSP: 002b:00007f6d0ac4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 791.202048][ T6866] RAX: ffffffffffffffda RBX: 00007f6d0a015fa0 RCX: 00007f6d09d9c819 [ 791.202057][ T6866] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 791.202066][ T6866] RBP: 00007f6d09e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 791.202074][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.202083][ T6866] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 791.202102][ T6866] [ 791.820494][ T6875] FAULT_INJECTION: forcing a failure. [ 791.820494][ T6875] name fail_futex, interval 1, probability 0, space 0, times 1 [ 791.904712][ T6875] CPU: 0 UID: 0 PID: 6875 Comm: syz.3.13394 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 791.904743][ T6875] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 791.904750][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 791.904759][ T6875] Call Trace: [ 791.904765][ T6875] [ 791.904771][ T6875] dump_stack_lvl+0x100/0x190 [ 791.904792][ T6875] should_fail_ex.cold+0x5/0xa [ 791.904812][ T6875] get_futex_key+0x1d2/0x1510 [ 791.904838][ T6875] ? __pfx_get_futex_key+0x10/0x10 [ 791.904872][ T6875] futex_wake+0xea/0x530 [ 791.904891][ T6875] ? __do_sys_mremap+0x97f/0x1850 [ 791.904913][ T6875] ? __pfx_futex_wake+0x10/0x10 [ 791.904935][ T6875] ? __pfx___do_sys_mremap+0x10/0x10 [ 791.904959][ T6875] do_futex+0x32b/0x350 [ 791.904974][ T6875] ? __pfx_do_futex+0x10/0x10 [ 791.904994][ T6875] __x64_sys_futex+0x34f/0x4d0 [ 791.905012][ T6875] ? __pfx___x64_sys_futex+0x10/0x10 [ 791.905030][ T6875] ? rcu_is_watching+0x12/0xc0 [ 791.905049][ T6875] do_syscall_64+0x10b/0xf80 [ 791.905064][ T6875] ? clear_bhb_loop+0x40/0x90 [ 791.905082][ T6875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.905098][ T6875] RIP: 0033:0x7fbd29f9c819 [ 791.905111][ T6875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 791.905126][ T6875] RSP: 002b:00007fbd2ad990e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 791.905140][ T6875] RAX: ffffffffffffffda RBX: 00007fbd2a215fa8 RCX: 00007fbd29f9c819 [ 791.905150][ T6875] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbd2a215fac [ 791.905159][ T6875] RBP: 00007fbd2a215fa0 R08: 0000000000000001 R09: 0000000000000000 [ 791.905168][ T6875] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.905177][ T6875] R13: 00007fbd2a216038 R14: 00007ffc869a99d0 R15: 00007ffc869a9ab8 [ 791.905196][ T6875] [ 792.995553][ T6896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13399'. [ 793.304704][ T6909] bridge0: port 5(batadv0) entered blocking state [ 793.327874][ T6909] bridge0: port 5(batadv0) entered disabled state [ 793.350662][ T6909] batadv0: entered allmulticast mode [ 793.375076][ T6909] batadv0: entered promiscuous mode [ 793.392221][ T6909] bridge0: port 5(batadv0) entered blocking state [ 793.398794][ T6909] bridge0: port 5(batadv0) entered forwarding state [ 793.845266][T16020] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 793.854971][T16020] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 806.081210][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 807.007661][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 866.398379][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 929.696999][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 929.704049][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5971/1:b..l P7066/1:b..l P5504/1:b..l P5505/1:b..l P7072/1:b..l P5210/1:b..l P16021/1:b..l [ 929.719434][ C0] rcu: (detected by 0, t=10502 jiffies, g=291089, q=845 ncpus=1) [ 929.727234][ C0] task:kworker/u10:3 state:R running task stack:22280 pid:16021 tgid:16021 ppid:2 task_flags:0x24248160 flags:0x00080000 [ 929.742078][ C0] Workqueue: writeback wb_workfn (flush-8:0) [ 929.748067][ C0] Call Trace: [ 929.751329][ C0] [ 929.754249][ C0] __schedule+0x10e9/0x6820 [ 929.758743][ C0] ? __queue_work+0x436/0x1130 [ 929.763510][ C0] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 929.769581][ C0] ? __pfx___schedule+0x10/0x10 [ 929.774419][ C0] ? mod_delayed_work_on+0x1a4/0x1c0 [ 929.779687][ C0] ? mod_delayed_work_on+0x149/0x1c0 [ 929.784969][ C0] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 929.791023][ C0] preempt_schedule_notrace+0x5f/0xd0 [ 929.796386][ C0] preempt_schedule_notrace_thunk+0x16/0x30 [ 929.802274][ C0] rcu_is_watching+0x8e/0xc0 [ 929.806847][ C0] lock_acquire+0x2f9/0x370 [ 929.811336][ C0] ? blk_mq_hw_queue_need_run+0x203/0x4a0 [ 929.817053][ C0] blk_mq_dispatch_list+0x56c/0x1360 [ 929.822324][ C0] ? blk_mq_dispatch_list+0x55b/0x1360 [ 929.827774][ C0] ? __pfx_blk_mq_dispatch_list+0x10/0x10 [ 929.833482][ C0] ? __lock_acquire+0x4a5/0x2630 [ 929.838411][ C0] blk_mq_flush_plug_list+0x130/0x600 [ 929.843798][ C0] ? __lock_acquire+0x4a5/0x2630 [ 929.848734][ C0] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 929.854621][ C0] __blk_flush_plug+0x2c4/0x4b0 [ 929.859459][ C0] ? prepare_to_wait_exclusive+0x9d/0x2c0 [ 929.865166][ C0] ? __pfx___blk_flush_plug+0x10/0x10 [ 929.870524][ C0] ? wbt_inflight_cb+0x21f/0x3c0 [ 929.875471][ C0] ? __pfx_wbt_inflight_cb+0x10/0x10 [ 929.880741][ C0] ? rq_qos_wait+0x21c/0x330 [ 929.885312][ C0] io_schedule+0x85/0xf0 [ 929.889545][ C0] rq_qos_wait+0x22d/0x330 [ 929.893943][ C0] ? __pfx_rq_qos_wait+0x10/0x10 [ 929.898861][ C0] ? __pfx_rq_qos_wake_function+0x10/0x10 [ 929.904583][ C0] ? __pfx_wbt_inflight_cb+0x10/0x10 [ 929.909854][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 929.915735][ C0] wbt_wait+0x18a/0x310 [ 929.919874][ C0] ? __pfx_wbt_wait+0x10/0x10 [ 929.924550][ C0] ? bio_crypt_rq_ctx_compatible+0xd1/0x110 [ 929.930426][ C0] ? blk_attempt_bio_merge.part.0+0x155/0x4e0 [ 929.936482][ C0] ? __pfx_dd_bio_merge+0x10/0x10 [ 929.941488][ C0] ? __pfx_wbt_wait+0x10/0x10 [ 929.946149][ C0] __rq_qos_throttle+0x56/0xa0 [ 929.950901][ C0] blk_mq_submit_bio+0xb67/0x2dd0 [ 929.955915][ C0] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 929.961378][ C0] __submit_bio+0x1e1/0x6c0 [ 929.965974][ C0] ? __pfx___submit_bio+0x10/0x10 [ 929.970998][ C0] ? submit_bio_noacct_nocheck+0x543/0xbf0 [ 929.976792][ C0] submit_bio_noacct_nocheck+0x543/0xbf0 [ 929.982418][ C0] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 929.988559][ C0] ? __pfx___might_resched+0x10/0x10 [ 929.993832][ C0] submit_bio_noacct+0xd18/0x2000 [ 929.998850][ C0] ext4_io_submit+0xf7/0x1a0 [ 930.003444][ C0] ext4_bio_write_folio+0x76a/0x1eb0 [ 930.008723][ C0] mpage_process_page_bufs+0x473/0x8d0 [ 930.014174][ C0] mpage_prepare_extent_to_map+0xb50/0x1920 [ 930.020085][ C0] ? __pfx_mpage_prepare_extent_to_map+0x10/0x10 [ 930.026439][ C0] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 930.032057][ C0] ? ext4_init_io_end+0x24/0x170 [ 930.037071][ C0] ext4_do_writepages+0x9fe/0x3f20 [ 930.042176][ C0] ? __pfx_ext4_do_writepages+0x10/0x10 [ 930.047720][ C0] ? ext4_writepages+0x347/0x790 [ 930.052637][ C0] ext4_writepages+0x347/0x790 [ 930.057382][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 930.062655][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 930.067921][ C0] do_writepages+0x278/0x600 [ 930.072497][ C0] ? __pfx_do_writepages+0x10/0x10 [ 930.077612][ C0] __writeback_single_inode+0x164/0x1350 [ 930.083240][ C0] ? find_held_lock+0x2b/0x80 [ 930.087905][ C0] ? __pfx___writeback_single_inode+0x10/0x10 [ 930.093970][ C0] ? do_raw_spin_unlock+0x145/0x1e0 [ 930.099160][ C0] writeback_sb_inodes+0x766/0x1c60 [ 930.104347][ C0] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 930.110004][ C0] ? _raw_spin_unlock+0x28/0x50 [ 930.114843][ C0] ? move_expired_inodes+0x5ea/0x8f0 [ 930.120137][ C0] __writeback_inodes_wb+0xf8/0x2d0 [ 930.125322][ C0] ? __pfx___writeback_inodes_wb+0x10/0x10 [ 930.131109][ C0] ? queue_io+0x287/0x540 [ 930.135428][ C0] wb_writeback+0x720/0xb90 [ 930.139932][ C0] ? __pfx_wb_writeback+0x10/0x10 [ 930.144963][ C0] wb_workfn+0x756/0xc00 [ 930.149190][ C0] ? try_to_wake_up+0x15f/0x1900 [ 930.154112][ C0] ? __pfx_wb_workfn+0x10/0x10 [ 930.158880][ C0] ? rcu_is_watching+0x12/0xc0 [ 930.163632][ C0] process_one_work+0xa0e/0x1980 [ 930.168559][ C0] ? __pfx_process_one_work+0x10/0x10 [ 930.173914][ C0] ? __pfx_wb_workfn+0x10/0x10 [ 930.178662][ C0] worker_thread+0x5ef/0xe50 [ 930.183250][ C0] ? __pfx_worker_thread+0x10/0x10 [ 930.188359][ C0] ? kthread+0x13a/0x450 [ 930.192588][ C0] ? __pfx_worker_thread+0x10/0x10 [ 930.197677][ C0] kthread+0x370/0x450 [ 930.201731][ C0] ? __pfx_kthread+0x10/0x10 [ 930.206311][ C0] ret_from_fork+0x72b/0xd50 [ 930.210886][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 930.215981][ C0] ? __switch_to+0x800/0x1100 [ 930.220647][ C0] ? __switch_to_asm+0x39/0x70 [ 930.225398][ C0] ? __pfx_kthread+0x10/0x10 [ 930.229978][ C0] ret_from_fork_asm+0x1a/0x30 [ 930.234740][ C0] [ 930.237741][ C0] task:udevd state:R running task stack:24248 pid:5210 tgid:5210 ppid:1 task_flags:0x400140 flags:0x00080000 [ 930.251204][ C0] Call Trace: [ 930.254469][ C0] [ 930.257382][ C0] __schedule+0x10e9/0x6820 [ 930.261921][ C0] ? __pfx___schedule+0x10/0x10 [ 930.266761][ C0] ? mark_held_locks+0x40/0x70 [ 930.271520][ C0] preempt_schedule_irq+0x50/0x90 [ 930.276525][ C0] irqentry_exit+0x1fe/0x790 [ 930.281098][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 930.287080][ C0] RIP: 0010:unwind_next_frame+0x149a/0x2090 [ 930.292960][ C0] Code: 34 10 48 8d 41 01 48 89 c7 48 c1 ef 03 0f b6 14 17 48 89 cf 83 e7 07 40 38 fe 40 0f 9e c7 40 84 f6 40 0f 95 c6 40 84 f7 75 17 <83> e0 07 38 c2 40 0f 9e c6 84 d2 0f 95 c0 40 84 c6 0f 84 57 fe ff [ 930.312553][ C0] RSP: 0018:ffffc900030d75a0 EFLAGS: 00000246 [ 930.318620][ C0] RAX: ffffffff918a5197 RBX: 0000000000000001 RCX: ffffffff918a5196 [ 930.326587][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 930.334538][ C0] RBP: ffffc900030d7658 R08: ffffffff918a519a R09: 0000000000000007 [ 930.342490][ C0] R10: 0000000000000200 R11: 0000000000017557 R12: ffffc900030d7660 [ 930.350440][ C0] R13: ffffc900030d7610 R14: 0000000000000003 R15: ffffc900030d7968 [ 930.358402][ C0] ? __kasan_kmalloc+0x8a/0xb0 [ 930.363158][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 930.369314][ C0] arch_stack_walk+0x94/0xf0 [ 930.373894][ C0] ? __kasan_kmalloc+0x8a/0xb0 [ 930.378650][ C0] stack_trace_save+0x8e/0xc0 [ 930.383330][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 930.388688][ C0] ? __lock_acquire+0x4a5/0x2630 [ 930.393613][ C0] ? __lock_acquire+0x4a5/0x2630 [ 930.398536][ C0] save_stack+0x162/0x1e0 [ 930.402849][ C0] ? __pfx_save_stack+0x10/0x10 [ 930.407678][ C0] ? __free_frozen_pages+0x747/0x1040 [ 930.413034][ C0] ? qlist_free_all+0x47/0xf0 [ 930.417700][ C0] ? kasan_quarantine_reduce+0x1a0/0x1f0 [ 930.423320][ C0] ? __kasan_kmalloc+0x8a/0xb0 [ 930.428100][ C0] ? page_ext_put+0x3e/0xd0 [ 930.432587][ C0] __reset_page_owner+0x84/0x190 [ 930.437508][ C0] __free_frozen_pages+0x747/0x1040 [ 930.442707][ C0] ? tomoyo_realpath_from_path+0xb6/0x690 [ 930.448429][ C0] qlist_free_all+0x47/0xf0 [ 930.452936][ C0] kasan_quarantine_reduce+0x1a0/0x1f0 [ 930.458398][ C0] __kasan_kmalloc+0x8a/0xb0 [ 930.462981][ C0] __kmalloc_noprof+0x301/0x850 [ 930.467825][ C0] tomoyo_realpath_from_path+0xb6/0x690 [ 930.473372][ C0] tomoyo_path_perm+0x276/0x460 [ 930.478210][ C0] ? tomoyo_path_perm+0x262/0x460 [ 930.483221][ C0] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 930.488607][ C0] ? find_held_lock+0x2b/0x80 [ 930.493271][ C0] ? __might_fault+0xc5/0x140 [ 930.497938][ C0] ? __might_fault+0xc5/0x140 [ 930.502609][ C0] security_inode_getattr+0x116/0x280 [ 930.507968][ C0] vfs_statx+0x11f/0x3f0 [ 930.512199][ C0] ? __pfx_vfs_statx+0x10/0x10 [ 930.516964][ C0] ? do_getname+0x191/0x390 [ 930.521458][ C0] vfs_fstatat+0x77/0xe0 [ 930.525688][ C0] __do_sys_newfstatat+0x9d/0x120 [ 930.530705][ C0] ? __pfx___do_sys_newfstatat+0x10/0x10 [ 930.536346][ C0] ? rcu_is_watching+0x12/0xc0 [ 930.541095][ C0] do_syscall_64+0x10b/0xf80 [ 930.545672][ C0] ? clear_bhb_loop+0x40/0x90 [ 930.550335][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.556210][ C0] RIP: 0033:0x7fd30cf11b0a [ 930.560609][ C0] RSP: 002b:00007ffdde1f1c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 930.569007][ C0] RAX: ffffffffffffffda RBX: 00005643c4b58420 RCX: 00007fd30cf11b0a [ 930.576975][ C0] RDX: 00007ffdde1f1c50 RSI: 00005643c4b46ef3 RDI: 00000000ffffff9c [ 930.584949][ C0] RBP: 00005643d4e26148 R08: 00063478c1c69200 R09: 0000000000000001 [ 930.592918][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 930.600874][ C0] R13: 00007ffdde1f1c50 R14: 0000000000000000 R15: 00063478c1c69200 [ 930.608838][ C0] [ 930.611842][ C0] task:syz.0.13459 state:R running task stack:27128 pid:7072 tgid:7072 ppid:27563 task_flags:0x40044c flags:0x00080002 [ 930.625307][ C0] Call Trace: [ 930.628567][ C0] [ 930.631481][ C0] __schedule+0x10e9/0x6820 [ 930.635989][ C0] ? __pfx___schedule+0x10/0x10 [ 930.640829][ C0] ? find_held_lock+0x2b/0x80 [ 930.645491][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 930.650852][ C0] preempt_schedule_common+0x42/0xc0 [ 930.656117][ C0] preempt_schedule_thunk+0x16/0x30 [ 930.661308][ C0] _raw_spin_unlock+0x3e/0x50 [ 930.665974][ C0] __zap_vma_range+0x1791/0x4bf0 [ 930.670910][ C0] ? __pfx___zap_vma_range+0x10/0x10 [ 930.676189][ C0] ? find_held_lock+0x2b/0x80 [ 930.680856][ C0] unmap_vmas+0x299/0x5f0 [ 930.685183][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 930.690020][ C0] ? mas_next_slot+0x10a3/0x1960 [ 930.694948][ C0] exit_mmap+0x1ef/0xa10 [ 930.699175][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 930.703936][ C0] ? rcu_is_watching+0x12/0xc0 [ 930.708697][ C0] __mmput+0x12a/0x410 [ 930.712754][ C0] mmput+0x67/0x80 [ 930.716458][ C0] do_exit+0x833/0x2a60 [ 930.720605][ C0] ? _copy_from_user+0x59/0xd0 [ 930.725356][ C0] ? __pfx_do_exit+0x10/0x10 [ 930.729933][ C0] ? do_raw_spin_lock+0x128/0x260 [ 930.734938][ C0] ? find_held_lock+0x2b/0x80 [ 930.739596][ C0] ? get_signal+0x7e0/0x21e0 [ 930.744170][ C0] do_group_exit+0xd5/0x2a0 [ 930.748661][ C0] get_signal+0x1ec7/0x21e0 [ 930.753150][ C0] ? __lock_acquire+0x4a5/0x2630 [ 930.758083][ C0] ? __pfx_get_signal+0x10/0x10 [ 930.762926][ C0] arch_do_signal_or_restart+0x91/0x770 [ 930.768459][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 930.774605][ C0] ? rcu_is_watching+0x12/0xc0 [ 930.779354][ C0] exit_to_user_mode_loop+0x86/0x4a0 [ 930.784626][ C0] ? do_syscall_64+0x519/0xf80 [ 930.789371][ C0] do_syscall_64+0x6f2/0xf80 [ 930.793938][ C0] ? clear_bhb_loop+0x40/0x90 [ 930.798599][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.804472][ C0] RIP: 0033:0x7f346c59d609 [ 930.808868][ C0] RSP: 002b:00007ffe73122b28 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 930.817259][ C0] RAX: fffffffffffffffc RBX: 00007f346c558ba0 RCX: 00007f346c59d609 [ 930.825213][ C0] RDX: 00007f346c558ba0 RSI: 0000000000000058 RDI: 00007ffe73122b80 [ 930.833180][ C0] RBP: 00007f346d4cb6c0 R08: 00007f346d4cb6c0 R09: 00007ffe73122c67 [ 930.841148][ C0] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffe8 [ 930.849102][ C0] R13: 000000000000000b R14: 00007ffe73122b80 R15: 00007ffe73122c68 [ 930.857079][ C0] [ 930.860079][ C0] task:dhcpcd state:R running task stack:21432 pid:5505 tgid:5505 ppid:5504 task_flags:0x400140 flags:0x00080000 [ 930.873536][ C0] Call Trace: [ 930.876795][ C0] [ 930.879711][ C0] __schedule+0x10e9/0x6820 [ 930.884215][ C0] ? pollwake+0x193/0x210 [ 930.888544][ C0] ? __pfx___schedule+0x10/0x10 [ 930.893393][ C0] ? do_raw_spin_lock+0x128/0x260 [ 930.898401][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 930.903760][ C0] preempt_schedule_common+0x42/0xc0 [ 930.909027][ C0] preempt_schedule_thunk+0x16/0x30 [ 930.914217][ C0] _raw_spin_unlock_irqrestore+0x61/0x80 [ 930.919841][ C0] sock_def_readable+0x154/0x610 [ 930.924763][ C0] unix_dgram_sendmsg+0xc8f/0x1810 [ 930.929870][ C0] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 930.936280][ C0] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 930.941818][ C0] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 930.948576][ C0] unix_seqpacket_sendmsg+0x12a/0x1d0 [ 930.953941][ C0] sock_write_iter+0x524/0x5a0 [ 930.958692][ C0] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 930.964590][ C0] ? __pfx_sock_write_iter+0x10/0x10 [ 930.969876][ C0] do_iter_readv_writev+0x6ee/0x920 [ 930.975073][ C0] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 930.980787][ C0] ? bpf_lsm_file_permission+0x9/0x10 [ 930.986166][ C0] ? security_file_permission+0x76/0x210 [ 930.991801][ C0] ? rw_verify_area+0xce/0x6d0 [ 930.996557][ C0] vfs_writev+0x360/0xe10 [ 931.000871][ C0] ? __pfx_vfs_writev+0x10/0x10 [ 931.005706][ C0] ? rw_verify_area+0xce/0x6d0 [ 931.010472][ C0] ? __pfx_sock_read_iter+0x10/0x10 [ 931.015676][ C0] ? do_writev+0x28a/0x340 [ 931.020070][ C0] do_writev+0x28a/0x340 [ 931.024296][ C0] ? __pfx_do_writev+0x10/0x10 [ 931.029040][ C0] ? rcu_is_watching+0x12/0xc0 [ 931.033787][ C0] do_syscall_64+0x10b/0xf80 [ 931.038358][ C0] ? clear_bhb_loop+0x40/0x90 [ 931.043016][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.048891][ C0] RIP: 0033:0x7f60e1b84407 [ 931.053289][ C0] RSP: 002b:00007ffde427d1a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 931.061680][ C0] RAX: ffffffffffffffda RBX: 00007f60e1afa780 RCX: 00007f60e1b84407 [ 931.069634][ C0] RDX: 0000000000000005 RSI: 00007ffde427d200 RDI: 0000000000000011 [ 931.077671][ C0] RBP: 000055b8a777ba90 R08: 0000000000000000 R09: 0000000000000000 [ 931.085622][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffde429d620 [ 931.093573][ C0] R13: 0000000000000004 R14: 0000000000000148 R15: 00007ffde428d3f0 [ 931.101545][ C0] [ 931.104544][ C0] task:dhcpcd state:R running task stack:25440 pid:5504 tgid:5504 ppid:1 task_flags:0x400140 flags:0x00080000 [ 931.118007][ C0] Call Trace: [ 931.121263][ C0] [ 931.124177][ C0] __schedule+0x10e9/0x6820 [ 931.128678][ C0] ? pollwake+0x193/0x210 [ 931.132992][ C0] ? __pfx___schedule+0x10/0x10 [ 931.137829][ C0] ? do_raw_spin_lock+0x128/0x260 [ 931.142835][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 931.148199][ C0] preempt_schedule_common+0x42/0xc0 [ 931.153550][ C0] preempt_schedule_thunk+0x16/0x30 [ 931.158740][ C0] _raw_spin_unlock_irqrestore+0x61/0x80 [ 931.164361][ C0] sock_def_readable+0x154/0x610 [ 931.169280][ C0] unix_dgram_sendmsg+0xc8f/0x1810 [ 931.174386][ C0] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 931.180790][ C0] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 931.186326][ C0] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 931.193086][ C0] unix_seqpacket_sendmsg+0x12a/0x1d0 [ 931.198451][ C0] sock_write_iter+0x524/0x5a0 [ 931.203203][ C0] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 931.209081][ C0] ? __pfx_sock_write_iter+0x10/0x10 [ 931.214376][ C0] do_iter_readv_writev+0x6ee/0x920 [ 931.219562][ C0] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 931.225272][ C0] ? bpf_lsm_file_permission+0x9/0x10 [ 931.230629][ C0] ? security_file_permission+0x76/0x210 [ 931.236246][ C0] ? rw_verify_area+0xce/0x6d0 [ 931.240998][ C0] vfs_writev+0x360/0xe10 [ 931.245394][ C0] ? _copy_to_user+0xaf/0xd0 [ 931.249969][ C0] ? __pfx_vfs_writev+0x10/0x10 [ 931.254797][ C0] ? __pfx___do_sys_newuname+0x10/0x10 [ 931.260242][ C0] ? __pfx_sock_do_ioctl+0x10/0x10 [ 931.265357][ C0] ? do_writev+0x28a/0x340 [ 931.269762][ C0] do_writev+0x28a/0x340 [ 931.273983][ C0] ? __pfx_do_writev+0x10/0x10 [ 931.278730][ C0] do_syscall_64+0x10b/0xf80 [ 931.283298][ C0] ? clear_bhb_loop+0x40/0x90 [ 931.287970][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.293853][ C0] RIP: 0033:0x7f60e1b84407 [ 931.298275][ C0] RSP: 002b:00007ffde429d2c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 931.306668][ C0] RAX: ffffffffffffffda RBX: 00007f60e1afa780 RCX: 00007f60e1b84407 [ 931.314622][ C0] RDX: 0000000000000005 RSI: 00007ffde429d320 RDI: 000000000000000a [ 931.322573][ C0] RBP: 000055b872bf6870 R08: 0000000000000000 R09: 0000000000000000 [ 931.330522][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b8a775b050 [ 931.338470][ C0] R13: 000000000000012c R14: 0000000000004801 R15: 000055b8a7758844 [ 931.346434][ C0] [ 931.349447][ C0] task:syz.1.13452 state:R running task stack:28072 pid:7066 tgid:7066 ppid:5975 task_flags:0x40004c flags:0x00480000 [ 931.362909][ C0] Call Trace: [ 931.366167][ C0] [ 931.369079][ C0] __schedule+0x10e9/0x6820 [ 931.373577][ C0] ? mark_held_locks+0x40/0x70 [ 931.378329][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 931.383508][ C0] ? irqentry_exit+0x246/0x790 [ 931.388250][ C0] ? __pfx___schedule+0x10/0x10 [ 931.393090][ C0] ? find_held_lock+0x2b/0x80 [ 931.397749][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 931.403106][ C0] preempt_schedule_common+0x42/0xc0 [ 931.408373][ C0] preempt_schedule_thunk+0x16/0x30 [ 931.413559][ C0] _raw_spin_unlock+0x3e/0x50 [ 931.418220][ C0] __zap_vma_range+0x1791/0x4bf0 [ 931.423159][ C0] ? __pfx___zap_vma_range+0x10/0x10 [ 931.428430][ C0] ? find_held_lock+0x2b/0x80 [ 931.433110][ C0] unmap_vmas+0x299/0x5f0 [ 931.437489][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 931.442323][ C0] ? mas_next_slot+0x10a3/0x1960 [ 931.447255][ C0] exit_mmap+0x1ef/0xa10 [ 931.451483][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 931.456254][ C0] ? rcu_is_watching+0x12/0xc0 [ 931.461016][ C0] __mmput+0x12a/0x410 [ 931.465088][ C0] mmput+0x67/0x80 [ 931.468821][ C0] do_exit+0x833/0x2a60 [ 931.472987][ C0] ? __pfx_do_exit+0x10/0x10 [ 931.477587][ C0] __x64_sys_exit+0x42/0x50 [ 931.482084][ C0] x64_sys_call+0x152e/0x1530 [ 931.486752][ C0] do_syscall_64+0x10b/0xf80 [ 931.491329][ C0] ? clear_bhb_loop+0x40/0x90 [ 931.495995][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.501872][ C0] RIP: 0033:0x7f6d09d9c819 [ 931.506265][ C0] RSP: 002b:00007f6d0ac4cef8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 931.514655][ C0] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f6d09d9c819 [ 931.522637][ C0] RDX: 00007f6d0ac4d9c8 RSI: 0000000000000000 RDI: 0000000000000000 [ 931.530598][ C0] RBP: 00007f6d09e32c91 R08: 0000000000000000 R09: 0000000000000058 [ 931.538551][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.546503][ C0] R13: 00007f6d0a016038 R14: 00007f6d0a015fa0 R15: 00007ffd826a5f28 [ 931.554474][ C0] [ 931.557489][ C0] task:syz-executor state:R running task stack:22360 pid:5971 tgid:5971 ppid:5967 task_flags:0x400140 flags:0x00080000 [ 931.570996][ C0] Call Trace: [ 931.574268][ C0] [ 931.577199][ C0] __schedule+0x10e9/0x6820 [ 931.581712][ C0] ? trace_mm_page_alloc+0x163/0x1d0 [ 931.586998][ C0] ? __pfx___schedule+0x10/0x10 [ 931.591857][ C0] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 931.597917][ C0] preempt_schedule_notrace+0x5f/0xd0 [ 931.603357][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 931.609515][ C0] preempt_schedule_notrace_thunk+0x16/0x30 [ 931.615412][ C0] rcu_is_watching+0x8e/0xc0 [ 931.619994][ C0] ? is_module_text_address+0x148/0x220 [ 931.625535][ C0] lock_release+0x245/0x310 [ 931.630061][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 931.636205][ C0] is_module_text_address+0x14d/0x220 [ 931.641561][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 931.647702][ C0] kernel_text_address+0x81/0x100 [ 931.652711][ C0] ? policy_nodemask+0xed/0x4f0 [ 931.657547][ C0] __kernel_text_address+0xd/0x30 [ 931.662555][ C0] unwind_get_return_address+0x59/0xa0 [ 931.668004][ C0] arch_stack_walk+0xa6/0xf0 [ 931.672587][ C0] stack_trace_save+0x8e/0xc0 [ 931.677255][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 931.682608][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 931.688410][ C0] kasan_save_stack+0x30/0x50 [ 931.693070][ C0] ? kasan_save_stack+0x30/0x50 [ 931.697897][ C0] ? kasan_save_track+0x14/0x30 [ 931.702727][ C0] ? __kasan_slab_alloc+0x89/0x90 [ 931.707732][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 931.713351][ C0] ? kmem_alloc_batch+0x49/0x170 [ 931.718271][ C0] ? debug_objects_fill_pool+0x24d/0x5a0 [ 931.723890][ C0] ? debug_object_activate+0x103/0x490 [ 931.729331][ C0] ? __call_rcu_common.constprop.0+0x35/0x9b0 [ 931.735385][ C0] ? qlist_free_all+0x47/0xf0 [ 931.740047][ C0] ? kasan_quarantine_reduce+0x1a0/0x1f0 [ 931.745753][ C0] ? __kasan_slab_alloc+0x69/0x90 [ 931.750759][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 931.756383][ C0] ? alloc_empty_file+0x5b/0x1c0 [ 931.761312][ C0] ? alloc_file_pseudo+0x13a/0x230 [ 931.766408][ C0] ? sock_alloc_file+0x50/0x210 [ 931.771255][ C0] ? __sys_socket+0x1c0/0x260 [ 931.775910][ C0] ? __x64_sys_socket+0x72/0xb0 [ 931.780739][ C0] ? do_syscall_64+0x10b/0xf80 [ 931.785484][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.791550][ C0] kasan_save_track+0x14/0x30 [ 931.796209][ C0] __kasan_slab_alloc+0x89/0x90 [ 931.801043][ C0] kmem_cache_alloc_noprof+0x241/0x6e0 [ 931.806491][ C0] ? kmem_alloc_batch+0x49/0x170 [ 931.811436][ C0] kmem_alloc_batch+0x49/0x170 [ 931.816187][ C0] debug_objects_fill_pool+0x24d/0x5a0 [ 931.821625][ C0] ? __lock_acquire+0x4a5/0x2630 [ 931.826552][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 931.832517][ C0] ? mark_held_locks+0x40/0x70 [ 931.837280][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 931.843075][ C0] ? __pfx_rcu_free_slab+0x10/0x10 [ 931.848172][ C0] debug_object_activate+0x103/0x490 [ 931.853438][ C0] ? do_raw_spin_lock+0x128/0x260 [ 931.858448][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 931.864238][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 931.870038][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 931.875221][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 931.881017][ C0] ? __pfx_rcu_free_slab+0x10/0x10 [ 931.886114][ C0] __call_rcu_common.constprop.0+0x35/0x9b0 [ 931.891999][ C0] qlist_free_all+0x47/0xf0 [ 931.896490][ C0] kasan_quarantine_reduce+0x1a0/0x1f0 [ 931.901957][ C0] __kasan_slab_alloc+0x69/0x90 [ 931.906787][ C0] kmem_cache_alloc_noprof+0x241/0x6e0 [ 931.912234][ C0] ? alloc_empty_file+0x5b/0x1c0 [ 931.917165][ C0] alloc_empty_file+0x5b/0x1c0 [ 931.921916][ C0] alloc_file_pseudo+0x13a/0x230 [ 931.926839][ C0] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 931.932281][ C0] ? alloc_fd+0x476/0x790 [ 931.936595][ C0] sock_alloc_file+0x50/0x210 [ 931.941256][ C0] __sys_socket+0x1c0/0x260 [ 931.945737][ C0] ? __pfx___sys_socket+0x10/0x10 [ 931.950756][ C0] __x64_sys_socket+0x72/0xb0 [ 931.955411][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 931.960589][ C0] do_syscall_64+0x10b/0xf80 [ 931.965164][ C0] ? clear_bhb_loop+0x40/0x90 [ 931.969822][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.975696][ C0] RIP: 0033:0x7fbd29f9e087 [ 931.980524][ C0] RSP: 002b:00007ffc869a9728 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 931.989015][ C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd29f9e087 [ 931.996965][ C0] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 000000000000000a [ 932.004915][ C0] RBP: 00007ffc869a9e5c R08: 0000000000000000 R09: 0000000000000000 [ 932.012950][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fbd2a1e7e00 [ 932.020929][ C0] R13: 00000000000927c0 R14: 00000000000c3892 R15: 00007fbd2a1e9fc0 [ 932.028912][ C0] [ 932.031936][ C0] rcu: rcu_preempt kthread starved for 10421 jiffies! g291089 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 932.043318][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 932.053275][ C0] rcu: RCU grace-period kthread stack dump: [ 932.059140][ C0] task:rcu_preempt state:R running task stack:27752 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 932.072697][ C0] Call Trace: [ 932.075960][ C0] [ 932.078891][ C0] __schedule+0x10e9/0x6820 [ 932.083402][ C0] ? __pfx___schedule+0x10/0x10 [ 932.088248][ C0] ? find_held_lock+0x2b/0x80 [ 932.092909][ C0] ? schedule+0x2bf/0x390 [ 932.097227][ C0] schedule+0xdd/0x390 [ 932.101283][ C0] schedule_timeout+0x127/0x280 [ 932.106131][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 932.111487][ C0] ? __pfx_process_timeout+0x10/0x10 [ 932.116762][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 932.122562][ C0] ? prepare_to_swait_event+0xdf/0x4a0 [ 932.128012][ C0] rcu_gp_fqs_loop+0x1a9/0x900 [ 932.132767][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 932.138044][ C0] ? prepare_to_swait_event+0xae/0x4a0 [ 932.143489][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 932.148452][ C0] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 932.153676][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 932.159484][ C0] rcu_gp_kthread+0x179/0x230 [ 932.164159][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 932.169351][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 932.175150][ C0] ? __kthread_parkme+0x18c/0x230 [ 932.180164][ C0] ? kthread+0x13a/0x450 [ 932.184394][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 932.189592][ C0] kthread+0x370/0x450 [ 932.193648][ C0] ? __pfx_kthread+0x10/0x10 [ 932.198240][ C0] ret_from_fork+0x72b/0xd50 [ 932.202816][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 932.207911][ C0] ? __switch_to+0x800/0x1100 [ 932.212583][ C0] ? __switch_to_asm+0x39/0x70 [ 932.217341][ C0] ? __pfx_kthread+0x10/0x10 [ 932.221921][ C0] ret_from_fork_asm+0x1a/0x30 [ 932.226680][ C0] [ 932.229681][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 932.235985][ C0] CPU: 0 UID: 0 PID: 3427 Comm: kworker/R-bat_e Tainted: G U I L syzkaller #0 PREEMPT(full) [ 932.247250][ C0] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 932.254591][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 932.264623][ C0] Workqueue: bat_events batadv_tt_purge [ 932.270170][ C0] RIP: 0010:lock_acquire+0x5e/0x370 [ 932.275366][ C0] Code: 05 3b 59 2e 12 83 f8 07 0f 87 d9 02 00 00 48 0f a3 05 46 4b f7 0e 0f 82 a4 02 00 00 8b 35 ae 7e f7 0e 85 f6 0f 85 bf 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 58 2e 12 0f 85 ed 02 00 00 48 83 c4 [ 932.294964][ C0] RSP: 0018:ffffc900000068f0 EFLAGS: 00000206 [ 932.301026][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000005 [ 932.308986][ C0] RDX: 0000000000000000 RSI: ffffffff8df2c0ea RDI: ffffffff8c1c0200 [ 932.316943][ C0] RBP: ffffffff8e7e5260 R08: 00000000bf675e27 R09: 0000000000000007 [ 932.324896][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 932.332845][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 932.340796][ C0] FS: 0000000000000000(0000) GS:ffff8881242ee000(0000) knlGS:0000000000000000 [ 932.349708][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 932.356269][ C0] CR2: 00007fe335713b6c CR3: 0000000076e80000 CR4: 00000000003526f0 [ 932.364221][ C0] Call Trace: [ 932.367482][ C0] [ 932.370311][ C0] unwind_next_frame+0xd1/0x2090 [ 932.375238][ C0] ? unwind_next_frame+0xbd/0x2090 [ 932.380332][ C0] ? __unwind_start+0x2fb/0x7f0 [ 932.385163][ C0] ? get_stack_info_noinstr+0x8c/0x130 [ 932.390613][ C0] __unwind_start+0x3d1/0x7f0 [ 932.395272][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 932.401425][ C0] arch_stack_walk+0x73/0xf0 [ 932.406002][ C0] ? __unwind_start+0x2fb/0x7f0 [ 932.410840][ C0] ? kfree_skbmem+0x19a/0x210 [ 932.415502][ C0] stack_trace_save+0x8e/0xc0 [ 932.420165][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 932.425627][ C0] ? __lock_acquire+0x4a5/0x2630 [ 932.430572][ C0] ? batadv_interface_tx+0x17e8/0x1c30 [ 932.436029][ C0] ? dev_hard_start_xmit+0x128/0x7a0 [ 932.441314][ C0] kasan_save_stack+0x30/0x50 [ 932.446005][ C0] kasan_save_track+0x14/0x30 [ 932.450667][ C0] kasan_save_free_info+0x3b/0x70 [ 932.455683][ C0] __kasan_slab_free+0x5f/0x80 [ 932.460437][ C0] kmem_cache_free+0x127/0x6c0 [ 932.465214][ C0] ? skb_release_data+0x6ca/0x8e0 [ 932.470231][ C0] kfree_skbmem+0x19a/0x210 [ 932.474736][ C0] consume_skb+0xd1/0x110 [ 932.479049][ C0] batadv_interface_tx+0x17e8/0x1c30 [ 932.484341][ C0] ? __pfx_batadv_interface_tx+0x10/0x10 [ 932.489977][ C0] ? __pfx_netif_skb_features+0x10/0x10 [ 932.495540][ C0] dev_hard_start_xmit+0x128/0x7a0 [ 932.500655][ C0] __dev_queue_xmit+0x1baa/0x4950 [ 932.505838][ C0] ? lock_acquire+0x1b1/0x370 [ 932.510509][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 932.515872][ C0] ? __local_bh_enable_ip+0x9e/0x120 [ 932.521144][ C0] ? lockdep_hardirqs_on+0x30/0x100 [ 932.526325][ C0] ? __local_bh_enable_ip+0x9e/0x120 [ 932.531596][ C0] ? ebt_do_table+0x1938/0x2250 [ 932.536435][ C0] ? br_nf_post_routing+0x5f9/0x16a0 [ 932.541705][ C0] ? find_held_lock+0x2b/0x80 [ 932.546369][ C0] ? __pfx_br_nf_post_routing+0x10/0x10 [ 932.551895][ C0] ? __pfx_ebt_do_table+0x10/0x10 [ 932.556919][ C0] ? mark_held_locks+0x40/0x70 [ 932.561703][ C0] ? lock_acquire+0x1b1/0x370 [ 932.566372][ C0] ? find_held_lock+0x2b/0x80 [ 932.571036][ C0] br_dev_queue_push_xmit+0x361/0x530 [ 932.576397][ C0] br_forward_finish+0x102/0x4d0 [ 932.581347][ C0] ? __pfx_br_forward_finish+0x10/0x10 [ 932.586808][ C0] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 932.592694][ C0] ? nf_hook_slow+0x167/0x220 [ 932.597380][ C0] br_nf_hook_thresh+0x30d/0x420 [ 932.602316][ C0] ? __pfx_br_forward_finish+0x10/0x10 [ 932.607765][ C0] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 932.613215][ C0] ? nf_hook+0x330/0x7a0 [ 932.617440][ C0] ? __pfx_br_forward_finish+0x10/0x10 [ 932.622884][ C0] ? lock_acquire+0x1b1/0x370 [ 932.627565][ C0] br_nf_forward_finish+0x693/0xb30 [ 932.632749][ C0] ? __pfx_br_forward_finish+0x10/0x10 [ 932.638199][ C0] br_nf_forward+0x157a/0x19f0 [ 932.642950][ C0] nf_hook_slow+0xbf/0x220 [ 932.647354][ C0] __br_forward+0x2f7/0x970 [ 932.651861][ C0] ? __pfx___br_forward+0x10/0x10 [ 932.656887][ C0] ? __asan_memcpy+0x3c/0x60 [ 932.661473][ C0] ? __pfx_br_forward_finish+0x10/0x10 [ 932.666924][ C0] ? __skb_clone+0x570/0x760 [ 932.671522][ C0] maybe_deliver+0xf0/0x180 [ 932.676023][ C0] br_flood+0x193/0x650 [ 932.680180][ C0] br_handle_frame_finish+0xff4/0x1f60 [ 932.685631][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 932.691519][ C0] ? find_held_lock+0x2b/0x80 [ 932.696179][ C0] ? net_generic+0xea/0x2a0 [ 932.700667][ C0] ? net_generic+0xea/0x2a0 [ 932.705175][ C0] ? net_generic+0xf4/0x2a0 [ 932.709661][ C0] ? br_nf_pre_routing+0x771/0x1560 [ 932.714859][ C0] br_handle_frame+0x977/0x1520 [ 932.719699][ C0] ? __pfx_br_handle_frame+0x10/0x10 [ 932.724982][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 932.730861][ C0] ? kasan_quarantine_put+0x104/0x240 [ 932.736237][ C0] ? __pfx_br_handle_frame+0x10/0x10 [ 932.741527][ C0] __netif_receive_skb_core.constprop.0+0x6c5/0x3530 [ 932.748187][ C0] ? skb_release_data+0x6ca/0x8e0 [ 932.753199][ C0] ? kfree_skbmem+0x19f/0x210 [ 932.757865][ C0] ? dst_release+0x9a/0x330 [ 932.762350][ C0] ? arp_process+0x237/0x2440 [ 932.767009][ C0] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 932.774100][ C0] ? __pfx_arp_process+0x10/0x10 [ 932.779016][ C0] ? __pfx_arp_process+0x10/0x10 [ 932.783940][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 932.789585][ C0] ? __pfx_arp_process+0x10/0x10 [ 932.794507][ C0] ? __lock_acquire+0x4a5/0x2630 [ 932.799436][ C0] ? process_backlog+0x32a/0x1580 [ 932.804445][ C0] __netif_receive_skb_one_core+0xb0/0x1e0 [ 932.810266][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 932.816673][ C0] ? lock_acquire+0x1b1/0x370 [ 932.821342][ C0] ? process_backlog+0x32a/0x1580 [ 932.826375][ C0] ? process_backlog+0x32a/0x1580 [ 932.831385][ C0] __netif_receive_skb+0x1f/0x120 [ 932.836396][ C0] process_backlog+0x37a/0x1580 [ 932.841243][ C0] __napi_poll.constprop.0+0xaf/0x450 [ 932.846599][ C0] net_rx_action+0xa40/0xf20 [ 932.851178][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 932.856268][ C0] ? hrtimer_bases_first+0x110/0x210 [ 932.861537][ C0] ? __hrtimer_get_next_event+0x1b7/0x360 [ 932.867262][ C0] ? mark_held_locks+0x40/0x70 [ 932.872018][ C0] handle_softirqs+0x1ea/0xa00 [ 932.876773][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 932.882045][ C0] ? batadv_tt_purge+0x25d/0xbd0 [ 932.886990][ C0] do_softirq+0xac/0xe0 [ 932.891136][ C0] [ 932.894048][ C0] [ 932.896960][ C0] __local_bh_enable_ip+0xf8/0x120 [ 932.902056][ C0] batadv_tt_purge+0x25d/0xbd0 [ 932.906811][ C0] ? __pfx_batadv_tt_purge+0x10/0x10 [ 932.912089][ C0] ? rcu_is_watching+0x12/0xc0 [ 932.916843][ C0] process_one_work+0xa0e/0x1980 [ 932.921773][ C0] ? __pfx_process_one_work+0x10/0x10 [ 932.927131][ C0] ? __pfx_batadv_tt_purge+0x10/0x10 [ 932.932428][ C0] rescuer_thread+0x905/0x14a0 [ 932.937193][ C0] ? rescuer_thread+0x240/0x14a0 [ 932.942113][ C0] ? rescuer_thread+0x118/0x14a0 [ 932.947033][ C0] ? __pfx_rescuer_thread+0x10/0x10 [ 932.952216][ C0] ? __kthread_parkme+0x18c/0x230 [ 932.957232][ C0] ? kthread+0x13a/0x450 [ 932.961464][ C0] ? __pfx_rescuer_thread+0x10/0x10 [ 932.966649][ C0] kthread+0x370/0x450 [ 932.970717][ C0] ? __pfx_kthread+0x10/0x10 [ 932.975299][ C0] ret_from_fork+0x72b/0xd50 [ 932.979874][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 932.984985][ C0] ? __switch_to+0x800/0x1100 [ 932.989657][ C0] ? __switch_to_asm+0x39/0x70 [ 932.994406][ C0] ? __pfx_kthread+0x10/0x10 [ 932.999000][ C0] ret_from_fork_asm+0x1a/0x30 [ 933.003759][ C0] [ 933.011634][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.978138][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.990276][ T1315] ieee802154 phy1 wpan1: encryption failed: -22