last executing test programs: 2m44.506887268s ago: executing program 1 (id=13707): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) 2m43.01944944s ago: executing program 1 (id=13717): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) capset$auto(0x0, 0x0) r0 = open(0x0, 0x22240, 0x154) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) 2m42.522548923s ago: executing program 1 (id=13728): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getresgid$auto(0x0, 0x0, 0x0) 2m41.044138089s ago: executing program 1 (id=13734): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ustat$auto(0x801, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, 0x0, 0x7, 0x0, 0x2, 0x1000007}, 0x1}, 0x5, 0x311) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, 0x0, 0x7, 0x0, 0x4, 0xb}, 0x8}, 0x5, 0x7fffffff) 2m40.880649697s ago: executing program 1 (id=13736): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) mmap$auto(0x2000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) 2m40.388525844s ago: executing program 1 (id=13738): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0xc840) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) 2m25.290371716s ago: executing program 32 (id=13738): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0xc840) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) 2m5.714067571s ago: executing program 2 (id=13881): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) wait4$auto(0x0, 0x0, 0xf, &(0x7f0000000140)={{0x2599}, {0xffffffffffffffff, 0x1000000009}, 0x2, 0x800080000001, 0x1, 0x1000, 0x400000005, 0x5, 0x9, 0x4, 0xb11c, 0x8, 0xfffffffffffffffd, 0x7, 0xfffb, 0x801c0000000}) r0 = socket(0xa, 0x1, 0x84) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) setsockopt$auto(r0, 0x0, 0x60, 0x0, 0x6f7250c4) 2m5.581473911s ago: executing program 2 (id=13882): mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) connect$auto(0x3, 0x0, 0x55) 2m5.449241711s ago: executing program 2 (id=13883): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sigaltstack$auto(0x0, 0x0) 2m3.68979587s ago: executing program 2 (id=13891): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) r0 = getpid() openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/ptp/ptp0/max_vclocks\x00', 0x103841, 0x0) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) 2m3.577267466s ago: executing program 2 (id=13892): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000140)=0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m3.455428383s ago: executing program 2 (id=13893): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) 1m48.242124886s ago: executing program 33 (id=13893): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) 18.353877397s ago: executing program 4 (id=14476): sendmsg$auto_ETHTOOL_MSG_PSE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x703d27, 0x25dfdbfc, {}, [@ETHTOOL_A_PSE_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000050}, 0x40d8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB='1\x00-'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x240080c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44080}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 18.036452861s ago: executing program 4 (id=14478): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ftruncate$auto(0x3, 0x700) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa9202, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 17.539330881s ago: executing program 4 (id=14479): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) read$auto_dynamic_events_ops_trace_dynevent(r0, 0x0, 0x0) 17.270983623s ago: executing program 4 (id=14481): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x20, r1, 0x170b, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40840}, 0x4000840) 17.016491859s ago: executing program 4 (id=14482): mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) statx$auto(r0, 0x0, 0x1003, 0x7f, 0x0) 16.810044056s ago: executing program 4 (id=14483): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3a) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000001f00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioctl$auto(r0, 0x890b, 0x1) 2.673040185s ago: executing program 0 (id=14573): sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x28, 0x0, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O'], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x8}, 0x7fc}, 0x7, 0x4008) 2.558214983s ago: executing program 0 (id=14574): r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r1, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYBLOB="16018d8e82d8e469fdd8"], 0x14}, 0x1, 0x0, 0x0, 0x4854}, 0x40) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r1) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fcdbdf250a9e00ff15000000140001"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) 2.439748851s ago: executing program 0 (id=14575): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setitimer$auto_ITIMER_REAL(0x0, &(0x7f0000000180)={{0x7, 0x6}, {0x51, 0xd8bd}}, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) madvise$auto(0x1000, 0x400050, 0x9) 2.302071364s ago: executing program 0 (id=14576): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x200007, 0x8) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x80040, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) madvise$auto(0x0, 0x200204, 0x15) 2.114992659s ago: executing program 0 (id=14577): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clock_getres$auto(0x17, 0x0) 1.794663123s ago: executing program 34 (id=14483): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3a) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000001f00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioctl$auto(r0, 0x890b, 0x1) 1.285893731s ago: executing program 3 (id=14583): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x4, 0x0, 0x4) 1.10963011s ago: executing program 3 (id=14585): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082cbd7000fedbdf250300000008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500aaaaaaaaaabb00000a00010000000000000000000a000100bbbbbbbbbbbb0000060006000f"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x6004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfbe}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x10000007, 0x4008) 990.701559ms ago: executing program 5 (id=14586): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IFINDEX={0x8}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @random="431396a271ac"}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x11}, @HSR_A_IF1_AGE={0x8, 0x3, 0x5}, @HSR_A_NODE_ADDR={0xa, 0x1, @remote}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x800002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x209}, 0x7}, 0x3, 0x0) 756.485795ms ago: executing program 5 (id=14587): unshare$auto(0x8100000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c06, 0x0, 0x3, 0x0, 0x0, 0xa}, 0x7}, 0x3, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 643.314754ms ago: executing program 3 (id=14588): mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x1, 0x0) r0 = socket(0xa, 0x801, 0x106) setsockopt$auto(r0, 0x6, 0x24, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 572.490564ms ago: executing program 5 (id=14589): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0) 487.345487ms ago: executing program 3 (id=14590): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000100), r0) sendmsg$auto_CTRL_CMD_GETFAMILY2(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001000)={0x14, r1, 0xa4f962d6ad91937d, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24048004) sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="e4010000fed157"], 0x1e4}, 0x1, 0x0, 0x0, 0x84}, 0x44080) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r0) 404.576298ms ago: executing program 5 (id=14591): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x4) renameat2$auto(r0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) 298.310721ms ago: executing program 3 (id=14592): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x40000000029, 0x31, 0xfffffffffffffffe, 0x0) 244.535461ms ago: executing program 5 (id=14593): r0 = socket(0x2, 0x801, 0x6) mmap$auto(0x0, 0x8, 0xe2, 0xeb1, 0x69a5, 0xa800000000000000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socket(0x1d, 0x2, 0x6) flistxattr$auto(r1, 0x0, 0x95) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xa4) 150.719489ms ago: executing program 3 (id=14594): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) userfaultfd$auto(0x1) 76.956535ms ago: executing program 5 (id=14595): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) select$auto(0x85, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x6}) 0s ago: executing program 0 (id=14596): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x2) kernel console output (not intermixed with test programs): 254740988kB, failcnt 0 [ 785.147343][ T511] Memory cgroup stats for /syz0: [ 785.147448][ T511] cache 0 [ 785.170649][ T511] rss 0 [ 785.173434][ T511] rss_huge 0 [ 785.176607][ T511] shmem 0 [ 785.179517][ T511] mapped_file 0 [ 785.190632][ T511] dirty 0 [ 785.197778][ T511] writeback 0 [ 785.210527][ T511] workingset_refault_anon 17238 [ 785.215397][ T511] workingset_refault_file 32557 [ 785.220228][ T511] swap 4907008 [ 785.231786][ T511] swapcached 495300608 [ 785.241839][ T511] pgpgin 340337 [ 785.250428][ T511] pgpgout 349470 [ 785.255427][ T511] pgfault 443286 [ 785.263321][ T511] pgmajfault 10037 [ 785.270229][ T511] inactive_anon 167936 [ 785.280191][ T511] active_anon 180224 [ 785.290119][ T511] inactive_file 0 [ 785.293755][ T511] active_file 0 [ 785.297194][ T511] unevictable 0 [ 785.309900][ T511] hierarchical_memory_limit 3145728 [ 785.319966][ T511] hierarchical_memsw_limit 9223372036854771712 [ 785.331414][ T511] total_cache 0 [ 785.339893][ T511] total_rss 0 [ 785.344631][ T511] total_rss_huge 0 [ 785.359690][ T511] total_shmem 0 [ 785.363163][ T511] total_mapped_file 0 [ 785.379529][ T511] total_dirty 0 [ 785.382999][ T511] total_writeback 0 [ 785.386782][ T511] total_workingset_refault_anon 17238 [ 785.399428][ T511] total_workingset_refault_file 32557 [ 785.409541][ T511] total_swap 4907008 [ 785.419453][ T511] total_swapcached 495300608 [ 785.425480][ T511] total_pgpgin 340337 [ 785.438372][ T511] total_pgpgout 349470 [ 785.442663][ T511] total_pgfault 443286 [ 785.460681][ T511] total_pgmajfault 10037 [ 785.464929][ T511] total_inactive_anon 167936 [ 785.472509][ T511] total_active_anon 180224 [ 785.488951][ T511] total_inactive_file 0 [ 785.493112][ T511] total_active_file 0 [ 785.497067][ T511] total_unevictable 0 [ 785.508842][ T511] anon_cost 0 [ 785.513559][ T511] file_cost 74 [ 785.520057][ T511] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.12857,pid=490,uid=0 [ 785.550086][ T511] Memory cgroup out of memory: Killed process 490 (syz.0.12857) total-vm:108644kB, anon-rss:1236kB, file-rss:22560kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 786.524582][ T642] NFSD: Failed to start, no listeners configured. [ 789.358618][ T655] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12928'. [ 790.430252][ T677] FAULT_INJECTION: forcing a failure. [ 790.430252][ T677] name fail_futex, interval 1, probability 0, space 0, times 1 [ 790.481138][ T677] CPU: 0 UID: 0 PID: 677 Comm: syz.0.12923 Tainted: G U L syzkaller #0 PREEMPT(full) [ 790.481167][ T677] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 790.481173][ T677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 790.481183][ T677] Call Trace: [ 790.481188][ T677] [ 790.481194][ T677] dump_stack_lvl+0x100/0x190 [ 790.481218][ T677] should_fail_ex.cold+0x5/0xa [ 790.481239][ T677] get_futex_key+0x1d2/0x14f0 [ 790.481257][ T677] ? __pfx_get_futex_key+0x10/0x10 [ 790.481273][ T677] ? enqueue_task+0x1dc/0x4f0 [ 790.481296][ T677] futex_wait_setup+0x91/0x540 [ 790.481321][ T677] __futex_wait+0x19f/0x300 [ 790.481342][ T677] ? __pfx___futex_wait+0x10/0x10 [ 790.481360][ T677] ? __pfx_try_to_wake_up+0x10/0x10 [ 790.481375][ T677] ? futex_hash+0x311/0x400 [ 790.481391][ T677] ? __pfx_futex_wake_mark+0x10/0x10 [ 790.481412][ T677] ? find_held_lock+0x2b/0x80 [ 790.481430][ T677] ? futex_wake+0x4ea/0x5e0 [ 790.481453][ T677] futex_wait+0xe6/0x370 [ 790.481473][ T677] ? __pfx_futex_wait+0x10/0x10 [ 790.481496][ T677] ? putname+0xb1/0x110 [ 790.481510][ T677] ? kmem_cache_free+0x127/0x6b0 [ 790.481525][ T677] ? do_sys_openat2+0x1b6/0x1e0 [ 790.481546][ T677] do_futex+0x265/0x440 [ 790.481563][ T677] ? __pfx_do_futex+0x10/0x10 [ 790.481577][ T677] ? __pfx_do_sys_openat2+0x10/0x10 [ 790.481600][ T677] __x64_sys_futex+0x34f/0x4d0 [ 790.481617][ T677] ? __x64_sys_openat+0x12d/0x210 [ 790.481636][ T677] ? __pfx___x64_sys_futex+0x10/0x10 [ 790.481660][ T677] do_syscall_64+0x115/0x840 [ 790.481676][ T677] ? clear_bhb_loop+0x40/0x90 [ 790.481694][ T677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.481709][ T677] RIP: 0033:0x7fe2c999ce59 [ 790.481723][ T677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.481744][ T677] RSP: 002b:00007fe2ca88f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 790.481760][ T677] RAX: ffffffffffffffda RBX: 00007fe2c9c16098 RCX: 00007fe2c999ce59 [ 790.481771][ T677] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe2c9c16098 [ 790.481780][ T677] RBP: 00007fe2c9c16090 R08: 0000000000000000 R09: 0000000000000000 [ 790.481790][ T677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.481798][ T677] R13: 00007fe2c9c16128 R14: 00007ffe69207d50 R15: 00007ffe69207e38 [ 790.481818][ T677] [ 790.821490][ T651] syz.0.12923 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 790.832453][ T651] CPU: 0 UID: 0 PID: 651 Comm: syz.0.12923 Tainted: G U L syzkaller #0 PREEMPT(full) [ 790.832479][ T651] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 790.832485][ T651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 790.832494][ T651] Call Trace: [ 790.832499][ T651] [ 790.832504][ T651] dump_stack_lvl+0x100/0x190 [ 790.832527][ T651] dump_header+0xfb/0x606 [ 790.832545][ T651] oom_kill_process.cold+0xd/0x330 [ 790.832564][ T651] out_of_memory+0x340/0x14f0 [ 790.832592][ T651] ? __pfx_out_of_memory+0x10/0x10 [ 790.832621][ T651] mem_cgroup_out_of_memory+0xc6/0x130 [ 790.832638][ T651] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 790.832654][ T651] ? find_held_lock+0x2b/0x80 [ 790.832677][ T651] ? do_raw_spin_unlock+0x145/0x1e0 [ 790.832694][ T651] ? _raw_spin_unlock+0x28/0x50 [ 790.832726][ T651] try_charge_memcg+0x6e5/0xdf0 [ 790.832751][ T651] ? __pfx_try_charge_memcg+0x10/0x10 [ 790.832773][ T651] ? find_held_lock+0x2b/0x80 [ 790.832791][ T651] ? rcu_read_unlock+0x17/0x60 [ 790.832813][ T651] ? rcu_read_unlock+0x17/0x60 [ 790.832841][ T651] __memcg_slab_post_alloc_hook+0x469/0x1160 [ 790.832869][ T651] ? kasan_unpoison+0x27/0x60 [ 790.832888][ T651] __kmalloc_node_track_caller_noprof+0x64f/0x830 [ 790.832909][ T651] ? neigh_sysctl_register+0xb4/0x660 [ 790.832937][ T651] kmemdup_noprof+0x29/0x60 [ 790.832955][ T651] neigh_sysctl_register+0xb4/0x660 [ 790.832978][ T651] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 790.833000][ T651] ? inetdev_init+0x245/0x570 [ 790.833017][ T651] ? inetdev_event+0x7fa/0x17f0 [ 790.833033][ T651] ? notifier_call_chain+0x99/0x3f0 [ 790.833055][ T651] ? copy_net_ns+0x46f/0x7c0 [ 790.833069][ T651] ? create_new_namespaces+0x3ea/0xac0 [ 790.833084][ T651] ? unshare_nsproxy_namespaces+0xf2/0x220 [ 790.833100][ T651] ? ksys_unshare+0x438/0xab0 [ 790.833118][ T651] ? __x64_sys_unshare+0x31/0x40 [ 790.833136][ T651] ? do_syscall_64+0x115/0x840 [ 790.833151][ T651] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.833170][ T651] devinet_sysctl_register+0xb6/0x210 [ 790.833189][ T651] inetdev_init+0x2b8/0x570 [ 790.833207][ T651] inetdev_event+0x7fa/0x17f0 [ 790.833225][ T651] ? ib_netdevice_event+0xfc/0x330 [ 790.833246][ T651] ? __pfx_inetdev_event+0x10/0x10 [ 790.833264][ T651] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 790.833289][ T651] notifier_call_chain+0x99/0x3f0 [ 790.833313][ T651] call_netdevice_notifiers_info+0xbe/0x110 [ 790.833330][ T651] register_netdevice+0x1998/0x25a0 [ 790.833358][ T651] ? __pfx_register_netdevice+0x10/0x10 [ 790.833385][ T651] ? __pfx_loopback_net_init+0x10/0x10 [ 790.833488][ T651] register_netdev+0x34/0x50 [ 790.833510][ T651] loopback_net_init+0x7a/0x170 [ 790.833528][ T651] ? __pfx_loopback_net_init+0x10/0x10 [ 790.833544][ T651] ops_init+0x1e2/0x5f0 [ 790.833568][ T651] setup_net+0x118/0x3a0 [ 790.833591][ T651] ? __pfx_setup_net+0x10/0x10 [ 790.833613][ T651] ? mutex_init_lockdep+0xf1/0x120 [ 790.833631][ T651] copy_net_ns+0x46f/0x7c0 [ 790.833648][ T651] create_new_namespaces+0x3ea/0xac0 [ 790.833669][ T651] unshare_nsproxy_namespaces+0xf2/0x220 [ 790.833687][ T651] ksys_unshare+0x438/0xab0 [ 790.833712][ T651] ? __pfx_ksys_unshare+0x10/0x10 [ 790.833739][ T651] __x64_sys_unshare+0x31/0x40 [ 790.833757][ T651] do_syscall_64+0x115/0x840 [ 790.833773][ T651] ? clear_bhb_loop+0x40/0x90 [ 790.833791][ T651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.833806][ T651] RIP: 0033:0x7fe2c999ce59 [ 790.833822][ T651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.833835][ T651] RSP: 002b:00007fe2ca8b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 790.833850][ T651] RAX: ffffffffffffffda RBX: 00007fe2c9c15fa0 RCX: 00007fe2c999ce59 [ 790.833860][ T651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 790.833869][ T651] RBP: 00007fe2c9a32e6f R08: 0000000000000000 R09: 0000000000000000 [ 790.833878][ T651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.833886][ T651] R13: 00007fe2c9c16038 R14: 00007fe2c9c15fa0 R15: 00007ffe69207e38 [ 790.833907][ T651] [ 790.833913][ T651] memory: usage 3072kB, limit 3072kB, failcnt 142870 [ 791.506097][ T701] ERROR: Out of memory at tomoyo_memory_ok. [ 791.877562][ T651] memory+swap: usage 7976kB, limit 9007199254740988kB, failcnt 0 [ 791.903756][ T651] kmem: usage 2848kB, limit 9007199254740988kB, failcnt 0 [ 791.930910][ T651] Memory cgroup stats for /syz0: [ 791.931018][ T651] cache 0 [ 791.957274][ T651] rss 0 [ 791.967248][ T651] rss_huge 0 [ 791.976038][ T651] shmem 0 [ 791.982894][ T651] mapped_file 0 [ 791.991696][ T651] dirty 0 [ 791.997920][ T651] writeback 0 [ 792.004719][ T651] workingset_refault_anon 22548 [ 792.016137][ T651] workingset_refault_file 32571 [ 792.027325][ T651] swap 5021696 [ 792.035956][ T651] swapcached 536018944 [ 792.044420][ T651] pgpgin 348787 [ 792.053245][ T651] pgpgout 359543 [ 792.061285][ T651] pgfault 448035 [ 792.069130][ T651] pgmajfault 11065 [ 792.082205][ T651] inactive_anon 110592 [ 792.091959][ T651] active_anon 118784 [ 792.101452][ T651] inactive_file 0 [ 792.110409][ T651] active_file 0 [ 792.128239][ T651] unevictable 0 [ 792.138264][ T651] hierarchical_memory_limit 3145728 [ 792.151796][ T651] hierarchical_memsw_limit 9223372036854771712 [ 792.165228][ T651] total_cache 0 [ 792.172352][ T651] total_rss 0 [ 792.180295][ T651] total_rss_huge 0 [ 792.187861][ T718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 792.198665][ T651] total_shmem 0 [ 792.202183][ T651] total_mapped_file 0 [ 792.206713][ T651] total_dirty 0 [ 792.211311][ T651] total_writeback 0 [ 792.219715][ T651] total_workingset_refault_anon 22548 [ 792.230785][ T651] total_workingset_refault_file 32571 [ 792.242964][ T651] total_swap 5021696 [ 792.254347][ T651] total_swapcached 536018944 [ 792.265829][ T651] total_pgpgin 348787 [ 792.275298][ T651] total_pgpgout 359543 [ 792.283449][ T651] total_pgfault 448035 [ 792.298102][ T651] total_pgmajfault 11065 [ 792.311463][ T651] total_inactive_anon 110592 [ 792.319862][ T651] total_active_anon 118784 [ 792.325256][ T651] total_inactive_file 0 [ 792.329518][ T651] total_active_file 0 [ 792.334152][ T651] total_unevictable 0 [ 792.338168][ T651] anon_cost 0 [ 792.341549][ T651] file_cost 74 [ 792.349638][ T651] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.12923,pid=650,uid=0 [ 792.366515][ T651] Memory cgroup out of memory: Killed process 650 (syz.0.12923) total-vm:108512kB, anon-rss:1236kB, file-rss:22464kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 792.665408][ T714] netlink: 'syz.1.12951': attribute type 5 has an invalid length. [ 792.679843][ T714] netlink: 4158 bytes leftover after parsing attributes in process `syz.1.12951'. [ 793.721868][ T756] NFSD: Failed to start, no listeners configured. [ 796.371402][ T833] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12999'. [ 798.177470][T14944] block nbd1: Receive control failed (result -107) [ 798.896779][ T883] syz.0.13022 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 [ 799.008242][ T883] CPU: 0 UID: 0 PID: 883 Comm: syz.0.13022 Tainted: G U L syzkaller #0 PREEMPT(full) [ 799.008271][ T883] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 799.008277][ T883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 799.008287][ T883] Call Trace: [ 799.008292][ T883] [ 799.008299][ T883] dump_stack_lvl+0x100/0x190 [ 799.008323][ T883] dump_header+0xfb/0x606 [ 799.008341][ T883] oom_kill_process.cold+0xd/0x330 [ 799.008359][ T883] out_of_memory+0x340/0x14f0 [ 799.008388][ T883] ? __pfx_out_of_memory+0x10/0x10 [ 799.008416][ T883] mem_cgroup_out_of_memory+0xc6/0x130 [ 799.008434][ T883] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 799.008449][ T883] ? find_held_lock+0x2b/0x80 [ 799.008472][ T883] ? do_raw_spin_unlock+0x145/0x1e0 [ 799.008490][ T883] ? _raw_spin_unlock+0x28/0x50 [ 799.008516][ T883] try_charge_memcg+0x6e5/0xdf0 [ 799.008541][ T883] ? __pfx_try_charge_memcg+0x10/0x10 [ 799.008565][ T883] ? find_held_lock+0x2b/0x80 [ 799.008582][ T883] ? rcu_read_unlock+0x17/0x60 [ 799.008604][ T883] ? rcu_read_unlock+0x17/0x60 [ 799.008632][ T883] __memcg_slab_post_alloc_hook+0x469/0x1160 [ 799.008661][ T883] ? kasan_save_track+0x14/0x30 [ 799.008681][ T883] kmem_cache_alloc_node_noprof+0x4fe/0x6b0 [ 799.008701][ T883] ? __alloc_skb+0x5b7/0x710 [ 799.008721][ T883] ? __alloc_skb+0x140/0x710 [ 799.008744][ T883] __alloc_skb+0x140/0x710 [ 799.008762][ T883] ? __alloc_skb+0x5b7/0x710 [ 799.008781][ T883] ? __pfx___alloc_skb+0x10/0x10 [ 799.008807][ T883] alloc_skb_with_frags+0xdd/0x760 [ 799.008835][ T883] sock_alloc_send_pskb+0x801/0x980 [ 799.008862][ T883] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 799.008882][ T883] ? find_held_lock+0x2b/0x80 [ 799.008900][ T883] ? sock_def_readable+0x1d2/0x600 [ 799.008926][ T883] ? sock_def_readable+0x1d2/0x600 [ 799.008951][ T883] unix_dgram_sendmsg+0x3c7/0x1810 [ 799.009040][ T883] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 799.009088][ T883] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 799.009106][ T883] ? iovec_from_user+0xda/0x140 [ 799.009124][ T883] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 799.009144][ T883] ? __import_iovec+0x1d2/0x640 [ 799.009163][ T883] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 799.009217][ T883] ____sys_sendmsg+0xa4d/0xbe0 [ 799.009233][ T883] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 799.009254][ T883] ? __pfx_____sys_sendmsg+0x10/0x10 [ 799.009273][ T883] ? rcu_is_watching+0x12/0xc0 [ 799.009290][ T883] ? ___sys_sendmsg+0x19d/0x1e0 [ 799.009305][ T883] ? kfree+0x1e5/0x6c0 [ 799.009318][ T883] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 799.009340][ T883] ___sys_sendmsg+0x190/0x1e0 [ 799.009359][ T883] ? __pfx____sys_sendmsg+0x10/0x10 [ 799.009374][ T883] ? do_user_addr_fault+0x7de/0x12f0 [ 799.009404][ T883] ? lockdep_hardirqs_on+0x78/0x100 [ 799.009429][ T883] ? __pfx___might_resched+0x10/0x10 [ 799.009457][ T883] __sys_sendmmsg+0x20c/0x440 [ 799.009481][ T883] ? __pfx___sys_sendmmsg+0x10/0x10 [ 799.009508][ T883] ? __pfx_do_futex+0x10/0x10 [ 799.009535][ T883] ? xfd_validate_state+0x129/0x190 [ 799.009563][ T883] __x64_sys_sendmmsg+0x9c/0x100 [ 799.009584][ T883] ? lockdep_hardirqs_on+0x78/0x100 [ 799.009600][ T883] do_syscall_64+0x115/0x840 [ 799.009616][ T883] ? clear_bhb_loop+0x40/0x90 [ 799.009635][ T883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.009651][ T883] RIP: 0033:0x7fe2c999ce59 [ 799.009667][ T883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 799.009682][ T883] RSP: 002b:00007fe2ca8b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 799.009696][ T883] RAX: ffffffffffffffda RBX: 00007fe2c9c15fa0 RCX: 00007fe2c999ce59 [ 799.009707][ T883] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 799.009716][ T883] RBP: 00007fe2c9a32e6f R08: 0000000000000000 R09: 0000000000000000 [ 799.009725][ T883] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 799.009733][ T883] R13: 00007fe2c9c16038 R14: 00007fe2c9c15fa0 R15: 00007ffe69207e38 [ 799.009753][ T883] [ 800.197556][ T950] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5625] was attempted by ""[950] [ 800.364987][ T883] memory: usage 3072kB, limit 3072kB, failcnt 147251 [ 800.396046][ T883] memory+swap: usage 3864kB, limit 9007199254740988kB, failcnt 0 [ 800.429245][ T883] kmem: usage 2832kB, limit 9007199254740988kB, failcnt 0 [ 800.462815][ T883] Memory cgroup stats for /syz0: [ 800.463025][ T883] cache 0 [ 800.514472][ T883] rss 0 [ 800.532349][ T883] rss_huge 0 [ 800.545233][ T883] shmem 0 [ 800.556063][ T883] mapped_file 0 [ 800.568831][ T883] dirty 0 [ 800.582009][ T883] writeback 0 [ 800.602246][ T883] workingset_refault_anon 23158 [ 800.619438][ T883] workingset_refault_file 32583 [ 800.652052][ T883] swap 811008 [ 800.667030][ T883] swapcached 551350272 [ 800.684689][ T883] pgpgin 352795 [ 800.703635][ T883] pgpgout 363548 [ 800.718144][ T883] pgfault 452692 [ 800.733275][ T883] pgmajfault 11424 [ 800.752605][ T883] inactive_anon 151552 [ 800.769029][ T883] active_anon 94208 [ 800.780970][ T883] inactive_file 0 [ 800.790773][ T883] active_file 0 [ 800.802487][ T883] unevictable 0 [ 800.813438][ T883] hierarchical_memory_limit 3145728 [ 800.834480][ T883] hierarchical_memsw_limit 9223372036854771712 [ 800.852064][ T883] total_cache 0 [ 800.861202][ T883] total_rss 0 [ 800.875770][ T883] total_rss_huge 0 [ 800.888469][ T883] total_shmem 0 [ 800.900497][ T883] total_mapped_file 0 [ 800.913677][ T883] total_dirty 0 [ 800.925763][ T883] total_writeback 0 [ 800.937702][ T883] total_workingset_refault_anon 23158 [ 800.956386][ T883] total_workingset_refault_file 32583 [ 800.977285][ T883] total_swap 811008 [ 800.990561][ T883] total_swapcached 551350272 [ 801.004951][ T883] total_pgpgin 352795 [ 801.018237][ T883] total_pgpgout 363548 [ 801.034019][ T883] total_pgfault 452692 [ 801.045740][ T883] total_pgmajfault 11424 [ 801.061611][ T883] total_inactive_anon 151552 [ 801.076573][ T883] total_active_anon 94208 [ 801.094752][ T883] total_inactive_file 0 [ 801.108408][ T883] total_active_file 0 [ 801.121262][ T883] total_unevictable 0 [ 801.134321][ T883] anon_cost 0 [ 801.144860][ T883] file_cost 74 [ 801.157882][ T883] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.13022,pid=882,uid=0 [ 801.208988][ T883] Memory cgroup out of memory: Killed process 882 (syz.0.13022) total-vm:104544kB, anon-rss:1236kB, file-rss:22400kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 804.489669][ T1039] syz.0.13081 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 804.565164][ T1039] CPU: 0 UID: 0 PID: 1039 Comm: syz.0.13081 Tainted: G U L syzkaller #0 PREEMPT(full) [ 804.565191][ T1039] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 804.565197][ T1039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 804.565206][ T1039] Call Trace: [ 804.565212][ T1039] [ 804.565217][ T1039] dump_stack_lvl+0x100/0x190 [ 804.565241][ T1039] dump_header+0xfb/0x606 [ 804.565258][ T1039] oom_kill_process.cold+0xd/0x330 [ 804.565276][ T1039] out_of_memory+0x340/0x14f0 [ 804.565304][ T1039] ? __pfx_out_of_memory+0x10/0x10 [ 804.565332][ T1039] mem_cgroup_out_of_memory+0xc6/0x130 [ 804.565349][ T1039] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 804.565364][ T1039] ? find_held_lock+0x2b/0x80 [ 804.565386][ T1039] ? do_raw_spin_unlock+0x145/0x1e0 [ 804.565404][ T1039] ? _raw_spin_unlock+0x28/0x50 [ 804.565429][ T1039] try_charge_memcg+0x6e5/0xdf0 [ 804.565462][ T1039] ? __pfx_try_charge_memcg+0x10/0x10 [ 804.565484][ T1039] ? find_held_lock+0x2b/0x80 [ 804.565502][ T1039] ? rcu_read_unlock+0x17/0x60 [ 804.565524][ T1039] ? rcu_read_unlock+0x17/0x60 [ 804.565545][ T1039] ? find_held_lock+0x2b/0x80 [ 804.565563][ T1039] ? rcu_read_unlock+0x17/0x60 [ 804.565588][ T1039] charge_memcg+0x187/0x1e0 [ 804.565611][ T1039] mem_cgroup_swapin_charge_folio+0xc1/0x450 [ 804.565637][ T1039] swap_cache_alloc_folio+0x548/0xc50 [ 804.565658][ T1039] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 804.565674][ T1039] ? swap_cache_get_folio+0x28d/0x360 [ 804.565690][ T1039] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 804.565708][ T1039] ? tick_program_event+0xb0/0x140 [ 804.565733][ T1039] swap_cache_read_folio+0x47/0x140 [ 804.565752][ T1039] swap_cluster_readahead+0x479/0x5f0 [ 804.565772][ T1039] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 804.565790][ T1039] ? trace_sched_exit_tp+0x120/0x160 [ 804.565815][ T1039] ? __lock_acquire+0x49f/0x1a40 [ 804.565838][ T1039] ? get_vma_policy+0x23d/0x3b0 [ 804.565862][ T1039] swapin_readahead+0x159/0x1200 [ 804.565885][ T1039] ? __pfx_swapin_readahead+0x10/0x10 [ 804.565906][ T1039] ? swap_table_get+0x10d/0x2c0 [ 804.565921][ T1039] ? swap_cache_get_folio+0x28d/0x360 [ 804.565937][ T1039] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 804.565953][ T1039] ? __pfx_softleaf_type+0x10/0x10 [ 804.565972][ T1039] ? do_swap_page+0xf98/0x5780 [ 804.565985][ T1039] do_swap_page+0xf98/0x5780 [ 804.566008][ T1039] ? __pfx_do_swap_page+0x10/0x10 [ 804.566023][ T1039] ? __lock_acquire+0x49f/0x1a40 [ 804.566048][ T1039] ? rcu_is_watching+0x12/0xc0 [ 804.566066][ T1039] ? __pte_offset_map+0x179/0x310 [ 804.566087][ T1039] __handle_mm_fault+0x192f/0x2a00 [ 804.566106][ T1039] ? reacquire_held_locks+0xce/0x1e0 [ 804.566129][ T1039] ? __pfx___handle_mm_fault+0x10/0x10 [ 804.566147][ T1039] ? lock_vma_under_rcu+0x17c/0x590 [ 804.566182][ T1039] handle_mm_fault+0x37b/0xa30 [ 804.566200][ T1039] do_user_addr_fault+0x5a3/0x12f0 [ 804.566227][ T1039] exc_page_fault+0x6f/0xd0 [ 804.566242][ T1039] asm_exc_page_fault+0x26/0x30 [ 804.566257][ T1039] RIP: 0033:0x7fe2c98714d7 [ 804.566271][ T1039] Code: 74 28 25 ff 0f 00 00 83 f0 3d 8d 04 c0 89 c3 c1 eb 04 31 c3 69 db 2d eb d4 27 89 d8 c1 e8 0f 31 c3 81 e3 ff 0f 00 00 48 31 d3 <80> 3d 6a 0b 3a 00 00 0f 84 1c 01 00 00 4c 89 f6 48 8b 0d 4a 0b 3a [ 804.566285][ T1039] RSP: 002b:00007ffe69207e80 EFLAGS: 00010286 [ 804.566297][ T1039] RAX: 000000000000f169 RBX: ffffffff8295e542 RCX: 0000001b346168a0 [ 804.566307][ T1039] RDX: ffffffff8295ed5b RSI: 0000000000000008 RDI: 00007fe2c8ffd008 [ 804.566316][ T1039] RBP: 0000000000000006 R08: 00007fe2c9c00000 R09: 00007fe2c9c02000 [ 804.566325][ T1039] R10: 000000008295ecf8 R11: 0000000000000004 R12: 00007fe2c9c16128 [ 804.566334][ T1039] R13: 0000000000000006 R14: ffffffff8295ed5b R15: 00007fe2ca745720 [ 804.566343][ T1039] ? __fget_files+0x23b/0x3d0 [ 804.566368][ T1039] ? fd_install+0x2c2/0x580 [ 804.566391][ T1039] ? __fget_files+0x23b/0x3d0 [ 804.566417][ T1039] [ 804.566429][ T1039] memory: usage 3072kB, limit 3072kB, failcnt 147786 [ 805.372099][ T1039] memory+swap: usage 3892kB, limit 9007199254740988kB, failcnt 0 [ 805.388506][ T1039] kmem: usage 2864kB, limit 9007199254740988kB, failcnt 0 [ 805.403527][ T1039] Memory cgroup stats for /syz0: [ 805.403630][ T1039] cache 0 [ 805.438355][ T1039] rss 0 [ 805.444249][ T1039] rss_huge 0 [ 805.452681][ T1039] shmem 0 [ 805.478150][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 805.484459][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 805.494300][ T1039] mapped_file 0 [ 805.502749][ T1039] dirty 0 [ 805.512099][ T1039] writeback 0 [ 805.522524][ T1039] workingset_refault_anon 23327 [ 805.539251][ T1039] workingset_refault_file 32583 [ 805.559123][ T1039] swap 839680 [ 805.568236][ T1039] swapcached 552251392 [ 805.580903][ T1039] pgpgin 353150 [ 805.593997][ T1039] pgpgout 363911 [ 805.605617][ T1039] pgfault 454461 [ 805.615918][ T1039] pgmajfault 11526 [ 805.624500][ T1039] inactive_anon 65536 [ 805.631891][ T1039] active_anon 147456 [ 805.640499][ T1039] inactive_file 0 [ 805.651119][ T1039] active_file 0 [ 805.659171][ T1039] unevictable 0 [ 805.666024][ T1039] hierarchical_memory_limit 3145728 [ 805.679099][ T1039] hierarchical_memsw_limit 9223372036854771712 [ 805.694323][ T1039] total_cache 0 [ 805.702222][ T1039] total_rss 0 [ 805.710742][ T1039] total_rss_huge 0 [ 805.718482][ T1039] total_shmem 0 [ 805.726331][ T1039] total_mapped_file 0 [ 805.735228][ T1039] total_dirty 0 [ 805.745483][ T1039] total_writeback 0 [ 805.756420][ T1039] total_workingset_refault_anon 23327 [ 805.769271][ T1039] total_workingset_refault_file 32583 [ 805.781211][ T1039] total_swap 839680 [ 805.789780][ T1039] total_swapcached 552251392 [ 805.798241][ T1039] total_pgpgin 353150 [ 805.802292][ T1039] total_pgpgout 363911 [ 805.806812][ T1039] total_pgfault 454461 [ 805.810920][ T1039] total_pgmajfault 11526 [ 805.815474][ T1039] total_inactive_anon 65536 [ 805.820091][ T1039] total_active_anon 147456 [ 805.824800][ T1039] total_inactive_file 0 [ 805.828979][ T1039] total_active_file 0 [ 805.833053][ T1039] total_unevictable 0 [ 805.837401][ T1039] anon_cost 0 [ 805.841517][ T1039] file_cost 74 [ 805.845255][ T1039] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.13081,pid=1039,uid=0 [ 805.860639][ T1039] Memory cgroup out of memory: Killed process 1039 (syz.0.13081) total-vm:108512kB, anon-rss:1236kB, file-rss:22284kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 807.853581][ T1177] openvswitch: netlink: IP tunnel TTL not specified. [ 809.032975][ T1115] syz.0.13103 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), order=0, oom_score_adj=1000 [ 809.046371][ T1115] CPU: 0 UID: 0 PID: 1115 Comm: syz.0.13103 Tainted: G U L syzkaller #0 PREEMPT(full) [ 809.046397][ T1115] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 809.046403][ T1115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 809.046412][ T1115] Call Trace: [ 809.046418][ T1115] [ 809.046424][ T1115] dump_stack_lvl+0x100/0x190 [ 809.046447][ T1115] dump_header+0xfb/0x606 [ 809.046465][ T1115] oom_kill_process.cold+0xd/0x330 [ 809.046483][ T1115] out_of_memory+0x340/0x14f0 [ 809.046511][ T1115] ? __pfx_out_of_memory+0x10/0x10 [ 809.046539][ T1115] mem_cgroup_out_of_memory+0xc6/0x130 [ 809.046556][ T1115] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 809.046572][ T1115] ? find_held_lock+0x2b/0x80 [ 809.046595][ T1115] ? do_raw_spin_unlock+0x145/0x1e0 [ 809.046612][ T1115] ? _raw_spin_unlock+0x28/0x50 [ 809.046639][ T1115] try_charge_memcg+0x6e5/0xdf0 [ 809.046664][ T1115] ? __pfx_try_charge_memcg+0x10/0x10 [ 809.046685][ T1115] ? find_held_lock+0x2b/0x80 [ 809.046703][ T1115] ? rcu_read_unlock+0x17/0x60 [ 809.046725][ T1115] ? rcu_read_unlock+0x17/0x60 [ 809.046753][ T1115] obj_cgroup_charge_pages+0x22/0x1d0 [ 809.046776][ T1115] __memcg_kmem_charge_page+0x1c1/0x4d0 [ 809.046802][ T1115] __alloc_frozen_pages_noprof+0x365/0x2dc0 [ 809.046822][ T1115] ? stack_depot_save_flags+0x27/0x9d0 [ 809.046845][ T1115] ? kasan_save_stack+0x3f/0x50 [ 809.046862][ T1115] ? kasan_save_stack+0x30/0x50 [ 809.046878][ T1115] ? kasan_save_track+0x14/0x30 [ 809.046895][ T1115] ? __kasan_slab_alloc+0x89/0x90 [ 809.046913][ T1115] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 809.046930][ T1115] ? ptlock_alloc+0x1f/0x70 [ 809.046949][ T1115] ? pte_alloc_one+0x82/0x3d0 [ 809.046972][ T1115] ? __pte_alloc+0x6d/0x3e0 [ 809.046989][ T1115] ? copy_page_range+0x3dd8/0x5b20 [ 809.047012][ T1115] ? dup_mmap+0xd44/0x21b0 [ 809.047033][ T1115] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 809.047052][ T1115] ? __lock_acquire+0x49f/0x1a40 [ 809.047080][ T1115] ? __lock_acquire+0x49f/0x1a40 [ 809.047107][ T1115] ? __lock_acquire+0x49f/0x1a40 [ 809.047132][ T1115] ? __lock_acquire+0x49f/0x1a40 [ 809.047154][ T1115] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 809.047178][ T1115] ? policy_nodemask+0xed/0x4f0 [ 809.047202][ T1115] alloc_pages_mpol+0x1fb/0x540 [ 809.047224][ T1115] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 809.047250][ T1115] alloc_pages_noprof+0x1a/0x160 [ 809.047274][ T1115] pte_alloc_one+0x1c/0x3d0 [ 809.047296][ T1115] __pte_alloc+0x6d/0x3e0 [ 809.047315][ T1115] ? __pfx___pte_alloc+0x10/0x10 [ 809.047333][ T1115] ? __pfx___might_resched+0x10/0x10 [ 809.047355][ T1115] ? copy_page_range+0x1c4a/0x5b20 [ 809.047382][ T1115] copy_page_range+0x3dd8/0x5b20 [ 809.047427][ T1115] ? mas_wr_store_entry+0xa1/0x1e80 [ 809.047449][ T1115] ? __pfx_copy_page_range+0x10/0x10 [ 809.047480][ T1115] ? __pfx___might_resched+0x10/0x10 [ 809.047505][ T1115] ? dup_mmap+0xcfe/0x21b0 [ 809.047526][ T1115] ? down_write+0x146/0x1f0 [ 809.047545][ T1115] ? up_write+0x2e5/0x5c0 [ 809.047563][ T1115] dup_mmap+0xd44/0x21b0 [ 809.047592][ T1115] ? __pfx_dup_mmap+0x10/0x10 [ 809.047612][ T1115] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 809.047640][ T1115] ? __lock_acquire+0x49f/0x1a40 [ 809.047664][ T1115] ? find_held_lock+0x2b/0x80 [ 809.047682][ T1115] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 809.047714][ T1115] copy_process+0x4588/0x7ff0 [ 809.047744][ T1115] ? __pfx_copy_process+0x10/0x10 [ 809.047762][ T1115] ? find_held_lock+0x2b/0x80 [ 809.047781][ T1115] ? do_mprotect_pkey+0x40f/0xef0 [ 809.047801][ T1115] kernel_clone+0x176/0x9d0 [ 809.047821][ T1115] ? __pfx_kernel_clone+0x10/0x10 [ 809.047850][ T1115] ? 0xffffffff81000000 [ 809.047862][ T1115] __do_sys_clone+0xd9/0x120 [ 809.047880][ T1115] ? __pfx___do_sys_clone+0x10/0x10 [ 809.047899][ T1115] ? 0xffffffff81000000 [ 809.047925][ T1115] do_syscall_64+0x115/0x840 [ 809.047945][ T1115] ? clear_bhb_loop+0x40/0x90 [ 809.047964][ T1115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.047979][ T1115] RIP: 0033:0x7fe2c999ce59 [ 809.047992][ T1115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 809.048007][ T1115] RSP: 002b:00007fe2ca8b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 809.048022][ T1115] RAX: ffffffffffffffda RBX: 00007fe2c9c15fa0 RCX: 00007fe2c999ce59 [ 809.048032][ T1115] RDX: 9999999999999999 RSI: 0000000000000009 RDI: 0000000100000008 [ 809.048041][ T1115] RBP: 00007fe2c9a32e6f R08: 0000000004000006 R09: 0000000000000000 [ 809.048051][ T1115] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000 [ 809.048060][ T1115] R13: 00007fe2c9c16038 R14: 00007fe2c9c15fa0 R15: 00007ffe69207e38 [ 809.048073][ T1115] ? 0xffffffff81000000 [ 809.048090][ T1115] [ 809.522402][ T1115] memory: usage 3072kB, limit 3072kB, failcnt 149666 [ 809.529225][ T1115] memory+swap: usage 7952kB, limit 9007199254740988kB, failcnt 0 [ 809.537540][ T1115] kmem: usage 2824kB, limit 9007199254740988kB, failcnt 0 [ 809.544925][ T1115] Memory cgroup stats for /syz0: [ 809.545027][ T1115] cache 0 [ 809.552952][ T1115] rss 0 [ 809.556138][ T1115] rss_huge 0 [ 809.559328][ T1115] shmem 0 [ 809.562258][ T1115] mapped_file 0 [ 809.566094][ T1115] dirty 0 [ 809.569017][ T1115] writeback 0 [ 809.572298][ T1115] workingset_refault_anon 23884 [ 809.577550][ T1115] workingset_refault_file 32583 [ 809.582390][ T1115] swap 4997120 [ 809.586045][ T1115] swapcached 558825472 [ 809.590096][ T1115] pgpgin 354769 [ 809.593804][ T1115] pgpgout 365520 [ 809.597334][ T1115] pgfault 456183 [ 809.600860][ T1115] pgmajfault 11928 [ 809.604952][ T1115] inactive_anon 196608 [ 809.609005][ T1115] active_anon 57344 [ 809.615352][ T1115] inactive_file 0 [ 809.618989][ T1115] active_file 0 [ 809.622425][ T1115] unevictable 0 [ 809.626305][ T1115] hierarchical_memory_limit 3145728 [ 809.631493][ T1115] hierarchical_memsw_limit 9223372036854771712 [ 809.637898][ T1115] total_cache 0 [ 809.641342][ T1115] total_rss 0 [ 809.644882][ T1115] total_rss_huge 0 [ 809.648587][ T1115] total_shmem 0 [ 809.652022][ T1115] total_mapped_file 0 [ 809.656355][ T1115] total_dirty 0 [ 809.659796][ T1115] total_writeback 0 [ 809.663850][ T1115] total_workingset_refault_anon 23884 [ 809.669202][ T1115] total_workingset_refault_file 32583 [ 809.674820][ T1115] total_swap 4997120 [ 809.678696][ T1115] total_swapcached 558825472 [ 809.683528][ T1115] total_pgpgin 354769 [ 809.687489][ T1115] total_pgpgout 365520 [ 809.691532][ T1115] total_pgfault 456183 [ 809.697379][ T1115] total_pgmajfault 11928 [ 809.701612][ T1115] total_inactive_anon 196608 [ 809.706481][ T1115] total_active_anon 57344 [ 809.710792][ T1115] total_inactive_file 0 [ 809.716140][ T1115] total_active_file 0 [ 809.720114][ T1115] total_unevictable 0 [ 809.726060][ T1115] anon_cost 0 [ 809.729336][ T1115] file_cost 74 [ 809.732686][ T1115] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.13103,pid=1113,uid=0 [ 809.749557][ T1115] Memory cgroup out of memory: Killed process 1113 (syz.0.13103) total-vm:108512kB, anon-rss:1236kB, file-rss:22496kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 811.263935][ T1251] netlink: 'syz.3.13160': attribute type 4 has an invalid length. [ 811.303963][ T1251] netlink: 314 bytes leftover after parsing attributes in process `syz.3.13160'. [ 812.294634][ T1294] netlink: 346 bytes leftover after parsing attributes in process `syz.2.13180'. [ 814.059250][ T29] audit: type=1804 audit(4294967318.395:55): pid=1350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.13200" name="file0" dev="tmpfs" ino=18487 res=1 errno=0 [ 814.848951][ T1375] netlink: 354 bytes leftover after parsing attributes in process `syz.3.13206'. [ 816.025560][ T1356] kexec: Could not allocate control_code_buffer [ 816.107483][ T29] audit: type=1804 audit(4294967320.456:56): pid=1401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.13215" name="/newroot/2661/file0" dev="tmpfs" ino=13407 res=1 errno=0 [ 817.441367][ T29] audit: type=1804 audit(4294967321.793:57): pid=1432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.13228" name="file0" dev="tmpfs" ino=17246 res=1 errno=0 [ 818.919132][ T1477] netlink: 354 bytes leftover after parsing attributes in process `syz.2.13249'. [ 818.960394][ T1477] netlink: 354 bytes leftover after parsing attributes in process `syz.2.13249'. [ 822.054285][ T1519] syz.0.13267 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 822.097260][ T1519] CPU: 0 UID: 0 PID: 1519 Comm: syz.0.13267 Tainted: G U L syzkaller #0 PREEMPT(full) [ 822.097287][ T1519] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 822.097293][ T1519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 822.097302][ T1519] Call Trace: [ 822.097307][ T1519] [ 822.097313][ T1519] dump_stack_lvl+0x100/0x190 [ 822.097336][ T1519] dump_header+0xfb/0x606 [ 822.097354][ T1519] oom_kill_process.cold+0xd/0x330 [ 822.097371][ T1519] out_of_memory+0x340/0x14f0 [ 822.097400][ T1519] ? __pfx_out_of_memory+0x10/0x10 [ 822.097428][ T1519] mem_cgroup_out_of_memory+0xc6/0x130 [ 822.097445][ T1519] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 822.097460][ T1519] ? find_held_lock+0x2b/0x80 [ 822.097482][ T1519] ? do_raw_spin_unlock+0x145/0x1e0 [ 822.097500][ T1519] ? _raw_spin_unlock+0x28/0x50 [ 822.097525][ T1519] try_charge_memcg+0x6e5/0xdf0 [ 822.097550][ T1519] ? __pfx_try_charge_memcg+0x10/0x10 [ 822.097570][ T1519] ? find_held_lock+0x2b/0x80 [ 822.097588][ T1519] ? rcu_read_unlock+0x17/0x60 [ 822.097610][ T1519] ? rcu_read_unlock+0x17/0x60 [ 822.097631][ T1519] ? find_held_lock+0x2b/0x80 [ 822.097654][ T1519] ? rcu_read_unlock+0x17/0x60 [ 822.097680][ T1519] charge_memcg+0x187/0x1e0 [ 822.097702][ T1519] mem_cgroup_swapin_charge_folio+0xc1/0x450 [ 822.097728][ T1519] swap_cache_alloc_folio+0x548/0xc50 [ 822.097749][ T1519] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 822.097765][ T1519] ? swap_cache_get_folio+0x28d/0x360 [ 822.097782][ T1519] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 822.097798][ T1519] ? find_held_lock+0x2b/0x80 [ 822.097816][ T1519] ? mlock_drain_local+0x254/0x4e0 [ 822.097831][ T1519] ? mlock_drain_local+0x254/0x4e0 [ 822.097849][ T1519] swap_cache_read_folio+0x47/0x140 [ 822.097867][ T1519] swap_cluster_readahead+0x387/0x5f0 [ 822.097888][ T1519] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 822.097914][ T1519] ? __lock_acquire+0x49f/0x1a40 [ 822.097937][ T1519] ? get_vma_policy+0x23d/0x3b0 [ 822.097960][ T1519] swapin_readahead+0x159/0x1200 [ 822.097983][ T1519] ? __pfx_swapin_readahead+0x10/0x10 [ 822.098004][ T1519] ? swap_table_get+0x10d/0x2c0 [ 822.098019][ T1519] ? swap_cache_get_folio+0x28d/0x360 [ 822.098035][ T1519] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 822.098050][ T1519] ? __pfx_softleaf_type+0x10/0x10 [ 822.098069][ T1519] ? do_swap_page+0xf98/0x5780 [ 822.098082][ T1519] do_swap_page+0xf98/0x5780 [ 822.098105][ T1519] ? __pfx_do_swap_page+0x10/0x10 [ 822.098120][ T1519] ? __lock_acquire+0x49f/0x1a40 [ 822.098142][ T1519] ? do_raw_spin_lock+0x128/0x260 [ 822.098159][ T1519] ? rcu_is_watching+0x12/0xc0 [ 822.098178][ T1519] ? __pte_offset_map+0x179/0x310 [ 822.098199][ T1519] __handle_mm_fault+0x192f/0x2a00 [ 822.098217][ T1519] ? reacquire_held_locks+0xce/0x1e0 [ 822.098241][ T1519] ? __pfx___handle_mm_fault+0x10/0x10 [ 822.098259][ T1519] ? lock_vma_under_rcu+0x17c/0x590 [ 822.098294][ T1519] handle_mm_fault+0x37b/0xa30 [ 822.098312][ T1519] do_user_addr_fault+0x5a3/0x12f0 [ 822.098338][ T1519] exc_page_fault+0x6f/0xd0 [ 822.098355][ T1519] asm_exc_page_fault+0x26/0x30 [ 822.098369][ T1519] RIP: 0033:0x7fe2c98507bf [ 822.098382][ T1519] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 52 18 3b 00 89 f0 4c 8d 05 49 f8 3a 00 89 c2 81 e2 ff 1f 00 00 <49> 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0 [ 822.098396][ T1519] RSP: 002b:00007ffe69207ec8 EFLAGS: 00010206 [ 822.098410][ T1519] RAX: 000000008531eca6 RBX: ffffffff8531eca6 RCX: 0000001b34416148 [ 822.098419][ T1519] RDX: 0000000000000ca6 RSI: ffffffff8531eca6 RDI: 0000000000000002 [ 822.098429][ T1519] RBP: 000000000000000d R08: 00007fe2c9c00000 R09: 00007fe2c9c02000 [ 822.098437][ T1519] R10: 000000008531ecaa R11: 0000000000000002 R12: 00007fe2c9c16038 [ 822.098446][ T1519] R13: 000000000000000d R14: ffffffff8531e779 R15: 00007fe2ca745720 [ 822.098456][ T1519] ? should_fail_usercopy+0x9/0x20 [ 822.098475][ T1519] ? collect_syscall+0x506/0x7a0 [ 822.098496][ T1519] ? collect_syscall+0x506/0x7a0 [ 822.098515][ T1519] [ 822.793423][ T1519] memory: usage 3072kB, limit 3072kB, failcnt 155003 [ 822.800335][ T1519] memory+swap: usage 7936kB, limit 9007199254740988kB, failcnt 0 [ 822.808311][ T1519] kmem: usage 2684kB, limit 9007199254740988kB, failcnt 0 [ 822.815633][ T1519] Memory cgroup stats for /syz0: [ 822.815731][ T1519] cache 0 [ 822.823858][ T1519] rss 24576 [ 822.827069][ T1519] rss_huge 0 [ 822.830247][ T1519] shmem 0 [ 822.833159][ T1519] mapped_file 0 [ 822.836679][ T1519] dirty 0 [ 822.839596][ T1519] writeback 0 [ 822.842855][ T1519] workingset_refault_anon 24634 [ 822.847741][ T1519] workingset_refault_file 32583 [ 822.852566][ T1519] swap 4980736 [ 822.856901][ T1519] swapcached 575479808 [ 822.860960][ T1519] pgpgin 359808 [ 822.864405][ T1519] pgpgout 370562 [ 822.868050][ T1519] pgfault 463563 [ 822.871578][ T1519] pgmajfault 12302 [ 822.876594][ T1519] inactive_anon 90112 [ 822.880575][ T1519] active_anon 180224 [ 822.886192][ T1519] inactive_file 0 [ 822.889823][ T1519] active_file 0 [ 822.893275][ T1519] unevictable 0 [ 822.897084][ T1519] hierarchical_memory_limit 3145728 [ 822.902280][ T1519] hierarchical_memsw_limit 9223372036854771712 [ 822.908710][ T1519] total_cache 0 [ 822.912168][ T1519] total_rss 24576 [ 822.916059][ T1519] total_rss_huge 0 [ 822.919780][ T1519] total_shmem 0 [ 822.923218][ T1519] total_mapped_file 0 [ 822.927536][ T1519] total_dirty 0 [ 822.930992][ T1519] total_writeback 0 [ 822.935042][ T1519] total_workingset_refault_anon 24634 [ 822.940407][ T1519] total_workingset_refault_file 32583 [ 822.946038][ T1519] total_swap 4980736 [ 822.949931][ T1519] total_swapcached 575479808 [ 822.955548][ T1519] total_pgpgin 359808 [ 822.959533][ T1519] total_pgpgout 370562 [ 822.963583][ T1519] total_pgfault 463563 [ 822.967971][ T1519] total_pgmajfault 12302 [ 822.972216][ T1519] total_inactive_anon 90112 [ 822.976965][ T1519] total_active_anon 180224 [ 822.981391][ T1519] total_inactive_file 0 [ 822.991505][ T1519] total_active_file 0 [ 822.997465][ T1519] total_unevictable 0 [ 823.001449][ T1519] anon_cost 0 [ 823.005847][ T1519] file_cost 74 [ 823.009739][ T1519] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.13267,pid=1519,uid=0 [ 823.025227][ T1519] Memory cgroup out of memory: Killed process 1519 (syz.0.13267) total-vm:106464kB, anon-rss:1260kB, file-rss:22604kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 824.426683][ T1599] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13299'. [ 824.465495][ T1599] batadv0: entered promiscuous mode [ 824.615293][ T1607] netlink: 'syz.0.13303': attribute type 23 has an invalid length. [ 826.182272][ T1667] ERROR: Out of memory at tomoyo_memory_ok. [ 826.722101][T14933] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.961444][T32100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 826.984837][T32100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 826.998709][T32100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 827.008227][T32100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 827.017798][T32100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 827.079583][T14933] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 827.142994][ T1685] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13335'. [ 827.403921][T14933] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.202343][T14933] dummy0: left allmulticast mode [ 828.229805][T14933] dummy0: left promiscuous mode [ 828.242465][T14933] bridge0: port 3(dummy0) entered disabled state [ 828.263371][T14933] bridge_slave_1: left allmulticast mode [ 828.274924][T14933] bridge_slave_1: left promiscuous mode [ 828.289121][T14933] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.311418][T14933] bridge_slave_0: left allmulticast mode [ 828.327127][T14933] bridge_slave_0: left promiscuous mode [ 828.341875][T14933] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.679742][T14933] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 828.708593][T14933] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 828.725874][T14933] bond0 (unregistering): Released all slaves [ 828.825893][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 829.113239][T32100] Bluetooth: hci1: command tx timeout [ 829.558347][T14933] hsr_slave_0: left promiscuous mode [ 829.574775][T14933] hsr_slave_1: left promiscuous mode [ 829.588693][T14933] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 829.612405][T14933] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 829.630306][T14933] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 829.646677][T14933] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 829.693639][T14933] veth1_macvtap: left promiscuous mode [ 829.706616][T14933] veth0_macvtap: left promiscuous mode [ 829.721846][T14933] veth1_vlan: left promiscuous mode [ 829.739086][T14933] veth0_vlan: left promiscuous mode [ 829.934276][T14933] team0 (unregistering): Port device team_slave_1 removed [ 829.950701][T14933] team0 (unregistering): Port device team_slave_0 removed [ 830.053420][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 830.097890][ T1679] bridge0: port 1(bridge_slave_0) entered blocking state [ 830.114855][ T1679] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.141373][ T1679] bridge_slave_0: entered allmulticast mode [ 830.162891][ T1679] bridge_slave_0: entered promiscuous mode [ 830.182564][ T1679] bridge0: port 2(bridge_slave_1) entered blocking state [ 830.201991][ T1679] bridge0: port 2(bridge_slave_1) entered disabled state [ 830.219124][ T1679] bridge_slave_1: entered allmulticast mode [ 830.242617][ T1679] bridge_slave_1: entered promiscuous mode [ 830.344147][ T1679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 830.378517][ T1679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 830.452020][ T1679] team0: Port device team_slave_0 added [ 830.468918][ T1679] team0: Port device team_slave_1 added [ 830.522060][ T1679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 830.536239][ T1679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 830.596941][ T1679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 830.623096][ T1679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 830.645517][ T1679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 830.698233][ T1679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 830.802022][ T1679] hsr_slave_0: entered promiscuous mode [ 830.816872][ T1679] hsr_slave_1: entered promiscuous mode [ 830.899533][ T5288] 8021q: adding VLAN 0 to HW filter on device eth3 [ 831.181437][T32100] Bluetooth: hci1: command tx timeout [ 831.695365][ T1679] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 831.723783][ T1679] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 831.737552][ T1679] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 831.771778][ T1679] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 831.790465][ T1679] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 831.810602][ T1679] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 831.831137][ T1679] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 831.864882][ T1679] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 832.003030][ T1679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 832.040917][ T1679] 8021q: adding VLAN 0 to HW filter on device team0 [ 832.065086][T15728] bridge0: port 1(bridge_slave_0) entered blocking state [ 832.072230][T15728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 832.103649][T15728] bridge0: port 2(bridge_slave_1) entered blocking state [ 832.110799][T15728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 832.182861][ T1679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 832.772689][ T1679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 832.847356][ T1679] veth0_vlan: entered promiscuous mode [ 832.881029][ T1679] veth1_vlan: entered promiscuous mode [ 832.936811][ T1679] veth0_macvtap: entered promiscuous mode [ 832.956349][ T1679] veth1_macvtap: entered promiscuous mode [ 832.990098][ T1679] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 833.019186][ T1679] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 833.076117][T15192] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.119285][T15192] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.146271][T15192] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.183236][T15192] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.251765][T32100] Bluetooth: hci1: command tx timeout [ 833.341234][T15192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.374737][T15192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.441298][T14942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.456903][T14942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.523666][ T1679] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 834.254756][ T1870] ERROR: Out of memory at tomoyo_memory_ok. [ 835.319902][T32100] Bluetooth: hci1: command tx timeout [ 836.272055][ T1942] sctp: [Deprecated]: syz.0.13377 (pid 1942) Use of struct sctp_assoc_value in delayed_ack socket option. [ 836.272055][ T1942] Use struct sctp_sack_info instead [ 836.669032][ T1951] ERROR: Out of memory at tomoyo_memory_ok. [ 837.415914][ T1970] netlink: 342 bytes leftover after parsing attributes in process `syz.1.13389'. [ 837.434998][ T1971] netlink: 186 bytes leftover after parsing attributes in process `syz.0.13388'. [ 837.765501][ T1983] ERROR: Out of memory at tomoyo_memory_ok. [ 837.937120][ T1991] ERROR: Out of memory at tomoyo_memory_ok. [ 839.287969][ T2034] netlink: 280 bytes leftover after parsing attributes in process `syz.1.13418'. [ 840.093481][ T2068] netlink: 330 bytes leftover after parsing attributes in process `syz.3.13434'. [ 840.117786][ T2069] bridge0: port 4(veth1) entered blocking state [ 840.167361][ T2069] bridge0: port 4(veth1) entered disabled state [ 840.224700][ T2069] veth1: entered allmulticast mode [ 840.258032][ T2069] veth1: entered promiscuous mode [ 840.282246][ T2069] bridge0: port 4(veth1) entered blocking state [ 840.288619][ T2069] bridge0: port 4(veth1) entered forwarding state [ 840.882768][ T2103] FAULT_INJECTION: forcing a failure. [ 840.882768][ T2103] name failslab, interval 1, probability 0, space 0, times 0 [ 840.953529][ T2103] CPU: 0 UID: 0 PID: 2103 Comm: syz.0.13448 Tainted: G U L syzkaller #0 PREEMPT(full) [ 840.953557][ T2103] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 840.953563][ T2103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 840.953573][ T2103] Call Trace: [ 840.953579][ T2103] [ 840.953585][ T2103] dump_stack_lvl+0x100/0x190 [ 840.953609][ T2103] should_fail_ex.cold+0x5/0xa [ 840.953630][ T2103] should_failslab+0xc2/0x120 [ 840.953650][ T2103] kmem_cache_alloc_noprof+0x91/0x6a0 [ 840.953669][ T2103] ? prepare_creds+0x2c/0x950 [ 840.953695][ T2103] prepare_creds+0x2c/0x950 [ 840.953718][ T2103] keyctl_set_reqkey_keyring+0x8e/0x1c0 [ 840.953741][ T2103] __do_sys_keyctl+0x316/0x5a0 [ 840.953763][ T2103] do_syscall_64+0x115/0x840 [ 840.953779][ T2103] ? clear_bhb_loop+0x40/0x90 [ 840.953798][ T2103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.953813][ T2103] RIP: 0033:0x7f8c8ab9ce59 [ 840.953826][ T2103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 840.953849][ T2103] RSP: 002b:00007f8c8bb09028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 840.953865][ T2103] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa0 RCX: 00007f8c8ab9ce59 [ 840.953875][ T2103] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e [ 840.953884][ T2103] RBP: 00007f8c8ac32e6f R08: 0000000000000008 R09: 0000000000000000 [ 840.953894][ T2103] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000 [ 840.953902][ T2103] R13: 00007f8c8ae16038 R14: 00007f8c8ae15fa0 R15: 00007ffd7f8c9db8 [ 840.953922][ T2103] [ 843.665209][ T2185] ERROR: Out of memory at tomoyo_memory_ok. [ 845.561852][ T2242] netlink: 334 bytes leftover after parsing attributes in process `syz.1.13508'. [ 846.692439][ T2269] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13518'. [ 847.125421][ T2284] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13525'. [ 847.167081][ T2284] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13525'. [ 847.216257][ T2286] netlink: 25 bytes leftover after parsing attributes in process `syz.0.13524'. [ 847.296192][ T2288] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13526'. [ 848.100299][ T2311] netlink: 330 bytes leftover after parsing attributes in process `syz.1.13535'. [ 848.997706][ T2337] netlink: 326 bytes leftover after parsing attributes in process `syz.3.13546'. [ 849.240167][ T2348] netlink: 326 bytes leftover after parsing attributes in process `syz.3.13551'. [ 851.682717][ T2401] netlink: 334 bytes leftover after parsing attributes in process `syz.1.13572'. [ 852.282476][ T2424] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13581'. [ 853.390505][ T2442] ovs_: entered promiscuous mode [ 853.924033][ T2456] block nbd2: Unsupported socket: should be TCP or UNIX. [ 854.296291][ T2467] netlink: 342 bytes leftover after parsing attributes in process `syz.1.13592'. [ 855.771268][ T2495] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13601'. [ 856.087031][ T2508] netlink: 22 bytes leftover after parsing attributes in process `syz.1.13605'. [ 857.507818][ T2540] netlink: 334 bytes leftover after parsing attributes in process `syz.1.13616'. [ 857.708191][ T2549] HfR: entered promiscuous mode [ 857.769208][ T2549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13619'. [ 857.814532][ T2549] HfR: left promiscuous mode [ 859.915617][ T2606] netlink: 338 bytes leftover after parsing attributes in process `syz.3.13641'. [ 861.298695][ T2627] openvswitch: HfR: Dropping previously announced user features [ 861.368397][ T2629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13648'. [ 861.449881][ T2629] HfR: left promiscuous mode [ 864.433875][ T2715] netlink: 206 bytes leftover after parsing attributes in process `syz.2.13673'. [ 865.630710][ T2742] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13681'. [ 865.807529][ T2750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13684'. [ 866.097219][ T2765] overlayfs: missing 'lowerdir' [ 866.598758][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 866.607549][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 867.653697][ T2796] netlink: 330 bytes leftover after parsing attributes in process `syz.0.13697'. [ 868.923356][ T2817] netlink: 130 bytes leftover after parsing attributes in process `syz.3.13706'. [ 871.444541][ T2892] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13724'. [ 871.772186][ T2902] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13737'. [ 871.808654][ T2904] HfR: entered promiscuous mode [ 871.852893][ T2904] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13729'. [ 871.892235][ T2904] HfR: left promiscuous mode [ 873.352820][ T2933] netlink: 'syz.0.13740': attribute type 2 has an invalid length. [ 874.021866][ T2950] FAULT_INJECTION: forcing a failure. [ 874.021866][ T2950] name failslab, interval 1, probability 0, space 0, times 0 [ 874.050023][ T2950] CPU: 0 UID: 0 PID: 2950 Comm: syz.0.13746 Tainted: G U L syzkaller #0 PREEMPT(full) [ 874.050053][ T2950] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 874.050059][ T2950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 874.050069][ T2950] Call Trace: [ 874.050074][ T2950] [ 874.050080][ T2950] dump_stack_lvl+0x100/0x190 [ 874.050105][ T2950] should_fail_ex.cold+0x5/0xa [ 874.050125][ T2950] should_failslab+0xc2/0x120 [ 874.050147][ T2950] __kmalloc_noprof+0xfc/0x820 [ 874.050165][ T2950] ? trace_kmem_cache_alloc+0xdd/0x100 [ 874.050185][ T2950] ? lsm_blob_alloc+0x68/0x90 [ 874.050207][ T2950] lsm_blob_alloc+0x68/0x90 [ 874.050224][ T2950] security_prepare_creds+0x2d/0x290 [ 874.050241][ T2950] prepare_creds+0x5d6/0x950 [ 874.050268][ T2950] __sys_setresgid+0x4a7/0x12f0 [ 874.050288][ T2950] do_syscall_64+0x115/0x840 [ 874.050316][ T2950] ? clear_bhb_loop+0x40/0x90 [ 874.050334][ T2950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.050350][ T2950] RIP: 0033:0x7f8c8ab9ce59 [ 874.050364][ T2950] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.050378][ T2950] RSP: 002b:00007f8c8bb09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 874.050393][ T2950] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa0 RCX: 00007f8c8ab9ce59 [ 874.050404][ T2950] RDX: 0000000000000008 RSI: 00000000800000a0 RDI: 0000000000000081 [ 874.050413][ T2950] RBP: 00007f8c8ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 874.050423][ T2950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.050433][ T2950] R13: 00007f8c8ae16038 R14: 00007f8c8ae15fa0 R15: 00007ffd7f8c9db8 [ 874.050452][ T2950] [ 874.396892][ T2960] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13750'. [ 874.776942][ T2970] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13755'. [ 875.026328][ T2985] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13762'. [ 888.461016][T14944] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 888.478057][T14944] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 888.486409][T14944] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 888.500774][T14944] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 888.508487][T14944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 890.006802][ T3006] bridge0: port 1(bridge_slave_0) entered blocking state [ 890.054732][ T3006] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.096345][ T3006] bridge_slave_0: entered allmulticast mode [ 890.136459][ T3006] bridge_slave_0: entered promiscuous mode [ 890.179130][ T3006] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.211073][ T3006] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.234068][ T3006] bridge_slave_1: entered allmulticast mode [ 890.262160][ T3006] bridge_slave_1: entered promiscuous mode [ 890.384371][ T3006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 890.429787][ T3006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 890.552894][T14944] Bluetooth: hci4: command tx timeout [ 890.596244][ T3006] team0: Port device team_slave_0 added [ 890.633422][ T3006] team0: Port device team_slave_1 added [ 890.754323][ T3006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 890.790203][ T3006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 890.900209][ T3006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 891.064823][ T3006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 891.113969][ T3006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 891.168698][ T3059] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13781'. [ 891.235821][ T3006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 891.467539][ T3006] hsr_slave_0: entered promiscuous mode [ 891.491613][ T3006] hsr_slave_1: entered promiscuous mode [ 891.519689][ T3006] debugfs: 'hsr0' already exists in 'hsr' [ 891.546188][ T3006] Cannot create hsr debugfs directory [ 891.936419][ T3067] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 892.429960][ T3006] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 892.482731][ T3006] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 892.516897][ T3006] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 892.568299][ T3006] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 892.604956][ T3006] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 892.622872][T14944] Bluetooth: hci4: command tx timeout [ 892.644752][ T3006] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 892.671913][ T3006] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 892.698422][ T3006] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 893.332313][ T3092] netlink: 'syz.2.13790': attribute type 1 has an invalid length. [ 893.455691][ T3006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 893.586624][ T3006] 8021q: adding VLAN 0 to HW filter on device team0 [ 893.642952][T14942] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.650095][T14942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 893.724531][T14942] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.731678][T14942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 894.694616][T14944] Bluetooth: hci4: command tx timeout [ 895.203207][ T3006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 895.805097][ T3006] veth0_vlan: entered promiscuous mode [ 895.854075][ T3006] veth1_vlan: entered promiscuous mode [ 895.956564][ T3006] veth0_macvtap: entered promiscuous mode [ 895.998312][ T3006] veth1_macvtap: entered promiscuous mode [ 896.077099][ T3006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 896.130295][ T3006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 896.177968][T21202] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.238629][T21202] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.287289][T21202] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.314553][ T3157] netlink: 326 bytes leftover after parsing attributes in process `syz.0.13808'. [ 896.334899][T21202] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.556441][T14942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.601853][T14942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.653254][ T3159] FAULT_INJECTION: forcing a failure. [ 896.653254][ T3159] name failslab, interval 1, probability 0, space 0, times 0 [ 896.705717][T15192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.724866][ T3159] CPU: 0 UID: 0 PID: 3159 Comm: syz.0.13809 Tainted: G U L syzkaller #0 PREEMPT(full) [ 896.724894][ T3159] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 896.724900][ T3159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 896.724910][ T3159] Call Trace: [ 896.724915][ T3159] [ 896.724922][ T3159] dump_stack_lvl+0x100/0x190 [ 896.724948][ T3159] should_fail_ex.cold+0x5/0xa [ 896.724968][ T3159] should_failslab+0xc2/0x120 [ 896.724988][ T3159] __kmalloc_node_track_caller_noprof+0xf9/0x830 [ 896.725009][ T3159] ? cache_create_net+0x2b/0x1f0 [ 896.725111][ T3159] kmemdup_noprof+0x29/0x60 [ 896.725129][ T3159] cache_create_net+0x2b/0x1f0 [ 896.725151][ T3159] gss_svc_init_net+0x11f/0x640 [ 896.725211][ T3159] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 896.725256][ T3159] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 896.725297][ T3159] ops_init+0x1e2/0x5f0 [ 896.725324][ T3159] setup_net+0x118/0x3a0 [ 896.725356][ T3159] ? __pfx_setup_net+0x10/0x10 [ 896.725378][ T3159] ? mutex_init_lockdep+0xf1/0x120 [ 896.725401][ T3159] copy_net_ns+0x46f/0x7c0 [ 896.725417][ T3159] create_new_namespaces+0x3ea/0xac0 [ 896.725439][ T3159] unshare_nsproxy_namespaces+0xf2/0x220 [ 896.725457][ T3159] ksys_unshare+0x438/0xab0 [ 896.725477][ T3159] ? __pfx_ksys_unshare+0x10/0x10 [ 896.725511][ T3159] __x64_sys_unshare+0x31/0x40 [ 896.725531][ T3159] do_syscall_64+0x115/0x840 [ 896.725548][ T3159] ? clear_bhb_loop+0x40/0x90 [ 896.725567][ T3159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.725582][ T3159] RIP: 0033:0x7f8c8ab9ce59 [ 896.725597][ T3159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 896.725611][ T3159] RSP: 002b:00007f8c8bb09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 896.725626][ T3159] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa0 RCX: 00007f8c8ab9ce59 [ 896.725637][ T3159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 896.725646][ T3159] RBP: 00007f8c8ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 896.725656][ T3159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 896.725665][ T3159] R13: 00007f8c8ae16038 R14: 00007f8c8ae15fa0 R15: 00007ffd7f8c9db8 [ 896.725685][ T3159] [ 896.953114][T15192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.062261][T14944] Bluetooth: hci4: command tx timeout [ 898.062715][ T3181] netlink: 302 bytes leftover after parsing attributes in process `syz.4.13815'. [ 899.269412][ T3191] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13820'. [ 899.314759][ T3191] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13820'. [ 900.954139][ T3225] nbd: socks must be embedded in a SOCK_ITEM attr [ 900.982452][ T3225] block nbd2: shutting down sockets [ 901.294107][ T3231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13830'. [ 901.424085][ T3211] kexec: Could not allocate control_code_buffer [ 901.688196][ T3236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13840'. [ 901.740305][ T3239] netlink: 354 bytes leftover after parsing attributes in process `syz.0.13840'. [ 902.984626][ T3259] netlink: 326 bytes leftover after parsing attributes in process `syz.3.13839'. [ 904.382887][ T3293] netlink: 326 bytes leftover after parsing attributes in process `syz.2.13851'. [ 904.618578][ T3297] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13852'. [ 904.716673][ T3304] netlink: 342 bytes leftover after parsing attributes in process `syz.3.13852'. [ 904.926960][ T3309] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13857'. [ 905.580839][ T3323] FAULT_INJECTION: forcing a failure. [ 905.580839][ T3323] name fail_futex, interval 1, probability 0, space 0, times 0 [ 905.634734][ T3323] CPU: 0 UID: 0 PID: 3323 Comm: syz.0.13862 Tainted: G U L syzkaller #0 PREEMPT(full) [ 905.634763][ T3323] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 905.634770][ T3323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 905.634780][ T3323] Call Trace: [ 905.634785][ T3323] [ 905.634791][ T3323] dump_stack_lvl+0x100/0x190 [ 905.634821][ T3323] should_fail_ex.cold+0x5/0xa [ 905.634842][ T3323] get_futex_key+0x1d2/0x14f0 [ 905.634861][ T3323] ? __pfx_get_futex_key+0x10/0x10 [ 905.634876][ T3323] ? find_held_lock+0x2b/0x80 [ 905.634895][ T3323] ? futex_wake+0x4ea/0x5e0 [ 905.634914][ T3323] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 905.634936][ T3323] futex_wake+0xf4/0x5e0 [ 905.634957][ T3323] ? __pfx_futex_wake+0x10/0x10 [ 905.634979][ T3323] ? __lock_acquire+0x49f/0x1a40 [ 905.635002][ T3323] ? madvise_unlock+0xa9/0x220 [ 905.635026][ T3323] do_futex+0x2b2/0x440 [ 905.635042][ T3323] ? __pfx_do_futex+0x10/0x10 [ 905.635059][ T3323] ? find_held_lock+0x2b/0x80 [ 905.635076][ T3323] ? rcu_read_unlock+0x17/0x60 [ 905.635098][ T3323] ? rcu_read_unlock+0x17/0x60 [ 905.635121][ T3323] __x64_sys_futex+0x34f/0x4d0 [ 905.635140][ T3323] ? __pfx___x64_sys_futex+0x10/0x10 [ 905.635156][ T3323] ? trace_kmalloc+0xeb/0x110 [ 905.635174][ T3323] ? __bitmap_clear+0x11d/0x160 [ 905.635200][ T3323] do_syscall_64+0x115/0x840 [ 905.635217][ T3323] ? clear_bhb_loop+0x40/0x90 [ 905.635236][ T3323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.635251][ T3323] RIP: 0033:0x7f8c8ab9ce59 [ 905.635265][ T3323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.635280][ T3323] RSP: 002b:00007f8c8bb090e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 905.635295][ T3323] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa8 RCX: 00007f8c8ab9ce59 [ 905.635306][ T3323] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8c8ae15fac [ 905.635315][ T3323] RBP: 00007f8c8ae15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 905.635324][ T3323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.635332][ T3323] R13: 00007f8c8ae16038 R14: 00007ffd7f8c9cd0 R15: 00007ffd7f8c9db8 [ 905.635351][ T3323] [ 906.221993][ T3329] netlink: 326 bytes leftover after parsing attributes in process `syz.4.13864'. [ 906.848335][ T3344] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13868'. [ 906.884469][ T3344] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13868'. [ 908.194477][ T3378] netlink: 342 bytes leftover after parsing attributes in process `syz.4.13884'. [ 908.280878][ T3378] netlink: 342 bytes leftover after parsing attributes in process `syz.4.13884'. [ 908.639093][T14944] Bluetooth: hci4: unexpected event 0x03 length: 40 > 11 [ 910.667882][ T3410] netlink: 334 bytes leftover after parsing attributes in process `syz.4.13895'. [ 911.283892][ T3417] Process accounting resumed [ 911.665117][ T3423] FAULT_INJECTION: forcing a failure. [ 911.665117][ T3423] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 911.733971][ T3423] CPU: 0 UID: 0 PID: 3423 Comm: syz.0.13899 Tainted: G U L syzkaller #0 PREEMPT(full) [ 911.734001][ T3423] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 911.734006][ T3423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 911.734016][ T3423] Call Trace: [ 911.734022][ T3423] [ 911.734028][ T3423] dump_stack_lvl+0x100/0x190 [ 911.734053][ T3423] should_fail_ex.cold+0x5/0xa [ 911.734070][ T3423] ? prepare_alloc_pages+0x16d/0x5f0 [ 911.734093][ T3423] should_fail_alloc_page+0xeb/0x140 [ 911.734115][ T3423] prepare_alloc_pages+0x1f0/0x5f0 [ 911.734138][ T3423] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 911.734161][ T3423] ? __pfx_stack_trace_save+0x10/0x10 [ 911.734183][ T3423] ? stack_depot_save_flags+0x27/0x9d0 [ 911.734204][ T3423] ? kasan_save_stack+0x3f/0x50 [ 911.734222][ T3423] ? kasan_save_stack+0x30/0x50 [ 911.734239][ T3423] ? kasan_save_track+0x14/0x30 [ 911.734256][ T3423] ? __kasan_kmalloc+0xaa/0xb0 [ 911.734272][ T3423] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 911.734287][ T3423] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 911.734303][ T3423] ? do_syscall_64+0x115/0x840 [ 911.734336][ T3423] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 911.734359][ T3423] ? policy_nodemask+0xed/0x4f0 [ 911.734381][ T3423] alloc_pages_mpol+0x1fb/0x540 [ 911.734403][ T3423] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 911.734422][ T3423] ? __kasan_kmalloc+0xaa/0xb0 [ 911.734440][ T3423] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 911.734457][ T3423] alloc_pages_noprof+0x1a/0x160 [ 911.734481][ T3423] get_zeroed_page_noprof+0x18/0xb0 [ 911.734501][ T3423] alloc_ldt_struct+0x9f/0x1b0 [ 911.734522][ T3423] write_ldt+0x62b/0xd40 [ 911.734546][ T3423] ? __pfx_write_ldt+0x10/0x10 [ 911.734568][ T3423] ? xfd_validate_state+0x129/0x190 [ 911.734590][ T3423] __x64_sys_modify_ldt+0xdb/0x170 [ 911.734612][ T3423] do_syscall_64+0x115/0x840 [ 911.734627][ T3423] ? clear_bhb_loop+0x40/0x90 [ 911.734645][ T3423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.734660][ T3423] RIP: 0033:0x7f8c8ab9ce59 [ 911.734675][ T3423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 911.734689][ T3423] RSP: 002b:00007f8c8bb09028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 911.734703][ T3423] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa0 RCX: 00007f8c8ab9ce59 [ 911.734713][ T3423] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000011 [ 911.734722][ T3423] RBP: 00007f8c8ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 911.734732][ T3423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 911.734741][ T3423] R13: 00007f8c8ae16038 R14: 00007f8c8ae15fa0 R15: 00007ffd7f8c9db8 [ 911.734760][ T3423] [ 915.780216][ T3476] FAULT_INJECTION: forcing a failure. [ 915.780216][ T3476] name failslab, interval 1, probability 0, space 0, times 0 [ 915.812195][ T3476] CPU: 0 UID: 0 PID: 3476 Comm: syz.4.13917 Tainted: G U L syzkaller #0 PREEMPT(full) [ 915.812224][ T3476] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 915.812230][ T3476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 915.812239][ T3476] Call Trace: [ 915.812244][ T3476] [ 915.812251][ T3476] dump_stack_lvl+0x100/0x190 [ 915.812276][ T3476] should_fail_ex.cold+0x5/0xa [ 915.812297][ T3476] should_failslab+0xc2/0x120 [ 915.812317][ T3476] __kmalloc_noprof+0xfc/0x820 [ 915.812336][ T3476] ? ops_init+0x77/0x5f0 [ 915.812361][ T3476] ops_init+0x77/0x5f0 [ 915.812384][ T3476] setup_net+0x118/0x3a0 [ 915.812407][ T3476] ? __pfx_setup_net+0x10/0x10 [ 915.812430][ T3476] ? mutex_init_lockdep+0xf1/0x120 [ 915.812448][ T3476] copy_net_ns+0x46f/0x7c0 [ 915.812464][ T3476] create_new_namespaces+0x3ea/0xac0 [ 915.812486][ T3476] unshare_nsproxy_namespaces+0xf2/0x220 [ 915.812504][ T3476] ksys_unshare+0x438/0xab0 [ 915.812524][ T3476] ? __pfx_ksys_unshare+0x10/0x10 [ 915.812559][ T3476] __x64_sys_unshare+0x31/0x40 [ 915.812579][ T3476] do_syscall_64+0x115/0x840 [ 915.812595][ T3476] ? clear_bhb_loop+0x40/0x90 [ 915.812613][ T3476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 915.812628][ T3476] RIP: 0033:0x7fe6e259ce59 [ 915.812642][ T3476] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 915.812657][ T3476] RSP: 002b:00007fe6e33bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 915.812671][ T3476] RAX: ffffffffffffffda RBX: 00007fe6e2815fa0 RCX: 00007fe6e259ce59 [ 915.812682][ T3476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 915.812691][ T3476] RBP: 00007fe6e2632e6f R08: 0000000000000000 R09: 0000000000000000 [ 915.812700][ T3476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 915.812708][ T3476] R13: 00007fe6e2816038 R14: 00007fe6e2815fa0 R15: 00007ffea832e368 [ 915.812729][ T3476] [ 916.991067][ T3495] netlink: 326 bytes leftover after parsing attributes in process `syz.0.13933'. [ 918.012467][ T3524] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13936'. [ 925.582883][T32100] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 925.601984][T32100] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 925.612655][T32100] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 925.620476][T32100] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 925.634336][T32100] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 926.264802][ T3563] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13947'. [ 926.371859][ T3568] netlink: 'syz.4.13948': attribute type 4 has an invalid length. [ 926.574577][ T3576] netlink: 'syz.0.13952': attribute type 4 has an invalid length. [ 926.604303][ T3576] netlink: 314 bytes leftover after parsing attributes in process `syz.0.13952'. [ 927.488147][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.522169][ T3550] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.547096][ T3550] bridge_slave_0: entered allmulticast mode [ 927.567196][ T3550] bridge_slave_0: entered promiscuous mode [ 927.589817][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.610596][ T3550] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.626185][ T3550] bridge_slave_1: entered allmulticast mode [ 927.643235][ T3550] bridge_slave_1: entered promiscuous mode [ 927.720952][T14944] Bluetooth: hci5: command tx timeout [ 927.729541][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 927.735952][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 927.792690][ T3550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 927.836578][ T3550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 928.055413][ T3550] team0: Port device team_slave_0 added [ 928.101783][ T3550] team0: Port device team_slave_1 added [ 928.214046][ T3550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 928.231105][ T3550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 928.285207][ T3550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 928.323348][ T3550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 928.346973][ T3550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 928.447955][ T3550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 928.599290][ T3550] hsr_slave_0: entered promiscuous mode [ 928.618987][ T3550] hsr_slave_1: entered promiscuous mode [ 928.641790][ T3550] debugfs: 'hsr0' already exists in 'hsr' [ 928.661151][ T3550] Cannot create hsr debugfs directory [ 929.057761][ T3634] netlink: 350 bytes leftover after parsing attributes in process `syz.0.13971'. [ 929.148852][ T3637] netlink: 16 bytes leftover after parsing attributes in process `syz.4.13972'. [ 929.219839][ T3637] netlink: 16 bytes leftover after parsing attributes in process `syz.4.13972'. [ 929.426238][ T3647] raw_sendmsg: syz.4.13977 forgot to set AF_INET. Fix it! [ 929.756654][ T3550] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 929.788716][T32100] Bluetooth: hci5: command tx timeout [ 929.803639][ T3550] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 929.837034][ T3550] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 929.886885][ T3550] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 929.921551][ T3550] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 929.963689][ T3550] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 929.995848][ T3550] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 930.041955][ T3550] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 930.396016][ T3550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 930.466704][ T3550] 8021q: adding VLAN 0 to HW filter on device team0 [ 930.519180][T15192] bridge0: port 1(bridge_slave_0) entered blocking state [ 930.526327][T15192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 930.614590][T15192] bridge0: port 2(bridge_slave_1) entered blocking state [ 930.621714][T15192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 931.858718][T32100] Bluetooth: hci5: command tx timeout [ 931.966353][ T3550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 932.856153][ T3550] veth0_vlan: entered promiscuous mode [ 932.907180][ T3550] veth1_vlan: entered promiscuous mode [ 933.006109][ T3550] veth0_macvtap: entered promiscuous mode [ 933.048981][ T3550] veth1_macvtap: entered promiscuous mode [ 933.116194][ T3550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 933.169876][ T3550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 933.221612][T15192] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.264087][T15192] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.295969][ T3736] netlink: 'syz.0.14000': attribute type 1 has an invalid length. [ 933.321769][T15192] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.341441][ T3736] netlink: 326 bytes leftover after parsing attributes in process `syz.0.14000'. [ 933.360070][T15192] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 933.641595][T15192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 933.683270][T15192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 933.774464][T14942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 933.811171][T14942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 933.927203][T32100] Bluetooth: hci5: command tx timeout [ 935.226024][ T3758] size and base must be multiples of 4 kiB [ 935.252793][ T3758] CPU: 0 UID: 0 PID: 3758 Comm: syz.5.14006 Tainted: G U L syzkaller #0 PREEMPT(full) [ 935.252824][ T3758] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 935.252829][ T3758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 935.252839][ T3758] Call Trace: [ 935.252844][ T3758] [ 935.252850][ T3758] dump_stack_lvl+0x100/0x190 [ 935.252876][ T3758] mtrr_del.cold+0x72/0x85 [ 935.252893][ T3758] mtrr_ioctl+0xbc8/0xcf0 [ 935.252911][ T3758] ? __pfx_mtrr_ioctl+0x10/0x10 [ 935.252931][ T3758] ? find_held_lock+0x2b/0x80 [ 935.252955][ T3758] ? __fget_files+0x21f/0x3d0 [ 935.252980][ T3758] ? __pfx_mtrr_ioctl+0x10/0x10 [ 935.252996][ T3758] proc_reg_unlocked_ioctl+0x229/0x320 [ 935.253021][ T3758] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 935.253045][ T3758] __x64_sys_ioctl+0x18e/0x210 [ 935.253068][ T3758] do_syscall_64+0x115/0x840 [ 935.253084][ T3758] ? clear_bhb_loop+0x40/0x90 [ 935.253101][ T3758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.253117][ T3758] RIP: 0033:0x7f146259ce59 [ 935.253130][ T3758] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 935.253144][ T3758] RSP: 002b:00007f146350e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 935.253160][ T3758] RAX: ffffffffffffffda RBX: 00007f1462815fa0 RCX: 00007f146259ce59 [ 935.253169][ T3758] RDX: 0000000000000003 RSI: 00000000400c4d04 RDI: 0000000000000003 [ 935.253179][ T3758] RBP: 00007f1462632e6f R08: 0000000000000000 R09: 0000000000000000 [ 935.253188][ T3758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 935.253197][ T3758] R13: 00007f1462816038 R14: 00007f1462815fa0 R15: 00007fff0b156eb8 [ 935.253216][ T3758] [ 935.714326][ T3768] bond0: option arp_validate: invalid value (64) [ 936.101131][ T3777] kernel read not supported for file /sg0 (pid: 3777 comm: syz.4.14014) [ 937.752182][ T3810] netlink: 3 bytes leftover after parsing attributes in process `syz.3.14025'. [ 938.867581][ T3837] size and base must be multiples of 4 kiB [ 938.894513][ T3837] CPU: 0 UID: 0 PID: 3837 Comm: syz.4.14044 Tainted: G U L syzkaller #0 PREEMPT(full) [ 938.894542][ T3837] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 938.894548][ T3837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 938.894558][ T3837] Call Trace: [ 938.894564][ T3837] [ 938.894571][ T3837] dump_stack_lvl+0x100/0x190 [ 938.894596][ T3837] mtrr_del.cold+0x72/0x85 [ 938.894613][ T3837] mtrr_ioctl+0xbc8/0xcf0 [ 938.894632][ T3837] ? __pfx_mtrr_ioctl+0x10/0x10 [ 938.894652][ T3837] ? find_held_lock+0x2b/0x80 [ 938.894677][ T3837] ? __fget_files+0x21f/0x3d0 [ 938.894701][ T3837] ? __pfx_mtrr_ioctl+0x10/0x10 [ 938.894718][ T3837] proc_reg_unlocked_ioctl+0x229/0x320 [ 938.894741][ T3837] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 938.894766][ T3837] __x64_sys_ioctl+0x18e/0x210 [ 938.894791][ T3837] do_syscall_64+0x115/0x840 [ 938.894808][ T3837] ? clear_bhb_loop+0x40/0x90 [ 938.894827][ T3837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.894843][ T3837] RIP: 0033:0x7fe6e259ce59 [ 938.894858][ T3837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.894873][ T3837] RSP: 002b:00007fe6e33bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 938.894888][ T3837] RAX: ffffffffffffffda RBX: 00007fe6e2815fa0 RCX: 00007fe6e259ce59 [ 938.894898][ T3837] RDX: 0000000000000003 RSI: 00000000400c4d04 RDI: 0000000000000003 [ 938.894907][ T3837] RBP: 00007fe6e2632e6f R08: 0000000000000000 R09: 0000000000000000 [ 938.894916][ T3837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.894924][ T3837] R13: 00007fe6e2816038 R14: 00007fe6e2815fa0 R15: 00007ffea832e368 [ 938.894943][ T3837] [ 942.685787][ T3859] Process accounting paused [ 943.199703][ T3902] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14058'. [ 943.708357][ T3909] FAULT_INJECTION: forcing a failure. [ 943.708357][ T3909] name failslab, interval 1, probability 0, space 0, times 0 [ 943.841621][ T3909] CPU: 0 UID: 0 PID: 3909 Comm: syz.4.14061 Tainted: G U L syzkaller #0 PREEMPT(full) [ 943.841650][ T3909] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 943.841657][ T3909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 943.841667][ T3909] Call Trace: [ 943.841673][ T3909] [ 943.841681][ T3909] dump_stack_lvl+0x100/0x190 [ 943.841706][ T3909] should_fail_ex.cold+0x5/0xa [ 943.841726][ T3909] should_failslab+0xc2/0x120 [ 943.841748][ T3909] kmem_cache_alloc_noprof+0x91/0x6a0 [ 943.841774][ T3909] ? jbd2__journal_start+0x194/0x6a0 [ 943.841860][ T3909] jbd2__journal_start+0x194/0x6a0 [ 943.841879][ T3909] __ext4_journal_start_sb+0x367/0x670 [ 943.841909][ T3909] ? ext4_dirty_inode+0xa1/0x130 [ 943.841933][ T3909] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 943.841955][ T3909] ext4_dirty_inode+0xa1/0x130 [ 943.841976][ T3909] ? rcu_is_watching+0x12/0xc0 [ 943.841995][ T3909] __mark_inode_dirty+0x1f3/0x16e0 [ 943.842020][ T3909] file_update_time_flags+0x46b/0x500 [ 943.842041][ T3909] file_modified+0x36/0x50 [ 943.842058][ T3909] ext4_fallocate+0x2c8/0x3c80 [ 943.842085][ T3909] ? __pfx_ext4_fallocate+0x10/0x10 [ 943.842113][ T3909] ? __pfx_ext4_fallocate+0x10/0x10 [ 943.842135][ T3909] vfs_fallocate+0x576/0x10a0 [ 943.842153][ T3909] ? __pfx_vfs_fallocate+0x10/0x10 [ 943.842167][ T3909] ? madvise_vma_behavior+0x1258/0x2240 [ 943.842189][ T3909] ? madvise_vma_behavior+0x1258/0x2240 [ 943.842216][ T3909] madvise_vma_behavior+0x909/0x2240 [ 943.842241][ T3909] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 943.842269][ T3909] ? find_vma_prev+0xd8/0x150 [ 943.842289][ T3909] ? __pfx_find_vma_prev+0x10/0x10 [ 943.842314][ T3909] ? __futex_wait+0x256/0x300 [ 943.842339][ T3909] madvise_walk_vmas+0x2fe/0xa90 [ 943.842364][ T3909] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 943.842392][ T3909] madvise_do_behavior+0x1ea/0x510 [ 943.842416][ T3909] ? __pfx_madvise_do_behavior+0x10/0x10 [ 943.842439][ T3909] ? down_read+0x13b/0x4c0 [ 943.842456][ T3909] ? __pfx_futex_wait+0x10/0x10 [ 943.842484][ T3909] do_madvise+0x238/0x290 [ 943.842506][ T3909] ? __pfx_do_madvise+0x10/0x10 [ 943.842527][ T3909] ? do_futex+0x190/0x440 [ 943.842547][ T3909] ? __fget_files+0x21f/0x3d0 [ 943.842583][ T3909] __x64_sys_madvise+0xa9/0x110 [ 943.842605][ T3909] ? lockdep_hardirqs_on+0x78/0x100 [ 943.842621][ T3909] do_syscall_64+0x115/0x840 [ 943.842640][ T3909] ? clear_bhb_loop+0x40/0x90 [ 943.842659][ T3909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.842676][ T3909] RIP: 0033:0x7fe6e259ce59 [ 943.842690][ T3909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.842704][ T3909] RSP: 002b:00007fe6e33bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 943.842720][ T3909] RAX: ffffffffffffffda RBX: 00007fe6e2815fa0 RCX: 00007fe6e259ce59 [ 943.842731][ T3909] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 943.842741][ T3909] RBP: 00007fe6e2632e6f R08: 0000000000000000 R09: 0000000000000000 [ 943.842750][ T3909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.842759][ T3909] R13: 00007fe6e2816038 R14: 00007fe6e2815fa0 R15: 00007ffea832e368 [ 943.842787][ T3909] [ 945.591429][ T3933] FAULT_INJECTION: forcing a failure. [ 945.591429][ T3933] name failslab, interval 1, probability 0, space 0, times 0 [ 945.744783][ T3933] CPU: 0 UID: 0 PID: 3933 Comm: syz.4.14069 Tainted: G U L syzkaller #0 PREEMPT(full) [ 945.744813][ T3933] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 945.744819][ T3933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 945.744829][ T3933] Call Trace: [ 945.744835][ T3933] [ 945.744842][ T3933] dump_stack_lvl+0x100/0x190 [ 945.744867][ T3933] should_fail_ex.cold+0x5/0xa [ 945.744888][ T3933] should_failslab+0xc2/0x120 [ 945.744909][ T3933] kmem_cache_alloc_noprof+0x91/0x6a0 [ 945.744926][ T3933] ? d_instantiate+0x8a/0xb0 [ 945.744944][ T3933] ? d_instantiate+0x8a/0xb0 [ 945.744960][ T3933] ? alloc_empty_file+0x5b/0x1c0 [ 945.744982][ T3933] alloc_empty_file+0x5b/0x1c0 [ 945.745001][ T3933] alloc_file_pseudo+0x183/0x290 [ 945.745020][ T3933] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 945.745038][ T3933] ? alloc_fd+0x471/0x7a0 [ 945.745053][ T3933] ? do_raw_spin_unlock+0x145/0x1e0 [ 945.745073][ T3933] __anon_inode_getfile+0xe8/0x280 [ 945.745095][ T3933] anon_inode_getfile_fmode+0x37/0xa0 [ 945.745115][ T3933] __do_sys_fanotify_init+0xa0d/0xe30 [ 945.745141][ T3933] do_syscall_64+0x115/0x840 [ 945.745158][ T3933] ? clear_bhb_loop+0x40/0x90 [ 945.745176][ T3933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.745191][ T3933] RIP: 0033:0x7fe6e259ce59 [ 945.745206][ T3933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.745220][ T3933] RSP: 002b:00007fe6e33bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 945.745239][ T3933] RAX: ffffffffffffffda RBX: 00007fe6e2815fa0 RCX: 00007fe6e259ce59 [ 945.745250][ T3933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 945.745259][ T3933] RBP: 00007fe6e2632e6f R08: 0000000000000000 R09: 0000000000000000 [ 945.745269][ T3933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.745277][ T3933] R13: 00007fe6e2816038 R14: 00007fe6e2815fa0 R15: 00007ffea832e368 [ 945.745297][ T3933] [ 946.396337][ T3942] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14074'. [ 946.513733][ T3946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14075'. [ 946.537694][ T3948] netlink: 'syz.3.14076': attribute type 64 has an invalid length. [ 946.564841][ T3948] netlink: 74 bytes leftover after parsing attributes in process `syz.3.14076'. [ 948.481732][ T3985] FAULT_INJECTION: forcing a failure. [ 948.481732][ T3985] name failslab, interval 1, probability 0, space 0, times 0 [ 948.522768][ T3985] CPU: 0 UID: 0 PID: 3985 Comm: syz.5.14089 Tainted: G U L syzkaller #0 PREEMPT(full) [ 948.522798][ T3985] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 948.522804][ T3985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 948.522815][ T3985] Call Trace: [ 948.522821][ T3985] [ 948.522827][ T3985] dump_stack_lvl+0x100/0x190 [ 948.522853][ T3985] should_fail_ex.cold+0x5/0xa [ 948.522874][ T3985] should_failslab+0xc2/0x120 [ 948.522895][ T3985] kmem_cache_alloc_noprof+0x91/0x6a0 [ 948.522914][ T3985] ? jbd2__journal_start+0x194/0x6a0 [ 948.522935][ T3985] jbd2__journal_start+0x194/0x6a0 [ 948.522954][ T3985] __ext4_journal_start_sb+0x367/0x670 [ 948.522975][ T3985] ? ext4_dirty_inode+0xa1/0x130 [ 948.522999][ T3985] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 948.523021][ T3985] ext4_dirty_inode+0xa1/0x130 [ 948.523042][ T3985] ? rcu_is_watching+0x12/0xc0 [ 948.523060][ T3985] __mark_inode_dirty+0x1f3/0x16e0 [ 948.523085][ T3985] file_update_time_flags+0x46b/0x500 [ 948.523106][ T3985] file_modified+0x36/0x50 [ 948.523123][ T3985] ext4_fallocate+0x2c8/0x3c80 [ 948.523150][ T3985] ? __pfx_ext4_fallocate+0x10/0x10 [ 948.523177][ T3985] ? __pfx_ext4_fallocate+0x10/0x10 [ 948.523200][ T3985] vfs_fallocate+0x576/0x10a0 [ 948.523217][ T3985] ? __pfx_vfs_fallocate+0x10/0x10 [ 948.523231][ T3985] ? madvise_vma_behavior+0x1258/0x2240 [ 948.523253][ T3985] ? madvise_vma_behavior+0x1258/0x2240 [ 948.523279][ T3985] madvise_vma_behavior+0x909/0x2240 [ 948.523305][ T3985] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 948.523342][ T3985] ? find_vma_prev+0xd8/0x150 [ 948.523364][ T3985] ? __pfx_find_vma_prev+0x10/0x10 [ 948.523389][ T3985] ? __futex_wait+0x256/0x300 [ 948.523415][ T3985] madvise_walk_vmas+0x2fe/0xa90 [ 948.523441][ T3985] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 948.523469][ T3985] madvise_do_behavior+0x1ea/0x510 [ 948.523493][ T3985] ? __pfx_madvise_do_behavior+0x10/0x10 [ 948.523516][ T3985] ? down_read+0x13b/0x4c0 [ 948.523534][ T3985] ? __pfx_futex_wait+0x10/0x10 [ 948.523562][ T3985] do_madvise+0x238/0x290 [ 948.523584][ T3985] ? __pfx_do_madvise+0x10/0x10 [ 948.523605][ T3985] ? do_futex+0x190/0x440 [ 948.523628][ T3985] ? __fget_files+0x21f/0x3d0 [ 948.523664][ T3985] __x64_sys_madvise+0xa9/0x110 [ 948.523686][ T3985] ? lockdep_hardirqs_on+0x78/0x100 [ 948.523702][ T3985] do_syscall_64+0x115/0x840 [ 948.523718][ T3985] ? clear_bhb_loop+0x40/0x90 [ 948.523737][ T3985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 948.523752][ T3985] RIP: 0033:0x7f146259ce59 [ 948.523768][ T3985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 948.523783][ T3985] RSP: 002b:00007f146350e028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 948.523799][ T3985] RAX: ffffffffffffffda RBX: 00007f1462815fa0 RCX: 00007f146259ce59 [ 948.523810][ T3985] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 948.523820][ T3985] RBP: 00007f1462632e6f R08: 0000000000000000 R09: 0000000000000000 [ 948.523830][ T3985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 948.523839][ T3985] R13: 00007f1462816038 R14: 00007f1462815fa0 R15: 00007fff0b156eb8 [ 948.523860][ T3985] [ 949.593959][ T3992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14092'. [ 949.705953][ T3996] netlink: 314 bytes leftover after parsing attributes in process `syz.5.14093'. [ 950.162699][T32100] Bluetooth: hci1: command 0x0406 tx timeout [ 951.612806][ T4048] netlink: 'syz.0.14111': attribute type 1 has an invalid length. [ 952.150237][ T4060] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14116'. [ 955.260963][T14944] Bluetooth: hci5: unexpected event 0x3e length: 726 > 260 [ 955.261003][T14944] Bluetooth: hci5: unexpected subevent 0x06 length: 725 > 10 [ 955.615045][ T4144] netlink: 130 bytes leftover after parsing attributes in process `syz.0.14146'. [ 956.267004][ T4158] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14152'. [ 957.054650][ T4178] netlink: 342 bytes leftover after parsing attributes in process `syz.4.14159'. [ 957.311746][ T4185] futex_wake_op: syz.4.14162 tries to shift op by -2048; fix this program [ 957.326326][T14944] Bluetooth: hci5: command tx timeout [ 957.375445][ T4185] 0x000000000001-0x000000020000 : "" [ 957.630306][ T4185] ftl_cs: FTL header corrupt! [ 957.813921][ T4194] ERROR: Out of memory at tomoyo_memory_ok. [ 959.337851][ T4212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14169'. [ 959.402976][ T4212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14169'. [ 959.821747][ T4218] ERROR: Out of memory at tomoyo_memory_ok. [ 959.847744][ T4221] ERROR: Out of memory at tomoyo_memory_ok. [ 961.406215][ T4259] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14186'. [ 962.241482][ T4266] netlink: 218 bytes leftover after parsing attributes in process `syz.3.14189'. [ 962.621755][ T4278] netlink: 206 bytes leftover after parsing attributes in process `syz.3.14194'. [ 963.234224][T14944] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 963.234250][T14944] Bluetooth: hci4: unexpected subevent 0x06 length: 725 > 10 [ 965.284670][T14944] Bluetooth: hci4: command tx timeout [ 965.534481][ T4333] netlink: 130 bytes leftover after parsing attributes in process `syz.4.14214'. [ 968.997433][ T4401] netlink: 29 bytes leftover after parsing attributes in process `syz.5.14242'. [ 969.049949][ T4401] openvswitch: netlink: IP tunnel dst address not specified [ 969.370202][ T4409] netlink: 186 bytes leftover after parsing attributes in process `syz.5.14253'. [ 969.416593][ T4409] netlink: 186 bytes leftover after parsing attributes in process `syz.5.14253'. [ 969.815999][T14944] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 969.816024][T14944] Bluetooth: hci3: unexpected subevent 0x06 length: 725 > 10 [ 971.890145][T14944] Bluetooth: hci3: command 0x0406 tx timeout [ 972.683800][ T4437] Process accounting resumed [ 975.317436][ T4493] netlink: 342 bytes leftover after parsing attributes in process `syz.5.14276'. [ 975.366764][ T4493] netlink: 342 bytes leftover after parsing attributes in process `syz.5.14276'. [ 976.405292][ T4516] netlink: 342 bytes leftover after parsing attributes in process `syz.5.14284'. [ 978.408212][ T4542] FAULT_INJECTION: forcing a failure. [ 978.408212][ T4542] name failslab, interval 1, probability 0, space 0, times 0 [ 978.478389][ T4542] CPU: 0 UID: 0 PID: 4542 Comm: syz.0.14293 Tainted: G U L syzkaller #0 PREEMPT(full) [ 978.478419][ T4542] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 978.478425][ T4542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 978.478435][ T4542] Call Trace: [ 978.478441][ T4542] [ 978.478448][ T4542] dump_stack_lvl+0x100/0x190 [ 978.478474][ T4542] should_fail_ex.cold+0x5/0xa [ 978.478495][ T4542] should_failslab+0xc2/0x120 [ 978.478516][ T4542] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 978.478537][ T4542] ? __d_alloc+0x35/0xa50 [ 978.478556][ T4542] __d_alloc+0x35/0xa50 [ 978.478574][ T4542] d_alloc+0x4a/0x1e0 [ 978.478593][ T4542] lookup_one_qstr_excl+0x171/0x250 [ 978.478614][ T4542] start_dirop+0x59/0xb0 [ 978.478637][ T4542] simple_start_creating+0xf9/0x110 [ 978.478661][ T4542] ? __pfx_simple_start_creating+0x10/0x10 [ 978.478685][ T4542] ? mntput+0x70/0xa0 [ 978.478706][ T4542] ? simple_pin_fs+0xa3/0x190 [ 978.478728][ T4542] debugfs_start_creating.part.0+0x82/0x170 [ 978.478834][ T4542] __debugfs_create_file+0xb3/0x4f0 [ 978.478856][ T4542] debugfs_create_file_full+0x41/0x60 [ 978.478879][ T4542] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 978.478899][ T4542] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 978.478917][ T4542] ? ida_alloc_range+0x70d/0x830 [ 978.478980][ T4542] ? kasan_save_track+0x14/0x30 [ 978.478999][ T4542] ? __kasan_kmalloc+0xaa/0xb0 [ 978.479018][ T4542] ? lockdep_init_map_type+0x5c/0x250 [ 978.479037][ T4542] preinit_net.part.0+0x252/0x920 [ 978.479063][ T4542] copy_net_ns+0x339/0x7c0 [ 978.479080][ T4542] create_new_namespaces+0x3ea/0xac0 [ 978.479101][ T4542] unshare_nsproxy_namespaces+0xf2/0x220 [ 978.479120][ T4542] ksys_unshare+0x438/0xab0 [ 978.479140][ T4542] ? __pfx_ksys_unshare+0x10/0x10 [ 978.479167][ T4542] __x64_sys_unshare+0x31/0x40 [ 978.479185][ T4542] do_syscall_64+0x115/0x840 [ 978.479202][ T4542] ? clear_bhb_loop+0x40/0x90 [ 978.479220][ T4542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 978.479236][ T4542] RIP: 0033:0x7f8c8ab9ce59 [ 978.479251][ T4542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 978.479266][ T4542] RSP: 002b:00007f8c8bb09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 978.479281][ T4542] RAX: ffffffffffffffda RBX: 00007f8c8ae15fa0 RCX: 00007f8c8ab9ce59 [ 978.479291][ T4542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 978.479301][ T4542] RBP: 00007f8c8ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 978.479312][ T4542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 978.479321][ T4542] R13: 00007f8c8ae16038 R14: 00007f8c8ae15fa0 R15: 00007ffd7f8c9db8 [ 978.479342][ T4542] [ 979.086127][ T4558] netlink: 342 bytes leftover after parsing attributes in process `syz.5.14299'. [ 979.115837][ T4558] netlink: 342 bytes leftover after parsing attributes in process `syz.5.14299'. [ 980.274166][ T4575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14304'. [ 980.648977][ T4585] netlink: 330 bytes leftover after parsing attributes in process `syz.5.14309'. [ 981.337748][ T4602] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14316'. [ 981.537688][ T4606] netlink: 28 bytes leftover after parsing attributes in process `syz.4.14317'. [ 981.578328][ T4606] bridge0: entered promiscuous mode [ 981.605338][ T4606] bridge0: entered allmulticast mode [ 982.277817][ T4623] bond0: option lp_interval: invalid value (0) [ 982.328038][ T4623] bond0: option lp_interval: allowed values 1 - 2147483647 [ 983.583436][ T4639] netlink: 'syz.4.14337': attribute type 19 has an invalid length. [ 983.620420][ T4639] netlink: 334 bytes leftover after parsing attributes in process `syz.4.14337'. [ 984.010923][ T4647] Process accounting resumed [ 985.063793][ T4660] netlink: 40 bytes leftover after parsing attributes in process `syz.4.14336'. [ 985.714665][T15192] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.034329][T15192] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.250864][T32100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 986.274661][T32100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 986.286655][T32100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 986.300088][T32100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 986.307587][T32100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 986.353312][T15192] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.692313][T15192] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.587043][T15192] bridge_slave_1: left allmulticast mode [ 987.619032][T15192] bridge_slave_1: left promiscuous mode [ 987.652807][T15192] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.736272][T15192] bridge_slave_0: left allmulticast mode [ 987.762232][T15192] bridge_slave_0: left promiscuous mode [ 987.790536][T15192] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.238051][ T4704] netlink: 28 bytes leftover after parsing attributes in process `syz.5.14345'. [ 988.364303][T32100] Bluetooth: hci1: command tx timeout [ 988.643449][T15192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 988.694028][T15192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 988.749724][T15192] bond0 (unregistering): Released all slaves [ 988.842866][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 988.853722][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 988.947069][T15192] ovs_: left promiscuous mode [ 989.113699][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 989.660346][T15192] hsr_slave_0: left promiscuous mode [ 989.679711][T15192] hsr_slave_1: left promiscuous mode [ 989.705950][T15192] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 989.741280][T15192] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 989.776448][T15192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 989.810306][T15192] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 989.874363][T15192] veth1_macvtap: left promiscuous mode [ 989.902136][T15192] veth0_macvtap: left promiscuous mode [ 989.926881][T15192] veth1_vlan: left promiscuous mode [ 989.949047][T15192] veth0_vlan: left promiscuous mode [ 990.434138][T32100] Bluetooth: hci1: command tx timeout [ 990.827323][T15192] team0 (unregistering): Port device team_slave_1 removed [ 990.897706][T15192] team0 (unregistering): Port device team_slave_0 removed [ 991.197453][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 992.032591][ T4674] bridge0: port 1(bridge_slave_0) entered blocking state [ 992.057642][ T4674] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.085282][ T4674] bridge_slave_0: entered allmulticast mode [ 992.112049][ T4674] bridge_slave_0: entered promiscuous mode [ 992.142205][ T4674] bridge0: port 2(bridge_slave_1) entered blocking state [ 992.166399][ T4674] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.190524][ T4674] bridge_slave_1: entered allmulticast mode [ 992.221702][ T4674] bridge_slave_1: entered promiscuous mode [ 992.330039][ T4674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 992.372587][ T4674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 992.493678][ T4674] team0: Port device team_slave_0 added [ 992.503682][T32100] Bluetooth: hci1: command tx timeout [ 992.551279][ T4674] team0: Port device team_slave_1 added [ 992.651125][ T4786] FAULT_INJECTION: forcing a failure. [ 992.651125][ T4786] name failslab, interval 1, probability 0, space 0, times 0 [ 992.720461][ T4674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 992.736369][ T4786] CPU: 0 UID: 0 PID: 4786 Comm: syz.4.14362 Tainted: G U L syzkaller #0 PREEMPT(full) [ 992.736399][ T4786] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 992.736405][ T4786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 992.736415][ T4786] Call Trace: [ 992.736424][ T4786] [ 992.736431][ T4786] dump_stack_lvl+0x100/0x190 [ 992.736455][ T4786] should_fail_ex.cold+0x5/0xa [ 992.736475][ T4786] should_failslab+0xc2/0x120 [ 992.736497][ T4786] kmem_cache_alloc_noprof+0x91/0x6a0 [ 992.736516][ T4786] ? locks_get_lock_context+0x94/0x610 [ 992.736542][ T4786] locks_get_lock_context+0x94/0x610 [ 992.736566][ T4786] posix_lock_inode+0xcc/0x23f0 [ 992.736587][ T4786] ? rcu_is_watching+0x12/0xc0 [ 992.736606][ T4786] ? __pfx_posix_lock_inode+0x10/0x10 [ 992.736626][ T4786] vfs_lock_file+0xfb/0x150 [ 992.736642][ T4786] fcntl_setlk+0x757/0xe20 [ 992.736660][ T4786] ? __pfx_fcntl_setlk+0x10/0x10 [ 992.736679][ T4786] ? __might_fault+0xc5/0x140 [ 992.736694][ T4786] ? __might_fault+0xc5/0x140 [ 992.736715][ T4786] do_fcntl+0xf39/0x1670 [ 992.736734][ T4786] ? __pfx_do_fcntl+0x10/0x10 [ 992.736751][ T4786] ? __fget_files+0x215/0x3d0 [ 992.736780][ T4786] ? tomoyo_file_fcntl+0x6c/0xc0 [ 992.736866][ T4786] __x64_sys_fcntl+0x163/0x200 [ 992.736889][ T4786] do_syscall_64+0x115/0x840 [ 992.736906][ T4786] ? clear_bhb_loop+0x40/0x90 [ 992.736925][ T4786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.736941][ T4786] RIP: 0033:0x7fe6e259ce59 [ 992.736958][ T4786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 992.736973][ T4786] RSP: 002b:00007fe6e33bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 992.736988][ T4786] RAX: ffffffffffffffda RBX: 00007fe6e2815fa0 RCX: 00007fe6e259ce59 [ 992.736999][ T4786] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000003 [ 992.737008][ T4786] RBP: 00007fe6e2632e6f R08: 0000000000000000 R09: 0000000000000000 [ 992.737018][ T4786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 992.737027][ T4786] R13: 00007fe6e2816038 R14: 00007fe6e2815fa0 R15: 00007ffea832e368 [ 992.737054][ T4786] [ 992.977151][ T4674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 993.003152][ T4674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 993.015300][ T4674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 993.022291][ T4674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 993.048174][ T4674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 993.084892][ T4674] hsr_slave_0: entered promiscuous mode [ 993.091169][ T4674] hsr_slave_1: entered promiscuous mode [ 993.510156][ T5288] 8021q: adding VLAN 0 to HW filter on device eth3 [ 994.350932][ T4813] netlink: 130 bytes leftover after parsing attributes in process `syz.3.14371'. [ 994.573405][T32100] Bluetooth: hci1: command tx timeout [ 994.603389][ T4820] netlink: 330 bytes leftover after parsing attributes in process `syz.3.14373'. [ 995.088732][ T4828] bridge0: port 3(bond0) entered blocking state [ 995.150512][ T4828] bridge0: port 3(bond0) entered disabled state [ 995.204401][ T4828] bond0: entered allmulticast mode [ 995.247747][ T4828] bond_slave_0: entered allmulticast mode [ 995.296303][ T4828] bond_slave_1: entered allmulticast mode [ 995.350420][ T4828] bond0: entered promiscuous mode [ 995.386450][ T4828] bond_slave_0: entered promiscuous mode [ 995.431667][ T4828] bond_slave_1: entered promiscuous mode [ 995.474546][ T4828] bridge0: port 3(bond0) entered blocking state [ 995.480916][ T4828] bridge0: port 3(bond0) entered forwarding state [ 995.721928][ T4674] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 995.774780][ T4674] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 995.815148][ T4674] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 995.857731][ T4674] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 995.884152][ T4674] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 995.913232][ T4674] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 995.939574][ T4674] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 995.972267][ T4674] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 996.285334][ T4865] netlink: 342 bytes leftover after parsing attributes in process `syz.4.14382'. [ 996.314296][ T4674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 996.380976][ T4674] 8021q: adding VLAN 0 to HW filter on device team0 [ 996.431033][T15192] bridge0: port 1(bridge_slave_0) entered blocking state [ 996.438162][T15192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 996.515724][T15192] bridge0: port 2(bridge_slave_1) entered blocking state [ 996.522886][T15192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 996.758775][ T4877] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14386'. [ 997.027119][ T4888] netlink: 'syz.5.14389': attribute type 15 has an invalid length. [ 997.076223][ T4888] netlink: 186 bytes leftover after parsing attributes in process `syz.5.14389'. [ 998.226827][ T4674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 998.462472][ T4674] veth0_vlan: entered promiscuous mode [ 998.538123][ T4674] veth1_vlan: entered promiscuous mode [ 998.670201][ T4674] veth0_macvtap: entered promiscuous mode [ 998.720953][ T4674] veth1_macvtap: entered promiscuous mode [ 998.797264][ T4674] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 998.865326][ T4674] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 998.939820][T14936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.968422][T14936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.025452][T14936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.083176][T14936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.373631][T15192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 999.423334][T15192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 999.710680][T14933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 999.767559][T14933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1000.757746][ T4996] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14414'. [ 1001.180732][T14936] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1001.743516][T14944] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1001.763539][T14944] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1001.772252][T14944] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1001.782687][T14944] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1001.790862][T14944] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1001.831544][T14936] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.171514][T14936] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.412152][ T5019] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14421'. [ 1002.449772][T14936] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.986225][ T5026] FAULT_INJECTION: forcing a failure. [ 1002.986225][ T5026] name failslab, interval 1, probability 0, space 0, times 0 [ 1003.084854][ T5026] CPU: 0 UID: 0 PID: 5026 Comm: syz.0.14423 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1003.084885][ T5026] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1003.084892][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1003.084901][ T5026] Call Trace: [ 1003.084907][ T5026] [ 1003.084914][ T5026] dump_stack_lvl+0x100/0x190 [ 1003.084945][ T5026] should_fail_ex.cold+0x5/0xa [ 1003.084966][ T5026] should_failslab+0xc2/0x120 [ 1003.084987][ T5026] kmem_cache_alloc_noprof+0x91/0x6a0 [ 1003.085014][ T5026] ? __pmd_alloc+0xbf/0x950 [ 1003.085039][ T5026] __pmd_alloc+0xbf/0x950 [ 1003.085062][ T5026] move_page_tables+0x2f7c/0x4610 [ 1003.085080][ T5026] ? __pfx_copy_vma+0x10/0x10 [ 1003.085104][ T5026] ? __pfx_move_page_tables+0x10/0x10 [ 1003.085134][ T5026] copy_vma_and_data+0x25c/0x7c0 [ 1003.085152][ T5026] ? __pfx_copy_vma_and_data+0x10/0x10 [ 1003.085177][ T5026] ? __vma_start_write+0x17f/0x280 [ 1003.085200][ T5026] ? __pfx___vma_start_write+0x10/0x10 [ 1003.085228][ T5026] move_vma+0x574/0x1920 [ 1003.085246][ T5026] ? __pfx_move_vma+0x10/0x10 [ 1003.085264][ T5026] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 1003.085285][ T5026] ? cap_mmap_addr+0x4b/0x120 [ 1003.085306][ T5026] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1003.085320][ T5026] ? security_mmap_addr+0x71/0x1e0 [ 1003.085336][ T5026] ? __get_unmapped_area+0x255/0x3e0 [ 1003.085358][ T5026] ? vrm_set_new_addr+0x204/0x290 [ 1003.085376][ T5026] mremap_to+0x234/0x4c0 [ 1003.085391][ T5026] ? mas_walk+0x6ef/0x9b0 [ 1003.085408][ T5026] ? __pfx_mremap_to+0x10/0x10 [ 1003.085423][ T5026] ? check_prep_vma+0x912/0xe60 [ 1003.085443][ T5026] __do_sys_mremap+0x88c/0x1850 [ 1003.085465][ T5026] ? __pfx___do_sys_mremap+0x10/0x10 [ 1003.085480][ T5026] ? ksys_write+0x190/0x250 [ 1003.085499][ T5026] ? __pfx_do_futex+0x10/0x10 [ 1003.085521][ T5026] ? __x64_sys_futex+0x34f/0x4d0 [ 1003.085549][ T5026] do_syscall_64+0x115/0x840 [ 1003.085565][ T5026] ? clear_bhb_loop+0x40/0x90 [ 1003.085583][ T5026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.085599][ T5026] RIP: 0033:0x7f9d4379ce59 [ 1003.085614][ T5026] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1003.085629][ T5026] RSP: 002b:00007f9d44726028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1003.085644][ T5026] RAX: ffffffffffffffda RBX: 00007f9d43a15fa0 RCX: 00007f9d4379ce59 [ 1003.085655][ T5026] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 1003.085664][ T5026] RBP: 00007f9d43832e6f R08: 0000000100000000 R09: 0000000000000000 [ 1003.085674][ T5026] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1003.085684][ T5026] R13: 00007f9d43a16038 R14: 00007f9d43a15fa0 R15: 00007ffec9fa9608 [ 1003.085704][ T5026] [ 1003.946518][T14944] Bluetooth: hci5: command tx timeout [ 1004.868272][ T5005] bridge0: port 1(bridge_slave_0) entered blocking state [ 1004.913094][ T5005] bridge0: port 1(bridge_slave_0) entered disabled state [ 1004.961318][ T5005] bridge_slave_0: entered allmulticast mode [ 1005.009566][ T5005] bridge_slave_0: entered promiscuous mode [ 1005.050287][ T5005] bridge0: port 2(bridge_slave_1) entered blocking state [ 1005.089416][ T5005] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.127053][ T5005] bridge_slave_1: entered allmulticast mode [ 1005.163724][ T5005] bridge_slave_1: entered promiscuous mode [ 1005.311823][ T5005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1005.670772][ T5064] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14429'. [ 1005.898038][ T5005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1005.932839][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1005.950210][T14936] bridge_slave_1: left allmulticast mode [ 1005.956377][T14936] bridge_slave_1: left promiscuous mode [ 1005.961977][T32100] Bluetooth: hci5: command tx timeout [ 1005.968072][T14936] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.997709][T14936] bridge_slave_0: left allmulticast mode [ 1006.020869][T14936] bridge_slave_0: left promiscuous mode [ 1006.058867][T14936] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.646192][T14936] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1006.706884][T14936] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1006.784803][T14936] bond0 (unregistering): Released all slaves [ 1006.956634][ T5005] team0: Port device team_slave_0 added [ 1007.077165][ T5005] team0: Port device team_slave_1 added [ 1007.336421][ T5098] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14442'. [ 1007.365718][ T5005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1007.403923][ T5005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.543205][ T5005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1007.643046][ T5005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1007.701871][ T5005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.838829][ T5005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1007.963691][T14936] hsr_slave_0: left promiscuous mode [ 1008.009742][T14936] hsr_slave_1: left promiscuous mode [ 1008.021844][T32100] Bluetooth: hci5: command tx timeout [ 1008.047339][T14936] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1008.093067][T14936] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1008.148254][T14936] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1008.193290][T14936] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1008.281124][T14936] veth1_macvtap: left promiscuous mode [ 1008.308571][T14936] veth0_macvtap: left promiscuous mode [ 1008.342225][T14936] veth1_vlan: left promiscuous mode [ 1008.371609][T14936] veth0_vlan: left promiscuous mode [ 1009.240589][T14936] team0 (unregistering): Port device team_slave_1 removed [ 1009.307516][T14936] team0 (unregistering): Port device team_slave_0 removed [ 1009.450289][ T5136] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14452'. [ 1009.632808][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1009.653025][ T5118] kexec: Could not allocate control_code_buffer [ 1009.820774][ T5005] hsr_slave_0: entered promiscuous mode [ 1009.863097][ T5005] hsr_slave_1: entered promiscuous mode [ 1009.892213][ T5005] debugfs: 'hsr0' already exists in 'hsr' [ 1009.921610][ T5005] Cannot create hsr debugfs directory [ 1010.091655][T32100] Bluetooth: hci5: command tx timeout [ 1010.421373][ T5154] netlink: 78 bytes leftover after parsing attributes in process `syz.0.14457'. [ 1011.197431][ T5175] Process accounting resumed [ 1011.289133][T32100] Bluetooth: hci4: command 0x0406 tx timeout [ 1012.931732][ T5005] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1012.994401][ T5005] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1013.042688][ T5005] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1013.131601][ T5005] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1013.181370][ T5005] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1013.223994][ T5005] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1013.267601][ T5005] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1013.351470][ T5005] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1013.680541][ T5005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1013.786339][ T5005] 8021q: adding VLAN 0 to HW filter on device team0 [ 1013.849343][T14936] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.856484][T14936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1013.957224][T14942] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.964389][T14942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1014.990402][ T5260] netlink: 326 bytes leftover after parsing attributes in process `syz.0.14475'. [ 1015.168449][ T5266] netlink: 36 bytes leftover after parsing attributes in process `syz.4.14476'. [ 1015.641326][ T5005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1016.698649][ T5005] veth0_vlan: entered promiscuous mode [ 1016.744513][ T5005] veth1_vlan: entered promiscuous mode [ 1016.863987][ T5005] veth0_macvtap: entered promiscuous mode [ 1016.908906][ T5005] veth1_macvtap: entered promiscuous mode [ 1016.974185][ T5005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1017.044997][ T5005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1017.109506][T14942] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.155446][T14942] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.196632][T14942] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.268626][T14942] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1017.473252][T14942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.519635][T14942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1017.647205][T14942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.690487][T14942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1018.689848][ T5342] unsupported nlmsg_type 40 [ 1019.105678][ T5352] No such timeout policy "" [ 1019.133732][ T5352] netlink: Failed to associated timeout policy '' [ 1019.950952][ T5368] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14499'. [ 1020.095784][ T5370] netlink: 28 bytes leftover after parsing attributes in process `syz.5.14500'. [ 1020.161852][ T5370] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1020.195490][ T5370] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1020.218736][ T5374] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14502'. [ 1020.243287][ T5370] bond0 (unregistering): Released all slaves [ 1020.263067][ T5374] Â: entered allmulticast mode [ 1020.431949][ T5376] netlink: 334 bytes leftover after parsing attributes in process `syz.3.14503'. [ 1020.702700][ T5387] netlink: 206 bytes leftover after parsing attributes in process `syz.3.14508'. [ 1024.837786][ T5458] netlink: 20 bytes leftover after parsing attributes in process `syz.0.14531'. [ 1025.047230][ T5466] netlink: 114 bytes leftover after parsing attributes in process `syz.5.14535'. [ 1025.247492][T14944] block nbd2: Receive control failed (result -32) [ 1026.430539][ T5487] vivid-008: ================= START STATUS ================= [ 1026.492937][ T5487] vivid-008: ================== END STATUS ================== [ 1027.069775][T14944] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1028.483593][ T5523] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14554'. [ 1028.975418][ T5533] ERROR: Out of memory at tomoyo_memory_ok. [ 1029.313440][ T5544] netlink: 'syz.3.14562': attribute type 1 has an invalid length. [ 1029.340800][ T5544] netlink: 322 bytes leftover after parsing attributes in process `syz.3.14562'. [ 1029.384448][ T5544] netlink: 'syz.3.14562': attribute type 1 has an invalid length. [ 1029.410804][ T5544] netlink: 322 bytes leftover after parsing attributes in process `syz.3.14562'. [ 1030.038007][ T5563] ERROR: Out of memory at tomoyo_memory_ok. [ 1031.933432][T32100] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1031.952107][T32100] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1031.960143][T32100] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1031.970352][T32100] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1031.980434][T32100] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1032.260252][ T5601] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1032.350824][ T5605] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14585'. [ 1032.450343][ T5605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1032.480233][ T5608] netlink: 326 bytes leftover after parsing attributes in process `syz.5.14586'. [ 1032.498465][ T5605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1032.525373][ T5605] bond0 (unregistering): Released all slaves [ 1033.411376][ T30] INFO: task syz.1.13738:2929 blocked for more than 143 seconds. [ 1033.444670][ T30] Tainted: G U L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1033.480528][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1033.539292][ T30] task:syz.1.13738 state:D stack:27560 pid:2929 tgid:2924 ppid:5625 task_flags:0x400140 flags:0x00080002 [ 1033.612462][ T30] Call Trace: [ 1033.651171][ T30] [ 1033.683050][ T30] __schedule+0x125c/0x6730 [ 1033.738619][ T30] ? do_raw_spin_lock+0x128/0x260 [ 1033.773789][ T30] ? __pfx___schedule+0x10/0x10 [ 1033.807878][ T30] ? find_held_lock+0x2b/0x80 [ 1033.841048][ T30] ? schedule+0x2bf/0x390 [ 1033.852980][ T30] schedule+0xdd/0x390 [ 1033.867418][ T30] schedule_preempt_disabled+0x13/0x30 [ 1033.891400][ T30] __mutex_lock+0xccc/0x1bd0 [ 1033.911049][ T30] ? nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 1033.941886][ T30] ? __lock_acquire+0x49f/0x1a40 [ 1033.956966][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1033.978289][ T30] ? net_generic+0xea/0x2a0 [ 1033.986956][ T30] ? net_generic+0xea/0x2a0 [ 1034.001710][ T30] ? nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 1034.022656][ T30] nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 1034.046887][T32100] Bluetooth: hci6: command tx timeout [ 1034.057361][ T30] genl_family_rcv_msg_doit+0x214/0x300 [ 1034.063567][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1034.076399][ T30] ? genl_get_cmd+0x3e7/0x760 [ 1034.086402][ T30] ? bpf_lsm_capable+0x9/0x10 [ 1034.096370][ T30] ? security_capable+0x80/0x260 [ 1034.106347][ T30] genl_rcv_msg+0x560/0x800 [ 1034.117064][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1034.127217][ T30] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 1034.145964][ T30] netlink_rcv_skb+0x159/0x420 [ 1034.152208][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1034.165867][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1034.172639][ T30] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1034.184606][ T30] genl_rcv+0x28/0x40 [ 1034.195702][ T30] netlink_unicast+0x585/0x850 [ 1034.206112][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1034.213962][ T30] netlink_sendmsg+0x8b0/0xda0 [ 1034.219106][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1034.224401][ T30] ? __import_iovec+0x1d2/0x640 [ 1034.230043][ T30] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1034.238973][ T30] ____sys_sendmsg+0xa4d/0xbe0 [ 1034.243755][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1034.250316][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1034.255842][ T30] ___sys_sendmsg+0x190/0x1e0 [ 1034.260534][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1034.265988][ T30] ? __lock_acquire+0x49f/0x1a40 [ 1034.270961][ T30] __sys_sendmsg+0x160/0x210 [ 1034.275837][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1034.280972][ T30] do_syscall_64+0x115/0x840 [ 1034.285805][ T30] ? clear_bhb_loop+0x40/0x90 [ 1034.290491][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.296729][ T30] RIP: 0033:0x7efe8899ce59 [ 1034.301147][ T30] RSP: 002b:00007efe89840028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1034.309828][ T30] RAX: ffffffffffffffda RBX: 00007efe88c16090 RCX: 00007efe8899ce59 [ 1034.318020][ T30] RDX: 0000000000040010 RSI: 0000200000000000 RDI: 0000000000000004 [ 1034.326188][ T30] RBP: 00007efe88a32e6f R08: 0000000000000000 R09: 0000000000000000 [ 1034.334160][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1034.344443][ T30] R13: 00007efe88c16128 R14: 00007efe88c16090 R15: 00007fffcfbfd998 [ 1034.353667][ T30] [ 1034.396797][ T30] [ 1034.396797][ T30] Showing all locks held in the system: [ 1034.445642][ T30] 1 lock held by khungtaskd/30: [ 1034.463527][ T30] #0: ffffffff8e7e5ec0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1034.504118][ T30] 2 locks held by getty/22814: [ 1034.511932][ T30] #0: ffff88803672a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1034.545381][ T30] #1: ffffc90003a612e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14e0 [ 1034.578609][ T30] 2 locks held by syz.1.13738/2925: [ 1034.600869][ T30] #0: ffffffff906eba68 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1034.634629][ T30] #1: ffffffff8ec6ee00 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 1034.671857][ T30] 2 locks held by syz.1.13738/2929: [ 1034.703067][ T30] #0: ffffffff906eba68 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1034.723329][ T30] #1: ffffffff8ec6ee00 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 1034.764513][ T30] 2 locks held by syz.3.13748/2956: [ 1034.773799][ T30] #0: ffff88807e80a0d8 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1034.785473][ T30] #1: ffffffff8ec6ee00 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1034.795765][ T30] 2 locks held by syz-executor/3006: [ 1034.801050][ T30] #0: ffff88802ca300d8 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1034.812106][ T30] #1: ffffffff8ec6ee00 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1034.821918][ T30] 2 locks held by syz.2.13893/3408: [ 1034.827291][ T30] #0: ffff888058df80d8 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1034.837890][ T30] #1: ffffffff8ec6ee00 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1034.850343][ T30] 1 lock held by syz-executor/4674: [ 1034.855743][ T30] #0: ffff888057820ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1034.865594][ T30] 1 lock held by syz-executor/5591: [ 1034.870786][ T30] #0: ffff888035184ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1034.880694][ T30] 1 lock held by syz.5.14595/5646: [ 1034.886524][ T30] #0: ffff88805748cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1034.921475][ T30] [ 1034.944980][ T30] ============================================= [ 1034.944980][ T30] [ 1034.980361][ T30] NMI backtrace for cpu 0 [ 1034.980380][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1034.980403][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1034.980409][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1034.980419][ T30] Call Trace: [ 1034.980426][ T30] [ 1034.980433][ T30] dump_stack_lvl+0x100/0x190 [ 1034.980458][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1034.980479][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1034.980499][ T30] nmi_trigger_cpumask_backtrace+0x21c/0x2a0 [ 1034.980526][ T30] sys_info+0x141/0x190 [ 1034.980546][ T30] watchdog+0xcb1/0x1030 [ 1034.980572][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1034.980597][ T30] ? __pfx_watchdog+0x10/0x10 [ 1034.980623][ T30] ? __kthread_parkme+0x18c/0x230 [ 1034.980646][ T30] ? kthread+0x13a/0x450 [ 1034.980665][ T30] ? __pfx_watchdog+0x10/0x10 [ 1034.980685][ T30] kthread+0x370/0x450 [ 1034.980704][ T30] ? __pfx_kthread+0x10/0x10 [ 1034.980725][ T30] ret_from_fork+0x72b/0xd50 [ 1034.980745][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1034.980768][ T30] ? __switch_to+0x800/0x10f0 [ 1034.980791][ T30] ? __switch_to_asm+0x39/0x70 [ 1034.980812][ T30] ? __pfx_kthread+0x10/0x10 [ 1034.980833][ T30] ret_from_fork_asm+0x1a/0x30 [ 1034.980863][ T30] [ 1035.187333][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1035.194203][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1035.204874][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1035.210047][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1035.220083][ T30] Call Trace: [ 1035.223343][ T30] [ 1035.226259][ T30] dump_stack_lvl+0x100/0x190 [ 1035.230925][ T30] vpanic+0x552/0x970 [ 1035.234891][ T30] ? __pfx_vpanic+0x10/0x10 [ 1035.239377][ T30] ? nmi_trigger_cpumask_backtrace+0x1c7/0x2a0 [ 1035.245522][ T30] panic+0xd1/0xe0 [ 1035.249235][ T30] ? __pfx_panic+0x10/0x10 [ 1035.253634][ T30] ? nmi_trigger_cpumask_backtrace+0x1fa/0x2a0 [ 1035.259784][ T30] ? nmi_trigger_cpumask_backtrace+0x260/0x2a0 [ 1035.265926][ T30] ? nmi_trigger_cpumask_backtrace+0x26a/0x2a0 [ 1035.272065][ T30] ? watchdog.cold+0x1ec/0x234 [ 1035.276834][ T30] ? watchdog+0xcc1/0x1030 [ 1035.281248][ T30] watchdog.cold+0x1fd/0x234 [ 1035.285826][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1035.291628][ T30] ? __pfx_watchdog+0x10/0x10 [ 1035.296294][ T30] ? __kthread_parkme+0x18c/0x230 [ 1035.301309][ T30] ? kthread+0x13a/0x450 [ 1035.305543][ T30] ? __pfx_watchdog+0x10/0x10 [ 1035.310294][ T30] kthread+0x370/0x450 [ 1035.314350][ T30] ? __pfx_kthread+0x10/0x10 [ 1035.318927][ T30] ret_from_fork+0x72b/0xd50 [ 1035.323505][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1035.328602][ T30] ? __switch_to+0x800/0x10f0 [ 1035.333267][ T30] ? __switch_to_asm+0x39/0x70 [ 1035.338020][ T30] ? __pfx_kthread+0x10/0x10 [ 1035.342614][ T30] ret_from_fork_asm+0x1a/0x30 [ 1035.347376][ T30] [ 1035.350441][ T30] Kernel Offset: disabled [ 1035.354751][ T30] Rebooting in 86400 seconds..