last executing test programs: 14.487409795s ago: executing program 0 (id=2792): mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0x2, 0x108000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) futex$auto(0x0, 0x1, 0x40000006, 0x0, 0x0, 0x80000001) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) shmget$auto(0x8, 0x10563, 0x568d1af2) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0xfffffc96) mmap$auto(0x0, 0x400, 0xfffffffffffffffa, 0xeb1, 0x401, 0x8000) madvise$auto(0x4, 0x2004, 0x15) 10.283787885s ago: executing program 0 (id=2817): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 10.15246626s ago: executing program 0 (id=2819): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) 8.905412977s ago: executing program 0 (id=2828): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0xffffffffffffffff, 0x4018620d, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/platform/vhci_hcd.5/usb20/manufacturer\x00', 0x102b42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) unshare$auto(0x40000080) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001080)='/proc/self/mountinfo\x00', 0x121302, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) write$auto(0x3, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 5.34940363s ago: executing program 0 (id=2841): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) socket(0x2, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r2, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) pwrite64$auto(0xc8, 0x0, 0x400f24, 0xc425) 4.860444539s ago: executing program 1 (id=2842): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) write$auto(r3, &(0x7f0000000440)='ON\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf0F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\xed\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0xb8c5) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010027bd7000fbdbdf250400000008001700080000008d3563429c4e72d87930f270eacc96fc58b2d7c8df268c68bb5e55d7e68056d6e39eb99a8de29719acfde6da28b91d5fd671c5f6bed408d93eb71e8386ed7b5918a6bc5ad97f0847348f46f72cd07ea77043ff229b55fdf96ad6cbb9dec661014132e604d84f11da010400"/139], 0x1c}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, r1, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000003e80)=""/238, 0xee) mmap$auto(0x0, 0x3, 0x4000000000df, 0x4000eb1, 0x401, 0x8010) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r5, 0x92106401, r5) socket(0xf, 0x3, 0x2) epoll_create$auto(0x5806) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) gettid() 4.327566325s ago: executing program 1 (id=2845): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 3.351904311s ago: executing program 1 (id=2849): socket(0x3, 0x6, 0x20000a) connect$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0xffffffff}, 0x53) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x8}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe981, 0x6, 0x16, 0xffffffffffffffff, 0x3) sendmmsg$auto(r2, 0x0, 0x9a4, 0x6fffffd) mmap$auto(0x3, 0x10000000000088, 0xdf, 0x13, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 3.351734233s ago: executing program 2 (id=2850): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MM_SET(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x4c, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_MM_VERIFY_TIME={0x8, 0x9, 0x1}, @ETHTOOL_A_MM_VERIFY_TIME={0x8, 0x9, 0x100}, @ETHTOOL_A_MM_TX_MIN_FRAG_SIZE={0x8, 0x5, 0xe2fa}, @ETHTOOL_A_MM_TX_ENABLED={0x5}, @ETHTOOL_A_MM_VERIFY_TIME={0x8, 0x9, 0x61d8}, @ETHTOOL_A_MM_TX_MIN_FRAG_SIZE={0x8, 0x5, 0x9fb}, @ETHTOOL_A_MM_PMAC_ENABLED={0x5, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/modules\x00', 0x88880, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f0000000240)={[0xe, 0x91e3, 0xb, 0xc, 0x0, 0xf58, 0x3, 0x104412d, 0x8, 0x0, 0xf, 0xd, 0x8000000000000, 0x84c, 0x3, 0x7]}, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffd8ef, 0xfffffefd, 0x0, 0x6) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/mmap_min_addr\x00', 0x143182, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x94) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x94) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xd496}, 0x2, 0x0, 0x5, 0xa505}, 0x800}, 0x7, 0x1) ioctl$auto_VHOST_SET_LOG_FD(r2, 0x4004af07, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x7}) write$auto(0x3, 0x0, 0xfdef) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) ioctl$auto_KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) write$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(r3, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x14, r1, 0x400, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x4000004) 3.273415405s ago: executing program 3 (id=2851): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/current_tracer\x00', 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000900)='/proc/sys/kernel/pid_max\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/io\x00', 0x180780, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 3.089524638s ago: executing program 2 (id=2852): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) 2.971177235s ago: executing program 3 (id=2853): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) 2.913031695s ago: executing program 2 (id=2854): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/mounts\x00', 0x105442, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)=""/4096, 0x1000) mmap$auto(0x0, 0x400, 0x8000, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) ioctl$auto(r1, 0xc0045627, r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) ioctl$auto_USB_RAW_IOCTL_EP0_READ(0xffffffffffffffff, 0xc0085504, &(0x7f0000001100)={0x0, 0x1, 0x0, "1dd856a19ef964bc601a2f7134246fa5c038b621d8d73387f8159f52d0f8f88b6125271c9995b5637e095302bfca39993337a32745379d723e1d830e5a7eddbd01d57bc1aa0c2789572357355d2dd18fd3177e748589cf5f8111c282a5532931a72cb855e0417deceaaf6f0d09fa0b876fe0ae05975d5235c2034449c9afc18ac5bf1e831b39d8c5f160e28a59ae8532e6e8b9e4bc3ddefbfddb3c451db11b5c4b88a02815c3d5e401000c7c1cc69d3677a92a6fff0a9857e2042e492d2d4289935145b01f49c3d30fba3e6273b76c0c6af84f6e474152"}) 2.821912105s ago: executing program 1 (id=2855): r0 = socket(0x22, 0x1, 0xe) move_pages$auto(0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0) mmap$auto(0x7, 0x20004, 0x1ff, 0x2eb1, r0, 0x200000000008000) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x25}}, 0x54) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fdatasync$auto(r0) waitid$auto(0x8, 0xffffffffffffffff, 0x0, 0x3, 0x0) mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x8, 0xfffffffffffffff9, 0xeb1, r1, 0x164) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) recvmmsg$auto(0x3, 0x0, 0x7c559d78, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000003, 0x2f4a3a23) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) writev$auto(r2, &(0x7f0000000300)={&(0x7f0000000200), 0x200}, 0x3) 2.034230274s ago: executing program 0 (id=2856): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) 2.006115437s ago: executing program 3 (id=2857): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 1.924280084s ago: executing program 2 (id=2858): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 1.659963217s ago: executing program 1 (id=2859): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000881}, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) 1.659736584s ago: executing program 3 (id=2860): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2924c356430986d58282a307", @ANYRES16=r2, @ANYBLOB="090027bd7000fbdbdf2503000000080008", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) msgsnd$auto(0x2, &(0x7f0000000300)={0x4, 0x9}, 0x65, 0xfffffffd) fsconfig$auto(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c", 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000011, 0x3, 0x5, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x35d, 0x439c, 0x9, 0x7}) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r5, 0x3, 0x81, @uprobe_multi={0x3, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x96) 561.462668ms ago: executing program 2 (id=2861): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) io_uring_setup$auto(0x401, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = socket(0x15, 0x5, 0x0) getsockopt$auto(r0, 0x114, 0x2717, 0xfffffffffffffffc, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xa, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x10bb41, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x2) rseq$auto(&(0x7f0000000040)={0x0, 0xb5, 0xd8, 0xb, 0x4, 0x6, "7e43a9123f7276a4f56b4925ab5dd6ea0e1753f941416b32654e5ebd7b01931dc665121640676617e5e1faae9c63cbd84725308c734d3207ac723fb78a5ed6a9dd92e689d28cff42f027a8e5391d44"}, 0x1000, 0x1, 0x8001) write$auto(0x3, 0x0, 0xfdef) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x0, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, 0x0) 345.811613ms ago: executing program 2 (id=2862): connect$auto(0x3, 0x0, 0x54) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x200, 0x1c7) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0xd, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) r1 = syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r1, 0x711, 0x70b52c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848) shmctl$auto_SHM_INFO(0x8000, 0xe, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0x7ff) ptrace$auto(0x10, r2, 0x1, 0x94d1) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x4, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x4303, 0x1, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x3ff, 0xcb}) semctl$auto(0x7, 0x2, 0x13, 0x1) socket(0x1e, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) 345.633106ms ago: executing program 3 (id=2863): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 7.631565ms ago: executing program 1 (id=2864): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 0s ago: executing program 3 (id=2865): socket(0x3, 0x6, 0x20000a) connect$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0xffffffff}, 0x53) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x8}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe981, 0x6, 0x16, 0xffffffffffffffff, 0x3) sendmmsg$auto(r2, 0x0, 0x9a4, 0x6fffffd) mmap$auto(0x3, 0x10000000000088, 0xdf, 0x13, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) kernel console output (not intermixed with test programs): .045501][T15667] ? __might_fault+0xc5/0x140 [ 787.045514][T15667] ? __might_fault+0xc5/0x140 [ 787.045534][T15667] __sys_bpf+0x2091/0x4b90 [ 787.045554][T15667] ? futex_private_hash_put+0x107/0x1c0 [ 787.045577][T15667] ? __pfx___sys_bpf+0x10/0x10 [ 787.045599][T15667] ? __pfx_futex_wake+0x10/0x10 [ 787.045618][T15667] ? io_uring_setup+0xd7/0x160 [ 787.045642][T15667] ? do_futex+0x192/0x350 [ 787.045667][T15667] ? xfd_validate_state+0x129/0x190 [ 787.045689][T15667] __x64_sys_bpf+0x7b/0xc0 [ 787.045710][T15667] ? lockdep_hardirqs_on+0x78/0x100 [ 787.045725][T15667] do_syscall_64+0x106/0xf80 [ 787.045738][T15667] ? clear_bhb_loop+0x40/0x90 [ 787.045756][T15667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.045772][T15667] RIP: 0033:0x7f53eb79bf79 [ 787.045785][T15667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 787.045800][T15667] RSP: 002b:00007f53ec717028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 787.045815][T15667] RAX: ffffffffffffffda RBX: 00007f53eba16090 RCX: 00007f53eb79bf79 [ 787.045824][T15667] RDX: 00000000000006f4 RSI: 0000200000000580 RDI: 0000000000000000 [ 787.045833][T15667] RBP: 00007f53eb8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 787.045841][T15667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.045850][T15667] R13: 00007f53eba16128 R14: 00007f53eba16090 R15: 00007fff79a56628 [ 787.045869][T15667] [ 787.417660][T15659] syz.0.2574 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 787.428749][T15659] CPU: 0 UID: 0 PID: 15659 Comm: syz.0.2574 Tainted: G U L syzkaller #0 PREEMPT(full) [ 787.428774][T15659] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 787.428779][T15659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 787.428788][T15659] Call Trace: [ 787.428794][T15659] [ 787.428800][T15659] dump_stack_lvl+0x100/0x190 [ 787.428825][T15659] dump_header+0xfb/0x606 [ 787.428841][T15659] oom_kill_process.cold+0xd/0x321 [ 787.428857][T15659] out_of_memory+0x340/0x14f0 [ 787.428877][T15659] ? __pfx_out_of_memory+0x10/0x10 [ 787.428897][T15659] mem_cgroup_out_of_memory+0xc6/0x130 [ 787.428917][T15659] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 787.428936][T15659] ? find_held_lock+0x2b/0x80 [ 787.428958][T15659] ? do_raw_spin_unlock+0x145/0x1e0 [ 787.428974][T15659] ? _raw_spin_unlock+0x28/0x50 [ 787.428996][T15659] try_charge_memcg+0x652/0xc90 [ 787.429017][T15659] ? __pfx_try_charge_memcg+0x10/0x10 [ 787.429037][T15659] ? find_held_lock+0x2b/0x80 [ 787.429053][T15659] ? rcu_read_unlock+0x17/0x60 [ 787.429069][T15659] ? rcu_read_unlock+0x17/0x60 [ 787.429100][T15659] charge_memcg+0xa6/0x280 [ 787.429116][T15659] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 787.429137][T15659] __read_swap_cache_async+0x449/0x610 [ 787.429162][T15659] ? __pfx___read_swap_cache_async+0x10/0x10 [ 787.429185][T15659] ? __xa_erase+0xec/0x150 [ 787.429199][T15659] ? __pfx___xa_erase+0x10/0x10 [ 787.429215][T15659] swap_cluster_readahead+0x541/0x770 [ 787.429241][T15659] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 787.429262][T15659] ? __lock_acquire+0x4a5/0x2630 [ 787.429275][T15659] ? __lock_acquire+0x4a5/0x2630 [ 787.429297][T15659] ? get_vma_policy+0x23f/0x3b0 [ 787.429316][T15659] swapin_readahead+0x14b/0x12e0 [ 787.429343][T15659] ? __pfx_swapin_readahead+0x10/0x10 [ 787.429364][T15659] ? find_held_lock+0x2b/0x80 [ 787.429382][T15659] ? swap_cache_get_folio+0x272/0x920 [ 787.429404][T15659] ? swap_cache_get_folio+0x272/0x920 [ 787.429422][T15659] ? swap_cache_get_folio+0x1f/0x920 [ 787.429441][T15659] ? swap_cache_get_folio+0x2a2/0x920 [ 787.429462][T15659] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 787.429480][T15659] ? __pfx_get_swap_device+0x10/0x10 [ 787.429500][T15659] ? do_swap_page+0x9ba/0x6810 [ 787.429519][T15659] do_swap_page+0x9ba/0x6810 [ 787.429541][T15659] ? __lock_acquire+0x4a5/0x2630 [ 787.429560][T15659] ? __pfx_do_swap_page+0x10/0x10 [ 787.429581][T15659] ? __pfx_default_wake_function+0x10/0x10 [ 787.429602][T15659] ? do_fault+0xa14/0x1990 [ 787.429622][T15659] ? rcu_is_watching+0x12/0xc0 [ 787.429638][T15659] ? __pte_offset_map+0x179/0x310 [ 787.429657][T15659] __handle_mm_fault+0x18b9/0x2b50 [ 787.429681][T15659] ? reacquire_held_locks+0xce/0x1e0 [ 787.429696][T15659] ? __pfx___handle_mm_fault+0x10/0x10 [ 787.429719][T15659] ? lock_vma_under_rcu+0x17c/0x5a0 [ 787.429751][T15659] handle_mm_fault+0x36d/0xa20 [ 787.429775][T15659] do_user_addr_fault+0x5a3/0x12f0 [ 787.429799][T15659] exc_page_fault+0x6f/0xd0 [ 787.429813][T15659] asm_exc_page_fault+0x26/0x30 [ 787.429827][T15659] RIP: 0033:0x7f7412e70788 [ 787.429840][T15659] Code: 00 be 08 00 00 00 4c 89 ff 83 c5 01 e8 11 95 fe ff 49 8b 47 40 41 83 47 30 08 48 8d 48 f8 49 89 4f 40 48 89 58 f8 49 83 c5 01 <45> 3b 6c 24 04 0f 82 fd fe ff ff 41 80 7f 60 00 0f 84 4a 02 00 00 [ 787.429853][T15659] RSP: 002b:00007ffd90720af0 EFLAGS: 00010202 [ 787.429865][T15659] RAX: 0000001b307220f0 RBX: ffffffff84ddf3a4 RCX: 0000001b307220e8 [ 787.429874][T15659] RDX: 0000001b3032421c RSI: 0000000000000008 RDI: 00007f7413d45720 [ 787.429883][T15659] RBP: 0000000000000002 R08: 00007f7413200000 R09: 00007f7413202000 [ 787.429891][T15659] R10: 0000000084ddf3a8 R11: 0000000000000002 R12: 00007f7413216128 [ 787.429899][T15659] R13: 0000000000000002 R14: ffffffff84ddfe36 R15: 00007f7413d45720 [ 787.429910][T15659] ? __x64_sys_io_uring_setup+0x76/0x170 [ 787.429929][T15659] ? io_prepare_config+0x6f4/0xd80 [ 787.429951][T15659] [ 787.429957][T15659] memory: usage 3072kB, limit 3072kB, failcnt 79360 [ 788.159182][T15672] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 788.260364][T15677] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2565'. [ 788.297542][T15680] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 788.482786][T15659] memory+swap: usage 7328kB, limit 9007199254740988kB, failcnt 0 [ 788.515695][T15659] kmem: usage 3028kB, limit 9007199254740988kB, failcnt 0 [ 788.552159][T15659] Memory cgroup stats for /syz0: [ 788.552258][T15659] cache 0 [ 788.580409][T15659] rss 4096 [ 788.594342][T15659] rss_huge 0 [ 788.609234][T15659] shmem 0 [ 788.624443][T15659] mapped_file 0 [ 788.641542][T15659] dirty 0 [ 788.656593][T15659] writeback 0 [ 788.671163][T15659] workingset_refault_anon 17190 [ 788.693955][T15659] workingset_refault_file 23035 [ 788.720840][T15659] swap 4366336 [ 788.739428][T15659] swapcached 36864 [ 788.757054][T15659] pgpgin 618722 [ 788.783226][T15659] pgpgout 640799 [ 788.795585][T15659] pgfault 419863 [ 788.809384][T15659] pgmajfault 5290 [ 788.813053][T15659] inactive_anon 36864 [ 788.841681][T15659] active_anon 0 [ 788.864273][T15659] inactive_file 0 [ 788.877028][T15659] active_file 0 [ 788.890918][T15659] unevictable 0 [ 788.907722][T15659] hierarchical_memory_limit 3145728 [ 788.926929][T15659] hierarchical_memsw_limit 9223372036854771712 [ 788.956483][T15659] total_cache 0 [ 788.964953][T15659] total_rss 4096 [ 789.001531][T15659] total_rss_huge 0 [ 789.024206][T15659] total_shmem 0 [ 789.036809][T15659] total_mapped_file 0 [ 789.096549][T15659] total_dirty 0 [ 789.100025][T15659] total_writeback 0 [ 789.103838][T15659] total_workingset_refault_anon 17190 [ 789.178943][T15659] total_workingset_refault_file 23035 [ 789.184339][T15659] total_swap 4366336 [ 789.215072][T15659] total_swapcached 36864 [ 789.242037][T15659] total_pgpgin 618722 [ 789.246146][T15659] total_pgpgout 640799 [ 789.276894][T15659] total_pgfault 419863 [ 789.295822][T15659] total_pgmajfault 5290 [ 789.316217][T15659] total_inactive_anon 36864 [ 789.344179][T15659] total_active_anon 0 [ 789.360931][T15659] total_inactive_file 0 [ 789.365106][T15659] total_active_file 0 [ 789.400603][T15659] total_unevictable 0 [ 789.404604][T15659] anon_cost 68 [ 789.439885][T15659] file_cost 0 [ 789.448903][T15659] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2574,pid=15659,uid=0 [ 789.519599][T15659] Memory cgroup out of memory: Killed process 15659 (syz.0.2574) total-vm:106452kB, anon-rss:1352kB, file-rss:22544kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 790.222316][T15708] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 790.674997][T15709] Process accounting paused [ 794.252152][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 794.402390][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 794.402431][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 794.402437][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 794.402445][ T5820] Call Trace: [ 794.402451][ T5820] [ 794.402456][ T5820] dump_stack_lvl+0x100/0x190 [ 794.402481][ T5820] dump_header+0xfb/0x606 [ 794.402497][ T5820] oom_kill_process.cold+0xd/0x321 [ 794.402513][ T5820] out_of_memory+0x340/0x14f0 [ 794.402532][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 794.402554][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 794.402575][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 794.402597][ T5820] ? find_held_lock+0x2b/0x80 [ 794.402621][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 794.402637][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 794.402659][ T5820] try_charge_memcg+0x652/0xc90 [ 794.402681][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 794.402702][ T5820] ? find_held_lock+0x2b/0x80 [ 794.402722][ T5820] ? rcu_read_unlock+0x17/0x60 [ 794.402738][ T5820] ? rcu_read_unlock+0x17/0x60 [ 794.402757][ T5820] charge_memcg+0xa6/0x280 [ 794.402773][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 794.402794][ T5820] __read_swap_cache_async+0x449/0x610 [ 794.402818][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 794.402838][ T5820] ? mlock_drain_local+0x254/0x4e0 [ 794.402851][ T5820] ? mlock_drain_local+0x254/0x4e0 [ 794.402871][ T5820] swap_cluster_readahead+0x541/0x770 [ 794.402890][ T5820] ? __schedule+0x1035/0x6000 [ 794.402914][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 794.402936][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 794.402959][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 794.402979][ T5820] swapin_readahead+0x14b/0x12e0 [ 794.403005][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 794.403026][ T5820] ? find_held_lock+0x2b/0x80 [ 794.403044][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 794.403066][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 794.403084][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 794.403102][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 794.403123][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 794.403142][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 794.403158][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 794.403181][ T5820] ? do_swap_page+0x9ba/0x6810 [ 794.403200][ T5820] do_swap_page+0x9ba/0x6810 [ 794.403222][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 794.403240][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 794.403261][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 794.403285][ T5820] ? __free_object+0x2a8/0x400 [ 794.403303][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 794.403318][ T5820] ? rcu_is_watching+0x12/0xc0 [ 794.403335][ T5820] ? __pte_offset_map+0x179/0x310 [ 794.403354][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 794.403378][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 794.403392][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 794.403416][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 794.403452][ T5820] handle_mm_fault+0x36d/0xa20 [ 794.403476][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 794.403501][ T5820] exc_page_fault+0x6f/0xd0 [ 794.403514][ T5820] asm_exc_page_fault+0x26/0x30 [ 794.403527][ T5820] RIP: 0033:0x7f7412f5c84e [ 794.403540][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 794.403553][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 794.403565][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 794.403574][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 794.403582][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 794.403590][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 794.403598][ T5820] R13: 00000000000927c0 R14: 00000000000c1c54 R15: 00007ffd90720ea0 [ 794.403617][ T5820] [ 796.012359][ T5820] memory: usage 3068kB, limit 3072kB, failcnt 82174 [ 796.021287][T14473] Bluetooth: hci4: command 0xfc11 tx timeout [ 796.028846][T15461] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 796.058615][ T5820] memory+swap: usage 3192kB, limit 9007199254740988kB, failcnt 0 [ 796.066362][ T5820] kmem: usage 2996kB, limit 9007199254740988kB, failcnt 0 [ 796.114077][ T5820] Memory cgroup stats for /syz0: [ 796.114182][ T5820] cache 0 [ 796.126618][ T5820] rss 0 [ 796.129394][ T5820] rss_huge 0 [ 796.132587][ T5820] shmem 0 [ 796.145756][ T5820] mapped_file 0 [ 796.156065][ T5820] dirty 0 [ 796.166524][ T5820] writeback 0 [ 796.169822][ T5820] workingset_refault_anon 18541 [ 796.188322][ T5820] workingset_refault_file 23035 [ 796.193206][ T5820] swap 126976 [ 796.206514][ T5820] swapcached 73728 [ 796.210358][ T5820] pgpgin 621131 [ 796.213796][ T5820] pgpgout 643206 [ 796.226532][ T5820] pgfault 422209 [ 796.230134][ T5820] pgmajfault 5984 [ 796.244262][ T5820] inactive_anon 73728 [ 796.248466][ T5820] active_anon 0 [ 796.251909][ T5820] inactive_file 0 [ 796.265749][ T5820] active_file 0 [ 796.275976][ T5820] unevictable 0 [ 796.279738][ T5820] hierarchical_memory_limit 3145728 [ 796.284954][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 796.306486][ T5820] total_cache 0 [ 796.309957][ T5820] total_rss 0 [ 796.316669][ T5820] total_rss_huge 0 [ 796.326485][ T5820] total_shmem 0 [ 796.329953][ T5820] total_mapped_file 0 [ 796.344141][ T5820] total_dirty 0 [ 796.354270][ T5820] total_writeback 0 [ 796.358391][ T5820] total_workingset_refault_anon 18541 [ 796.374510][ T5820] total_workingset_refault_file 23035 [ 796.380800][ T5820] total_swap 126976 [ 796.389992][ T5820] total_swapcached 73728 [ 796.394232][ T5820] total_pgpgin 621131 [ 796.398681][ T5820] total_pgpgout 643206 [ 796.402736][ T5820] total_pgfault 422209 [ 796.409592][ T5820] total_pgmajfault 5984 [ 796.413743][ T5820] total_inactive_anon 73728 [ 796.419155][ T5820] total_active_anon 0 [ 796.424509][ T5820] total_inactive_file 0 [ 796.429194][ T5820] total_active_file 0 [ 796.433165][ T5820] total_unevictable 0 [ 796.437416][ T5820] anon_cost 23 [ 796.440868][ T5820] file_cost 0 [ 796.444172][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2583,pid=15747,uid=0 [ 796.459634][ T5820] Memory cgroup out of memory: Killed process 15747 (syz.0.2583) total-vm:104400kB, anon-rss:1224kB, file-rss:21900kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 797.335047][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 797.550499][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 797.550526][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 797.550531][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 797.550540][ T5820] Call Trace: [ 797.550545][ T5820] [ 797.550551][ T5820] dump_stack_lvl+0x100/0x190 [ 797.550576][ T5820] dump_header+0xfb/0x606 [ 797.550592][ T5820] oom_kill_process.cold+0xd/0x321 [ 797.550608][ T5820] out_of_memory+0x340/0x14f0 [ 797.550628][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 797.550648][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 797.550669][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 797.550687][ T5820] ? find_held_lock+0x2b/0x80 [ 797.550709][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 797.550729][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 797.550750][ T5820] try_charge_memcg+0x652/0xc90 [ 797.550771][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 797.550791][ T5820] ? find_held_lock+0x2b/0x80 [ 797.550808][ T5820] ? rcu_read_unlock+0x17/0x60 [ 797.550823][ T5820] ? rcu_read_unlock+0x17/0x60 [ 797.550842][ T5820] charge_memcg+0xa6/0x280 [ 797.550857][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 797.550879][ T5820] __read_swap_cache_async+0x449/0x610 [ 797.550904][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 797.550927][ T5820] ? __pfx___might_resched+0x10/0x10 [ 797.550943][ T5820] ? prepare_alloc_pages+0x16d/0x5f0 [ 797.550963][ T5820] swap_cluster_readahead+0x414/0x770 [ 797.550988][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 797.551009][ T5820] ? rcu_is_watching+0x12/0xc0 [ 797.551061][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 797.551080][ T5820] swapin_readahead+0x14b/0x12e0 [ 797.551107][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 797.551128][ T5820] ? find_held_lock+0x2b/0x80 [ 797.551146][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 797.551168][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 797.551186][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 797.551205][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 797.551226][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 797.551245][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 797.551261][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 797.551284][ T5820] ? do_swap_page+0x9ba/0x6810 [ 797.551303][ T5820] do_swap_page+0x9ba/0x6810 [ 797.551325][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 797.551344][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 797.551365][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 797.551386][ T5820] ? __free_object+0x2a8/0x400 [ 797.551405][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 797.551420][ T5820] ? rcu_is_watching+0x12/0xc0 [ 797.551436][ T5820] ? __pte_offset_map+0x179/0x310 [ 797.551455][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 797.551478][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 797.551493][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 797.551516][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 797.551548][ T5820] handle_mm_fault+0x36d/0xa20 [ 797.551572][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 797.551597][ T5820] exc_page_fault+0x6f/0xd0 [ 797.551610][ T5820] asm_exc_page_fault+0x26/0x30 [ 797.551624][ T5820] RIP: 0033:0x7f7412f5c84e [ 797.551636][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 797.551650][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 797.551662][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 797.551671][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 797.551680][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 797.551695][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 797.551703][ T5820] R13: 00000000000927c0 R14: 00000000000c29e6 R15: 00007ffd90720ea0 [ 797.551722][ T5820] [ 797.551751][ T5820] memory: usage 3072kB, limit 3072kB, failcnt 82364 [ 798.241649][ T5820] memory+swap: usage 2964kB, limit 9007199254740988kB, failcnt 0 [ 798.249772][ T5820] kmem: usage 2696kB, limit 9007199254740988kB, failcnt 0 [ 798.257667][ T5820] Memory cgroup stats for /syz0: [ 798.257762][ T5820] cache 0 [ 798.327361][ T5820] rss 0 [ 798.330149][ T5820] rss_huge 0 [ 798.347778][ T5820] shmem 0 [ 798.350732][ T5820] mapped_file 0 [ 798.354175][ T5820] dirty 0 [ 798.378544][ T5820] writeback 0 [ 798.381862][ T5820] workingset_refault_anon 18606 [ 798.399557][ T5820] workingset_refault_file 23035 [ 798.404429][ T5820] swap 28672 [ 798.422113][ T5820] swapcached 32768 [ 798.436459][ T5820] pgpgin 621236 [ 798.439933][ T5820] pgpgout 643321 [ 798.453631][ T5820] pgfault 422479 [ 798.466500][ T5820] pgmajfault 6030 [ 798.471480][ T5820] inactive_anon 4096 [ 798.475372][ T5820] active_anon 28672 [ 798.489763][ T5820] inactive_file 0 [ 798.493439][ T5820] active_file 0 [ 798.507567][ T5820] unevictable 0 [ 798.518848][ T5820] hierarchical_memory_limit 3145728 [ 798.532209][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 798.545677][ T5820] total_cache 0 [ 798.555199][ T5820] total_rss 0 [ 798.563326][ T5820] total_rss_huge 0 [ 798.572556][ T5820] total_shmem 0 [ 798.576023][ T5820] total_mapped_file 0 [ 798.596307][ T5820] total_dirty 0 [ 798.604974][ T5820] total_writeback 0 [ 798.614477][ T5820] total_workingset_refault_anon 18606 [ 798.629389][ T5820] total_workingset_refault_file 23035 [ 798.642947][ T5820] total_swap 28672 [ 798.652726][ T5820] total_swapcached 32768 [ 798.662494][ T5820] total_pgpgin 621236 [ 798.675049][ T5820] total_pgpgout 643321 [ 798.686066][ T5820] total_pgfault 422479 [ 798.695934][ T5820] total_pgmajfault 6030 [ 798.706516][ T5820] total_inactive_anon 4096 [ 798.716677][ T5820] total_active_anon 28672 [ 798.726752][ T5820] total_inactive_file 0 [ 798.730931][ T5820] total_active_file 0 [ 798.746090][ T5820] total_unevictable 0 [ 798.756651][ T5820] anon_cost 45 [ 798.760035][ T5820] file_cost 0 [ 798.763297][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2591,pid=15763,uid=0 [ 798.796479][ T5820] Memory cgroup out of memory: OOM victim 15763 (syz.0.2591) is already exiting. Skip killing the task [ 804.970942][T15843] Invalid ELF header magic: != ELF [ 809.861354][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 809.902199][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 809.902226][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 809.902232][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 809.902241][ T5820] Call Trace: [ 809.902246][ T5820] [ 809.902252][ T5820] dump_stack_lvl+0x100/0x190 [ 809.902277][ T5820] dump_header+0xfb/0x606 [ 809.902293][ T5820] oom_kill_process.cold+0xd/0x321 [ 809.902309][ T5820] out_of_memory+0x340/0x14f0 [ 809.902329][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 809.902349][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 809.902369][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 809.902388][ T5820] ? find_held_lock+0x2b/0x80 [ 809.902410][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 809.902427][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 809.902449][ T5820] try_charge_memcg+0x652/0xc90 [ 809.902469][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 809.902489][ T5820] ? find_held_lock+0x2b/0x80 [ 809.902506][ T5820] ? rcu_read_unlock+0x17/0x60 [ 809.902522][ T5820] ? rcu_read_unlock+0x17/0x60 [ 809.902540][ T5820] charge_memcg+0xa6/0x280 [ 809.902556][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 809.902577][ T5820] __read_swap_cache_async+0x449/0x610 [ 809.902606][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 809.902627][ T5820] ? rcu_is_watching+0x12/0xc0 [ 809.902644][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 809.902665][ T5820] ? finish_task_switch.isra.0+0x2c6/0xb80 [ 809.902687][ T5820] swap_cluster_readahead+0x414/0x770 [ 809.902707][ T5820] ? __schedule+0x1035/0x6000 [ 809.902731][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 809.902752][ T5820] ? rcu_is_watching+0x12/0xc0 [ 809.902779][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 809.902798][ T5820] swapin_readahead+0x14b/0x12e0 [ 809.902825][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 809.902846][ T5820] ? find_held_lock+0x2b/0x80 [ 809.902864][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 809.902886][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 809.902905][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 809.902923][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 809.902944][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 809.902963][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 809.902979][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 809.903001][ T5820] ? do_swap_page+0x9ba/0x6810 [ 809.903019][ T5820] do_swap_page+0x9ba/0x6810 [ 809.903042][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 809.903060][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 809.903081][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 809.903102][ T5820] ? __free_object+0x2a8/0x400 [ 809.903120][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 809.903140][ T5820] ? rcu_is_watching+0x12/0xc0 [ 809.903157][ T5820] ? __pte_offset_map+0x179/0x310 [ 809.903175][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 809.903199][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 809.903214][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 809.903237][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 809.903269][ T5820] handle_mm_fault+0x36d/0xa20 [ 809.903293][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 809.903318][ T5820] exc_page_fault+0x6f/0xd0 [ 809.903332][ T5820] asm_exc_page_fault+0x26/0x30 [ 809.903345][ T5820] RIP: 0033:0x7f7412f5c84e [ 809.903358][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 809.903371][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 809.903383][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 809.903392][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 809.903400][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 809.903409][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 809.903417][ T5820] R13: 00000000000927c0 R14: 00000000000c5a4b R15: 00007ffd90720ea0 [ 809.903436][ T5820] [ 809.903555][ T5820] memory: usage 3072kB, limit 3072kB, failcnt 92514 [ 810.431027][ T29] audit: type=1806 audit(4294985930.219:22): xattr=0B res=-22 [ 810.548290][ T5820] memory+swap: usage 3248kB, limit 9007199254740988kB, failcnt 0 [ 810.568683][ T5820] kmem: usage 2992kB, limit 9007199254740988kB, failcnt 0 [ 810.575838][ T5820] Memory cgroup stats for /syz0: [ 810.575938][ T5820] cache 0 [ 810.638630][ T5820] rss 4096 [ 810.641786][ T5820] rss_huge 0 [ 810.644965][ T5820] shmem 0 [ 810.668096][ T5820] mapped_file 0 [ 810.679805][ T5820] dirty 0 [ 810.682757][ T5820] writeback 0 [ 810.686035][ T5820] workingset_refault_anon 21910 [ 810.726319][ T5820] workingset_refault_file 25679 [ 810.739475][ T5820] swap 172032 [ 810.742796][ T5820] swapcached 86016 [ 810.754593][ T5820] pgpgin 630348 [ 810.764638][ T5820] pgpgout 652438 [ 810.772887][ T5820] pgfault 430801 [ 810.780859][ T5820] pgmajfault 8952 [ 810.788935][ T5820] inactive_anon 12288 [ 810.792921][ T5820] active_anon 0 [ 810.804356][ T5820] inactive_file 0 [ 810.817865][ T5820] active_file 0 [ 810.825826][ T5820] unevictable 0 [ 810.831811][ T5820] hierarchical_memory_limit 3145728 [ 810.844016][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 810.856443][ T5820] total_cache 0 [ 810.865493][ T5820] total_rss 4096 [ 810.875016][ T5820] total_rss_huge 0 [ 810.881264][ T5820] total_shmem 0 [ 810.889722][ T5820] total_mapped_file 0 [ 810.893721][ T5820] total_dirty 0 [ 810.906494][ T5820] total_writeback 0 [ 810.914733][ T5820] total_workingset_refault_anon 21910 [ 810.925207][ T5820] total_workingset_refault_file 25679 [ 810.937461][ T5820] total_swap 172032 [ 810.945693][ T5820] total_swapcached 86016 [ 810.954925][ T5820] total_pgpgin 630348 [ 810.964208][ T5820] total_pgpgout 652438 [ 810.972950][ T5820] total_pgfault 430801 [ 810.982202][ T5820] total_pgmajfault 8952 [ 810.990967][ T5820] total_inactive_anon 12288 [ 810.995481][ T5820] total_active_anon 0 [ 811.008210][ T5820] total_inactive_file 0 [ 811.018937][ T5820] total_active_file 0 [ 811.025872][ T5820] total_unevictable 0 [ 811.035386][ T5820] anon_cost 48 [ 811.041179][ T5820] file_cost 0 [ 811.048859][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2625,pid=15902,uid=0 [ 811.080637][ T5820] Memory cgroup out of memory: Killed process 15902 (syz.0.2625) total-vm:141668kB, anon-rss:1352kB, file-rss:27216kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 811.432470][T15925] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2638'. [ 811.672111][T15927] syz.0.2629 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 811.747539][T15927] CPU: 0 UID: 0 PID: 15927 Comm: syz.0.2629 Tainted: G U L syzkaller #0 PREEMPT(full) [ 811.747567][T15927] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 811.747572][T15927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 811.747581][T15927] Call Trace: [ 811.747586][T15927] [ 811.747592][T15927] dump_stack_lvl+0x100/0x190 [ 811.747616][T15927] dump_header+0xfb/0x606 [ 811.747631][T15927] oom_kill_process.cold+0xd/0x321 [ 811.747648][T15927] out_of_memory+0x340/0x14f0 [ 811.747668][T15927] ? __pfx_out_of_memory+0x10/0x10 [ 811.747696][T15927] mem_cgroup_out_of_memory+0xc6/0x130 [ 811.747717][T15927] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 811.747736][T15927] ? find_held_lock+0x2b/0x80 [ 811.747758][T15927] ? do_raw_spin_unlock+0x145/0x1e0 [ 811.747775][T15927] ? _raw_spin_unlock+0x28/0x50 [ 811.747796][T15927] try_charge_memcg+0x652/0xc90 [ 811.747817][T15927] ? __pfx_try_charge_memcg+0x10/0x10 [ 811.747837][T15927] ? find_held_lock+0x2b/0x80 [ 811.747854][T15927] ? rcu_read_unlock+0x17/0x60 [ 811.747870][T15927] ? rcu_read_unlock+0x17/0x60 [ 811.747888][T15927] charge_memcg+0xa6/0x280 [ 811.747904][T15927] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 811.747925][T15927] __read_swap_cache_async+0x449/0x610 [ 811.747950][T15927] ? __pfx___read_swap_cache_async+0x10/0x10 [ 811.747970][T15927] ? __ext4_journal_stop+0xdd/0x210 [ 811.747985][T15927] ? __mark_inode_dirty+0x1f3/0x1600 [ 811.748004][T15927] ? file_update_time_flags+0x460/0x500 [ 811.748020][T15927] ? ext4_page_mkwrite+0x35b/0x1980 [ 811.748037][T15927] ? do_fault+0x3d7/0x1990 [ 811.748054][T15927] ? __handle_mm_fault+0x1807/0x2b50 [ 811.748073][T15927] ? handle_mm_fault+0x36d/0xa20 [ 811.748091][T15927] ? do_user_addr_fault+0x5a3/0x12f0 [ 811.748109][T15927] ? exc_page_fault+0x6f/0xd0 [ 811.748120][T15927] ? asm_exc_page_fault+0x26/0x30 [ 811.748136][T15927] swap_cluster_readahead+0x414/0x770 [ 811.748162][T15927] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 811.748195][T15927] ? get_vma_policy+0x23f/0x3b0 [ 811.748214][T15927] swapin_readahead+0x14b/0x12e0 [ 811.748241][T15927] ? __pfx_swapin_readahead+0x10/0x10 [ 811.748262][T15927] ? find_held_lock+0x2b/0x80 [ 811.748280][T15927] ? swap_cache_get_folio+0x272/0x920 [ 811.748302][T15927] ? swap_cache_get_folio+0x272/0x920 [ 811.748320][T15927] ? swap_cache_get_folio+0x1f/0x920 [ 811.748338][T15927] ? swap_cache_get_folio+0x2a2/0x920 [ 811.748360][T15927] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 811.748379][T15927] ? __pfx_get_swap_device+0x10/0x10 [ 811.748398][T15927] ? do_swap_page+0x9ba/0x6810 [ 811.748416][T15927] do_swap_page+0x9ba/0x6810 [ 811.748439][T15927] ? __lock_acquire+0x4a5/0x2630 [ 811.748452][T15927] ? block_dirty_folio+0x14c/0x200 [ 811.748468][T15927] ? block_dirty_folio+0x14c/0x200 [ 811.748487][T15927] ? __pfx_do_swap_page+0x10/0x10 [ 811.748508][T15927] ? __pfx_default_wake_function+0x10/0x10 [ 811.748531][T15927] ? fault_dirty_shared_page+0x190/0x690 [ 811.748548][T15927] ? rcu_is_watching+0x12/0xc0 [ 811.748565][T15927] ? __pte_offset_map+0x179/0x310 [ 811.748592][T15927] __handle_mm_fault+0x18b9/0x2b50 [ 811.748617][T15927] ? reacquire_held_locks+0xce/0x1e0 [ 811.748632][T15927] ? __pfx___handle_mm_fault+0x10/0x10 [ 811.748655][T15927] ? lock_vma_under_rcu+0x17c/0x5a0 [ 811.748691][T15927] handle_mm_fault+0x36d/0xa20 [ 811.748715][T15927] do_user_addr_fault+0x5a3/0x12f0 [ 811.748739][T15927] exc_page_fault+0x6f/0xd0 [ 811.748753][T15927] asm_exc_page_fault+0x26/0x30 [ 811.748766][T15927] RIP: 0033:0x7f7412e70788 [ 811.748779][T15927] Code: 00 be 08 00 00 00 4c 89 ff 83 c5 01 e8 11 95 fe ff 49 8b 47 40 41 83 47 30 08 48 8d 48 f8 49 89 4f 40 48 89 58 f8 49 83 c5 01 <45> 3b 6c 24 04 0f 82 fd fe ff ff 41 80 7f 60 00 0f 84 4a 02 00 00 [ 811.748792][T15927] RSP: 002b:00007ffd90720af0 EFLAGS: 00010202 [ 811.748804][T15927] RAX: 0000001b30924000 RBX: ffffffff81cc2c53 RCX: 0000001b30923ff8 [ 811.748814][T15927] RDX: 00000000005ffde8 RSI: 00000000005ffde8 RDI: 00007f7413d45700 [ 811.748822][T15927] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f7413202000 [ 811.748830][T15927] R10: 00007f7413d45700 R11: 0000000000000000 R12: 00007f7413216038 [ 811.748839][T15927] R13: 0000000000000001 R14: ffffffff81cc2539 R15: 00007f7413d45720 [ 811.748849][T15927] ? __do_sys_getpid+0x9/0x30 [ 811.748870][T15927] ? __pfx___x64_sys_times+0x3/0x10 [ 811.748890][T15927] [ 811.748895][T15927] memory: usage 2796kB, limit 3072kB, failcnt 92785 [ 812.454401][T15931] zswap: compressor not available [ 812.733818][T15927] memory+swap: usage 2880kB, limit 9007199254740988kB, failcnt 0 [ 812.741947][T15927] kmem: usage 2732kB, limit 9007199254740988kB, failcnt 0 [ 812.749786][T15927] Memory cgroup stats for /syz0: [ 812.749883][T15927] cache 0 [ 812.759443][T15927] rss 0 [ 812.762693][T15927] rss_huge 0 [ 812.765922][T15927] shmem 0 [ 812.769319][T15927] mapped_file 0 [ 812.772895][T15927] dirty 0 [ 812.775876][T15927] writeback 0 [ 812.780420][T15927] workingset_refault_anon 21965 [ 812.785380][T15927] workingset_refault_file 25679 [ 812.790648][T15927] swap 90112 [ 812.793915][T15927] swapcached 40960 [ 812.798004][T15927] pgpgin 630421 [ 812.801701][T15927] pgpgout 652523 [ 812.806788][T15927] pgfault 430912 [ 812.810434][T15927] pgmajfault 8983 [ 812.815408][T15927] inactive_anon 40960 [ 812.820334][T15927] active_anon 0 [ 812.824001][T15927] inactive_file 0 [ 812.827995][T15927] active_file 0 [ 812.831484][T15927] unevictable 0 [ 812.835019][T15927] hierarchical_memory_limit 3145728 [ 812.840556][T15927] hierarchical_memsw_limit 9223372036854771712 [ 812.847040][T15927] total_cache 0 [ 812.850928][T15927] total_rss 0 [ 812.854254][T15927] total_rss_huge 0 [ 812.858322][T15927] total_shmem 0 [ 812.861830][T15927] total_mapped_file 0 [ 812.866217][T15927] total_dirty 0 [ 812.871942][T15927] total_writeback 0 [ 812.875792][T15927] total_workingset_refault_anon 21965 [ 812.881467][T15927] total_workingset_refault_file 25679 [ 812.888004][T15927] total_swap 90112 [ 812.892200][T15927] total_swapcached 40960 [ 812.900764][T15927] total_pgpgin 630421 [ 812.904840][T15927] total_pgpgout 652523 [ 812.910470][T15927] total_pgfault 430912 [ 812.914775][T15927] total_pgmajfault 8983 [ 812.919233][T15927] total_inactive_anon 40960 [ 812.925751][T15927] total_active_anon 0 [ 812.930135][T15927] total_inactive_file 0 [ 812.935615][T15927] total_active_file 0 [ 812.940023][T15927] total_unevictable 0 [ 812.944035][T15927] anon_cost 20 [ 812.947695][T15927] file_cost 0 [ 812.951060][T15927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2629,pid=15927,uid=0 [ 812.967028][T15927] Memory cgroup out of memory: Killed process 15927 (syz.0.2629) total-vm:104268kB, anon-rss:1224kB, file-rss:21640kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 813.231893][T15943] syz.1.2634 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 813.303656][T15943] CPU: 0 UID: 0 PID: 15943 Comm: syz.1.2634 Tainted: G U L syzkaller #0 PREEMPT(full) [ 813.303683][T15943] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 813.303689][T15943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 813.303698][T15943] Call Trace: [ 813.303703][T15943] [ 813.303709][T15943] dump_stack_lvl+0x100/0x190 [ 813.303733][T15943] dump_header+0xfb/0x606 [ 813.303748][T15943] oom_kill_process.cold+0xd/0x321 [ 813.303765][T15943] out_of_memory+0x340/0x14f0 [ 813.303785][T15943] ? __pfx_out_of_memory+0x10/0x10 [ 813.303805][T15943] mem_cgroup_out_of_memory+0xc6/0x130 [ 813.303827][T15943] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 813.303846][T15943] ? find_held_lock+0x2b/0x80 [ 813.303868][T15943] ? do_raw_spin_unlock+0x145/0x1e0 [ 813.303885][T15943] ? _raw_spin_unlock+0x28/0x50 [ 813.303907][T15943] try_charge_memcg+0x652/0xc90 [ 813.303927][T15943] ? __pfx_try_charge_memcg+0x10/0x10 [ 813.303947][T15943] ? find_held_lock+0x2b/0x80 [ 813.303963][T15943] ? rcu_read_unlock+0x17/0x60 [ 813.303979][T15943] ? rcu_read_unlock+0x17/0x60 [ 813.303997][T15943] charge_memcg+0xa6/0x280 [ 813.304013][T15943] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 813.304035][T15943] __read_swap_cache_async+0x449/0x610 [ 813.304060][T15943] ? __pfx___read_swap_cache_async+0x10/0x10 [ 813.304089][T15943] swap_cluster_readahead+0x414/0x770 [ 813.304114][T15943] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 813.304135][T15943] ? __lock_acquire+0x4a5/0x2630 [ 813.304148][T15943] ? update_cfs_rq_load_avg+0x51/0x550 [ 813.304176][T15943] ? lock_acquire+0x17c/0x330 [ 813.304190][T15943] ? get_vma_policy+0x23f/0x3b0 [ 813.304209][T15943] swapin_readahead+0x14b/0x12e0 [ 813.304229][T15943] ? finish_task_switch.isra.0+0x205/0xb80 [ 813.304255][T15943] ? __pfx_swapin_readahead+0x10/0x10 [ 813.304276][T15943] ? find_held_lock+0x2b/0x80 [ 813.304293][T15943] ? swap_cache_get_folio+0x272/0x920 [ 813.304320][T15943] ? swap_cache_get_folio+0x272/0x920 [ 813.304344][T15943] ? swap_cache_get_folio+0x1f/0x920 [ 813.304363][T15943] ? swap_cache_get_folio+0x2a2/0x920 [ 813.304384][T15943] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 813.304403][T15943] ? __pfx_get_swap_device+0x10/0x10 [ 813.304423][T15943] ? do_swap_page+0x9ba/0x6810 [ 813.304441][T15943] do_swap_page+0x9ba/0x6810 [ 813.304464][T15943] ? __lock_acquire+0x4a5/0x2630 [ 813.304477][T15943] ? rcu_is_watching+0x12/0xc0 [ 813.304493][T15943] ? __free_object+0x2a8/0x400 [ 813.304518][T15943] ? lockdep_hardirqs_on+0x78/0x100 [ 813.304533][T15943] ? __pfx_do_swap_page+0x10/0x10 [ 813.304554][T15943] ? __pfx_default_wake_function+0x10/0x10 [ 813.304579][T15943] ? rcu_is_watching+0x12/0xc0 [ 813.304595][T15943] ? __pte_offset_map+0x179/0x310 [ 813.304614][T15943] __handle_mm_fault+0x18b9/0x2b50 [ 813.304638][T15943] ? reacquire_held_locks+0xce/0x1e0 [ 813.304652][T15943] ? __pfx___handle_mm_fault+0x10/0x10 [ 813.304676][T15943] ? lock_vma_under_rcu+0x17c/0x5a0 [ 813.304708][T15943] handle_mm_fault+0x36d/0xa20 [ 813.304732][T15943] do_user_addr_fault+0x5a3/0x12f0 [ 813.304757][T15943] exc_page_fault+0x6f/0xd0 [ 813.304771][T15943] asm_exc_page_fault+0x26/0x30 [ 813.304784][T15943] RIP: 0033:0x7f15cb76aed8 [ 813.304797][T15943] Code: fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 c5 [ 813.304811][T15943] RSP: 002b:00007ffc89c08b38 EFLAGS: 00010206 [ 813.304823][T15943] RAX: 0000200000000000 RBX: 0000000000000004 RCX: 00746f687370616e [ 813.304833][T15943] RDX: 000000000000000e RSI: 616e732f7665642f RDI: 0000200000000000 [ 813.304841][T15943] RBP: fffffffffffffffe R08: 0000001b2f820000 R09: 0000000000000001 [ 813.304850][T15943] R10: 7ffffffffffffff1 R11: 0000000000000009 R12: 00007ffc89c08c60 [ 813.304859][T15943] R13: 00007f15cba1609c R14: 00000000000c67ab R15: 00007ffc89c08c40 [ 813.304879][T15943] [ 813.304884][T15943] memory: usage 3072kB, limit 3072kB, failcnt 92895 [ 813.716608][T15943] memory+swap: usage 3140kB, limit 9007199254740988kB, failcnt 0 [ 813.725029][T15943] kmem: usage 3024kB, limit 9007199254740988kB, failcnt 0 [ 813.733715][T15943] Memory cgroup stats for /syz0: [ 813.733813][T15943] cache 0 [ 813.742359][T15943] rss 12288 [ 813.745532][T15943] rss_huge 0 [ 813.749220][T15943] shmem 0 [ 813.752157][T15943] mapped_file 0 [ 813.756759][T15943] dirty 0 [ 813.759688][T15943] writeback 0 [ 813.762953][T15943] workingset_refault_anon 21987 [ 813.768226][T15943] workingset_refault_file 25679 [ 813.773471][T15943] swap 61440 [ 813.777098][T15943] swapcached 45056 [ 813.780898][T15943] pgpgin 630457 [ 813.784342][T15943] pgpgout 652555 [ 813.788606][T15943] pgfault 430973 [ 813.792341][T15943] pgmajfault 8991 [ 813.795981][T15943] inactive_anon 57344 [ 813.800532][T15943] active_anon 0 [ 813.809024][T15943] inactive_file 0 [ 813.812681][T15943] active_file 0 [ 813.816191][T15943] unevictable 0 [ 813.820334][T15943] hierarchical_memory_limit 3145728 [ 813.825536][T15943] hierarchical_memsw_limit 9223372036854771712 [ 813.833420][T15943] total_cache 0 [ 813.836943][T15943] total_rss 12288 [ 813.840554][T15943] total_rss_huge 0 [ 813.845086][T15943] total_shmem 0 [ 813.848725][T15943] total_mapped_file 0 [ 813.852690][T15943] total_dirty 0 [ 813.856219][T15943] total_writeback 0 [ 813.860366][T15943] total_workingset_refault_anon 21987 [ 813.865719][T15943] total_workingset_refault_file 25679 [ 813.871437][T15943] total_swap 61440 [ 813.875563][T15943] total_swapcached 45056 [ 813.880151][T15943] total_pgpgin 630457 [ 813.884289][T15943] total_pgpgout 652555 [ 813.888961][T15943] total_pgfault 430973 [ 813.893017][T15943] total_pgmajfault 8991 [ 813.897532][T15943] total_inactive_anon 57344 [ 813.902018][T15943] total_active_anon 0 [ 813.905975][T15943] total_inactive_file 0 [ 813.910709][T15943] total_active_file 0 [ 813.914676][T15943] total_unevictable 0 [ 813.920845][T15943] anon_cost 38 [ 813.924211][T15943] file_cost 0 [ 813.928150][T15943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2633,pid=15945,uid=0 [ 813.947528][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.953802][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.962001][T15943] Memory cgroup out of memory: Killed process 15945 (syz.0.2633) total-vm:104268kB, anon-rss:1224kB, file-rss:21512kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 814.092071][T15944] random: crng reseeded on system resumption [ 814.578710][T15461] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 815.872333][T15989] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2643'. [ 816.733124][T16005] FAULT_INJECTION: forcing a failure. [ 816.733124][T16005] name fail_futex, interval 1, probability 0, space 0, times 0 [ 816.794281][T16005] CPU: 0 UID: 0 PID: 16005 Comm: syz.3.2648 Tainted: G U L syzkaller #0 PREEMPT(full) [ 816.794326][T16005] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 816.794337][T16005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 816.794353][T16005] Call Trace: [ 816.794361][T16005] [ 816.794373][T16005] dump_stack_lvl+0x100/0x190 [ 816.794422][T16005] should_fail_ex.cold+0x5/0xa [ 816.794458][T16005] get_futex_key+0x1d2/0x1620 [ 816.794499][T16005] ? __pfx_get_futex_key+0x10/0x10 [ 816.794527][T16005] futex_wake+0xea/0x530 [ 816.794544][T16005] ? kasan_quarantine_put+0x104/0x240 [ 816.794560][T16005] ? __pfx_futex_wake+0x10/0x10 [ 816.794578][T16005] ? fd_install+0x223/0x580 [ 816.794592][T16005] ? putname+0xb1/0x110 [ 816.794611][T16005] do_futex+0x32b/0x350 [ 816.794625][T16005] ? __pfx_do_futex+0x10/0x10 [ 816.794638][T16005] ? __pfx_do_sys_openat2+0x10/0x10 [ 816.794658][T16005] ? __sys_connect+0xe4/0x170 [ 816.794680][T16005] __x64_sys_futex+0x34f/0x4d0 [ 816.794697][T16005] ? __pfx___x64_sys_futex+0x10/0x10 [ 816.794710][T16005] ? xfd_validate_state+0x129/0x190 [ 816.794734][T16005] do_syscall_64+0x106/0xf80 [ 816.794748][T16005] ? clear_bhb_loop+0x40/0x90 [ 816.794765][T16005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.794780][T16005] RIP: 0033:0x7f53eb79bf79 [ 816.794793][T16005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 816.794807][T16005] RSP: 002b:00007f53ec7380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 816.794822][T16005] RAX: ffffffffffffffda RBX: 00007f53eba15fa8 RCX: 00007f53eb79bf79 [ 816.794832][T16005] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f53eba15fac [ 816.794841][T16005] RBP: 00007f53eba15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 816.794849][T16005] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 816.794858][T16005] R13: 00007f53eba16038 R14: 00007fff79a56540 R15: 00007fff79a56628 [ 816.794877][T16005] [ 817.070452][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 817.081398][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 817.081423][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 817.081429][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 817.081438][ T5820] Call Trace: [ 817.081444][ T5820] [ 817.081450][ T5820] dump_stack_lvl+0x100/0x190 [ 817.081474][ T5820] dump_header+0xfb/0x606 [ 817.081490][ T5820] oom_kill_process.cold+0xd/0x321 [ 817.081506][ T5820] out_of_memory+0x340/0x14f0 [ 817.081526][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 817.081546][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 817.081567][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 817.081586][ T5820] ? find_held_lock+0x2b/0x80 [ 817.081608][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 817.081625][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 817.081647][ T5820] try_charge_memcg+0x652/0xc90 [ 817.081668][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 817.081688][ T5820] ? find_held_lock+0x2b/0x80 [ 817.081705][ T5820] ? rcu_read_unlock+0x17/0x60 [ 817.081721][ T5820] ? rcu_read_unlock+0x17/0x60 [ 817.081739][ T5820] charge_memcg+0xa6/0x280 [ 817.081755][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 817.081777][ T5820] __read_swap_cache_async+0x449/0x610 [ 817.081801][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 817.081821][ T5820] ? mlock_drain_local+0x254/0x4e0 [ 817.081835][ T5820] ? mlock_drain_local+0x254/0x4e0 [ 817.081854][ T5820] swap_cluster_readahead+0x541/0x770 [ 817.081874][ T5820] ? arch_stack_walk+0xa6/0xf0 [ 817.081898][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 817.081920][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 817.081943][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 817.081961][ T5820] swapin_readahead+0x14b/0x12e0 [ 817.081988][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 817.082009][ T5820] ? find_held_lock+0x2b/0x80 [ 817.082027][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 817.082050][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 817.082068][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 817.082087][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 817.082108][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 817.082127][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 817.082168][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 817.082190][ T5820] ? do_swap_page+0x9ba/0x6810 [ 817.082209][ T5820] do_swap_page+0x9ba/0x6810 [ 817.082231][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 817.082250][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 817.082271][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 817.082292][ T5820] ? __free_object+0x2a8/0x400 [ 817.082311][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 817.082326][ T5820] ? rcu_is_watching+0x12/0xc0 [ 817.082343][ T5820] ? __pte_offset_map+0x179/0x310 [ 817.082361][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 817.082385][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 817.082400][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 817.082424][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 817.082455][ T5820] handle_mm_fault+0x36d/0xa20 [ 817.082480][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 817.082504][ T5820] exc_page_fault+0x6f/0xd0 [ 817.082518][ T5820] asm_exc_page_fault+0x26/0x30 [ 817.082531][ T5820] RIP: 0033:0x7f7412f5c84e [ 817.082545][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 817.082558][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 817.082569][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 817.082578][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 817.082587][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 817.082595][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 817.082604][ T5820] R13: 00000000000927c0 R14: 00000000000c7761 R15: 00007ffd90720ea0 [ 817.082623][ T5820] [ 817.082629][ T5820] memory: usage 3072kB, limit 3072kB, failcnt 94733 [ 818.366783][ T5820] memory+swap: usage 7312kB, limit 9007199254740988kB, failcnt 0 [ 818.374548][ T5820] kmem: usage 2984kB, limit 9007199254740988kB, failcnt 0 [ 818.444464][ T5820] Memory cgroup stats for /syz0: [ 818.444574][ T5820] cache 0 [ 818.486634][ T5820] rss 12288 [ 818.489759][ T5820] rss_huge 0 [ 818.508825][ T5820] shmem 0 [ 818.511798][ T5820] mapped_file 0 [ 818.545022][ T5820] dirty 0 [ 818.556526][ T5820] writeback 0 [ 818.565960][ T5820] workingset_refault_anon 22587 [ 818.584357][ T5820] workingset_refault_file 25679 [ 818.598929][ T5820] swap 4337664 [ 818.607906][ T5820] swapcached 77824 [ 818.611633][ T5820] pgpgin 632120 [ 818.615072][ T5820] pgpgout 654213 [ 818.666148][ T5820] pgfault 432715 [ 818.674113][ T5820] pgmajfault 9438 [ 818.683703][ T5820] inactive_anon 12288 [ 818.703105][ T5820] active_anon 65536 [ 818.720297][ T5820] inactive_file 0 [ 818.738618][ T5820] active_file 0 [ 818.757198][ T5820] unevictable 0 [ 818.760670][ T5820] hierarchical_memory_limit 3145728 [ 818.789156][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 818.795327][ T5820] total_cache 0 [ 818.832008][ T5820] total_rss 12288 [ 818.840670][ T5820] total_rss_huge 0 [ 818.858967][ T5820] total_shmem 0 [ 818.870370][ T5820] total_mapped_file 0 [ 818.884238][ T5820] total_dirty 0 [ 818.896743][ T5820] total_writeback 0 [ 818.909536][ T5820] total_workingset_refault_anon 22587 [ 818.935295][ T5820] total_workingset_refault_file 25679 [ 818.963462][ T5820] total_swap 4337664 [ 818.973190][ T5820] total_swapcached 77824 [ 818.986520][ T5820] total_pgpgin 632120 [ 818.990516][ T5820] total_pgpgout 654213 [ 819.015544][ T5820] total_pgfault 432715 [ 819.030696][ T5820] total_pgmajfault 9438 [ 819.053856][ T5820] total_inactive_anon 12288 [ 819.076880][ T5820] total_active_anon 65536 [ 819.081283][ T5820] total_inactive_file 0 [ 819.120108][ T5820] total_active_file 0 [ 819.139759][ T5820] total_unevictable 0 [ 819.159348][ T5820] anon_cost 51 [ 819.162768][ T5820] file_cost 0 [ 819.195718][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2635,pid=15951,uid=0 [ 819.229872][T16040] bridge0: port 2(gretap0) entered blocking state [ 819.251996][ T5820] Memory cgroup out of memory: Killed process 15951 (syz.0.2635) total-vm:108632kB, anon-rss:1352kB, file-rss:23096kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 819.272024][T16040] bridge0: port 2(gretap0) entered disabled state [ 819.292395][T16040] gretap0: entered allmulticast mode [ 819.308259][T16040] gretap0: entered promiscuous mode [ 819.324288][T16040] bridge0: port 2(gretap0) entered blocking state [ 819.330959][T16040] bridge0: port 2(gretap0) entered forwarding state [ 821.373325][T16069] syz.0.2671 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 821.416844][T16069] CPU: 0 UID: 0 PID: 16069 Comm: syz.0.2671 Tainted: G U L syzkaller #0 PREEMPT(full) [ 821.416871][T16069] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 821.416877][T16069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 821.416886][T16069] Call Trace: [ 821.416892][T16069] [ 821.416898][T16069] dump_stack_lvl+0x100/0x190 [ 821.416923][T16069] dump_header+0xfb/0x606 [ 821.416939][T16069] oom_kill_process.cold+0xd/0x321 [ 821.416956][T16069] out_of_memory+0x340/0x14f0 [ 821.416976][T16069] ? __pfx_out_of_memory+0x10/0x10 [ 821.416996][T16069] mem_cgroup_out_of_memory+0xc6/0x130 [ 821.417017][T16069] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 821.417037][T16069] ? find_held_lock+0x2b/0x80 [ 821.417058][T16069] ? do_raw_spin_unlock+0x145/0x1e0 [ 821.417076][T16069] ? _raw_spin_unlock+0x28/0x50 [ 821.417098][T16069] try_charge_memcg+0x652/0xc90 [ 821.417119][T16069] ? __pfx_try_charge_memcg+0x10/0x10 [ 821.417139][T16069] ? find_held_lock+0x2b/0x80 [ 821.417157][T16069] ? rcu_read_unlock+0x17/0x60 [ 821.417173][T16069] ? rcu_read_unlock+0x17/0x60 [ 821.417191][T16069] charge_memcg+0xa6/0x280 [ 821.417208][T16069] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 821.417229][T16069] __read_swap_cache_async+0x449/0x610 [ 821.417254][T16069] ? __pfx___read_swap_cache_async+0x10/0x10 [ 821.417274][T16069] ? mlock_drain_local+0x254/0x4e0 [ 821.417288][T16069] ? mlock_drain_local+0x254/0x4e0 [ 821.417308][T16069] swap_cluster_readahead+0x541/0x770 [ 821.417334][T16069] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 821.417356][T16069] ? __lock_acquire+0x4a5/0x2630 [ 821.417369][T16069] ? __lock_acquire+0x4a5/0x2630 [ 821.417384][T16069] ? rcu_is_watching+0x12/0xc0 [ 821.417407][T16069] ? get_vma_policy+0x23f/0x3b0 [ 821.417427][T16069] swapin_readahead+0x14b/0x12e0 [ 821.417454][T16069] ? __pfx_swapin_readahead+0x10/0x10 [ 821.417476][T16069] ? find_held_lock+0x2b/0x80 [ 821.417494][T16069] ? swap_cache_get_folio+0x272/0x920 [ 821.417516][T16069] ? swap_cache_get_folio+0x272/0x920 [ 821.417535][T16069] ? swap_cache_get_folio+0x1f/0x920 [ 821.417554][T16069] ? swap_cache_get_folio+0x2a2/0x920 [ 821.417575][T16069] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 821.417594][T16069] ? __pfx_get_swap_device+0x10/0x10 [ 821.417615][T16069] ? do_swap_page+0x9ba/0x6810 [ 821.417634][T16069] do_swap_page+0x9ba/0x6810 [ 821.417656][T16069] ? __lock_acquire+0x4a5/0x2630 [ 821.417675][T16069] ? __pfx_do_swap_page+0x10/0x10 [ 821.417697][T16069] ? __pfx_default_wake_function+0x10/0x10 [ 821.417720][T16069] ? do_anonymous_page+0x9e9/0x1f40 [ 821.417742][T16069] ? rcu_is_watching+0x12/0xc0 [ 821.417764][T16069] ? __pte_offset_map+0x179/0x310 [ 821.417783][T16069] __handle_mm_fault+0x18b9/0x2b50 [ 821.417808][T16069] ? reacquire_held_locks+0xce/0x1e0 [ 821.417822][T16069] ? __pfx___handle_mm_fault+0x10/0x10 [ 821.417850][T16069] ? lock_vma_under_rcu+0x17c/0x5a0 [ 821.417882][T16069] handle_mm_fault+0x36d/0xa20 [ 821.417906][T16069] do_user_addr_fault+0x5a3/0x12f0 [ 821.417932][T16069] exc_page_fault+0x6f/0xd0 [ 821.417946][T16069] asm_exc_page_fault+0x26/0x30 [ 821.417960][T16069] RIP: 0033:0x7f7412f4cb9b [ 821.417973][T16069] Code: 89 c2 48 89 44 24 78 48 89 c5 4c 29 f2 e8 7d 00 06 00 8b 43 20 85 c0 0f 84 a2 00 00 00 80 7d 00 00 49 89 ee 0f 84 95 00 00 00 <48> 8b 05 2e 0e e0 00 48 89 44 24 48 48 85 c0 0f 85 a9 00 00 00 48 [ 821.417987][T16069] RSP: 002b:00007f74111cca00 EFLAGS: 00010202 [ 821.417999][T16069] RAX: 0000000000000002 RBX: 00007f74111ccf30 RCX: 0000000000000000 [ 821.418009][T16069] RDX: 0000000000000017 RSI: 00007f741304e661 RDI: 00007f74111cd0e7 [ 821.418018][T16069] RBP: 00007f741304e678 R08: 00007f74111cd0f3 R09: 00007ffd90720aa7 [ 821.418028][T16069] R10: 0000000000000008 R11: 0000000000000206 R12: 00007f74111cd0d0 [ 821.418036][T16069] R13: 0000000000000000 R14: 00007f741304e678 R15: 00007f74111ccff0 [ 821.418056][T16069] [ 821.422450][T16069] memory: usage 3072kB, limit 3072kB, failcnt 96114 [ 822.521008][T15461] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 822.695598][T16069] memory+swap: usage 3156kB, limit 9007199254740988kB, failcnt 0 [ 822.727005][T16069] kmem: usage 3012kB, limit 9007199254740988kB, failcnt 0 [ 822.751505][T16069] Memory cgroup stats for /syz0: [ 822.751609][T16069] cache 0 [ 822.769776][T16069] rss 12288 [ 822.782043][T16069] rss_huge 0 [ 822.793294][T16069] shmem 0 [ 822.796278][T16069] mapped_file 0 [ 822.824395][T16069] dirty 0 [ 822.834548][T16069] writeback 0 [ 822.843480][T16069] workingset_refault_anon 22674 [ 822.869320][T16069] workingset_refault_file 25679 [ 822.885489][T16069] swap 90112 [ 822.895393][T16069] swapcached 32768 [ 822.912542][T16069] pgpgin 633286 [ 822.936371][T16069] pgpgout 655388 [ 822.950454][T16069] pgfault 434090 [ 822.964173][T16069] pgmajfault 9481 [ 822.987663][T16069] inactive_anon 0 [ 822.995778][T16069] active_anon 40960 [ 823.011160][T16069] inactive_file 0 [ 823.024648][T16069] active_file 0 [ 823.035828][T16069] unevictable 0 [ 823.047060][T16069] hierarchical_memory_limit 3145728 [ 823.069130][T16069] hierarchical_memsw_limit 9223372036854771712 [ 823.091675][T16069] total_cache 0 [ 823.095183][T16069] total_rss 12288 [ 823.114615][T16069] total_rss_huge 0 [ 823.137665][T16069] total_shmem 0 [ 823.153502][T16069] total_mapped_file 0 [ 823.168997][T16069] total_dirty 0 [ 823.183146][T16069] total_writeback 0 [ 823.195280][T16069] total_workingset_refault_anon 22674 [ 823.212166][T16069] total_workingset_refault_file 25679 [ 823.231551][T16069] total_swap 90112 [ 823.241941][T16069] total_swapcached 32768 [ 823.246224][T16069] total_pgpgin 633286 [ 823.261951][T16069] total_pgpgout 655388 [ 823.266043][T16069] total_pgfault 434090 [ 823.278225][T16069] total_pgmajfault 9481 [ 823.289125][T16069] total_inactive_anon 0 [ 823.303557][T16069] total_active_anon 40960 [ 823.313653][T16069] total_inactive_file 0 [ 823.323804][T16069] total_active_file 0 [ 823.328065][T16069] total_unevictable 0 [ 823.336492][T16069] anon_cost 39 [ 823.339874][T16069] file_cost 0 [ 823.353478][T16069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2671,pid=16063,uid=0 [ 823.399075][T16069] Memory cgroup out of memory: Killed process 16063 (syz.0.2671) total-vm:104400kB, anon-rss:1224kB, file-rss:21512kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 823.502270][T16093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2670'. [ 823.536891][T16093] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2670'. [ 824.316871][T16113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2677'. [ 824.419328][T16119] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2677'. [ 824.461702][T16120] FAULT_INJECTION: forcing a failure. [ 824.461702][T16120] name failslab, interval 1, probability 0, space 0, times 0 [ 824.687627][T16120] CPU: 0 UID: 0 PID: 16120 Comm: syz.3.2676 Tainted: G U L syzkaller #0 PREEMPT(full) [ 824.687656][T16120] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 824.687663][T16120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 824.687673][T16120] Call Trace: [ 824.687679][T16120] [ 824.687685][T16120] dump_stack_lvl+0x100/0x190 [ 824.687713][T16120] should_fail_ex.cold+0x5/0xa [ 824.687730][T16120] should_failslab+0xc2/0x120 [ 824.687749][T16120] ? tomoyo_realpath_from_path+0xb6/0x690 [ 824.687769][T16120] __kmalloc_noprof+0xf6/0x9c0 [ 824.687791][T16120] ? kfree+0x2a9/0x690 [ 824.687816][T16120] ? tomoyo_realpath_from_path+0xb6/0x690 [ 824.687835][T16120] tomoyo_realpath_from_path+0xb6/0x690 [ 824.687859][T16120] tomoyo_path_number_perm+0x23c/0x580 [ 824.687874][T16120] ? tomoyo_path_number_perm+0x22e/0x580 [ 824.687890][T16120] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 824.687905][T16120] ? futex_wait+0x125/0x380 [ 824.687940][T16120] ? find_held_lock+0x2b/0x80 [ 824.687959][T16120] ? __fget_files+0x215/0x3d0 [ 824.687972][T16120] ? hook_file_ioctl_common+0x146/0x410 [ 824.687992][T16120] ? __fget_files+0x21f/0x3d0 [ 824.688010][T16120] security_file_ioctl+0xd3/0x230 [ 824.688027][T16120] __x64_sys_ioctl+0xb7/0x210 [ 824.688051][T16120] do_syscall_64+0x106/0xf80 [ 824.688065][T16120] ? clear_bhb_loop+0x40/0x90 [ 824.688083][T16120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.688099][T16120] RIP: 0033:0x7f53eb79bf79 [ 824.688113][T16120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 824.688128][T16120] RSP: 002b:00007f53ec6f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 824.688143][T16120] RAX: ffffffffffffffda RBX: 00007f53eba16180 RCX: 00007f53eb79bf79 [ 824.688153][T16120] RDX: ffffffffffffffff RSI: 0000000000006f50 RDI: 0000000000000003 [ 824.688163][T16120] RBP: 00007f53eb8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 824.688172][T16120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.688181][T16120] R13: 00007f53eba16218 R14: 00007f53eba16180 R15: 00007fff79a56628 [ 824.688201][T16120] [ 824.688207][T16120] ERROR: Out of memory at tomoyo_realpath_from_path. [ 825.039802][T16105] syz.0.2675 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 825.186450][T16105] CPU: 0 UID: 0 PID: 16105 Comm: syz.0.2675 Tainted: G U L syzkaller #0 PREEMPT(full) [ 825.186478][T16105] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 825.186484][T16105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 825.186493][T16105] Call Trace: [ 825.186498][T16105] [ 825.186505][T16105] dump_stack_lvl+0x100/0x190 [ 825.186529][T16105] dump_header+0xfb/0x606 [ 825.186545][T16105] oom_kill_process.cold+0xd/0x321 [ 825.186562][T16105] out_of_memory+0x340/0x14f0 [ 825.186582][T16105] ? __pfx_out_of_memory+0x10/0x10 [ 825.186602][T16105] mem_cgroup_out_of_memory+0xc6/0x130 [ 825.186623][T16105] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 825.186643][T16105] ? find_held_lock+0x2b/0x80 [ 825.186665][T16105] ? do_raw_spin_unlock+0x145/0x1e0 [ 825.186683][T16105] ? _raw_spin_unlock+0x28/0x50 [ 825.186705][T16105] try_charge_memcg+0x652/0xc90 [ 825.186726][T16105] ? __pfx_try_charge_memcg+0x10/0x10 [ 825.186746][T16105] ? find_held_lock+0x2b/0x80 [ 825.186764][T16105] ? rcu_read_unlock+0x17/0x60 [ 825.186779][T16105] ? rcu_read_unlock+0x17/0x60 [ 825.186798][T16105] charge_memcg+0xa6/0x280 [ 825.186815][T16105] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 825.186836][T16105] __read_swap_cache_async+0x449/0x610 [ 825.186861][T16105] ? __pfx___read_swap_cache_async+0x10/0x10 [ 825.186882][T16105] ? __lock_acquire+0x4a5/0x2630 [ 825.186897][T16105] ? __xa_erase+0xec/0x150 [ 825.186912][T16105] ? __pfx___xa_erase+0x10/0x10 [ 825.186929][T16105] swap_cluster_readahead+0x414/0x770 [ 825.186955][T16105] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 825.186977][T16105] ? __lock_acquire+0x4a5/0x2630 [ 825.186991][T16105] ? _raw_spin_unlock+0x28/0x50 [ 825.187010][T16105] ? move_cluster+0x1f7/0x570 [ 825.187030][T16105] ? get_vma_policy+0x23f/0x3b0 [ 825.187049][T16105] swapin_readahead+0x14b/0x12e0 [ 825.187077][T16105] ? __pfx_swapin_readahead+0x10/0x10 [ 825.187098][T16105] ? find_held_lock+0x2b/0x80 [ 825.187116][T16105] ? swap_cache_get_folio+0x272/0x920 [ 825.187139][T16105] ? swap_cache_get_folio+0x272/0x920 [ 825.187158][T16105] ? swap_cache_get_folio+0x1f/0x920 [ 825.187177][T16105] ? swap_cache_get_folio+0x2a2/0x920 [ 825.187198][T16105] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 825.187217][T16105] ? __pfx_get_swap_device+0x10/0x10 [ 825.187238][T16105] ? do_swap_page+0x9ba/0x6810 [ 825.187257][T16105] do_swap_page+0x9ba/0x6810 [ 825.187279][T16105] ? __lock_acquire+0x4a5/0x2630 [ 825.187298][T16105] ? __pfx_do_swap_page+0x10/0x10 [ 825.187320][T16105] ? __pfx_default_wake_function+0x10/0x10 [ 825.187351][T16105] ? rcu_is_watching+0x12/0xc0 [ 825.187368][T16105] ? __pte_offset_map+0x179/0x310 [ 825.187387][T16105] __handle_mm_fault+0x18b9/0x2b50 [ 825.187412][T16105] ? reacquire_held_locks+0xce/0x1e0 [ 825.187426][T16105] ? __pfx___handle_mm_fault+0x10/0x10 [ 825.187450][T16105] ? lock_vma_under_rcu+0x17c/0x5a0 [ 825.187481][T16105] handle_mm_fault+0x36d/0xa20 [ 825.187506][T16105] do_user_addr_fault+0x5a3/0x12f0 [ 825.187531][T16105] exc_page_fault+0x6f/0xd0 [ 825.187545][T16105] asm_exc_page_fault+0x26/0x30 [ 825.187559][T16105] RIP: 0033:0x7f7412f9bf92 [ 825.187572][T16105] Code: d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 [ 825.187586][T16105] RSP: 002b:00007ffd90720c08 EFLAGS: 00010286 [ 825.187598][T16105] RAX: ffffffffffffffff RBX: 00000000000c963e RCX: ffffffffffffffe8 [ 825.187607][T16105] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f741321618c [ 825.187616][T16105] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 825.187625][T16105] R10: 00007ffd90720d10 R11: 0000000000000246 R12: 00007ffd90720d30 [ 825.187634][T16105] R13: 00007f741321618c R14: 00000000000c9670 R15: 00007ffd90720d10 [ 825.187653][T16105] [ 825.187659][T16105] memory: usage 3072kB, limit 3072kB, failcnt 96391 [ 826.433021][T16105] memory+swap: usage 3196kB, limit 9007199254740988kB, failcnt 0 [ 826.474481][T16105] kmem: usage 2868kB, limit 9007199254740988kB, failcnt 0 [ 826.548827][T16105] Memory cgroup stats for /syz0: [ 826.548938][T16105] cache 8192 [ 826.606496][T16105] rss 12288 [ 826.617980][T16105] rss_huge 0 [ 826.644638][T16105] shmem 8192 [ 826.658472][T16105] mapped_file 8192 [ 826.679584][T16105] dirty 0 [ 826.682541][T16105] writeback 0 [ 826.706884][T16105] workingset_refault_anon 22789 [ 826.711750][T16105] workingset_refault_file 25679 [ 826.776973][T16105] swap 135168 [ 826.801862][T16105] swapcached 81920 [ 826.805600][T16105] pgpgin 633440 [ 826.844481][T16105] pgpgout 655531 [ 826.864686][T16105] pgfault 434821 [ 826.878748][T16105] pgmajfault 9561 [ 826.882419][T16105] inactive_anon 20480 [ 826.886384][T16105] active_anon 69632 [ 826.942809][T16105] inactive_file 0 [ 826.950376][T16105] active_file 0 [ 826.978092][T16105] unevictable 0 [ 826.982067][T16105] hierarchical_memory_limit 3145728 [ 827.006518][T16105] hierarchical_memsw_limit 9223372036854771712 [ 827.012689][T16105] total_cache 8192 [ 827.027459][T16105] total_rss 12288 [ 827.047182][T16105] total_rss_huge 0 [ 827.061295][T16105] total_shmem 8192 [ 827.078221][T16105] total_mapped_file 8192 [ 827.096609][T16105] total_dirty 0 [ 827.100515][T16105] total_writeback 0 [ 827.116513][T16105] total_workingset_refault_anon 22789 [ 827.126733][T16105] total_workingset_refault_file 25679 [ 827.146713][T16105] total_swap 135168 [ 827.156637][T16105] total_swapcached 81920 [ 827.176656][T16105] total_pgpgin 633440 [ 827.186334][T16105] total_pgpgout 655531 [ 827.196525][T16105] total_pgfault 434821 [ 827.216572][T16105] total_pgmajfault 9561 [ 827.226704][T16105] total_inactive_anon 20480 [ 827.243659][T16105] total_active_anon 69632 [ 827.266545][T16105] total_inactive_file 0 [ 827.270774][T16105] total_active_file 0 [ 827.288541][T16105] total_unevictable 0 [ 827.299088][T16105] anon_cost 72 [ 827.306695][T16105] file_cost 0 [ 827.326718][T16105] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2675,pid=16105,uid=0 [ 827.366906][T16105] Memory cgroup out of memory: Killed process 16105 (syz.0.2675) total-vm:137432kB, anon-rss:1352kB, file-rss:22672kB, shmem-rss:0kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 827.841768][T16138] syz.0.2682 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 827.914786][T16138] CPU: 0 UID: 0 PID: 16138 Comm: syz.0.2682 Tainted: G U L syzkaller #0 PREEMPT(full) [ 827.914814][T16138] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 827.914819][T16138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 827.914829][T16138] Call Trace: [ 827.914835][T16138] [ 827.914841][T16138] dump_stack_lvl+0x100/0x190 [ 827.914866][T16138] dump_header+0xfb/0x606 [ 827.914883][T16138] oom_kill_process.cold+0xd/0x321 [ 827.914900][T16138] out_of_memory+0x340/0x14f0 [ 827.914919][T16138] ? __pfx_out_of_memory+0x10/0x10 [ 827.914940][T16138] mem_cgroup_out_of_memory+0xc6/0x130 [ 827.914961][T16138] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 827.914980][T16138] ? find_held_lock+0x2b/0x80 [ 827.915003][T16138] ? do_raw_spin_unlock+0x145/0x1e0 [ 827.915020][T16138] ? _raw_spin_unlock+0x28/0x50 [ 827.915042][T16138] try_charge_memcg+0x652/0xc90 [ 827.915062][T16138] ? __pfx_try_charge_memcg+0x10/0x10 [ 827.915083][T16138] ? find_held_lock+0x2b/0x80 [ 827.915100][T16138] ? rcu_read_unlock+0x17/0x60 [ 827.915116][T16138] ? rcu_read_unlock+0x17/0x60 [ 827.915135][T16138] charge_memcg+0xa6/0x280 [ 827.915151][T16138] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 827.915173][T16138] __read_swap_cache_async+0x449/0x610 [ 827.915198][T16138] ? __pfx___read_swap_cache_async+0x10/0x10 [ 827.915218][T16138] ? __lock_acquire+0x4a5/0x2630 [ 827.915233][T16138] ? __xa_erase+0xec/0x150 [ 827.915247][T16138] ? __pfx___xa_erase+0x10/0x10 [ 827.915264][T16138] swap_cluster_readahead+0x414/0x770 [ 827.915290][T16138] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 827.915312][T16138] ? __lock_acquire+0x4a5/0x2630 [ 827.915326][T16138] ? _raw_spin_unlock+0x28/0x50 [ 827.915351][T16138] ? move_cluster+0x1f7/0x570 [ 827.915371][T16138] ? get_vma_policy+0x23f/0x3b0 [ 827.915391][T16138] swapin_readahead+0x14b/0x12e0 [ 827.915418][T16138] ? __pfx_swapin_readahead+0x10/0x10 [ 827.915444][T16138] ? find_held_lock+0x2b/0x80 [ 827.915462][T16138] ? swap_cache_get_folio+0x272/0x920 [ 827.915485][T16138] ? swap_cache_get_folio+0x272/0x920 [ 827.915504][T16138] ? swap_cache_get_folio+0x1f/0x920 [ 827.915523][T16138] ? swap_cache_get_folio+0x2a2/0x920 [ 827.915545][T16138] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 827.915564][T16138] ? __pfx_get_swap_device+0x10/0x10 [ 827.915584][T16138] ? do_swap_page+0x9ba/0x6810 [ 827.915604][T16138] do_swap_page+0x9ba/0x6810 [ 827.915626][T16138] ? __lock_acquire+0x4a5/0x2630 [ 827.915645][T16138] ? __pfx_do_swap_page+0x10/0x10 [ 827.915667][T16138] ? __pfx_default_wake_function+0x10/0x10 [ 827.915690][T16138] ? do_anonymous_page+0x9e9/0x1f40 [ 827.915712][T16138] ? rcu_is_watching+0x12/0xc0 [ 827.915729][T16138] ? __pte_offset_map+0x179/0x310 [ 827.915748][T16138] __handle_mm_fault+0x18b9/0x2b50 [ 827.915773][T16138] ? reacquire_held_locks+0xce/0x1e0 [ 827.915788][T16138] ? __pfx___handle_mm_fault+0x10/0x10 [ 827.915812][T16138] ? lock_vma_under_rcu+0x17c/0x5a0 [ 827.915843][T16138] handle_mm_fault+0x36d/0xa20 [ 827.915868][T16138] do_user_addr_fault+0x5a3/0x12f0 [ 827.915894][T16138] exc_page_fault+0x6f/0xd0 [ 827.915908][T16138] asm_exc_page_fault+0x26/0x30 [ 827.915921][T16138] RIP: 0033:0x7f7412e59b1f [ 827.915934][T16138] Code: ff ff ff 48 c7 c3 ff ff ff ff eb bf 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 56 41 55 41 54 55 48 89 fd 53 48 83 ec 50 47 04 01 89 37 c6 47 20 00 84 d2 74 1c 8b 87 98 00 00 00 85 c0 [ 827.915948][T16138] RSP: 002b:00007ffd90720b90 EFLAGS: 00010206 [ 827.915961][T16138] RAX: 0000000000000000 RBX: 00007f7413216090 RCX: 0000000000000000 [ 827.915970][T16138] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00007f7413216090 [ 827.915979][T16138] RBP: 00007f7413216090 R08: 00007f7413215fa0 R09: 0000000000000000 [ 827.915988][T16138] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 827.915996][T16138] R13: 0000000000000004 R14: 0000000000000000 R15: 00007f7413215fa0 [ 827.916015][T16138] [ 827.916022][T16138] memory: usage 3072kB, limit 3072kB, failcnt 96506 [ 828.845283][T16138] memory+swap: usage 3160kB, limit 9007199254740988kB, failcnt 0 [ 828.854612][T16138] kmem: usage 3036kB, limit 9007199254740988kB, failcnt 0 [ 828.862210][T16138] Memory cgroup stats for /syz0: [ 828.862309][T16138] cache 0 [ 828.872709][T16138] rss 0 [ 828.875483][T16138] rss_huge 0 [ 828.878999][T16138] shmem 0 [ 828.883252][T16138] mapped_file 0 [ 828.887125][T16138] dirty 0 [ 828.890102][T16138] writeback 0 [ 828.893491][T16138] workingset_refault_anon 22826 [ 828.899020][T16138] workingset_refault_file 25679 [ 828.903951][T16138] swap 90112 [ 828.907523][T16138] swapcached 32768 [ 828.911236][T16138] pgpgin 633492 [ 828.914765][T16138] pgpgout 655596 [ 828.918823][T16138] pgfault 434905 [ 828.922369][T16138] pgmajfault 9589 [ 828.926285][T16138] inactive_anon 0 [ 828.930713][T16138] active_anon 32768 [ 828.934513][T16138] inactive_file 0 [ 828.938402][T16138] active_file 0 [ 828.942258][T16138] unevictable 0 [ 828.945790][T16138] hierarchical_memory_limit 3145728 [ 828.951888][T16138] hierarchical_memsw_limit 9223372036854771712 [ 828.958341][T16138] total_cache 0 [ 828.961946][T16138] total_rss 0 [ 828.965303][T16138] total_rss_huge 0 [ 828.969514][T16138] total_shmem 0 [ 828.973025][T16138] total_mapped_file 0 [ 828.979442][T16138] total_dirty 0 [ 828.982894][T16138] total_writeback 0 [ 828.988240][T16138] total_workingset_refault_anon 22826 [ 828.993697][T16138] total_workingset_refault_file 25679 [ 828.999429][T16138] total_swap 90112 [ 829.003229][T16138] total_swapcached 32768 [ 829.007769][T16138] total_pgpgin 633492 [ 829.011803][T16138] total_pgpgout 655596 [ 829.015939][T16138] total_pgfault 434905 [ 829.020401][T16138] total_pgmajfault 9589 [ 829.024594][T16138] total_inactive_anon 0 [ 829.029355][T16138] total_active_anon 32768 [ 829.033673][T16138] total_inactive_file 0 [ 829.038099][T16138] total_active_file 0 [ 829.042062][T16138] total_unevictable 0 [ 829.046628][T16138] anon_cost 22 [ 829.050048][T16138] file_cost 0 [ 829.053315][T16138] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2682,pid=16138,uid=0 [ 829.069010][T16138] Memory cgroup out of memory: Killed process 16138 (syz.0.2682) total-vm:104268kB, anon-rss:1224kB, file-rss:21512kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 829.559276][T16162] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 830.466584][T16168] random: crng reseeded on system resumption [ 831.210544][T16184] futex_wake_op: syz.3.2693 tries to shift op by -2048; fix this program [ 831.240859][T16184] futex_wake_op: syz.3.2693 tries to shift op by -2048; fix this program [ 831.279144][T16184] 0x000000000001-0x000000020000 : "" [ 831.328698][T16184] ftl_cs: FTL header corrupt! [ 834.536326][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 834.636612][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 834.636641][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 834.636647][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 834.636657][ T5820] Call Trace: [ 834.636663][ T5820] [ 834.636669][ T5820] dump_stack_lvl+0x100/0x190 [ 834.636693][ T5820] dump_header+0xfb/0x606 [ 834.636709][ T5820] oom_kill_process.cold+0xd/0x321 [ 834.636731][ T5820] out_of_memory+0x340/0x14f0 [ 834.636751][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 834.636772][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 834.636793][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 834.636812][ T5820] ? find_held_lock+0x2b/0x80 [ 834.636835][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 834.636852][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 834.636874][ T5820] try_charge_memcg+0x652/0xc90 [ 834.636894][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 834.636915][ T5820] ? find_held_lock+0x2b/0x80 [ 834.636932][ T5820] ? rcu_read_unlock+0x17/0x60 [ 834.636948][ T5820] ? rcu_read_unlock+0x17/0x60 [ 834.636966][ T5820] charge_memcg+0xa6/0x280 [ 834.636983][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 834.637005][ T5820] __read_swap_cache_async+0x449/0x610 [ 834.637029][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 834.637050][ T5820] ? do_wait+0x1ec/0x540 [ 834.637065][ T5820] ? __do_sys_wait4+0x161/0x170 [ 834.637080][ T5820] ? do_syscall_64+0x80/0xf80 [ 834.637092][ T5820] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.637113][ T5820] swap_cluster_readahead+0x414/0x770 [ 834.637138][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 834.637160][ T5820] ? rcu_is_watching+0x12/0xc0 [ 834.637188][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 834.637208][ T5820] swapin_readahead+0x14b/0x12e0 [ 834.637235][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 834.637256][ T5820] ? find_held_lock+0x2b/0x80 [ 834.637274][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 834.637297][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 834.637316][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 834.637335][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 834.637357][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 834.637376][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 834.637392][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 834.637416][ T5820] ? do_swap_page+0x9ba/0x6810 [ 834.637436][ T5820] do_swap_page+0x9ba/0x6810 [ 834.637458][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 834.637477][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 834.637500][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 834.637521][ T5820] ? __free_object+0x2a8/0x400 [ 834.637540][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 834.637556][ T5820] ? rcu_is_watching+0x12/0xc0 [ 834.637572][ T5820] ? __pte_offset_map+0x179/0x310 [ 834.637592][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 834.637616][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 834.637631][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 834.637657][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 834.637689][ T5820] handle_mm_fault+0x36d/0xa20 [ 834.637714][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 834.637744][ T5820] exc_page_fault+0x6f/0xd0 [ 834.637758][ T5820] asm_exc_page_fault+0x26/0x30 [ 834.637771][ T5820] RIP: 0033:0x7f7412f5c84e [ 834.637784][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 834.637798][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 834.637810][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 834.637820][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 834.637829][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 834.637838][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 834.637846][ T5820] R13: 00000000000927c0 R14: 00000000000cba23 R15: 00007ffd90720ea0 [ 834.637866][ T5820] [ 834.637872][ T5820] memory: usage 3072kB, limit 3072kB, failcnt 101372 [ 835.621821][ T5820] memory+swap: usage 3248kB, limit 9007199254740988kB, failcnt 0 [ 835.649393][ T5820] kmem: usage 3040kB, limit 9007199254740988kB, failcnt 0 [ 835.678803][ T5820] Memory cgroup stats for /syz0: [ 835.678907][ T5820] cache 0 [ 835.719340][ T5820] rss 0 [ 835.722136][ T5820] rss_huge 0 [ 835.725406][ T5820] shmem 0 [ 835.752119][ T5820] mapped_file 0 [ 835.765268][ T5820] dirty 0 [ 835.783508][ T5820] writeback 0 [ 835.800125][ T5820] workingset_refault_anon 25392 [ 835.822684][ T5820] workingset_refault_file 25679 [ 835.844991][ T5820] swap 180224 [ 835.856573][ T5820] swapcached 32768 [ 835.869630][ T5820] pgpgin 637896 [ 835.885531][ T5820] pgpgout 660000 [ 835.903501][ T5820] pgfault 438833 [ 835.919482][ T5820] pgmajfault 10773 [ 835.923225][ T5820] inactive_anon 32768 [ 835.975896][ T5820] active_anon 0 [ 835.984583][ T5820] inactive_file 0 [ 835.996734][ T5820] active_file 0 [ 836.009035][ T5820] unevictable 0 [ 836.019143][ T5820] hierarchical_memory_limit 3145728 [ 836.036458][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 836.059590][ T5820] total_cache 0 [ 836.072026][ T5820] total_rss 0 [ 836.082088][ T5820] total_rss_huge 0 [ 836.094799][ T5820] total_shmem 0 [ 836.108121][ T5820] total_mapped_file 0 [ 836.121239][ T5820] total_dirty 0 [ 836.134213][ T5820] total_writeback 0 [ 836.146485][ T5820] total_workingset_refault_anon 25392 [ 836.167935][ T5820] total_workingset_refault_file 25679 [ 836.185511][ T5820] total_swap 180224 [ 836.198256][ T5820] total_swapcached 32768 [ 836.235610][ T5820] total_pgpgin 637896 [ 836.256509][ T5820] total_pgpgout 660000 [ 836.273411][ T5820] total_pgfault 438833 [ 836.285703][ T5820] total_pgmajfault 10773 [ 836.308643][ T5820] total_inactive_anon 32768 [ 836.326485][ T5820] total_active_anon 0 [ 836.343556][ T5820] total_inactive_file 0 [ 836.371687][ T5820] total_active_file 0 [ 836.375698][ T5820] total_unevictable 0 [ 836.428203][ T5820] anon_cost 24 [ 836.431642][ T5820] file_cost 0 [ 836.459432][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2705,pid=16235,uid=0 [ 836.513378][ T5820] Memory cgroup out of memory: Killed process 16235 (syz.0.2705) total-vm:104532kB, anon-rss:1352kB, file-rss:22992kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 837.494178][T16274] hub 1-0:1.0: USB hub found [ 837.570250][T16274] hub 1-0:1.0: 1 port detected [ 840.873838][T16336] netlink: 'syz.1.2726': attribute type 1 has an invalid length. [ 843.271842][T16356] hub 1-0:1.0: USB hub found [ 843.644865][T16356] hub 1-0:1.0: 1 port detected [ 844.751077][T16385] FAULT_INJECTION: forcing a failure. [ 844.751077][T16385] name failslab, interval 1, probability 0, space 0, times 0 [ 844.878818][T16385] CPU: 0 UID: 0 PID: 16385 Comm: syz.3.2739 Tainted: G U L syzkaller #0 PREEMPT(full) [ 844.878848][T16385] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 844.878854][T16385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 844.878865][T16385] Call Trace: [ 844.878870][T16385] [ 844.878877][T16385] dump_stack_lvl+0x100/0x190 [ 844.878905][T16385] should_fail_ex.cold+0x5/0xa [ 844.878923][T16385] should_failslab+0xc2/0x120 [ 844.878942][T16385] kmem_cache_alloc_noprof+0x83/0x780 [ 844.878959][T16385] ? __proc_create+0xc2/0x8c0 [ 844.878980][T16385] ? __proc_create+0x2cb/0x8c0 [ 844.879004][T16385] ? __proc_create+0x2cb/0x8c0 [ 844.879024][T16385] __proc_create+0x2cb/0x8c0 [ 844.879046][T16385] ? __pfx___proc_create+0x10/0x10 [ 844.879071][T16385] ? _raw_write_unlock+0x28/0x50 [ 844.879094][T16385] ? proc_register+0x559/0x8a0 [ 844.879117][T16385] proc_create_reg+0x75/0x170 [ 844.879140][T16385] ? __pfx_can_rcvlist_proc_show+0x10/0x10 [ 844.879160][T16385] proc_create_net_single+0x86/0x180 [ 844.879183][T16385] ? __pfx_proc_create_net_single+0x10/0x10 [ 844.879207][T16385] ? round_jiffies+0x10a/0x160 [ 844.879232][T16385] can_init_proc+0x1e1/0x4b0 [ 844.879251][T16385] can_pernet_init+0x1e4/0x370 [ 844.879269][T16385] ? __pfx_can_pernet_init+0x10/0x10 [ 844.879285][T16385] ops_init+0x1e2/0x5f0 [ 844.879307][T16385] setup_net+0x118/0x3a0 [ 844.879327][T16385] ? __pfx_setup_net+0x10/0x10 [ 844.879345][T16385] ? lockdep_init_map_type+0x5c/0x250 [ 844.879363][T16385] ? mutex_init_lockep+0x110/0x150 [ 844.879382][T16385] copy_net_ns+0x46f/0x7c0 [ 844.879405][T16385] create_new_namespaces+0x3ea/0xac0 [ 844.879431][T16385] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 844.879467][T16385] ksys_unshare+0x455/0xab0 [ 844.879486][T16385] ? __pfx_ksys_unshare+0x10/0x10 [ 844.879502][T16385] ? xfd_validate_state+0x129/0x190 [ 844.879527][T16385] __x64_sys_unshare+0x31/0x40 [ 844.879542][T16385] do_syscall_64+0x106/0xf80 [ 844.879556][T16385] ? clear_bhb_loop+0x40/0x90 [ 844.879574][T16385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.879589][T16385] RIP: 0033:0x7f53eb79bf79 [ 844.879603][T16385] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 844.879618][T16385] RSP: 002b:00007f53ec717028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 844.879633][T16385] RAX: ffffffffffffffda RBX: 00007f53eba16090 RCX: 00007f53eb79bf79 [ 844.879644][T16385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 844.879653][T16385] RBP: 00007f53eb8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 844.879661][T16385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.879671][T16385] R13: 00007f53eba16128 R14: 00007f53eba16090 R15: 00007fff79a56628 [ 844.879691][T16385] [ 847.815759][T16409] syz.0.2743 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 847.850325][T16409] CPU: 0 UID: 0 PID: 16409 Comm: syz.0.2743 Tainted: G U L syzkaller #0 PREEMPT(full) [ 847.850353][T16409] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 847.850359][T16409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 847.850368][T16409] Call Trace: [ 847.850373][T16409] [ 847.850383][T16409] dump_stack_lvl+0x100/0x190 [ 847.850414][T16409] dump_header+0xfb/0x606 [ 847.850430][T16409] oom_kill_process.cold+0xd/0x321 [ 847.850448][T16409] out_of_memory+0x340/0x14f0 [ 847.850468][T16409] ? __pfx_out_of_memory+0x10/0x10 [ 847.850488][T16409] mem_cgroup_out_of_memory+0xc6/0x130 [ 847.850509][T16409] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 847.850528][T16409] ? find_held_lock+0x2b/0x80 [ 847.850550][T16409] ? do_raw_spin_unlock+0x145/0x1e0 [ 847.850568][T16409] ? _raw_spin_unlock+0x28/0x50 [ 847.850590][T16409] try_charge_memcg+0x652/0xc90 [ 847.850611][T16409] ? __pfx_try_charge_memcg+0x10/0x10 [ 847.850632][T16409] ? find_held_lock+0x2b/0x80 [ 847.850650][T16409] ? rcu_read_unlock+0x17/0x60 [ 847.850666][T16409] ? rcu_read_unlock+0x17/0x60 [ 847.850685][T16409] charge_memcg+0xa6/0x280 [ 847.850702][T16409] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 847.850723][T16409] __read_swap_cache_async+0x449/0x610 [ 847.850748][T16409] ? __pfx___read_swap_cache_async+0x10/0x10 [ 847.850769][T16409] ? mlock_drain_local+0x254/0x4e0 [ 847.850783][T16409] ? mlock_drain_local+0x254/0x4e0 [ 847.850802][T16409] swap_cluster_readahead+0x414/0x770 [ 847.850829][T16409] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 847.850851][T16409] ? __lock_acquire+0x4a5/0x2630 [ 847.850865][T16409] ? __lock_acquire+0x4a5/0x2630 [ 847.850887][T16409] ? get_vma_policy+0x23f/0x3b0 [ 847.850906][T16409] swapin_readahead+0x14b/0x12e0 [ 847.850934][T16409] ? __pfx_swapin_readahead+0x10/0x10 [ 847.850955][T16409] ? find_held_lock+0x2b/0x80 [ 847.850973][T16409] ? swap_cache_get_folio+0x272/0x920 [ 847.850996][T16409] ? swap_cache_get_folio+0x272/0x920 [ 847.851015][T16409] ? swap_cache_get_folio+0x1f/0x920 [ 847.851034][T16409] ? swap_cache_get_folio+0x2a2/0x920 [ 847.851056][T16409] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 847.851075][T16409] ? __pfx_get_swap_device+0x10/0x10 [ 847.851095][T16409] ? do_swap_page+0x9ba/0x6810 [ 847.851116][T16409] do_swap_page+0x9ba/0x6810 [ 847.851139][T16409] ? __lock_acquire+0x4a5/0x2630 [ 847.851158][T16409] ? __pfx_do_swap_page+0x10/0x10 [ 847.851180][T16409] ? __pfx_default_wake_function+0x10/0x10 [ 847.851205][T16409] ? rcu_is_watching+0x12/0xc0 [ 847.851222][T16409] ? __pte_offset_map+0x179/0x310 [ 847.851241][T16409] __handle_mm_fault+0x18b9/0x2b50 [ 847.851266][T16409] ? reacquire_held_locks+0xce/0x1e0 [ 847.851281][T16409] ? __pfx___handle_mm_fault+0x10/0x10 [ 847.851304][T16409] ? lock_vma_under_rcu+0x17c/0x5a0 [ 847.851336][T16409] handle_mm_fault+0x36d/0xa20 [ 847.851361][T16409] do_user_addr_fault+0x5a3/0x12f0 [ 847.851386][T16409] exc_page_fault+0x6f/0xd0 [ 847.851405][T16409] asm_exc_page_fault+0x26/0x30 [ 847.851419][T16409] RIP: 0033:0x7f7412e5077c [ 847.851432][T16409] Code: 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 41 38 3c 10 74 0b 41 88 3c 10 31 c0 <49> 89 34 d1 c3 b8 01 00 00 00 c3 66 0f 1f 84 00 00 00 00 00 48 83 [ 847.851446][T16409] RSP: 002b:00007ffd90720ae8 EFLAGS: 00010246 [ 847.851459][T16409] RAX: 0000000000000000 RBX: ffffffff84a683c1 RCX: ffffffff84a683c1 [ 847.851468][T16409] RDX: 00000000000003c1 RSI: ffffffff84a683c1 RDI: 0000000000000007 [ 847.851477][T16409] RBP: 0000000000000009 R08: 00007f7413200000 R09: 00007f7413202000 [ 847.851486][T16409] R10: 0000000084a683c5 R11: 0000000000000007 R12: 00007f7413216218 [ 847.851495][T16409] R13: 0000000000000009 R14: ffffffff84a686ba R15: 00007f7413d45720 [ 847.851505][T16409] ? apparmor_mmap_file+0x1a/0x120 [ 847.851522][T16409] ? apparmor_file_mprotect+0x81/0x170 [ 847.851538][T16409] ? apparmor_file_mprotect+0x81/0x170 [ 847.851552][T16409] ? apparmor_file_mprotect+0x81/0x170 [ 847.851570][T16409] [ 848.438734][T16409] memory: usage 3072kB, limit 3072kB, failcnt 105141 [ 848.446343][T16409] memory+swap: usage 3172kB, limit 9007199254740988kB, failcnt 0 [ 848.454174][T16409] kmem: usage 2896kB, limit 9007199254740988kB, failcnt 0 [ 848.461352][T16409] Memory cgroup stats for /syz0: [ 848.461449][T16409] cache 8192 [ 848.469601][T16409] rss 53248 [ 848.472692][T16409] rss_huge 0 [ 848.475863][T16409] shmem 8192 [ 848.479070][T16409] mapped_file 8192 [ 848.482814][T16409] dirty 0 [ 848.485986][T16409] writeback 0 [ 848.489302][T16409] workingset_refault_anon 26488 [ 848.494185][T16409] workingset_refault_file 25679 [ 848.499123][T16409] swap 110592 [ 848.502658][T16409] swapcached 139264 [ 848.506555][T16409] pgpgin 641212 [ 848.510037][T16409] pgpgout 663291 [ 848.513664][T16409] pgfault 442534 [ 848.517264][T16409] pgmajfault 11566 [ 848.520965][T16409] inactive_anon 69632 [ 848.524921][T16409] active_anon 0 [ 848.528426][T16409] inactive_file 0 [ 848.532036][T16409] active_file 0 [ 848.535467][T16409] unevictable 0 [ 848.539058][T16409] hierarchical_memory_limit 3145728 [ 848.545362][T16409] hierarchical_memsw_limit 9223372036854771712 [ 848.551594][T16409] total_cache 8192 [ 848.555297][T16409] total_rss 53248 [ 848.558960][T16409] total_rss_huge 0 [ 848.562706][T16409] total_shmem 8192 [ 848.566525][T16409] total_mapped_file 8192 [ 848.570742][T16409] total_dirty 0 [ 848.574224][T16409] total_writeback 0 [ 848.578061][T16409] total_workingset_refault_anon 26488 [ 848.583408][T16409] total_workingset_refault_file 25679 [ 848.588968][T16409] total_swap 110592 [ 848.592847][T16409] total_swapcached 139264 [ 848.597330][T16409] total_pgpgin 641212 [ 848.601366][T16409] total_pgpgout 663291 [ 848.605686][T16409] total_pgfault 442534 [ 848.609789][T16409] total_pgmajfault 11566 [ 848.614068][T16409] total_inactive_anon 69632 [ 848.618594][T16409] total_active_anon 0 [ 848.622557][T16409] total_inactive_file 0 [ 848.626749][T16409] total_active_file 0 [ 848.630803][T16409] total_unevictable 0 [ 848.634851][T16409] anon_cost 28 [ 848.638369][T16409] file_cost 0 [ 848.641635][T16409] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2743,pid=16409,uid=0 [ 848.657156][T16409] Memory cgroup out of memory: Killed process 16409 (syz.0.2743) total-vm:104592kB, anon-rss:1352kB, file-rss:22696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 849.136861][T15461] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 852.431670][T16489] Invalid ELF header magic: != ELF [ 852.862987][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 852.988086][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 852.988113][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 852.988119][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 852.988128][ T5820] Call Trace: [ 852.988133][ T5820] [ 852.988140][ T5820] dump_stack_lvl+0x100/0x190 [ 852.988165][ T5820] dump_header+0xfb/0x606 [ 852.988182][ T5820] oom_kill_process.cold+0xd/0x321 [ 852.988199][ T5820] out_of_memory+0x340/0x14f0 [ 852.988219][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 852.988240][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 852.988261][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 852.988281][ T5820] ? find_held_lock+0x2b/0x80 [ 852.988303][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 852.988320][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 852.988343][ T5820] try_charge_memcg+0x652/0xc90 [ 852.988364][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 852.988385][ T5820] ? find_held_lock+0x2b/0x80 [ 852.988402][ T5820] ? rcu_read_unlock+0x17/0x60 [ 852.988418][ T5820] ? rcu_read_unlock+0x17/0x60 [ 852.988437][ T5820] charge_memcg+0xa6/0x280 [ 852.988453][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 852.988475][ T5820] __read_swap_cache_async+0x449/0x610 [ 852.988500][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 852.988522][ T5820] ? css_rstat_updated+0x1ce/0x5a0 [ 852.988543][ T5820] ? __pfx_css_rstat_updated+0x10/0x10 [ 852.988561][ T5820] ? prepare_alloc_pages+0x16d/0x5f0 [ 852.988583][ T5820] swap_cluster_readahead+0x541/0x770 [ 852.988609][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 852.988642][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 852.988662][ T5820] swapin_readahead+0x14b/0x12e0 [ 852.988695][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 852.988716][ T5820] ? find_held_lock+0x2b/0x80 [ 852.988735][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 852.988757][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 852.988776][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 852.988795][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 852.988816][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 852.988835][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 852.988851][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 852.988875][ T5820] ? do_swap_page+0x9ba/0x6810 [ 852.988894][ T5820] do_swap_page+0x9ba/0x6810 [ 852.988917][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 852.988931][ T5820] ? __pfx___schedule+0x10/0x10 [ 852.988954][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 852.988976][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 852.988997][ T5820] ? __free_object+0x2a8/0x400 [ 852.989016][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 852.989032][ T5820] ? rcu_is_watching+0x12/0xc0 [ 852.989049][ T5820] ? __pte_offset_map+0x179/0x310 [ 852.989068][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 852.989093][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 852.989107][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 852.989131][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 852.989163][ T5820] handle_mm_fault+0x36d/0xa20 [ 852.989188][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 852.989213][ T5820] exc_page_fault+0x6f/0xd0 [ 852.989227][ T5820] asm_exc_page_fault+0x26/0x30 [ 852.989241][ T5820] RIP: 0033:0x7f7412f5c84e [ 852.989254][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 852.989268][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 852.989281][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 852.989290][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 852.989299][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 852.989308][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 852.989317][ T5820] R13: 00000000000927c0 R14: 00000000000d0275 R15: 00007ffd90720ea0 [ 852.989337][ T5820] [ 852.989342][ T5820] memory: usage 3072kB, limit 3072kB, failcnt 105559 [ 854.306495][ T5820] memory+swap: usage 3244kB, limit 9007199254740988kB, failcnt 0 [ 854.328405][ T5820] kmem: usage 3016kB, limit 9007199254740988kB, failcnt 0 [ 854.346516][ T5820] Memory cgroup stats for /syz0: [ 854.346618][ T5820] cache 0 [ 854.364714][ T5820] rss 0 [ 854.376573][ T5820] rss_huge 0 [ 854.380327][ T5820] shmem 0 [ 854.383252][ T5820] mapped_file 0 [ 854.394409][ T5820] dirty 0 [ 854.398794][ T5820] writeback 0 [ 854.402119][ T5820] workingset_refault_anon 26631 [ 854.415687][ T5820] workingset_refault_file 25785 [ 854.428597][ T5820] swap 188416 [ 854.435453][ T5820] swapcached 32768 [ 854.446888][ T5820] pgpgin 641576 [ 854.454973][ T5820] pgpgout 663688 [ 854.462471][ T5820] pgfault 443076 [ 854.466030][ T5820] pgmajfault 11655 [ 854.480170][ T5820] inactive_anon 0 [ 854.486696][ T5820] active_anon 32768 [ 854.490600][ T5820] inactive_file 0 [ 854.494217][ T5820] active_file 0 [ 854.516471][ T5820] unevictable 0 [ 854.519962][ T5820] hierarchical_memory_limit 3145728 [ 854.525232][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 854.541292][ T5820] total_cache 0 [ 854.554972][ T5820] total_rss 0 [ 854.558958][ T5820] total_rss_huge 0 [ 854.562678][ T5820] total_shmem 0 [ 854.566125][ T5820] total_mapped_file 0 [ 854.580373][ T5820] total_dirty 0 [ 854.594187][ T5820] total_writeback 0 [ 854.598113][ T5820] total_workingset_refault_anon 26631 [ 854.603466][ T5820] total_workingset_refault_file 25785 [ 854.620904][ T5820] total_swap 188416 [ 854.624729][ T5820] total_swapcached 32768 [ 854.639908][ T5820] total_pgpgin 641576 [ 854.649348][ T5820] total_pgpgout 663688 [ 854.653441][ T5820] total_pgfault 443076 [ 854.669509][ T5820] total_pgmajfault 11655 [ 854.673786][ T5820] total_inactive_anon 0 [ 854.688379][ T5820] total_active_anon 32768 [ 854.692719][ T5820] total_inactive_file 0 [ 854.707062][ T5820] total_active_file 0 [ 854.715804][ T5820] total_unevictable 0 [ 854.724795][ T5820] anon_cost 96 [ 854.732965][ T5820] file_cost 0 [ 854.736349][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2763,pid=16491,uid=0 [ 854.776625][ T5820] Memory cgroup out of memory: Killed process 16491 (syz.0.2763) total-vm:170068kB, anon-rss:1352kB, file-rss:22812kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 855.718076][T16526] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2773'. [ 855.751337][T16511] syz.0.2775 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 855.828484][T16511] CPU: 0 UID: 0 PID: 16511 Comm: syz.0.2775 Tainted: G U L syzkaller #0 PREEMPT(full) [ 855.828511][T16511] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 855.828516][T16511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 855.828529][T16511] Call Trace: [ 855.828534][T16511] [ 855.828540][T16511] dump_stack_lvl+0x100/0x190 [ 855.828566][T16511] dump_header+0xfb/0x606 [ 855.828582][T16511] oom_kill_process.cold+0xd/0x321 [ 855.828599][T16511] out_of_memory+0x340/0x14f0 [ 855.828619][T16511] ? __pfx_out_of_memory+0x10/0x10 [ 855.828639][T16511] mem_cgroup_out_of_memory+0xc6/0x130 [ 855.828660][T16511] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 855.828680][T16511] ? find_held_lock+0x2b/0x80 [ 855.828702][T16511] ? do_raw_spin_unlock+0x145/0x1e0 [ 855.828719][T16511] ? _raw_spin_unlock+0x28/0x50 [ 855.828741][T16511] try_charge_memcg+0x652/0xc90 [ 855.828763][T16511] ? __pfx_try_charge_memcg+0x10/0x10 [ 855.828784][T16511] ? find_held_lock+0x2b/0x80 [ 855.828801][T16511] ? rcu_read_unlock+0x17/0x60 [ 855.828817][T16511] ? rcu_read_unlock+0x17/0x60 [ 855.828836][T16511] charge_memcg+0xa6/0x280 [ 855.828853][T16511] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 855.828875][T16511] __read_swap_cache_async+0x449/0x610 [ 855.828900][T16511] ? __pfx___read_swap_cache_async+0x10/0x10 [ 855.828920][T16511] ? __lock_acquire+0x4a5/0x2630 [ 855.828936][T16511] ? __xa_erase+0xec/0x150 [ 855.828950][T16511] ? __pfx___xa_erase+0x10/0x10 [ 855.828967][T16511] swap_cluster_readahead+0x541/0x770 [ 855.828994][T16511] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 855.829016][T16511] ? __lock_acquire+0x4a5/0x2630 [ 855.829030][T16511] ? _raw_spin_unlock+0x28/0x50 [ 855.829049][T16511] ? move_cluster+0x1f7/0x570 [ 855.829070][T16511] ? get_vma_policy+0x23f/0x3b0 [ 855.829090][T16511] swapin_readahead+0x14b/0x12e0 [ 855.829117][T16511] ? __pfx_swapin_readahead+0x10/0x10 [ 855.829138][T16511] ? find_held_lock+0x2b/0x80 [ 855.829157][T16511] ? swap_cache_get_folio+0x272/0x920 [ 855.829179][T16511] ? swap_cache_get_folio+0x272/0x920 [ 855.829198][T16511] ? swap_cache_get_folio+0x1f/0x920 [ 855.829217][T16511] ? swap_cache_get_folio+0x2a2/0x920 [ 855.829239][T16511] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 855.829259][T16511] ? __pfx_get_swap_device+0x10/0x10 [ 855.829279][T16511] ? do_swap_page+0x9ba/0x6810 [ 855.829299][T16511] do_swap_page+0x9ba/0x6810 [ 855.829322][T16511] ? __lock_acquire+0x4a5/0x2630 [ 855.829336][T16511] ? finish_task_switch.isra.0+0x200/0xb80 [ 855.829361][T16511] ? finish_task_switch.isra.0+0x200/0xb80 [ 855.829383][T16511] ? __pfx_do_swap_page+0x10/0x10 [ 855.829406][T16511] ? __pfx_default_wake_function+0x10/0x10 [ 855.829428][T16511] ? __schedule+0x1035/0x6000 [ 855.829450][T16511] ? rcu_is_watching+0x12/0xc0 [ 855.829467][T16511] ? __pte_offset_map+0x179/0x310 [ 855.829487][T16511] __handle_mm_fault+0x18b9/0x2b50 [ 855.829512][T16511] ? reacquire_held_locks+0xce/0x1e0 [ 855.829526][T16511] ? __pfx___handle_mm_fault+0x10/0x10 [ 855.829550][T16511] ? lock_vma_under_rcu+0x17c/0x5a0 [ 855.829583][T16511] handle_mm_fault+0x36d/0xa20 [ 855.829610][T16511] do_user_addr_fault+0x5a3/0x12f0 [ 855.829638][T16511] exc_page_fault+0x6f/0xd0 [ 855.829652][T16511] asm_exc_page_fault+0x26/0x30 [ 855.829666][T16511] RIP: 0033:0x7f7412f9bf8b [ 855.829678][T16511] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f [ 855.829692][T16511] RSP: 002b:00007ffd90720c08 EFLAGS: 00010213 [ 855.829704][T16511] RAX: 000000000000006e RBX: 00000000000d0ddd RCX: ffffffffffffffe8 [ 855.829714][T16511] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7413215fac [ 855.829723][T16511] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 855.829732][T16511] R10: 00007ffd90720d10 R11: 0000000000000246 R12: 00007ffd90720d30 [ 855.829741][T16511] R13: 00007f7413215fac R14: 00000000000d0e0f R15: 00007ffd90720d10 [ 855.829760][T16511] [ 855.829785][T16511] memory: usage 3072kB, limit 3072kB, failcnt 106064 [ 856.736525][T16540] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 856.767045][T16540] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 856.795243][T16540] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 856.918911][T16511] memory+swap: usage 3204kB, limit 9007199254740988kB, failcnt 0 [ 856.947922][T16511] kmem: usage 2932kB, limit 9007199254740988kB, failcnt 0 [ 856.972908][T16511] Memory cgroup stats for /syz0: [ 856.973008][T16511] cache 0 [ 856.997324][T16511] rss 4096 [ 857.004278][T16511] rss_huge 0 [ 857.012049][T16511] shmem 0 [ 857.018050][T16511] mapped_file 0 [ 857.025221][T16511] dirty 0 [ 857.031699][T16511] writeback 0 [ 857.039436][T16511] workingset_refault_anon 26738 [ 857.068908][T16511] workingset_refault_file 25785 [ 857.096301][T16511] swap 135168 [ 857.109694][T16511] swapcached 73728 [ 857.122216][T16511] pgpgin 641718 [ 857.135587][T16511] pgpgout 663820 [ 857.155475][T16511] pgfault 443282 [ 857.171552][T16511] pgmajfault 11725 [ 857.247070][T16511] inactive_anon 0 [ 857.250723][T16511] active_anon 73728 [ 857.254508][T16511] inactive_file 0 [ 857.270903][T16511] active_file 0 [ 857.284298][T16511] unevictable 0 [ 857.294394][T16511] hierarchical_memory_limit 3145728 [ 857.328525][T16511] hierarchical_memsw_limit 9223372036854771712 [ 857.334703][T16511] total_cache 0 [ 857.355546][T16511] total_rss 4096 [ 857.362666][T16511] total_rss_huge 0 [ 857.371499][T16511] total_shmem 0 [ 857.374977][T16511] total_mapped_file 0 [ 857.393982][T16511] total_dirty 0 [ 857.404216][T16511] total_writeback 0 [ 857.427058][T16511] total_workingset_refault_anon 26738 [ 857.439215][T16511] total_workingset_refault_file 25785 [ 857.456336][T16511] total_swap 135168 [ 857.477292][T16511] total_swapcached 73728 [ 857.481561][T16511] total_pgpgin 641718 [ 857.510952][T16511] total_pgpgout 663820 [ 857.532559][T16511] total_pgfault 443282 [ 857.557300][T16511] total_pgmajfault 11725 [ 857.561566][T16511] total_inactive_anon 0 [ 857.597262][T16511] total_active_anon 73728 [ 857.622926][T16511] total_inactive_file 0 [ 857.644579][T16511] total_active_file 0 [ 857.669893][T16511] total_unevictable 0 [ 857.691886][T16511] anon_cost 106 [ 857.729563][T16511] file_cost 0 [ 857.732888][T16511] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2775,pid=16511,uid=0 [ 857.828203][T16511] Memory cgroup out of memory: Killed process 16511 (syz.0.2775) total-vm:102220kB, anon-rss:1352kB, file-rss:22604kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 858.328821][T16576] syz.0.2786 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 858.389967][T16576] CPU: 0 UID: 0 PID: 16576 Comm: syz.0.2786 Tainted: G U L syzkaller #0 PREEMPT(full) [ 858.389994][T16576] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 858.390001][T16576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 858.390010][T16576] Call Trace: [ 858.390016][T16576] [ 858.390022][T16576] dump_stack_lvl+0x100/0x190 [ 858.390050][T16576] dump_header+0xfb/0x606 [ 858.390066][T16576] oom_kill_process.cold+0xd/0x321 [ 858.390083][T16576] out_of_memory+0x340/0x14f0 [ 858.390103][T16576] ? __pfx_out_of_memory+0x10/0x10 [ 858.390124][T16576] mem_cgroup_out_of_memory+0xc6/0x130 [ 858.390145][T16576] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 858.390164][T16576] ? find_held_lock+0x2b/0x80 [ 858.390187][T16576] ? do_raw_spin_unlock+0x145/0x1e0 [ 858.390204][T16576] ? _raw_spin_unlock+0x28/0x50 [ 858.390227][T16576] try_charge_memcg+0x652/0xc90 [ 858.390248][T16576] ? __pfx_try_charge_memcg+0x10/0x10 [ 858.390269][T16576] ? find_held_lock+0x2b/0x80 [ 858.390286][T16576] ? rcu_read_unlock+0x17/0x60 [ 858.390302][T16576] ? rcu_read_unlock+0x17/0x60 [ 858.390321][T16576] charge_memcg+0xa6/0x280 [ 858.390337][T16576] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 858.390359][T16576] __read_swap_cache_async+0x449/0x610 [ 858.390390][T16576] ? __pfx___read_swap_cache_async+0x10/0x10 [ 858.390410][T16576] ? lockdep_hardirqs_on+0x78/0x100 [ 858.390424][T16576] ? queue_work_on+0xe0/0x1e0 [ 858.390442][T16576] ? vmpressure+0x1d8/0x350 [ 858.390463][T16576] swap_cluster_readahead+0x414/0x770 [ 858.390489][T16576] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 858.390515][T16576] ? __pfx_do_try_to_free_pages+0x10/0x10 [ 858.390537][T16576] ? get_vma_policy+0x23f/0x3b0 [ 858.390556][T16576] swapin_readahead+0x14b/0x12e0 [ 858.390583][T16576] ? __pfx_swapin_readahead+0x10/0x10 [ 858.390605][T16576] ? find_held_lock+0x2b/0x80 [ 858.390623][T16576] ? swap_cache_get_folio+0x272/0x920 [ 858.390645][T16576] ? swap_cache_get_folio+0x272/0x920 [ 858.390664][T16576] ? swap_cache_get_folio+0x1f/0x920 [ 858.390683][T16576] ? swap_cache_get_folio+0x2a2/0x920 [ 858.390704][T16576] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 858.390724][T16576] ? __pfx_get_swap_device+0x10/0x10 [ 858.390744][T16576] ? do_swap_page+0x9ba/0x6810 [ 858.390764][T16576] do_swap_page+0x9ba/0x6810 [ 858.390786][T16576] ? __lock_acquire+0x4a5/0x2630 [ 858.390805][T16576] ? __pfx_do_swap_page+0x10/0x10 [ 858.390827][T16576] ? __pfx_default_wake_function+0x10/0x10 [ 858.390852][T16576] ? rcu_is_watching+0x12/0xc0 [ 858.390870][T16576] ? __pte_offset_map+0x179/0x310 [ 858.390889][T16576] __handle_mm_fault+0x18b9/0x2b50 [ 858.390912][T16576] ? mt_find+0x45e/0x8e0 [ 858.390929][T16576] ? __pfx___handle_mm_fault+0x10/0x10 [ 858.390949][T16576] ? __pfx_mt_find+0x10/0x10 [ 858.390974][T16576] ? find_vma+0xbf/0x140 [ 858.390989][T16576] ? __pfx_find_vma+0x10/0x10 [ 858.391007][T16576] handle_mm_fault+0x36d/0xa20 [ 858.391032][T16576] do_user_addr_fault+0x74c/0x12f0 [ 858.391057][T16576] exc_page_fault+0x6f/0xd0 [ 858.391072][T16576] asm_exc_page_fault+0x26/0x30 [ 858.391085][T16576] RIP: 0010:__put_user_4+0xd/0x20 [ 858.391099][T16576] Code: 66 89 01 31 c9 0f 01 ca e9 00 c3 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 d7 c2 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 858.391114][T16576] RSP: 0018:ffffc9000b7dfbf0 EFLAGS: 00050206 [ 858.391126][T16576] RAX: 00000000000007c6 RBX: 0000000000000000 RCX: 00007f74111cd990 [ 858.391135][T16576] RDX: 1ffff920016fbfab RSI: ffffffff8253c3c1 RDI: ffffc9000b7dfd58 [ 858.391145][T16576] RBP: ffff88802ee48000 R08: 0000000000000001 R09: 00000000000001c6 [ 858.391154][T16576] R10: 0000000000000200 R11: 0000000000000000 R12: 00000000003d0f00 [ 858.391163][T16576] R13: 1ffff920016fbf83 R14: ffff88803237b500 R15: 0000000000000000 [ 858.391178][T16576] ? __might_fault+0x111/0x140 [ 858.391194][T16576] kernel_clone+0x68c/0x930 [ 858.391209][T16576] ? rcu_is_watching+0x12/0xc0 [ 858.391226][T16576] ? __pfx_kernel_clone+0x10/0x10 [ 858.391247][T16576] ? __lock_acquire+0x4a5/0x2630 [ 858.391263][T16576] __do_sys_clone3+0x214/0x290 [ 858.391277][T16576] ? __pfx___do_sys_clone3+0x10/0x10 [ 858.391301][T16576] ? _copy_to_user+0xaf/0xd0 [ 858.391331][T16576] do_syscall_64+0x106/0xf80 [ 858.391343][T16576] ? clear_bhb_loop+0x40/0x90 [ 858.391360][T16576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.391379][T16576] RIP: 0033:0x7f7412f9cd89 [ 858.391391][T16576] Code: 90 b8 01 00 00 00 b9 01 00 00 00 eb ec 0f 1f 40 00 b8 ea ff ff ff 48 85 ff 74 28 48 85 d2 74 23 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 14 74 01 c3 31 ed 4c 89 c7 ff d2 48 89 c7 b8 3c 00 00 [ 858.391405][T16576] RSP: 002b:00007ffd90720968 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 858.391418][T16576] RAX: ffffffffffffffda RBX: 00007f7412f583a0 RCX: 00007f7412f9cd89 [ 858.391427][T16576] RDX: 00007f7412f583a0 RSI: 0000000000000058 RDI: 00007ffd907209c0 [ 858.391437][T16576] RBP: 00007f74111cd6c0 R08: 00007f74111cd6c0 R09: 00007ffd90720aa7 [ 858.391446][T16576] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffe8 [ 858.391455][T16576] R13: 000000000000006e R14: 00007ffd907209c0 R15: 00007ffd90720aa8 [ 858.391474][T16576] [ 858.986012][T16576] memory: usage 3072kB, limit 3072kB, failcnt 106163 [ 858.993809][T16576] memory+swap: usage 3220kB, limit 9007199254740988kB, failcnt 0 [ 859.001648][T16576] kmem: usage 3012kB, limit 9007199254740988kB, failcnt 0 [ 859.008787][T16576] Memory cgroup stats for /syz0: [ 859.008883][T16576] cache 0 [ 859.016825][T16576] rss 4096 [ 859.019828][T16576] rss_huge 0 [ 859.023003][T16576] shmem 0 [ 859.025918][T16576] mapped_file 0 [ 859.029440][T16576] dirty 0 [ 859.032651][T16576] writeback 0 [ 859.035919][T16576] workingset_refault_anon 26774 [ 859.040832][T16576] workingset_refault_file 25785 [ 859.045665][T16576] swap 151552 [ 859.049246][T16576] swapcached 57344 [ 859.053012][T16576] pgpgin 641790 [ 859.056817][T16576] pgpgout 663895 [ 859.060352][T16576] pgfault 443428 [ 859.063943][T16576] pgmajfault 11738 [ 859.067684][T16576] inactive_anon 0 [ 859.071294][T16576] active_anon 61440 [ 859.075129][T16576] inactive_file 0 [ 859.078764][T16576] active_file 0 [ 859.082252][T16576] unevictable 0 [ 859.085800][T16576] hierarchical_memory_limit 3145728 [ 859.092017][T16576] hierarchical_memsw_limit 9223372036854771712 [ 859.098263][T16576] total_cache 0 [ 859.101705][T16576] total_rss 4096 [ 859.105229][T16576] total_rss_huge 0 [ 859.109032][T16576] total_shmem 0 [ 859.112471][T16576] total_mapped_file 0 [ 859.116634][T16576] total_dirty 0 [ 859.120134][T16576] total_writeback 0 [ 859.123919][T16576] total_workingset_refault_anon 26774 [ 859.129312][T16576] total_workingset_refault_file 25785 [ 859.134882][T16576] total_swap 151552 [ 859.138845][T16576] total_swapcached 57344 [ 859.143090][T16576] total_pgpgin 641790 [ 859.147205][T16576] total_pgpgout 663895 [ 859.151566][T16576] total_pgfault 443428 [ 859.155620][T16576] total_pgmajfault 11738 [ 859.159931][T16576] total_inactive_anon 0 [ 859.164237][T16576] total_active_anon 61440 [ 859.168591][T16576] total_inactive_file 0 [ 859.172774][T16576] total_active_file 0 [ 859.176771][T16576] total_unevictable 0 [ 859.180758][T16576] anon_cost 49 [ 859.184165][T16576] file_cost 0 [ 859.187477][T16576] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2786,pid=16576,uid=0 [ 859.203015][T16576] Memory cgroup out of memory: Killed process 16576 (syz.0.2786) total-vm:102352kB, anon-rss:1352kB, file-rss:22604kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 859.296818][T14473] Bluetooth: hci1: command 0x0c1a tx timeout [ 859.302923][T14473] Bluetooth: hci3: command 0x0c1a tx timeout [ 859.309016][T14473] Bluetooth: hci2: command 0x0c1a tx timeout [ 860.617556][T16625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2799'. [ 860.835172][T16632] openvswitch: netlink: Multiple metadata blocks provided [ 861.012292][T16640] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2804'. [ 861.072880][T16634] syz.0.2792 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 861.122687][T16634] CPU: 0 UID: 0 PID: 16634 Comm: syz.0.2792 Tainted: G U L syzkaller #0 PREEMPT(full) [ 861.122716][T16634] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 861.122722][T16634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 861.122731][T16634] Call Trace: [ 861.122737][T16634] [ 861.122743][T16634] dump_stack_lvl+0x100/0x190 [ 861.122770][T16634] dump_header+0xfb/0x606 [ 861.122786][T16634] oom_kill_process.cold+0xd/0x321 [ 861.122810][T16634] out_of_memory+0x340/0x14f0 [ 861.122831][T16634] ? __pfx_out_of_memory+0x10/0x10 [ 861.122852][T16634] mem_cgroup_out_of_memory+0xc6/0x130 [ 861.122874][T16634] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 861.122894][T16634] ? find_held_lock+0x2b/0x80 [ 861.122917][T16634] ? do_raw_spin_unlock+0x145/0x1e0 [ 861.122935][T16634] ? _raw_spin_unlock+0x28/0x50 [ 861.122958][T16634] try_charge_memcg+0x652/0xc90 [ 861.122980][T16634] ? __pfx_try_charge_memcg+0x10/0x10 [ 861.122998][T16634] ? find_held_lock+0x2b/0x80 [ 861.123015][T16634] ? rcu_read_unlock+0x17/0x60 [ 861.123033][T16634] ? rcu_read_unlock+0x17/0x60 [ 861.123056][T16634] charge_memcg+0xa6/0x280 [ 861.123073][T16634] __mem_cgroup_charge+0x2b/0x1e0 [ 861.123094][T16634] do_wp_page+0xf38/0x4c10 [ 861.123120][T16634] ? __pfx_do_wp_page+0x10/0x10 [ 861.123141][T16634] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 861.123163][T16634] __handle_mm_fault+0x1ac0/0x2b50 [ 861.123191][T16634] ? __pfx___handle_mm_fault+0x10/0x10 [ 861.123214][T16634] ? pte_offset_map_lock+0x174/0x320 [ 861.123231][T16634] ? find_held_lock+0x2b/0x80 [ 861.123256][T16634] ? follow_page_pte+0x5b4/0x1410 [ 861.123278][T16634] handle_mm_fault+0x36d/0xa20 [ 861.123314][T16634] __get_user_pages+0xf9c/0x34d0 [ 861.123341][T16634] ? __pfx___get_user_pages+0x10/0x10 [ 861.123365][T16634] populate_vma_page_range+0x267/0x3f0 [ 861.123386][T16634] ? __pfx_populate_vma_page_range+0x10/0x10 [ 861.123405][T16634] ? __pfx_find_vma_intersection+0x10/0x10 [ 861.123424][T16634] ? do_mmap+0x93f/0x12f0 [ 861.123444][T16634] __mm_populate+0x107/0x3a0 [ 861.123465][T16634] ? __pfx___mm_populate+0x10/0x10 [ 861.123485][T16634] ? up_write+0x290/0x4f0 [ 861.123504][T16634] vm_mmap_pgoff+0x37f/0x470 [ 861.123528][T16634] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 861.123547][T16634] ? do_raw_spin_lock+0x128/0x260 [ 861.123564][T16634] ? rcu_is_watching+0x12/0xc0 [ 861.123582][T16634] ? kfree+0x2a9/0x690 [ 861.123602][T16634] ? kcov_ioctl+0x162/0x720 [ 861.123623][T16634] ksys_mmap_pgoff+0x7d/0x5b0 [ 861.123640][T16634] ? kcov_ioctl+0x16a/0x720 [ 861.123657][T16634] ? kcov_ioctl+0x16a/0x720 [ 861.123676][T16634] __x64_sys_mmap+0x125/0x190 [ 861.123697][T16634] do_syscall_64+0x106/0xf80 [ 861.123710][T16634] ? clear_bhb_loop+0x40/0x90 [ 861.123729][T16634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 861.123744][T16634] RIP: 0033:0x7f7412f9bf79 [ 861.123757][T16634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 861.123772][T16634] RSP: 002b:00007f74111ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 861.123787][T16634] RAX: ffffffffffffffda RBX: 00007f7413216180 RCX: 00007f7412f9bf79 [ 861.123797][T16634] RDX: 000000000000000b RSI: 0000000000400008 RDI: 0000000000000000 [ 861.123811][T16634] RBP: 00007f74130327e0 R08: 0000000000000002 R09: 0000000000008000 [ 861.123820][T16634] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 861.123829][T16634] R13: 00007f7413216218 R14: 00007f7413216180 R15: 00007ffd90720aa8 [ 861.123850][T16634] [ 861.125401][T16634] memory: usage 3072kB, limit 3072kB, failcnt 107544 [ 862.204830][T16663] Invalid ELF header magic: != ELF [ 862.220754][T16634] memory+swap: usage 3432kB, limit 9007199254740988kB, failcnt 0 [ 862.246794][T16634] kmem: usage 2928kB, limit 9007199254740988kB, failcnt 0 [ 862.278775][T16634] Memory cgroup stats for /syz0: [ 862.278890][T16634] cache 0 [ 862.308228][T16634] rss 81920 [ 862.325796][T16634] rss_huge 0 [ 862.346002][T16634] shmem 0 [ 862.354897][T16634] mapped_file 0 [ 862.366793][T16634] dirty 0 [ 862.376714][T16634] writeback 0 [ 862.386145][T16634] workingset_refault_anon 26905 [ 862.401298][T16634] workingset_refault_file 25785 [ 862.406169][T16634] swap 368640 [ 862.425546][T16634] swapcached 28672 [ 862.439818][T16634] pgpgin 643047 [ 862.445594][ T29] audit: type=1804 audit(4295004326.240:23): pid=16666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2811" name="/newroot/710/file0" dev="tmpfs" ino=3764 res=1 errno=0 [ 862.476792][T16634] pgpgout 665141 [ 862.492066][T16634] pgfault 444774 [ 862.499033][T16634] pgmajfault 11814 [ 862.503942][ T29] audit: type=1804 audit(4295004326.290:24): pid=16669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2811" name="/newroot/710/file0" dev="tmpfs" ino=3764 res=1 errno=0 [ 862.571431][T16634] inactive_anon 77824 [ 862.607053][T16634] active_anon 28672 [ 862.638203][T16634] inactive_file 0 [ 862.664817][T16634] active_file 0 [ 862.694296][T16634] unevictable 0 [ 862.792479][T16634] hierarchical_memory_limit 3145728 [ 862.978563][T16634] hierarchical_memsw_limit 9223372036854771712 [ 863.023107][T16634] total_cache 0 [ 863.058549][T16634] total_rss 81920 [ 863.077662][T16634] total_rss_huge 0 [ 863.091997][T16634] total_shmem 0 [ 863.106841][T16634] total_mapped_file 0 [ 863.121739][T16634] total_dirty 0 [ 863.143222][T16634] total_writeback 0 [ 863.159124][T16634] total_workingset_refault_anon 26905 [ 863.196157][T16634] total_workingset_refault_file 25785 [ 863.216726][T16634] total_swap 368640 [ 863.238438][T16634] total_swapcached 28672 [ 863.251639][T16634] total_pgpgin 643047 [ 863.257804][T16676] Invalid ELF header magic: != ELF [ 863.272508][T16634] total_pgpgout 665141 [ 863.293397][T16634] total_pgfault 444774 [ 863.308650][T16634] total_pgmajfault 11814 [ 863.326626][T16634] total_inactive_anon 77824 [ 863.352129][T16634] total_active_anon 28672 [ 863.372933][T16634] total_inactive_file 0 [ 863.397112][T16634] total_active_file 0 [ 863.416537][T16634] total_unevictable 0 [ 863.431491][T16634] anon_cost 60 [ 863.455407][T16634] file_cost 0 [ 863.475364][T16634] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2792,pid=16594,uid=0 [ 863.543173][T16634] Memory cgroup out of memory: Killed process 16634 (syz.0.2792) total-vm:135384kB, anon-rss:1352kB, file-rss:22932kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 866.313293][ T5820] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 866.514103][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 866.514131][ T5820] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 866.514136][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 866.514145][ T5820] Call Trace: [ 866.514151][ T5820] [ 866.514157][ T5820] dump_stack_lvl+0x100/0x190 [ 866.514182][ T5820] dump_header+0xfb/0x606 [ 866.514198][ T5820] oom_kill_process.cold+0xd/0x321 [ 866.514215][ T5820] out_of_memory+0x340/0x14f0 [ 866.514235][ T5820] ? __pfx_out_of_memory+0x10/0x10 [ 866.514255][ T5820] mem_cgroup_out_of_memory+0xc6/0x130 [ 866.514276][ T5820] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 866.514296][ T5820] ? find_held_lock+0x2b/0x80 [ 866.514318][ T5820] ? do_raw_spin_unlock+0x145/0x1e0 [ 866.514336][ T5820] ? _raw_spin_unlock+0x28/0x50 [ 866.514358][ T5820] try_charge_memcg+0x652/0xc90 [ 866.514379][ T5820] ? __pfx_try_charge_memcg+0x10/0x10 [ 866.514400][ T5820] ? find_held_lock+0x2b/0x80 [ 866.514417][ T5820] ? rcu_read_unlock+0x17/0x60 [ 866.514433][ T5820] ? rcu_read_unlock+0x17/0x60 [ 866.514452][ T5820] charge_memcg+0xa6/0x280 [ 866.514470][ T5820] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 866.514492][ T5820] __read_swap_cache_async+0x449/0x610 [ 866.514518][ T5820] ? __pfx___read_swap_cache_async+0x10/0x10 [ 866.514539][ T5820] ? rcu_is_watching+0x12/0xc0 [ 866.514563][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 866.514583][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 866.514597][ T5820] ? css_rstat_updated+0x1ce/0x5a0 [ 866.514619][ T5820] swap_cluster_readahead+0x414/0x770 [ 866.514646][ T5820] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 866.514667][ T5820] ? rcu_is_watching+0x12/0xc0 [ 866.514694][ T5820] ? get_vma_policy+0x23f/0x3b0 [ 866.514713][ T5820] swapin_readahead+0x14b/0x12e0 [ 866.514740][ T5820] ? __pfx_swapin_readahead+0x10/0x10 [ 866.514762][ T5820] ? find_held_lock+0x2b/0x80 [ 866.514780][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 866.514802][ T5820] ? swap_cache_get_folio+0x272/0x920 [ 866.514821][ T5820] ? swap_cache_get_folio+0x1f/0x920 [ 866.514840][ T5820] ? swap_cache_get_folio+0x2a2/0x920 [ 866.514861][ T5820] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 866.514880][ T5820] ? __pfx_get_swap_device+0x10/0x10 [ 866.514897][ T5820] ? finish_task_switch.isra.0+0x205/0xb80 [ 866.514919][ T5820] ? do_swap_page+0x9ba/0x6810 [ 866.514938][ T5820] do_swap_page+0x9ba/0x6810 [ 866.514964][ T5820] ? __lock_acquire+0x4a5/0x2630 [ 866.514983][ T5820] ? __pfx_do_swap_page+0x10/0x10 [ 866.515005][ T5820] ? __pfx_default_wake_function+0x10/0x10 [ 866.515026][ T5820] ? __free_object+0x2a8/0x400 [ 866.515045][ T5820] ? lockdep_hardirqs_on+0x78/0x100 [ 866.515060][ T5820] ? rcu_is_watching+0x12/0xc0 [ 866.515077][ T5820] ? __pte_offset_map+0x179/0x310 [ 866.515096][ T5820] __handle_mm_fault+0x18b9/0x2b50 [ 866.515120][ T5820] ? reacquire_held_locks+0xce/0x1e0 [ 866.515135][ T5820] ? __pfx___handle_mm_fault+0x10/0x10 [ 866.515159][ T5820] ? lock_vma_under_rcu+0x17c/0x5a0 [ 866.515191][ T5820] handle_mm_fault+0x36d/0xa20 [ 866.515215][ T5820] do_user_addr_fault+0x5a3/0x12f0 [ 866.515241][ T5820] exc_page_fault+0x6f/0xd0 [ 866.515255][ T5820] asm_exc_page_fault+0x26/0x30 [ 866.515269][ T5820] RIP: 0033:0x7f7412f5c84e [ 866.515282][ T5820] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 866.515296][ T5820] RSP: 002b:00007ffd90720d88 EFLAGS: 00010246 [ 866.515308][ T5820] RAX: 0000000000000000 RBX: 0000555586fa3500 RCX: 00007f7412f5c84e [ 866.515318][ T5820] RDX: 00007ffd90720de0 RSI: 0000000000000000 RDI: 0000000000000000 [ 866.515327][ T5820] RBP: 00007ffd90720e4c R08: 0000000000000000 R09: 0000000000000000 [ 866.515336][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 866.515345][ T5820] R13: 00000000000927c0 R14: 00000000000d3643 R15: 00007ffd90720ea0 [ 866.515364][ T5820] [ 866.515370][ T5820] memory: usage 2996kB, limit 3072kB, failcnt 109575 [ 867.839323][T16769] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 867.941705][ T5820] memory+swap: usage 3124kB, limit 9007199254740988kB, failcnt 0 [ 867.960447][ T5820] kmem: usage 2896kB, limit 9007199254740988kB, failcnt 0 [ 868.075057][ T5820] Memory cgroup stats for /syz0: [ 868.075159][ T5820] cache 0 [ 868.152491][ T5820] rss 90112 [ 868.155659][ T5820] rss_huge 0 [ 868.200319][ T5820] shmem 0 [ 868.208956][ T5820] mapped_file 0 [ 868.212466][ T5820] dirty 0 [ 868.215495][ T5820] writeback 0 [ 868.296016][ T5820] workingset_refault_anon 27395 [ 868.296112][ T5820] workingset_refault_file 25785 [ 868.296121][ T5820] swap 81920 [ 868.296127][ T5820] swapcached 131072 [ 868.296133][ T5820] pgpgin 645703 [ 868.296139][ T5820] pgpgout 667790 [ 868.296151][ T5820] pgfault 447699 [ 868.296157][ T5820] pgmajfault 12162 [ 868.296163][ T5820] inactive_anon 0 [ 868.296168][ T5820] active_anon 94208 [ 868.296174][ T5820] inactive_file 0 [ 868.296180][ T5820] active_file 0 [ 868.296186][ T5820] unevictable 0 [ 868.296192][ T5820] hierarchical_memory_limit 3145728 [ 868.296199][ T5820] hierarchical_memsw_limit 9223372036854771712 [ 868.296206][ T5820] total_cache 0 [ 868.296212][ T5820] total_rss 90112 [ 868.296217][ T5820] total_rss_huge 0 [ 868.296223][ T5820] total_shmem 0 [ 868.296229][ T5820] total_mapped_file 0 [ 868.296235][ T5820] total_dirty 0 [ 868.296241][ T5820] total_writeback 0 [ 868.296247][ T5820] total_workingset_refault_anon 27395 [ 868.296254][ T5820] total_workingset_refault_file 25785 [ 868.296261][ T5820] total_swap 81920 [ 868.296267][ T5820] total_swapcached 131072 [ 868.296273][ T5820] total_pgpgin 645703 [ 868.296279][ T5820] total_pgpgout 667790 [ 868.296285][ T5820] total_pgfault 447699 [ 868.296291][ T5820] total_pgmajfault 12162 [ 868.296297][ T5820] total_inactive_anon 0 [ 868.296303][ T5820] total_active_anon 94208 [ 868.296310][ T5820] total_inactive_file 0 [ 868.296316][ T5820] total_active_file 0 [ 868.296322][ T5820] total_unevictable 0 [ 868.296328][ T5820] anon_cost 78 [ 868.296334][ T5820] file_cost 0 [ 868.296341][ T5820] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2828,pid=16718,uid=0 [ 868.304257][ T5820] Memory cgroup out of memory: Killed process 16718 (syz.0.2828) total-vm:135252kB, anon-rss:1352kB, file-rss:23220kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 869.402677][T16785] zswap: compressor not available [ 870.875270][T16814] bridge0: port 2(gretap0) entered blocking state [ 870.884058][T16818] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 870.911459][T16814] bridge0: port 2(gretap0) entered disabled state [ 870.934973][T16814] gretap0: entered allmulticast mode [ 870.967137][T16814] gretap0: entered promiscuous mode [ 871.006999][T16814] bridge0: port 2(gretap0) entered blocking state [ 871.013638][T16814] bridge0: port 2(gretap0) entered forwarding state [ 873.743952][T16858] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 873.778580][T16858] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 873.826711][T16858] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 874.097126][ T30] INFO: task kworker/u10:3:14512 blocked for more than 143 seconds. [ 874.107572][ T30] Tainted: G U L syzkaller #0 [ 874.136517][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 874.171267][ T30] task:kworker/u10:3 state:D stack:26888 pid:14512 tgid:14512 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 874.207034][T16874] bridge0: port 2(gretap0) entered blocking state [ 874.233150][T16874] bridge0: port 2(gretap0) entered disabled state [ 874.243828][ T30] Workqueue: netns cleanup_net [ 874.265233][T16874] gretap0: entered allmulticast mode [ 874.275764][ T30] Call Trace: [ 874.290369][ T30] [ 874.295721][T16874] FAULT_INJECTION: forcing a failure. [ 874.295721][T16874] name failslab, interval 1, probability 0, space 0, times 0 [ 874.321628][ T30] __schedule+0x1023/0x6000 [ 874.334929][ T30] ? __lock_acquire+0x4a5/0x2630 [ 874.354623][ T30] ? __pfx___schedule+0x10/0x10 [ 874.366822][T16874] CPU: 0 UID: 0 PID: 16874 Comm: syz.3.2865 Tainted: G U L syzkaller #0 PREEMPT(full) [ 874.366853][T16874] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 874.366860][T16874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 874.366869][T16874] Call Trace: [ 874.366876][T16874] [ 874.366883][T16874] dump_stack_lvl+0x100/0x190 [ 874.366908][T16874] should_fail_ex.cold+0x5/0xa [ 874.366926][T16874] should_failslab+0xc2/0x120 [ 874.366945][T16874] kmem_cache_alloc_noprof+0x83/0x780 [ 874.366963][T16874] ? __kernfs_new_node+0xd2/0x960 [ 874.366986][T16874] ? __kernfs_new_node+0xd2/0x960 [ 874.367003][T16874] __kernfs_new_node+0xd2/0x960 [ 874.367024][T16874] ? __pfx___kernfs_new_node+0x10/0x10 [ 874.367049][T16874] ? find_held_lock+0x2b/0x80 [ 874.367068][T16874] ? kernfs_root+0xee/0x2a0 [ 874.367086][T16874] ? kernfs_root+0xee/0x2a0 [ 874.367109][T16874] kernfs_new_node+0x11b/0x1a0 [ 874.367133][T16874] __kernfs_create_file+0x53/0x350 [ 874.367151][T16874] sysfs_add_file_mode_ns+0x207/0x3c0 [ 874.367173][T16874] sysfs_create_file_ns+0x145/0x1e0 [ 874.367191][T16874] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 874.367209][T16874] ? kernfs_create_link+0x1bd/0x240 [ 874.367224][T16874] ? kernfs_put+0x3f/0x60 [ 874.367243][T16874] ? sysfs_do_create_link_sd+0xbb/0x140 [ 874.367265][T16874] br_sysfs_addif+0xe4/0x210 [ 874.367286][T16874] br_add_if+0x701/0x1b40 [ 874.367304][T16874] ? security_capable+0x80/0x260 [ 874.367329][T16874] add_del_if+0x114/0x160 [ 874.367347][T16874] br_dev_siocdevprivate+0x8ac/0x1650 [ 874.367367][T16874] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 874.367393][T16874] ? lock_acquire+0x17c/0x330 [ 874.367410][T16874] ? __pfx___might_resched+0x10/0x10 [ 874.367431][T16874] ? netdev_name_node_lookup+0x107/0x150 [ 874.367447][T16874] ? __mutex_lock+0x26a/0x1b90 [ 874.367465][T16874] dev_ifsioc+0xc15/0x1eb0 [ 874.367485][T16874] ? __pfx_dev_ifsioc+0x10/0x10 [ 874.367500][T16874] ? __pfx___mutex_lock+0x10/0x10 [ 874.367522][T16874] ? dev_load+0x8e/0x240 [ 874.367546][T16874] ? dev_load+0x8e/0x240 [ 874.367568][T16874] dev_ioctl+0x70e/0x1070 [ 874.367587][T16874] sock_ioctl+0x494/0x6b0 [ 874.367604][T16874] ? __pfx_sock_ioctl+0x10/0x10 [ 874.367617][T16874] ? hook_file_ioctl_common+0x146/0x410 [ 874.367637][T16874] ? __fget_files+0x21f/0x3d0 [ 874.367655][T16874] ? __pfx_sock_ioctl+0x10/0x10 [ 874.367670][T16874] __x64_sys_ioctl+0x18e/0x210 [ 874.367694][T16874] do_syscall_64+0x106/0xf80 [ 874.367709][T16874] ? clear_bhb_loop+0x40/0x90 [ 874.367727][T16874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.367742][T16874] RIP: 0033:0x7f53eb79bf79 [ 874.367755][T16874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.367770][T16874] RSP: 002b:00007f53ec738028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 874.367788][T16874] RAX: ffffffffffffffda RBX: 00007f53eba15fa0 RCX: 00007f53eb79bf79 [ 874.367799][T16874] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 874.367808][T16874] RBP: 00007f53eb8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 874.367818][T16874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.367827][T16874] R13: 00007f53eba16038 R14: 00007f53eba15fa0 R15: 00007fff79a56628 [ 874.367847][T16874] [ 874.368052][T16874] gretap0: left allmulticast mode [ 874.723191][ T30] ? find_held_lock+0x2b/0x80 [ 874.744466][ T30] ? schedule+0x2bf/0x390 [ 874.773144][ T30] schedule+0xdd/0x390 [ 874.784827][ T30] schedule_timeout+0x1b2/0x280 [ 874.801589][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 874.825930][ T30] ? mark_held_locks+0x40/0x70 [ 874.846682][ T30] __wait_for_common+0x2e7/0x4c0 [ 874.865526][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 874.886449][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 874.891944][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 874.928420][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 874.934268][ T30] __flush_workqueue+0x3f7/0x1200 [ 874.966765][ T30] ? __lock_acquire+0x4a5/0x2630 [ 874.976729][ T30] ? __lock_acquire+0x4a5/0x2630 [ 874.981711][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 874.996471][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 875.004847][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 875.015914][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 875.028133][ T30] rds_tcp_listen_stop+0x104/0x160 [ 875.033287][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 875.049359][ T30] rds_tcp_exit_net+0xcb/0x810 [ 875.054275][T15461] Bluetooth: hci3: command 0x0c1a tx timeout [ 875.065985][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 875.071454][ T30] ? __pfx___might_resched+0x10/0x10 [ 875.076779][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 875.082136][ T30] ops_undo_list+0x2ee/0xab0 [ 875.086742][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 875.091838][ T30] ? cleanup_net+0x345/0x830 [ 875.096458][ T30] ? idr_destroy+0x62/0x2e0 [ 875.100954][ T30] cleanup_net+0x419/0x830 [ 875.105366][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 875.110465][ T30] ? rcu_is_watching+0x12/0xc0 [ 875.115227][ T30] process_one_work+0x9c2/0x1840 [ 875.120341][ T30] ? __pfx_process_one_work+0x10/0x10 [ 875.126098][ T30] ? assign_work+0x19c/0x250 [ 875.130718][ T30] worker_thread+0x5da/0xe40 [ 875.135301][ T30] ? __pfx_worker_thread+0x10/0x10 [ 875.140446][ T30] ? kthread+0x13a/0x450 [ 875.144676][ T30] ? __pfx_worker_thread+0x10/0x10 [ 875.149800][ T30] kthread+0x370/0x450 [ 875.153857][ T30] ? __pfx_kthread+0x10/0x10 [ 875.159053][ T30] ret_from_fork+0x754/0xd80 [ 875.163667][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 875.170267][ T30] ? __switch_to+0x7b4/0x10c0 [ 875.177606][ T30] ? __pfx_kthread+0x10/0x10 [ 875.182229][ T30] ret_from_fork_asm+0x1a/0x30 [ 875.187646][ T30] [ 875.190764][ T30] [ 875.190764][ T30] Showing all locks held in the system: [ 875.198965][ T30] 1 lock held by khungtaskd/30: [ 875.203804][ T30] #0: ffffffff8e5e6e60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 875.214808][ T30] 2 locks held by getty/5581: [ 875.221318][ T30] #0: ffff88814da8c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 875.254495][ T30] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 875.273030][ T30] 3 locks held by kworker/0:4/5859: [ 875.280034][ T30] #0: ffff88813fe1d948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 875.300888][ T30] #1: ffffc90004ca7d08 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 875.317934][ T30] #2: ffffffff90401028 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 875.329200][ T30] 3 locks held by kworker/u10:3/14512: [ 875.334817][ T30] #0: ffff88801c2a7148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 875.354374][ T30] #1: ffffc90003a2fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 875.375820][ T30] #2: ffffffff903e86f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830 [ 875.392546][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.399092][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.422017][ T30] 2 locks held by kworker/u10:6/14691: [ 875.434189][ T30] #0: ffff88814529d948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 875.447380][ T30] #1: ffffc90003c4fd08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 875.459630][ T30] 2 locks held by syz.0.2856/16839: [ 875.464898][ T30] #0: ffff888047946f48 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 875.477137][ T30] #1: ffffffff8e5f2a78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 875.534664][ T30] [ 875.538302][ T30] ============================================= [ 875.538302][ T30] [ 875.547314][ T30] NMI backtrace for cpu 0 [ 875.547329][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 875.547351][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 875.547356][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 875.547365][ T30] Call Trace: [ 875.547371][ T30] [ 875.547377][ T30] dump_stack_lvl+0x100/0x190 [ 875.547401][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 875.547462][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 875.547481][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 875.547503][ T30] sys_info+0x141/0x190 [ 875.547518][ T30] watchdog+0xcc3/0xfe0 [ 875.547541][ T30] ? __pfx_watchdog+0x10/0x10 [ 875.547559][ T30] ? __kthread_parkme+0x18c/0x230 [ 875.547582][ T30] ? kthread+0x13a/0x450 [ 875.547594][ T30] ? __pfx_watchdog+0x10/0x10 [ 875.547610][ T30] kthread+0x370/0x450 [ 875.547624][ T30] ? __pfx_kthread+0x10/0x10 [ 875.547639][ T30] ret_from_fork+0x754/0xd80 [ 875.547658][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 875.547677][ T30] ? __switch_to+0x7b4/0x10c0 [ 875.547690][ T30] ? __pfx_kthread+0x10/0x10 [ 875.547705][ T30] ret_from_fork_asm+0x1a/0x30 [ 875.547728][ T30] [ 875.675173][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 875.682026][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 875.692697][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 875.697879][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 875.708016][ T30] Call Trace: [ 875.711293][ T30] [ 875.714218][ T30] dump_stack_lvl+0x100/0x190 [ 875.718919][ T30] vpanic+0x20d/0x630 [ 875.722923][ T30] panic+0xd1/0xd1 [ 875.726629][ T30] ? __pfx_panic+0x10/0x10 [ 875.731035][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 875.737173][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 875.743312][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 875.749651][ T30] ? watchdog.cold+0x198/0x1ca [ 875.754436][ T30] ? watchdog+0xcd3/0xfe0 [ 875.758843][ T30] watchdog.cold+0x1a9/0x1ca [ 875.763424][ T30] ? __pfx_watchdog+0x10/0x10 [ 875.768089][ T30] ? __kthread_parkme+0x18c/0x230 [ 875.773106][ T30] ? kthread+0x13a/0x450 [ 875.777336][ T30] ? __pfx_watchdog+0x10/0x10 [ 875.782005][ T30] kthread+0x370/0x450 [ 875.786057][ T30] ? __pfx_kthread+0x10/0x10 [ 875.790659][ T30] ret_from_fork+0x754/0xd80 [ 875.795238][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 875.800451][ T30] ? __switch_to+0x7b4/0x10c0 [ 875.805135][ T30] ? __pfx_kthread+0x10/0x10 [ 875.809916][ T30] ret_from_fork_asm+0x1a/0x30 [ 875.814691][ T30] [ 875.817751][ T30] Kernel Offset: disabled [ 875.822065][ T30] Rebooting in 86400 seconds..