last executing test programs: 2.526019246s ago: executing program 2 (id=12836): write$auto(0xca, &(0x7f0000000500)='\x04>\xce\v<\xe1\x00\x00\x01p!]\xcfR\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc1\x19HY\x9c\x97i\xec^\xbc\xb3`\x10+}\xd0\xfd\xf0\xa5\x0e\a\xabU\xb9\x93\xebq@1\x1a`pgQ\a\x87-\xa9\x03\x8eF\x138\x9a\xd7\x8c~w\x9a\x13\xe3\xa7\xc6k\xef1Tb\xf2\xc1FT|\xa1\xc3SD8\xc0bj\x11\xcc\b\"\xb3X\xae\xfapM\x97\xdc\x95\x13T\x7f\'K\x05\xe8\x9f\xf3=b\xa5\xbd1\xb1\xcb\xd8\x90\xd5\xdf\xd1\xd2\xd7_\b\xc0\x94', 0x7f) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000600)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x2, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r0, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) 2.476967993s ago: executing program 2 (id=12837): mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') 2.42532725s ago: executing program 2 (id=12838): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) 2.384095695s ago: executing program 2 (id=12839): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x17, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x1, &(0x7f0000000000)='-\x00', &(0x7f0000000040), 0x0) 2.316008967s ago: executing program 2 (id=12840): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x6) 2.262473997s ago: executing program 2 (id=12841): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) read$auto(r1, &(0x7f00000000c0)='/sys/devices/~latform/vhci_hc$.7/usb23/23-0:1.0/~\xda=\x8eep_81/inver', 0x6864a34) 1.644565828s ago: executing program 3 (id=12846): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) setsockopt$auto(0x3, 0x6, 0x3, 0x0, 0xd) 1.395641172s ago: executing program 1 (id=12849): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='-\x00\v'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x803}, 0x2004, 0x8) 1.23144369s ago: executing program 1 (id=12850): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getcwd$auto(0x0, 0xffffffffffffffff) renameat$auto(0x6, 0x0, 0x5, 0x0) 1.080590328s ago: executing program 1 (id=12852): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) munmap$auto(0x8000, 0xffffffff) 914.643317ms ago: executing program 1 (id=12854): sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, 0x0, 0x77bed28568c43d3b, 0x70bd2a, 0x25dfdbfc}, 0x14}}, 0x80) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) io_uring_register$auto(0x2, 0x21, &(0x7f0000000240), 0x1) 842.366417ms ago: executing program 0 (id=12855): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 756.783106ms ago: executing program 1 (id=12856): close_range$auto(0x2, 0x8, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x82, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001140)='/proc/sys/net/ipv6/conf/wg1/drop_unicast_in_l2_multicast\x00', 0x0, 0x0) fallocate$auto(0x3, 0x8, 0x200000000000b, 0x9) 731.121922ms ago: executing program 3 (id=12857): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r0 = gettid() rt_sigtimedwait$auto(&(0x7f0000000100)={0xfffffffffffffbff}, 0x0, 0x0, 0x8) kill$auto(r0, 0x11) 666.399038ms ago: executing program 0 (id=12858): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010001010000fbdbdf250200140008000300", @ANYRES32=r2, @ANYBLOB="05003e0017"], 0x24}, 0x1, 0x1400, 0x0, 0x4000080}, 0x20000084) 583.272223ms ago: executing program 1 (id=12859): r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x5760, 0x10000000000402) 506.890632ms ago: executing program 3 (id=12860): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x14, r1, 0x301, 0x70b52c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 494.55665ms ago: executing program 0 (id=12861): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) bind$auto(0x3, &(0x7f0000000040)=@isdn={0x22, 0x0, 0x5, 0x3, 0x6}, 0x9) 346.989071ms ago: executing program 0 (id=12862): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) setrlimit$auto(0x8, 0x0) setrlimit$auto(0x8, &(0x7f0000000280)={0x3, 0x388a}) 340.805675ms ago: executing program 3 (id=12863): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) r0 = socket(0x11, 0x80003, 0x300) sendto$auto(r0, 0x0, 0x13, 0x2, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x4}, 0x2}}, 0x1e) 205.366023ms ago: executing program 0 (id=12864): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x76, 0x0, 0x0) 203.070937ms ago: executing program 3 (id=12865): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000100)='7\x00\\\xa0\x04\xdb\xc3\x8cnI\x9c\t\xbck\x17\xfe_9\xdf\v\x9d\xf7\xa9+n\xf19\x8ba\xe38\xf7u~\r\x91p\x90x\xd9y\xef\x06\xafs\x90\xf0\xf9\xc3\'r\xac\x8d\\\xccM\xe3\x05\x87\x8c\x1beu\xa6\xab\xb2}\xb6\xb8\xa1\xb4\x98\x0f\x9b(8\xb9\xcb\x88\x0e\x99\x81f&\xe4\xe1\xf1\xe0iS\x93\xea\xa1\xb8\xa6T\xf4G\xb0m\xe5!\xa3\xda\x83\xc1\b\xb3\xce\x1bq\x03\xf7\t\x8f', 0x81) getsockopt$auto_SO_COOKIE(r0, 0x8001, 0x39, 0x0, 0x0) socket(0x1d, 0x2, 0x6) 29.020269ms ago: executing program 3 (id=12866): socket(0x2, 0x801, 0x6) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 0s ago: executing program 0 (id=12867): socket(0x1d, 0x3, 0x1) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) kernel console output (not intermixed with test programs): 26399] : entered promiscuous mode [ 560.966337][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.972982][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.142150][T26466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 562.189237][T26466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.696551][T26481] NFSD: Failed to start, no listeners configured. [ 563.151485][T26514] Zero length message leads to an empty skb [ 563.951710][T26547] delete_channel: no stack [ 563.971475][T26550] netlink: 'syz.0.8931': attribute type 2 has an invalid length. [ 565.415475][T26627] CIFS mount error: No usable UNC path provided in device string! [ 565.415475][T26627] [ 565.464216][T26627] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 566.540000][T26674] netlink: 'syz.1.8972': attribute type 1 has an invalid length. [ 566.924628][ T30] audit: type=1800 audit(4294985864.784:42): pid=26696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8978" name="dbroot" dev="configfs" ino=66540 res=0 errno=0 [ 567.206383][T26705] Process accounting paused [ 567.559083][T26725] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 567.776898][T26736] netlink: 'syz.1.8995': attribute type 4 has an invalid length. [ 567.804224][T26736] netlink: 'syz.1.8995': attribute type 1 has an invalid length. [ 567.857004][T26740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8997'. [ 568.434688][T26767] nbd: illegal input index 37139 [ 568.514461][T26770] openvswitch: netlink: Multiple metadata blocks provided [ 570.066599][T26854] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9033'. [ 570.801422][T26910] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 570.863841][T26910] vhci_hcd vhci_hcd.1: SetHubDepth req not supported for USB 2.0 roothub [ 571.593557][T26941] netlink: 'syz.2.9053': attribute type 1 has an invalid length. [ 571.726640][T26949] openvswitch: netlink: Flow actions attr not present in new flow. [ 572.390550][T26975] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9069'. [ 574.264947][T27060] IPVS: length: 131 != 8 [ 575.035803][T27094] openvswitch: netlink: Key type 261 is out of range max 32 [ 576.006190][T27128] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 577.532447][T27183] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 587.660287][T27547] dump_stack_lvl+0x100/0x190 [ 587.660334][T27547] should_fail_ex.cold+0x5/0xa [ 587.660363][T27547] should_failslab+0xc2/0x120 [ 587.660387][T27547] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 587.660415][T27547] ? __d_alloc+0x34/0xa80 [ 587.660441][T27547] __d_alloc+0x34/0xa80 [ 587.660460][T27547] ? new_inode+0x15a/0x1c0 [ 587.660500][T27547] d_alloc_pseudo+0x1c/0xc0 [ 587.660535][T27547] alloc_file_pseudo+0xcf/0x230 [ 587.660561][T27547] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 587.660587][T27547] ? hugetlbfs_get_inode+0x36e/0x750 [ 587.660613][T27547] hugetlb_file_setup+0x2a8/0x5b0 [ 587.660638][T27547] ksys_mmap_pgoff+0x232/0x650 [ 587.660658][T27547] ? __UNIQUE_ID_modinfo_711+0x63e0b673/0xffffffffffec9f73 [ 587.660721][T27547] ? __x64_sys_futex+0x358/0x4d0 [ 587.660749][T27547] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 587.660769][T27547] ? xfd_validate_state+0x129/0x190 [ 587.660800][T27547] __x64_sys_mmap+0x125/0x190 [ 587.660828][T27547] ? __UNIQUE_ID_modinfo_711+0x63e0b673/0xffffffffffec9f73 [ 587.660862][T27547] do_syscall_64+0x106/0xf80 [ 587.660882][T27547] ? clear_bhb_loop+0x40/0x90 [ 587.660905][T27547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.660923][T27547] RIP: 0033:0x7f14ef79c819 [ 587.660939][T27547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.660955][T27547] RSP: 002b:00007f14f05e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 587.660973][T27547] RAX: ffffffffffffffda RBX: 00007f14efa15fa0 RCX: 00007f14ef79c819 [ 587.660985][T27547] RDX: 0000000000000002 RSI: 0000000000000005 RDI: ffffffffff600700 [ 587.660995][T27547] RBP: 00007f14ef832c91 R08: 0000000000000401 R09: 0000300000000000 [ 587.661005][T27547] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 587.661015][T27547] R13: 00007f14efa16038 R14: 00007f14efa15fa0 R15: 00007fff1d27cbb8 [ 587.661033][T27547] ? __UNIQUE_ID_modinfo_711+0x63e0b673/0xffffffffffec9f73 [ 587.661066][T27547] [ 590.972887][T27645] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input48 [ 591.794334][T27673] netlink: 'syz.3.9315': attribute type 1 has an invalid length. [ 593.426260][T27730] openvswitch: netlink: IP tunnel dst address not specified [ 593.595225][T27735] bond0: option xmit_hash_policy: invalid value (v) [ 594.374439][T27762] delete_channel: no stack [ 595.035485][T27781] netlink: ct_mark mask cannot be 0 [ 595.823198][T27809] netlink: zone id is out of range [ 595.951430][T27809] netlink: zone id is out of range [ 596.038775][T27809] netlink: zone id is out of range [ 596.100045][T27809] netlink: zone id is out of range [ 596.206678][T27809] netlink: zone id is out of range [ 596.310996][T27809] netlink: zone id is out of range [ 596.403718][T27809] netlink: zone id is out of range [ 596.558118][T27809] netlink: zone id is out of range [ 597.521433][T27855] Process accounting resumed [ 597.859787][T27874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9389'. [ 599.815079][T27117] syz.2.9113 (27117) used greatest stack depth: 18408 bytes left [ 600.016550][T27933] netlink: 'syz.1.9413': attribute type 1 has an invalid length. [ 603.333902][T18312] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 603.333931][T18312] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 603.349002][T18312] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 603.349031][T18312] Bluetooth: hci0: adv larger than maximum supported [ 603.356954][T18312] Bluetooth: hci0: adv larger than maximum supported [ 603.363978][T18312] Bluetooth: hci0: Malformed LE Event: 0x0d [ 604.632058][T28071] net_ratelimit: 21 callbacks suppressed [ 604.632078][T28071] netlink: del zone limit has 4 unknown bytes [ 607.287953][T28167] netlink: 'syz.0.9498': attribute type 3 has an invalid length. [ 607.677241][T28181] netlink: 'syz.1.9502': attribute type 1 has an invalid length. [ 608.399356][T28201] FAULT_INJECTION: forcing a failure. [ 608.399356][T28201] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 608.475428][T28201] CPU: 0 UID: 0 PID: 28201 Comm: syz.0.9511 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 608.475463][T28201] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 608.475471][T28201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 608.475482][T28201] Call Trace: [ 608.475489][T28201] [ 608.475496][T28201] dump_stack_lvl+0x100/0x190 [ 608.475534][T28201] should_fail_ex.cold+0x5/0xa [ 608.475553][T28201] ? prepare_alloc_pages+0x16d/0x5f0 [ 608.475578][T28201] should_fail_alloc_page+0xeb/0x140 [ 608.475601][T28201] prepare_alloc_pages+0x1f0/0x5f0 [ 608.475626][T28201] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 608.475662][T28201] ? lock_acquire+0x1cf/0x380 [ 608.475691][T28201] ? rcu_is_watching+0x12/0xc0 [ 608.475743][T28201] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 608.475773][T28201] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 608.475802][T28201] ? rcu_read_unlock+0x17/0x60 [ 608.475823][T28201] ? rcu_read_unlock+0x17/0x60 [ 608.475849][T28201] ? __folio_mod_stat+0x1ce/0x250 [ 608.475879][T28201] ? split_huge_pmd_locked+0x3ba/0x3b50 [ 608.475906][T28201] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 608.475929][T28201] ? policy_nodemask+0xed/0x4f0 [ 608.475951][T28201] alloc_pages_mpol+0x1fb/0x550 [ 608.475972][T28201] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 608.475999][T28201] alloc_pages_noprof+0x136/0x390 [ 608.476020][T28201] pte_alloc_one+0x1c/0x3d0 [ 608.476051][T28201] __pte_alloc+0x6d/0x3e0 [ 608.476071][T28201] ? __pfx___pte_alloc+0x10/0x10 [ 608.476091][T28201] ? _raw_spin_unlock+0x28/0x50 [ 608.476120][T28201] ? __pmd_alloc+0x3fb/0x950 [ 608.476144][T28201] move_page_tables+0x257e/0x4500 [ 608.476174][T28201] ? __pfx_copy_vma+0x10/0x10 [ 608.476211][T28201] ? __pfx_move_page_tables+0x10/0x10 [ 608.476251][T28201] ? finish_task_switch.isra.0+0x200/0xb80 [ 608.476274][T28201] copy_vma_and_data+0x25c/0x7c0 [ 608.476304][T28201] ? __pfx_copy_vma_and_data+0x10/0x10 [ 608.476341][T28201] ? __vma_start_write+0x17f/0x280 [ 608.476365][T28201] ? __pfx___vma_start_write+0x10/0x10 [ 608.476396][T28201] move_vma+0x51b/0x1890 [ 608.476427][T28201] ? __pfx_move_vma+0x10/0x10 [ 608.476456][T28201] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 608.476479][T28201] ? cap_mmap_addr+0x4b/0x120 [ 608.476568][T28201] ? bpf_lsm_mmap_addr+0x9/0x30 [ 608.476586][T28201] ? security_mmap_addr+0x71/0x1e0 [ 608.476634][T28201] ? __get_unmapped_area+0x255/0x3e0 [ 608.476659][T28201] ? vrm_set_new_addr+0x204/0x290 [ 608.476687][T28201] mremap_to+0x1b7/0x450 [ 608.476716][T28201] do_mremap+0xb76/0x2130 [ 608.476753][T28201] ? __pfx_do_mremap+0x10/0x10 [ 608.476786][T28201] ? ksys_write+0x190/0x250 [ 608.476809][T28201] __do_sys_mremap+0x126/0x170 [ 608.476838][T28201] ? __pfx___do_sys_mremap+0x10/0x10 [ 608.476873][T28201] ? __x64_sys_futex+0x34f/0x4d0 [ 608.476911][T28201] do_syscall_64+0x106/0xf80 [ 608.476929][T28201] ? clear_bhb_loop+0x40/0x90 [ 608.476951][T28201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.476970][T28201] RIP: 0033:0x7f14ef79c819 [ 608.477006][T28201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 608.477030][T28201] RSP: 002b:00007f14f05e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 608.477051][T28201] RAX: ffffffffffffffda RBX: 00007f14efa15fa0 RCX: 00007f14ef79c819 [ 608.477065][T28201] RDX: 0000000000000013 RSI: 0000000000000004 RDI: 0000200000000000 [ 608.477075][T28201] RBP: 00007f14ef832c91 R08: 0000000100000000 R09: 0000000000000000 [ 608.477086][T28201] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 608.477096][T28201] R13: 00007f14efa16038 R14: 00007f14efa15fa0 R15: 00007fff1d27cbb8 [ 608.477120][T28201] [ 609.818498][T28224] tc_dump_action: action bad kind [ 610.405491][T28244] binder: 28243:28244 ioctl c0306201 200000000000 returned -14 [ 611.251151][T28281] netlink: get zone limit has 4 unknown bytes [ 612.159981][T28314] netlink: 'syz.2.9556': attribute type 2 has an invalid length. [ 612.731772][T28336] FAULT_INJECTION: forcing a failure. [ 612.731772][T28336] name failslab, interval 1, probability 0, space 0, times 0 [ 612.839460][T28336] CPU: 0 UID: 0 PID: 28336 Comm: syz.3.9565 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 612.839495][T28336] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 612.839503][T28336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 612.839513][T28336] Call Trace: [ 612.839519][T28336] [ 612.839527][T28336] dump_stack_lvl+0x100/0x190 [ 612.839558][T28336] should_fail_ex.cold+0x5/0xa [ 612.839581][T28336] should_failslab+0xc2/0x120 [ 612.839602][T28336] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 612.839631][T28336] ? alloc_empty_file+0x55/0x1c0 [ 612.839658][T28336] alloc_empty_file+0x55/0x1c0 [ 612.839682][T28336] alloc_file_pseudo+0x13a/0x230 [ 612.839707][T28336] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 612.839730][T28336] ? alloc_fd+0x476/0x790 [ 612.839750][T28336] ? do_raw_spin_unlock+0x145/0x1e0 [ 612.839781][T28336] __anon_inode_getfile+0xe8/0x280 [ 612.839828][T28336] anon_inode_getfile_fmode+0x37/0xa0 [ 612.839853][T28336] __do_sys_fanotify_init+0xa79/0xe50 [ 612.839887][T28336] do_syscall_64+0x106/0xf80 [ 612.839905][T28336] ? clear_bhb_loop+0x40/0x90 [ 612.839926][T28336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.839944][T28336] RIP: 0033:0x7f1da459c819 [ 612.839968][T28336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 612.839984][T28336] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 612.840003][T28336] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 612.840014][T28336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 612.840025][T28336] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 612.840035][T28336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.840046][T28336] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 612.840068][T28336] [ 613.217055][T28348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9572'. [ 613.433196][T28359] netlink: zone id is out of range [ 613.438345][T28359] netlink: zone id is out of range [ 616.379918][T28489] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 616.745051][T28507] tc_dump_action: action bad kind [ 618.252924][T18312] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 618.252951][T18312] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 618.269181][T18312] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 618.269201][T18312] Bluetooth: hci2: adv larger than maximum supported [ 618.277020][T18312] Bluetooth: hci2: adv larger than maximum supported [ 618.283695][T18312] Bluetooth: hci2: Unknown advertising packet type: 0x71 [ 618.290676][T18312] Bluetooth: hci2: Unknown advertising packet type: 0x78 [ 618.299012][T18312] Bluetooth: hci2: Malformed LE Event: 0x0d [ 619.399199][T28618] [U] ^@ [ 619.906694][T18312] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 619.906723][T18312] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 619.922707][T18312] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 619.922729][T18312] Bluetooth: hci1: adv larger than maximum supported [ 619.930184][T18312] Bluetooth: hci1: Unknown advertising packet type: 0x78 [ 619.937440][T18312] Bluetooth: hci1: Malformed LE Event: 0x0d [ 621.288613][T28689] openvswitch: netlink: Duplicate key (type 15). [ 621.766065][T28710] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 621.817954][T28710] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 622.091144][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 622.102673][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 622.271186][T28728] nbd: must specify an index to disconnect [ 622.313549][T28729] openvswitch: netlink: Key type 29 is not supported [ 622.472596][T28737] openvswitch: netlink: IP tunnel TTL not specified. [ 623.241046][T28766] program syz.2.9734 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 624.936022][T28833] netlink: Unknown nat attribute (0) [ 624.974405][T28836] nbd: must specify a device to reconfigure [ 625.091558][T28838] netlink: Conntrack attr has 16 unknown bytes [ 626.455396][T28896] netlink: 'syz.2.9783': attribute type 1 has an invalid length. [ 626.708901][T28904] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 626.832881][T28909] futex_wake_op: syz.0.9785 tries to shift op by -2048; fix this program [ 626.969847][T28909] futex_wake_op: syz.0.9785 tries to shift op by -2048; fix this program [ 628.195420][T28924] Process accounting paused [ 628.392924][T18312] Bluetooth: hci3: SCO packet too small [ 628.750270][T28976] dyndbg: bad flag-op , at start of [ 628.776387][T28976] dyndbg: flags parse failed [ 629.355724][T29000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9825'. [ 629.393366][T28995] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 629.407288][T29000] netlink: 29 bytes leftover after parsing attributes in process `syz.2.9825'. [ 629.640909][T29008] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 634.111153][T29192] netlink: Failed to add  helper -22 [ 635.553226][T29253] netlink: 'syz.1.9924': attribute type 1 has an invalid length. [ 635.972055][T29273] netlink: Unknown conntrack attr (type=257, max=9) [ 636.269566][T29286] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9935'. [ 636.689968][T29302] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 637.800082][T29343] netlink: 'syz.3.9959': attribute type 2 has an invalid length. [ 639.466877][T29416] netlink: 'syz.1.9987': attribute type 8 has an invalid length. [ 640.178346][T29453] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10000'. [ 640.198281][T29454] netlink: 'syz.1.10001': attribute type 9 has an invalid length. [ 641.579103][T29514] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 641.641039][T29516] netlink: 'syz.0.10026': attribute type 1 has an invalid length. [ 642.880581][T29570] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 644.223342][T29568] kexec: Could not allocate control_code_buffer [ 646.366850][T29698] netlink: 342 bytes leftover after parsing attributes in process `syz.3.10094'. [ 646.617687][T29709] netlink: NAT attribute has 4 unknown bytes [ 646.830476][T29713] NFSD: Failed to start, no listeners configured. [ 647.369883][T29746] netlink: 'syz.0.10110': attribute type 9 has an invalid length. [ 648.210426][T29788] netlink: 'syz.3.10123': attribute type 9 has an invalid length. [ 648.446437][T29798] openvswitch: netlink: Duplicate or invalid key (type 0). [ 649.165805][T29829] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 650.918825][T29905] openvswitch: netlink: VXLAN extension message has 16 unknown bytes. [ 650.957955][T29910] netlink: 'syz.1.10172': attribute type 11 has an invalid length. [ 651.005015][T29910] netlink: 'syz.1.10172': attribute type 11 has an invalid length. [ 651.043628][T29910] netlink: 'syz.1.10172': attribute type 11 has an invalid length. [ 651.111168][T29910] netlink: 'syz.1.10172': attribute type 11 has an invalid length. [ 651.740230][T29945] sd 0:0:1:0: PR command failed: 1026 [ 651.750148][T29945] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 651.810527][T29945] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 651.974447][T29955] netlink: 'syz.2.10189': attribute type 2 has an invalid length. [ 653.145030][T30009] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10211'. [ 653.339104][T30016] delete_channel: no stack [ 653.782290][T30040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10224'. [ 655.181655][T30099] netlink: set zone limit has 8 unknown bytes [ 655.312147][T30104] binder_alloc: binder_alloc_mmap_handler: 30103 0-1000 already mapped failed -16 [ 656.565915][T30155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10266'. [ 656.972517][T30175] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 658.200519][T30230] netlink: 'syz.0.10295': attribute type 1 has an invalid length. [ 658.931521][T30223] Process accounting resumed [ 659.028965][T30280] FAULT_INJECTION: forcing a failure. [ 659.028965][T30280] name failslab, interval 1, probability 0, space 0, times 0 [ 659.106311][T30280] CPU: 0 UID: 0 PID: 30280 Comm: syz.0.10307 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 659.106356][T30280] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 659.106365][T30280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 659.106375][T30280] Call Trace: [ 659.106381][T30280] [ 659.106388][T30280] dump_stack_lvl+0x100/0x190 [ 659.106427][T30280] should_fail_ex.cold+0x5/0xa [ 659.106450][T30280] should_failslab+0xc2/0x120 [ 659.106474][T30280] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 659.106504][T30280] ? security_file_alloc+0x34/0x2c0 [ 659.106530][T30280] ? trace_kmem_cache_alloc+0xf3/0x120 [ 659.106554][T30280] security_file_alloc+0x34/0x2c0 [ 659.106579][T30280] init_file+0x95/0x480 [ 659.106603][T30280] alloc_empty_file+0x73/0x1c0 [ 659.106627][T30280] alloc_file_pseudo+0x13a/0x230 [ 659.106652][T30280] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 659.106675][T30280] ? alloc_fd+0x476/0x790 [ 659.106695][T30280] ? do_raw_spin_unlock+0x145/0x1e0 [ 659.106728][T30280] __anon_inode_getfile+0xe8/0x280 [ 659.106753][T30280] anon_inode_getfile_fmode+0x37/0xa0 [ 659.106777][T30280] do_signalfd4+0x1ed/0x480 [ 659.106802][T30280] __x64_sys_signalfd+0x120/0x1a0 [ 659.106826][T30280] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 659.106856][T30280] do_syscall_64+0x106/0xf80 [ 659.106877][T30280] ? clear_bhb_loop+0x40/0x90 [ 659.106901][T30280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.106919][T30280] RIP: 0033:0x7f14ef79c819 [ 659.106934][T30280] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 659.106950][T30280] RSP: 002b:00007f14f05e5028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 659.106969][T30280] RAX: ffffffffffffffda RBX: 00007f14efa15fa0 RCX: 00007f14ef79c819 [ 659.106980][T30280] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 659.106990][T30280] RBP: 00007f14ef832c91 R08: 0000000000000000 R09: 0000000000000000 [ 659.107000][T30280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 659.107010][T30280] R13: 00007f14efa16038 R14: 00007f14efa15fa0 R15: 00007fff1d27cbb8 [ 659.107032][T30280] [ 659.335520][T30286] netlink: 'syz.1.10316': attribute type 2 has an invalid length. [ 659.727700][T30305] FAULT_INJECTION: forcing a failure. [ 659.727700][T30305] name failslab, interval 1, probability 0, space 0, times 0 [ 659.762207][ T30] audit: type=1800 audit(4294967334.524:43): pid=30303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10314" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 659.808949][T30305] CPU: 0 UID: 0 PID: 30305 Comm: syz.0.10313 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 659.808983][T30305] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 659.808992][T30305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 659.809002][T30305] Call Trace: [ 659.809008][T30305] [ 659.809015][T30305] dump_stack_lvl+0x100/0x190 [ 659.809048][T30305] should_fail_ex.cold+0x5/0xa [ 659.809070][T30305] should_failslab+0xc2/0x120 [ 659.809091][T30305] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 659.809120][T30305] ? security_file_alloc+0x34/0x2c0 [ 659.809144][T30305] ? trace_kmem_cache_alloc+0xf3/0x120 [ 659.809177][T30305] security_file_alloc+0x34/0x2c0 [ 659.809202][T30305] init_file+0x95/0x480 [ 659.809224][T30305] alloc_empty_file+0x73/0x1c0 [ 659.809249][T30305] dentry_open+0x46/0xd0 [ 659.809273][T30305] pidfs_alloc_file+0x18f/0x290 [ 659.809291][T30305] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 659.809316][T30305] pidfd_prepare+0x123/0x200 [ 659.809341][T30305] __x64_sys_pidfd_open+0x105/0x1a0 [ 659.809389][T30305] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 659.809422][T30305] do_syscall_64+0x106/0xf80 [ 659.809440][T30305] ? clear_bhb_loop+0x40/0x90 [ 659.809462][T30305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.809481][T30305] RIP: 0033:0x7f14ef79c819 [ 659.809496][T30305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 659.809512][T30305] RSP: 002b:00007f14f05e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 659.809530][T30305] RAX: ffffffffffffffda RBX: 00007f14efa15fa0 RCX: 00007f14ef79c819 [ 659.809541][T30305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 659.809551][T30305] RBP: 00007f14ef832c91 R08: 0000000000000000 R09: 0000000000000000 [ 659.809561][T30305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 659.809571][T30305] R13: 00007f14efa16038 R14: 00007f14efa15fa0 R15: 00007fff1d27cbb8 [ 659.809592][T30305] [ 660.845707][T30343] nfs: Unknown parameter 'm?LH>「^eko}* ' [ 662.027775][T30395] nbd: must specify a size in bytes for the device [ 662.186262][T30401] netlink: 'syz.1.10350': attribute type 2 has an invalid length. [ 662.227751][T30401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10350'. [ 662.641493][T30426] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 663.995700][T30477] tc_dump_action: action bad kind [ 664.280727][T30495] sctp: [Deprecated]: syz.2.10385 (pid 30495) Use of struct sctp_assoc_value in delayed_ack socket option. [ 664.280727][T30495] Use struct sctp_sack_info instead [ 665.062226][T30546] netlink: 'syz.2.10397': attribute type 1 has an invalid length. [ 665.192184][T30552] block nbd2: not configured, cannot reconfigure [ 666.247712][T30613] netlink: zone id is out of range [ 666.283274][T30613] netlink: zone id is out of range [ 666.317150][T30613] netlink: zone id is out of range [ 666.322394][T30613] netlink: zone id is out of range [ 666.367757][T30613] netlink: zone id is out of range [ 666.404199][T30613] netlink: zone id is out of range [ 666.424171][T30613] netlink: zone id is out of range [ 666.450548][T30613] netlink: zone id is out of range [ 666.481361][T30613] netlink: zone id is out of range [ 667.897654][T30687] NFSD: Failed to start, no listeners configured. [ 671.139502][T30866] netlink: 'syz.0.10486': attribute type 11 has an invalid length. [ 671.838130][T30887] net_ratelimit: 48 callbacks suppressed [ 671.838148][T30887] netlink: NAT attribute has 18 unknown bytes [ 672.537850][T30936] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 675.565041][T31093] FAULT_INJECTION: forcing a failure. [ 675.565041][T31093] name failslab, interval 1, probability 0, space 0, times 0 [ 675.636255][T31093] CPU: 0 UID: 0 PID: 31093 Comm: syz.2.10543 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 675.636290][T31093] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 675.636299][T31093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 675.636309][T31093] Call Trace: [ 675.636316][T31093] [ 675.636323][T31093] dump_stack_lvl+0x100/0x190 [ 675.636355][T31093] should_fail_ex.cold+0x5/0xa [ 675.636377][T31093] should_failslab+0xc2/0x120 [ 675.636398][T31093] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 675.636428][T31093] ? __d_alloc+0x34/0xa80 [ 675.636452][T31093] __d_alloc+0x34/0xa80 [ 675.636475][T31093] d_alloc_pseudo+0x1c/0xc0 [ 675.636502][T31093] alloc_file_pseudo+0xcf/0x230 [ 675.636528][T31093] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 675.636550][T31093] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 675.636573][T31093] create_pipe_files+0x360/0x970 [ 675.636596][T31093] do_pipe2+0xbd/0x1e0 [ 675.636615][T31093] ? __pfx_do_pipe2+0x10/0x10 [ 675.636642][T31093] __x64_sys_pipe+0x33/0x50 [ 675.636662][T31093] do_syscall_64+0x106/0xf80 [ 675.636684][T31093] ? clear_bhb_loop+0x40/0x90 [ 675.636705][T31093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.636724][T31093] RIP: 0033:0x7fdc01d9c819 [ 675.636740][T31093] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.636756][T31093] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 675.636774][T31093] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 675.636786][T31093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 675.636795][T31093] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 675.636806][T31093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.636815][T31093] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 675.636838][T31093] [ 676.466355][T31126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10556'. [ 678.052028][T31196] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 678.058829][T31196] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 680.411036][T31317] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 681.465393][T31357] ksmbd: Unknown IPC event: 14, ignore. [ 683.223382][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 683.234818][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 683.289154][ T30] audit: type=1107 audit(4294967313.123:44): pid=31444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 683.366422][ T30] audit: type=1107 audit(4294967313.203:45): pid=31444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 684.131189][T31481] netlink: 'syz.2.10677': attribute type 11 has an invalid length. [ 684.161492][T31481] netlink: 'syz.2.10677': attribute type 11 has an invalid length. [ 684.218441][T31481] netlink: 'syz.2.10677': attribute type 11 has an invalid length. [ 688.033893][T31647] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 689.070421][T31676] Process accounting paused [ 689.460649][T31698] perf: Dynamic interrupt throttling disabled, can hang your system! [ 689.548775][T31700] usb usb15: usbfs: interface 0 claimed by hub while 'syz.1.10764' sets config #0 [ 691.095350][T31748] openvswitch: netlink: Message has 4 unknown bytes. [ 692.333949][T31787] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10801'. [ 692.383913][T31787] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10801'. [ 692.754769][T31816] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 692.797279][T31816] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 693.049010][T31846] netlink: 148 bytes leftover after parsing attributes in process `syz.1.10810'. [ 693.576344][T31865] netlink: 'syz.2.10815': attribute type 1 has an invalid length. [ 694.213757][T31885] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 695.148336][T31925] netlink: 'syz.1.10842': attribute type 1 has an invalid length. [ 697.473207][T31995] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 699.625415][T31247] syz.3.10595 (31247) used greatest stack depth: 16952 bytes left [ 700.486546][T32107] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 700.612698][T32109] delete_channel: no stack [ 700.989631][T32123] FAULT_INJECTION: forcing a failure. [ 700.989631][T32123] name failslab, interval 1, probability 0, space 0, times 0 [ 701.043022][T32123] CPU: 0 UID: 0 PID: 32123 Comm: syz.1.10930 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 701.043057][T32123] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 701.043065][T32123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 701.043075][T32123] Call Trace: [ 701.043082][T32123] [ 701.043089][T32123] dump_stack_lvl+0x100/0x190 [ 701.043122][T32123] should_fail_ex.cold+0x5/0xa [ 701.043144][T32123] should_failslab+0xc2/0x120 [ 701.043166][T32123] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 701.043194][T32123] ? __d_alloc+0x34/0xa80 [ 701.043220][T32123] __d_alloc+0x34/0xa80 [ 701.043243][T32123] d_alloc+0x4a/0x1e0 [ 701.043265][T32123] lookup_one_qstr_excl+0x175/0x250 [ 701.043292][T32123] start_dirop+0x59/0xb0 [ 701.043311][T32123] simple_start_creating+0xf9/0x110 [ 701.043330][T32123] ? __pfx_simple_start_creating+0x10/0x10 [ 701.043349][T32123] ? mntput+0x70/0xa0 [ 701.043365][T32123] ? simple_pin_fs+0xa3/0x190 [ 701.043393][T32123] debugfs_start_creating.part.0+0x82/0x170 [ 701.043482][T32123] __debugfs_create_file+0xb3/0x4f0 [ 701.043507][T32123] debugfs_create_file_full+0x41/0x60 [ 701.043532][T32123] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 701.043586][T32123] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 701.043612][T32123] ? rcu_is_watching+0x12/0xc0 [ 701.043674][T32123] ? lockdep_init_map_type+0x5c/0x250 [ 701.043704][T32123] preinit_net.part.0+0x24e/0x8f0 [ 701.043753][T32123] copy_net_ns+0x339/0x7c0 [ 701.043776][T32123] create_new_namespaces+0x3ea/0xac0 [ 701.043810][T32123] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 701.043833][T32123] ksys_unshare+0x473/0xad0 [ 701.043863][T32123] ? __pfx_ksys_unshare+0x10/0x10 [ 701.043897][T32123] __x64_sys_unshare+0x31/0x40 [ 701.043921][T32123] do_syscall_64+0x106/0xf80 [ 701.043940][T32123] ? clear_bhb_loop+0x40/0x90 [ 701.043969][T32123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.043988][T32123] RIP: 0033:0x7f598a79c819 [ 701.044012][T32123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.044029][T32123] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 701.044047][T32123] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 701.044059][T32123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 701.044070][T32123] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 701.044081][T32123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.044092][T32123] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 701.044115][T32123] [ 702.456618][T32184] netlink: 'syz.3.10950': attribute type 11 has an invalid length. [ 703.352155][T32242] No such timeout policy "" [ 703.357032][T32242] netlink: Failed to associated timeout policy '' [ 704.384817][T32293] netlink: Setting conntrack mark requires 'commit' flag. [ 704.682031][T32304] netlink: 'syz.1.10988': attribute type 11 has an invalid length. [ 705.892111][T32350] openvswitch: netlink: IP tunnel dst address not specified [ 706.422653][T32369] : entered promiscuous mode [ 706.695722][T32379] FAULT_INJECTION: forcing a failure. [ 706.695722][T32379] name failslab, interval 1, probability 0, space 0, times 0 [ 706.783626][T32379] CPU: 0 UID: 0 PID: 32379 Comm: syz.2.11017 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 706.783661][T32379] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 706.783669][T32379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 706.783680][T32379] Call Trace: [ 706.783686][T32379] [ 706.783693][T32379] dump_stack_lvl+0x100/0x190 [ 706.783726][T32379] should_fail_ex.cold+0x5/0xa [ 706.783748][T32379] should_failslab+0xc2/0x120 [ 706.783769][T32379] __kmalloc_cache_noprof+0x7a/0x6f0 [ 706.783796][T32379] ? assoc_array_insert+0x10b/0x32c0 [ 706.783820][T32379] assoc_array_insert+0x10b/0x32c0 [ 706.783837][T32379] ? __mutex_lock+0x26a/0x1b90 [ 706.783858][T32379] ? key_link+0x2bb/0x390 [ 706.783939][T32379] ? __pfx___mutex_lock+0x10/0x10 [ 706.783960][T32379] ? __pfx_assoc_array_insert+0x10/0x10 [ 706.783977][T32379] ? __pfx___might_resched+0x10/0x10 [ 706.784015][T32379] ? down_write+0x146/0x1f0 [ 706.784035][T32379] ? __pfx_down_write+0x10/0x10 [ 706.784059][T32379] __key_link_begin+0xf5/0x260 [ 706.784088][T32379] key_link+0x103/0x390 [ 706.784118][T32379] ? __pfx_key_link+0x10/0x10 [ 706.784147][T32379] ? xfd_validate_state+0x129/0x190 [ 706.784179][T32379] keyctl_keyring_link+0x86/0xe0 [ 706.784199][T32379] __do_sys_keyctl+0x1bf/0x5a0 [ 706.784221][T32379] do_syscall_64+0x106/0xf80 [ 706.784238][T32379] ? clear_bhb_loop+0x40/0x90 [ 706.784261][T32379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.784279][T32379] RIP: 0033:0x7fdc01d9c819 [ 706.784295][T32379] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 706.784311][T32379] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 706.784336][T32379] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 706.784348][T32379] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 0000000000000008 [ 706.784359][T32379] RBP: 00007fdc01e32c91 R08: 0000000000000006 R09: 0000000000000000 [ 706.784369][T32379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 706.784379][T32379] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 706.784402][T32379] [ 708.340408][T18664] Bluetooth: hci0: unexpected event 0x36 length: 123 > 7 [ 708.755831][T32449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11046'. [ 709.206951][T32464] netlink: 206 bytes leftover after parsing attributes in process `syz.1.11053'. [ 709.556174][T32472] sd 0:0:1:0: PR command failed: 1026 [ 709.603689][T32472] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 709.663199][T32472] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 710.884090][T32508] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 711.132088][T32515] input input50: cannot allocate more than FF_MAX_EFFECTS effects [ 711.779558][ T30] audit: type=1107 audit(4294967341.761:46): pid=32536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 711.850916][ T30] audit: type=1107 audit(4294967341.791:47): pid=32536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 712.347958][T32556] netlink: 'syz.2.11095': attribute type 2 has an invalid length. [ 712.824694][T32572] openvswitch: netlink: IPv6 tunnel dst address is zero [ 716.235374][T32667] .^: entered promiscuous mode [ 718.583218][T32735] FAULT_INJECTION: forcing a failure. [ 718.583218][T32735] name failslab, interval 1, probability 0, space 0, times 0 [ 718.683347][T32735] CPU: 0 UID: 0 PID: 32735 Comm: syz.1.11168 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 718.683381][T32735] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 718.683389][T32735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 718.683400][T32735] Call Trace: [ 718.683406][T32735] [ 718.683413][T32735] dump_stack_lvl+0x100/0x190 [ 718.683447][T32735] should_fail_ex.cold+0x5/0xa [ 718.683469][T32735] should_failslab+0xc2/0x120 [ 718.683490][T32735] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 718.683521][T32735] ? sock_alloc_inode+0x25/0x1c0 [ 718.683598][T32735] ? __debug_object_init+0x2de/0x3d0 [ 718.683620][T32735] ? __pfx_sock_alloc_inode+0x10/0x10 [ 718.683643][T32735] sock_alloc_inode+0x25/0x1c0 [ 718.683663][T32735] alloc_inode+0x68/0x250 [ 718.683689][T32735] sock_alloc+0x44/0x280 [ 718.683706][T32735] ? security_socket_create+0x7f/0x250 [ 718.683746][T32735] __sock_create+0xc2/0x860 [ 718.683772][T32735] smc_create_clcsk+0x37/0xd0 [ 718.683841][T32735] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 718.683863][T32735] inet_create+0x94c/0x1060 [ 718.683908][T32735] ? inet_create+0x94/0x1060 [ 718.683935][T32735] __sock_create+0x339/0x860 [ 718.683961][T32735] __sys_socket+0x14d/0x260 [ 718.684000][T32735] ? __pfx___sys_socket+0x10/0x10 [ 718.684031][T32735] __x64_sys_socket+0x72/0xb0 [ 718.684062][T32735] ? lockdep_hardirqs_on+0x78/0x100 [ 718.684081][T32735] do_syscall_64+0x106/0xf80 [ 718.684099][T32735] ? clear_bhb_loop+0x40/0x90 [ 718.684122][T32735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.684141][T32735] RIP: 0033:0x7f598a79c819 [ 718.684164][T32735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 718.684182][T32735] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 718.684210][T32735] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 718.684222][T32735] RDX: 0000000000000100 RSI: 0000000000000801 RDI: 0000000000000002 [ 718.684233][T32735] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 718.684244][T32735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.684255][T32735] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 718.684277][T32735] [ 718.684287][T32735] socket: no more sockets [ 719.035421][T32742] Process accounting resumed [ 719.509253][T32759] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 719.548300][T32760] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 721.839165][ T362] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 721.845605][ T362] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 722.544401][ T382] nbd: couldn't find a device at index 35644 [ 722.896963][ T396] nfs: Bad value for 'source' [ 723.529772][ T413] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 724.153334][ T30] audit: type=1326 audit(4295032891.206:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=423 comm="syz.1.11239" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f598a79c819 code=0x0 [ 724.380754][ T432] FAULT_INJECTION: forcing a failure. [ 724.380754][ T432] name failslab, interval 1, probability 0, space 0, times 0 [ 724.427273][ T432] CPU: 0 UID: 0 PID: 432 Comm: syz.2.11243 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 724.427313][ T432] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 724.427321][ T432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 724.427332][ T432] Call Trace: [ 724.427339][ T432] [ 724.427346][ T432] dump_stack_lvl+0x100/0x190 [ 724.427380][ T432] should_fail_ex.cold+0x5/0xa [ 724.427403][ T432] should_failslab+0xc2/0x120 [ 724.427424][ T432] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 724.427454][ T432] ? __d_alloc+0x34/0xa80 [ 724.427479][ T432] __d_alloc+0x34/0xa80 [ 724.427502][ T432] d_alloc+0x4a/0x1e0 [ 724.427525][ T432] lookup_one_qstr_excl+0x175/0x250 [ 724.427552][ T432] start_dirop+0x59/0xb0 [ 724.427571][ T432] simple_start_creating+0xf9/0x110 [ 724.427590][ T432] ? __pfx_simple_start_creating+0x10/0x10 [ 724.427609][ T432] ? mntput+0x70/0xa0 [ 724.427624][ T432] ? simple_pin_fs+0xa3/0x190 [ 724.427652][ T432] debugfs_start_creating.part.0+0x82/0x170 [ 724.427676][ T432] __debugfs_create_file+0xb3/0x4f0 [ 724.427701][ T432] debugfs_create_file_full+0x41/0x60 [ 724.427725][ T432] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 724.427752][ T432] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 724.427777][ T432] ? rcu_is_watching+0x12/0xc0 [ 724.427826][ T432] ? lockdep_init_map_type+0x5c/0x250 [ 724.427855][ T432] preinit_net.part.0+0x24e/0x8f0 [ 724.427875][ T432] copy_net_ns+0x339/0x7c0 [ 724.427898][ T432] create_new_namespaces+0x3ea/0xac0 [ 724.427924][ T432] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 724.427946][ T432] ksys_unshare+0x473/0xad0 [ 724.427971][ T432] ? __pfx_ksys_unshare+0x10/0x10 [ 724.428004][ T432] __x64_sys_unshare+0x31/0x40 [ 724.428037][ T432] do_syscall_64+0x106/0xf80 [ 724.428056][ T432] ? clear_bhb_loop+0x40/0x90 [ 724.428078][ T432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.428098][ T432] RIP: 0033:0x7fdc01d9c819 [ 724.428114][ T432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 724.428132][ T432] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 724.428150][ T432] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 724.428162][ T432] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 724.428173][ T432] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 724.428184][ T432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.428195][ T432] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 724.428218][ T432] [ 725.762067][ T472] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 726.904209][ T520] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 727.946997][ T552] HSR: entered promiscuous mode [ 728.295600][ T576] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 728.319602][ T575] FAULT_INJECTION: forcing a failure. [ 728.319602][ T575] name failslab, interval 1, probability 0, space 0, times 0 [ 728.427721][ T575] CPU: 0 UID: 0 PID: 575 Comm: syz.3.11280 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 728.427758][ T575] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 728.427767][ T575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 728.427777][ T575] Call Trace: [ 728.427784][ T575] [ 728.427791][ T575] dump_stack_lvl+0x100/0x190 [ 728.427825][ T575] should_fail_ex.cold+0x5/0xa [ 728.427847][ T575] should_failslab+0xc2/0x120 [ 728.427869][ T575] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 728.427898][ T575] ? __d_alloc+0x34/0xa80 [ 728.427924][ T575] __d_alloc+0x34/0xa80 [ 728.427947][ T575] d_alloc+0x4a/0x1e0 [ 728.427969][ T575] lookup_one_qstr_excl+0x175/0x250 [ 728.427996][ T575] start_dirop+0x59/0xb0 [ 728.428022][ T575] simple_start_creating+0xf9/0x110 [ 728.428040][ T575] ? __pfx_simple_start_creating+0x10/0x10 [ 728.428059][ T575] ? mntput+0x70/0xa0 [ 728.428075][ T575] ? simple_pin_fs+0xa3/0x190 [ 728.428103][ T575] debugfs_start_creating.part.0+0x82/0x170 [ 728.428126][ T575] __debugfs_create_file+0xb3/0x4f0 [ 728.428152][ T575] debugfs_create_file_full+0x41/0x60 [ 728.428176][ T575] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 728.428204][ T575] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 728.428229][ T575] ? rcu_is_watching+0x12/0xc0 [ 728.428276][ T575] ? lockdep_init_map_type+0x5c/0x250 [ 728.428305][ T575] preinit_net.part.0+0x24e/0x8f0 [ 728.428325][ T575] copy_net_ns+0x339/0x7c0 [ 728.428348][ T575] create_new_namespaces+0x3ea/0xac0 [ 728.428373][ T575] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 728.428396][ T575] ksys_unshare+0x473/0xad0 [ 728.428421][ T575] ? __pfx_ksys_unshare+0x10/0x10 [ 728.428453][ T575] __x64_sys_unshare+0x31/0x40 [ 728.428476][ T575] do_syscall_64+0x106/0xf80 [ 728.428494][ T575] ? clear_bhb_loop+0x40/0x90 [ 728.428516][ T575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.428535][ T575] RIP: 0033:0x7f1da459c819 [ 728.428552][ T575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 728.428569][ T575] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 728.428587][ T575] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 728.428598][ T575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 728.428609][ T575] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 728.428619][ T575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.428629][ T575] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 728.428652][ T575] [ 730.660123][ T647] openvswitch: netlink: Flow key attribute not present in set flow. [ 731.282639][ T669] nbd: illegal input index -1073741824 [ 731.654945][ T683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11329'. [ 732.834222][ T30] audit: type=1326 audit(4295032899.931:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=749 comm="syz.1.11341" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f598a79c819 code=0x0 [ 732.890058][T18664] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 734.550770][ T808] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 734.875159][ T817] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 735.458063][ T837] openvswitch: netlink: Flow key attr not present in new flow. [ 736.961549][ T889] FAULT_INJECTION: forcing a failure. [ 736.961549][ T889] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 737.030246][ T889] CPU: 0 UID: 0 PID: 889 Comm: syz.1.11405 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 737.030282][ T889] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 737.030291][ T889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 737.030302][ T889] Call Trace: [ 737.030308][ T889] [ 737.030315][ T889] dump_stack_lvl+0x100/0x190 [ 737.030348][ T889] should_fail_ex.cold+0x5/0xa [ 737.030371][ T889] _copy_to_user+0x32/0xd0 [ 737.030458][ T889] put_timespec64+0xb5/0x130 [ 737.030481][ T889] ? __pfx_put_timespec64+0x10/0x10 [ 737.030501][ T889] ? lockdep_hardirqs_on+0x78/0x100 [ 737.030520][ T889] ? read_tsc+0x9/0x20 [ 737.030541][ T889] ? ktime_get_ts64+0x256/0x3f0 [ 737.030562][ T889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 737.030583][ T889] poll_select_finish+0x54b/0x670 [ 737.030603][ T889] ? __pfx_poll_select_finish+0x10/0x10 [ 737.030619][ T889] ? timespec64_add_safe+0x192/0x220 [ 737.030642][ T889] ? __pfx_timespec64_add_safe+0x10/0x10 [ 737.030664][ T889] ? set_user_sigmask+0x1e1/0x270 [ 737.030681][ T889] ? __pfx_set_user_sigmask+0x10/0x10 [ 737.030699][ T889] ? read_tsc+0x9/0x20 [ 737.030719][ T889] ? ktime_get_ts64+0x256/0x3f0 [ 737.030742][ T889] __x64_sys_ppoll+0x2c7/0x350 [ 737.030763][ T889] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 737.030790][ T889] do_syscall_64+0x106/0xf80 [ 737.030807][ T889] ? clear_bhb_loop+0x40/0x90 [ 737.030829][ T889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.030848][ T889] RIP: 0033:0x7f598a79c819 [ 737.030864][ T889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 737.030889][ T889] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 737.030908][ T889] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 737.030919][ T889] RDX: 0000200000003640 RSI: 00000000000000d6 RDI: 0000200000003600 [ 737.030930][ T889] RBP: 00007f598a832c91 R08: 0000000000000008 R09: 0000000000000000 [ 737.030941][ T889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.030951][ T889] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 737.030973][ T889] [ 739.138057][ T971] netlink: Conntrack attr has 5 unknown bytes [ 741.099227][ T1047] syz_tun: tun_chr_ioctl cmd 35108 [ 741.274035][ T1021] syz.3.11444 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 741.471733][ T1021] CPU: 0 UID: 0 PID: 1021 Comm: syz.3.11444 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 741.471769][ T1021] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 741.471777][ T1021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 741.471788][ T1021] Call Trace: [ 741.471794][ T1021] [ 741.471802][ T1021] dump_stack_lvl+0x100/0x190 [ 741.471843][ T1021] dump_header+0xfb/0x606 [ 741.471865][ T1021] oom_kill_process.cold+0xd/0x330 [ 741.471887][ T1021] out_of_memory+0x340/0x14f0 [ 741.471921][ T1021] ? __pfx_out_of_memory+0x10/0x10 [ 741.471957][ T1021] mem_cgroup_out_of_memory+0xc6/0x130 [ 741.471986][ T1021] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 741.472012][ T1021] ? find_held_lock+0x2b/0x80 [ 741.472035][ T1021] ? do_raw_spin_unlock+0x145/0x1e0 [ 741.472065][ T1021] ? _raw_spin_unlock+0x28/0x50 [ 741.472096][ T1021] try_charge_memcg+0x652/0xc90 [ 741.472122][ T1021] ? __pfx_try_charge_memcg+0x10/0x10 [ 741.472148][ T1021] ? find_held_lock+0x2b/0x80 [ 741.472165][ T1021] ? rcu_read_unlock+0x17/0x60 [ 741.472186][ T1021] ? rcu_read_unlock+0x17/0x60 [ 741.472211][ T1021] charge_memcg+0xa6/0x280 [ 741.472231][ T1021] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 741.472259][ T1021] __swap_cache_prepare_and_add+0x817/0x9f0 [ 741.472290][ T1021] ? alloc_pages_mpol+0x25a/0x550 [ 741.472312][ T1021] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 741.472334][ T1021] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 741.472362][ T1021] ? __pfx_swap_entry_swapped+0x10/0x10 [ 741.472389][ T1021] swap_cache_alloc_folio+0x1cb/0x300 [ 741.472419][ T1021] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 741.472455][ T1021] swap_cluster_readahead+0x411/0x770 [ 741.472490][ T1021] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 741.472526][ T1021] ? __swap_cache_clear_shadow+0x2fc/0x3d0 [ 741.472564][ T1021] ? get_vma_policy+0x23d/0x3b0 [ 741.472589][ T1021] swapin_readahead+0x160/0x12c0 [ 741.472625][ T1021] ? __pfx_swapin_readahead+0x10/0x10 [ 741.472652][ T1021] ? find_held_lock+0x2b/0x80 [ 741.472670][ T1021] ? swap_table_get+0x103/0x2c0 [ 741.472695][ T1021] ? swap_table_get+0x103/0x2c0 [ 741.472724][ T1021] ? swap_table_get+0x10d/0x2c0 [ 741.472751][ T1021] ? swap_cache_get_folio+0x1ae/0x600 [ 741.472780][ T1021] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 741.472806][ T1021] ? __pfx_get_swap_device+0x10/0x10 [ 741.472836][ T1021] ? do_swap_page+0xb2e/0x6900 [ 741.472861][ T1021] do_swap_page+0xb2e/0x6900 [ 741.472898][ T1021] ? __pfx_do_swap_page+0x10/0x10 [ 741.472931][ T1021] ? rcu_is_watching+0x12/0xc0 [ 741.472960][ T1021] ? __pte_offset_map+0x179/0x310 [ 741.472982][ T1021] __handle_mm_fault+0x18c7/0x2b60 [ 741.473014][ T1021] ? reacquire_held_locks+0xce/0x1e0 [ 741.473040][ T1021] ? __pfx___handle_mm_fault+0x10/0x10 [ 741.473071][ T1021] ? lock_vma_under_rcu+0x17c/0x590 [ 741.473111][ T1021] handle_mm_fault+0x36d/0xa20 [ 741.473142][ T1021] do_user_addr_fault+0x5a3/0x12f0 [ 741.473168][ T1021] exc_page_fault+0x6f/0xd0 [ 741.473187][ T1021] asm_exc_page_fault+0x26/0x30 [ 741.473204][ T1021] RIP: 0033:0x7f1da4470e60 [ 741.473222][ T1021] Code: fe c6 44 24 0e 01 45 31 ed 45 31 f6 89 7c 24 08 85 c0 0f 84 10 01 00 00 66 90 48 8b 3c 24 49 8b 54 24 40 4c 89 f0 4a 03 14 ef <80> 3d 41 6f 3a 00 00 49 89 d6 48 89 d3 74 28 25 ff 0f 00 00 83 f0 [ 741.473240][ T1021] RSP: 002b:00007ffd589efc60 EFLAGS: 00010286 [ 741.473256][ T1021] RAX: ffffffff8287bc54 RBX: ffffffff8287b1f8 RCX: 0000001b33923d80 [ 741.473267][ T1021] RDX: ffffffff817642c3 RSI: 0000000000000008 RDI: 00007f1da3bfd008 [ 741.473278][ T1021] RBP: 0000000000000050 R08: 00007f1da4800000 R09: 00007f1da4802000 [ 741.473289][ T1021] R10: 000000008287b1fc R11: 0000000000000001 R12: 00007f1da4816128 [ 741.473300][ T1021] R13: 0000000000000065 R14: ffffffff8287bc54 R15: 00007f1da5345720 [ 741.473312][ T1021] ? alloc_empty_file+0x44/0x1c0 [ 741.473337][ T1021] ? __fput+0x3c8/0xb40 [ 741.473360][ T1021] ? alloc_empty_file+0x44/0x1c0 [ 741.473384][ T1021] ? in_gate_area_no_mm+0x13/0x70 [ 741.473412][ T1021] [ 741.473419][ T1021] memory: usage 2812kB, limit 3072kB, failcnt 118806 [ 743.300245][ T1021] memory+swap: usage 2904kB, limit 9007199254740988kB, failcnt 0 [ 743.351274][ T1021] kmem: usage 2292kB, limit 9007199254740988kB, failcnt 0 [ 743.379438][ T1137] netlink: 'syz.2.11490': attribute type 1 has an invalid length. [ 743.394001][ T1021] Memory cgroup stats for /syz3: [ 743.394301][ T1021] cache 0 [ 743.427148][ T1021] rss 8192 [ 743.430250][ T1021] rss_huge 0 [ 743.476905][ T1021] shmem 0 [ 743.479893][ T1021] mapped_file 0 [ 743.502922][ T1021] dirty 0 [ 743.540669][ T1141] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 743.558093][ T1021] writeback 32768 [ 743.561760][ T1021] workingset_refault_anon 6898 [ 743.578557][ T1021] workingset_refault_file 33614 [ 743.603153][ T1021] swap 360448 [ 743.621193][ T1021] swapcached 444731392 [ 743.640416][ T1021] pgpgin 285704 [ 743.662388][ T1021] pgpgout 298985 [ 743.682992][ T1021] pgfault 323446 [ 743.699899][ T1021] pgmajfault 4250 [ 743.709755][ T1021] inactive_anon 32768 [ 743.729914][ T1021] active_anon 0 [ 743.743387][ T1021] inactive_file 0 [ 743.767299][ T1021] active_file 0 [ 743.785282][ T1021] unevictable 0 [ 743.799018][ T1021] hierarchical_memory_limit 3145728 [ 743.817492][ T1021] hierarchical_memsw_limit 9223372036854771712 [ 743.862936][ T1021] total_cache 0 [ 743.871552][ T1021] total_rss 8192 [ 743.886547][ T1021] total_rss_huge 0 [ 743.899000][ T1021] total_shmem 0 [ 743.919151][ T1021] total_mapped_file 0 [ 743.948844][ T1021] total_dirty 0 [ 743.964824][ T1021] total_writeback 32768 [ 743.990733][ T1021] total_workingset_refault_anon 6898 [ 744.011411][ T1021] total_workingset_refault_file 33614 [ 744.040421][ T1021] total_swap 360448 [ 744.047044][ T1021] total_swapcached 444731392 [ 744.067002][ T1021] total_pgpgin 285704 [ 744.092238][ T1021] total_pgpgout 298985 [ 744.130142][ T1021] total_pgfault 323446 [ 744.134338][ T1021] total_pgmajfault 4250 [ 744.140318][ T1021] total_inactive_anon 32768 [ 744.179737][ T1021] total_active_anon 0 [ 744.183847][ T1021] total_inactive_file 0 [ 744.205649][ T1021] total_active_file 0 [ 744.220881][ T1021] total_unevictable 0 [ 744.236933][ T1021] anon_cost 1066 [ 744.250736][ T1021] file_cost 0 [ 744.269934][ T1021] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.11444,pid=1021,uid=0 [ 744.332561][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 744.339131][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 744.362186][ T1021] Memory cgroup out of memory: Killed process 1021 (syz.3.11444) total-vm:104408kB, anon-rss:1240kB, file-rss:21844kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 746.838450][T18664] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 746.838478][T18664] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 746.853540][T18664] Bluetooth: hci2: Dropping invalid advertising data [ 746.860473][T18664] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 746.860497][T18664] Bluetooth: hci2: Dropping invalid advertising data [ 746.874497][T18664] Bluetooth: hci2: Malformed LE Event: 0x02 [ 747.472196][ T1358] blktrace: Concurrent blktraces are not allowed on loop2 [ 747.881397][ T1370] nbd: couldn't find device at index 33904 [ 749.486505][ T1440] syz_tun: tun_chr_ioctl cmd 1074812117 [ 749.580455][ T1401] Process accounting paused [ 749.918155][ T1457] netlink: 'syz.3.11599': attribute type 1 has an invalid length. [ 749.946529][ T1457] nbd: error processing sock list [ 751.046548][ T1508] nfs: Unknown parameter 'nl802154' [ 751.262420][ T1519] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 751.294289][ T1518] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11625'. [ 751.725829][ T1541] openvswitch: netlink: IP tunnel dst address not specified [ 753.890420][ T1630] random: crng reseeded on system resumption [ 754.494039][ T1656] openvswitch: netlink: IP tunnel dst address not specified [ 755.267071][ T1692] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11698'. [ 755.506380][ T1705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11703'. [ 756.023865][ T1729] netlink: 'syz.0.11714': attribute type 11 has an invalid length. [ 756.227847][ T1740] FAULT_INJECTION: forcing a failure. [ 756.227847][ T1740] name failslab, interval 1, probability 0, space 0, times 0 [ 756.267626][ T1740] CPU: 0 UID: 0 PID: 1740 Comm: syz.2.11718 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 756.267662][ T1740] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 756.267671][ T1740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 756.267682][ T1740] Call Trace: [ 756.267688][ T1740] [ 756.267695][ T1740] dump_stack_lvl+0x100/0x190 [ 756.267729][ T1740] should_fail_ex.cold+0x5/0xa [ 756.267750][ T1740] ? udp_init_sock+0x24e/0x450 [ 756.267775][ T1740] should_failslab+0xc2/0x120 [ 756.267795][ T1740] __kmalloc_noprof+0xe0/0x850 [ 756.267824][ T1740] ? lockdep_init_map_type+0x5c/0x250 [ 756.267853][ T1740] udp_init_sock+0x24e/0x450 [ 756.267876][ T1740] ? __pfx_udp_init_sock+0x10/0x10 [ 756.267902][ T1740] inet_create+0x94c/0x1060 [ 756.267926][ T1740] ? inet_create+0x94/0x1060 [ 756.267952][ T1740] __sock_create+0x339/0x860 [ 756.267979][ T1740] __sys_socket+0x14d/0x260 [ 756.268003][ T1740] ? __pfx___sys_socket+0x10/0x10 [ 756.268033][ T1740] __x64_sys_socket+0x72/0xb0 [ 756.268055][ T1740] ? lockdep_hardirqs_on+0x78/0x100 [ 756.268073][ T1740] do_syscall_64+0x106/0xf80 [ 756.268091][ T1740] ? clear_bhb_loop+0x40/0x90 [ 756.268113][ T1740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.268131][ T1740] RIP: 0033:0x7fdc01d9c819 [ 756.268147][ T1740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.268164][ T1740] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 756.268182][ T1740] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 756.268193][ T1740] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 756.268204][ T1740] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 756.268214][ T1740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.268224][ T1740] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 756.268246][ T1740] [ 756.986953][ T1771] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 757.066014][ T1771] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 757.651346][ T1821] netlink: 'syz.2.11743': attribute type 11 has an invalid length. [ 757.659374][ T1821] netlink: 'syz.2.11743': attribute type 11 has an invalid length. [ 757.717891][ T1821] netlink: 'syz.2.11743': attribute type 11 has an invalid length. [ 758.699631][ T1858] NFSD: Failed to start, no listeners configured. [ 759.637792][ T1926] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 760.139571][ T1950] &#$@\]\-: entered promiscuous mode [ 760.783015][ T1972] openvswitch: netlink: IP tunnel dst address not specified [ 761.440071][ T1997] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 761.476328][ T1997] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 763.082091][ T2056] usb usb13: usbfs: process 2056 (syz.1.11825) did not claim interface 10 before use [ 763.330391][ T2068] FAULT_INJECTION: forcing a failure. [ 763.330391][ T2068] name failslab, interval 1, probability 0, space 0, times 0 [ 763.403761][ T2068] CPU: 0 UID: 0 PID: 2068 Comm: syz.2.11831 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 763.403797][ T2068] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 763.403805][ T2068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 763.403816][ T2068] Call Trace: [ 763.403822][ T2068] [ 763.403829][ T2068] dump_stack_lvl+0x100/0x190 [ 763.403862][ T2068] should_fail_ex.cold+0x5/0xa [ 763.403884][ T2068] should_failslab+0xc2/0x120 [ 763.403906][ T2068] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 763.403937][ T2068] ? __anon_vma_prepare+0xae/0x5e0 [ 763.403968][ T2068] __anon_vma_prepare+0xae/0x5e0 [ 763.403993][ T2068] ? do_raw_spin_lock+0x128/0x260 [ 763.404023][ T2068] __vmf_anon_prepare+0x11f/0x250 [ 763.404047][ T2068] do_huge_pmd_anonymous_page+0x15c/0x1ab0 [ 763.404077][ T2068] ? __pmd_alloc+0x3fb/0x950 [ 763.404102][ T2068] __handle_mm_fault+0x1ea4/0x2b60 [ 763.404131][ T2068] ? mt_find+0x45e/0x8e0 [ 763.404210][ T2068] ? __pfx___handle_mm_fault+0x10/0x10 [ 763.404236][ T2068] ? __pfx_mt_find+0x10/0x10 [ 763.404273][ T2068] handle_mm_fault+0x36d/0xa20 [ 763.404305][ T2068] __get_user_pages+0xf9c/0x34d0 [ 763.404335][ T2068] ? __pfx___get_user_pages+0x10/0x10 [ 763.404364][ T2068] populate_vma_page_range+0x267/0x3f0 [ 763.404391][ T2068] ? __pfx_populate_vma_page_range+0x10/0x10 [ 763.404414][ T2068] ? __pfx_find_vma_intersection+0x10/0x10 [ 763.404436][ T2068] ? do_mmap+0x93f/0x12f0 [ 763.404460][ T2068] __mm_populate+0x107/0x3a0 [ 763.404492][ T2068] ? __pfx___mm_populate+0x10/0x10 [ 763.404517][ T2068] ? up_write+0x290/0x4f0 [ 763.404546][ T2068] vm_mmap_pgoff+0x37f/0x470 [ 763.404571][ T2068] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 763.404595][ T2068] ? do_futex+0x192/0x350 [ 763.404620][ T2068] ? __pfx_do_futex+0x10/0x10 [ 763.404649][ T2068] ksys_mmap_pgoff+0xe1/0x650 [ 763.404670][ T2068] ? __x64_sys_futex+0x34f/0x4d0 [ 763.404693][ T2068] ? __x64_sys_futex+0x358/0x4d0 [ 763.404718][ T2068] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 763.404739][ T2068] ? xfd_validate_state+0x129/0x190 [ 763.404771][ T2068] __x64_sys_mmap+0x125/0x190 [ 763.404802][ T2068] do_syscall_64+0x106/0xf80 [ 763.404819][ T2068] ? clear_bhb_loop+0x40/0x90 [ 763.404841][ T2068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.404860][ T2068] RIP: 0033:0x7fdc01d9c819 [ 763.404876][ T2068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 763.404894][ T2068] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 763.404912][ T2068] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 763.404925][ T2068] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 763.404936][ T2068] RBP: 00007fdc01e32c91 R08: 0000000000000002 R09: 0000000000008000 [ 763.404947][ T2068] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 763.404960][ T2068] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 763.404985][ T2068] [ 765.213367][ T2140] openvswitch: netlink: IPv4 tunnel dst address is zero [ 769.437482][ T2352] syz_tun: tun_chr_ioctl cmd 2147767519 [ 770.402546][ T2392] openvswitch: netlink: Message has 20 unknown bytes. [ 772.855454][ T2535] tc_dump_action: action bad kind [ 773.648010][ T2573] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12027'. [ 774.531077][ T2618] FAULT_INJECTION: forcing a failure. [ 774.531077][ T2618] name failslab, interval 1, probability 0, space 0, times 0 [ 774.585320][ T2618] CPU: 0 UID: 0 PID: 2618 Comm: syz.1.12034 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 774.585366][ T2618] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 774.585374][ T2618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 774.585384][ T2618] Call Trace: [ 774.585391][ T2618] [ 774.585398][ T2618] dump_stack_lvl+0x100/0x190 [ 774.585430][ T2618] should_fail_ex.cold+0x5/0xa [ 774.585452][ T2618] should_failslab+0xc2/0x120 [ 774.585474][ T2618] __kmalloc_cache_noprof+0x7a/0x6f0 [ 774.585499][ T2618] ? sctp_endpoint_new+0xfc/0xb20 [ 774.585574][ T2618] ? __debug_object_init+0x2de/0x3d0 [ 774.585597][ T2618] sctp_endpoint_new+0xfc/0xb20 [ 774.585619][ T2618] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 774.585638][ T2618] ? lockdep_init_map_type+0x5c/0x250 [ 774.585666][ T2618] ? lockdep_init_map_type+0x5c/0x250 [ 774.585690][ T2618] ? lockdep_init_map_type+0x5c/0x250 [ 774.585723][ T2618] sctp_init_sock+0xe2b/0x1300 [ 774.585756][ T2618] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 774.585775][ T2618] sctp_v6_init_sock+0x16/0x70 [ 774.585792][ T2618] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 774.585809][ T2618] inet6_create+0xb21/0x12b0 [ 774.585831][ T2618] ? inet6_create+0x7f/0x12b0 [ 774.585851][ T2618] __sock_create+0x339/0x860 [ 774.585879][ T2618] __sys_socket+0x14d/0x260 [ 774.585904][ T2618] ? __pfx___sys_socket+0x10/0x10 [ 774.585933][ T2618] __x64_sys_socket+0x72/0xb0 [ 774.585957][ T2618] ? lockdep_hardirqs_on+0x78/0x100 [ 774.585975][ T2618] do_syscall_64+0x106/0xf80 [ 774.585992][ T2618] ? clear_bhb_loop+0x40/0x90 [ 774.586015][ T2618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.586034][ T2618] RIP: 0033:0x7f598a79c819 [ 774.586050][ T2618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 774.586068][ T2618] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 774.586086][ T2618] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 774.586098][ T2618] RDX: 0000000000000084 RSI: 0000000000000001 RDI: 000000000000000a [ 774.586108][ T2618] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 774.586118][ T2618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 774.586128][ T2618] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 774.586150][ T2618] [ 776.644591][ T2683] HfR: entered promiscuous mode [ 776.711033][ T2692] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 777.704472][ T2748] netlink: 250 bytes leftover after parsing attributes in process `syz.2.12077'. [ 778.235108][ T2779] openvswitch: netlink: IP tunnel dst address not specified [ 778.799362][ T2796] netlink: 'syz.3.12091': attribute type 11 has an invalid length. [ 778.825250][ T2796] netlink: 'syz.3.12091': attribute type 11 has an invalid length. [ 778.862089][ T2798] hub 1-0:1.0: USB hub found [ 778.875435][ T2796] netlink: 'syz.3.12091': attribute type 11 has an invalid length. [ 778.887903][ T2798] hub 1-0:1.0: 1 port detected [ 779.114521][ T2810] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12096'. [ 779.847001][ T2860] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 780.152045][ T2834] Process accounting resumed [ 781.207832][T18664] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 781.215457][T18664] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 782.621078][ T2983] openvswitch: netlink: Multiple metadata blocks provided [ 782.897481][ T2992] NFSD: Failed to start, no listeners configured. [ 782.952408][ T3003] netlink: 'syz.3.12167': attribute type 1 has an invalid length. [ 782.966514][ T3004] netlink: 'syz.1.12168': attribute type 1 has an invalid length. [ 784.678654][ T3066] ima: policy update failed [ 784.724265][ T30] audit: type=1802 audit(4295032952.081:50): pid=3066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.12183" res=0 errno=0 [ 784.929016][ T3099] netlink: 'syz.1.12194': attribute type 11 has an invalid length. [ 784.938617][ T3101] device-mapper: ioctl: only supply one of name or uuid, cmd(11) [ 785.022895][ T3099] netlink: 'syz.1.12194': attribute type 11 has an invalid length. [ 785.100031][ T3099] netlink: 'syz.1.12194': attribute type 11 has an invalid length. [ 786.093917][ T3149] usb usb39: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 786.128530][ T3149] vhci_hcd vhci_hcd.3: default hub control req: 0000 v0000 i0000 l0 [ 786.234834][ T3154] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12218'. [ 787.089778][ T3188] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 788.495454][ T3250] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 789.818836][ T3309] netlink: ct family unspecified [ 790.628675][ T3338] __vm_enough_memory: pid: 3338, comm: syz.2.12292, bytes: 4398046511104 not enough memory for the allocation [ 790.912241][ T3322] syz.3.12285 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 791.060010][ T3322] CPU: 0 UID: 0 PID: 3322 Comm: syz.3.12285 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 791.060048][ T3322] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 791.060056][ T3322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 791.060067][ T3322] Call Trace: [ 791.060074][ T3322] [ 791.060082][ T3322] dump_stack_lvl+0x100/0x190 [ 791.060118][ T3322] dump_header+0xfb/0x606 [ 791.060141][ T3322] oom_kill_process.cold+0xd/0x330 [ 791.060164][ T3322] out_of_memory+0x340/0x14f0 [ 791.060201][ T3322] ? __pfx_out_of_memory+0x10/0x10 [ 791.060238][ T3322] mem_cgroup_out_of_memory+0xc6/0x130 [ 791.060267][ T3322] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 791.060293][ T3322] ? find_held_lock+0x2b/0x80 [ 791.060318][ T3322] ? do_raw_spin_unlock+0x145/0x1e0 [ 791.060348][ T3322] ? _raw_spin_unlock+0x28/0x50 [ 791.060380][ T3322] try_charge_memcg+0x652/0xc90 [ 791.060406][ T3322] ? __pfx_try_charge_memcg+0x10/0x10 [ 791.060432][ T3322] ? find_held_lock+0x2b/0x80 [ 791.060449][ T3322] ? rcu_read_unlock+0x17/0x60 [ 791.060470][ T3322] ? rcu_read_unlock+0x17/0x60 [ 791.060495][ T3322] charge_memcg+0xa6/0x280 [ 791.060515][ T3322] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 791.060544][ T3322] __swap_cache_prepare_and_add+0x817/0x9f0 [ 791.060575][ T3322] ? alloc_pages_mpol+0x25a/0x550 [ 791.060597][ T3322] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 791.060619][ T3322] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 791.060647][ T3322] ? __pfx_swap_entry_swapped+0x10/0x10 [ 791.060674][ T3322] swap_cache_alloc_folio+0x1cb/0x300 [ 791.060704][ T3322] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 791.060732][ T3322] ? __lock_acquire+0x4a5/0x2630 [ 791.060762][ T3322] swap_cluster_readahead+0x53b/0x770 [ 791.060797][ T3322] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 791.060830][ T3322] ? swap_table_get+0x10d/0x2c0 [ 791.060863][ T3322] ? find_held_lock+0x2b/0x80 [ 791.060880][ T3322] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 791.060915][ T3322] shmem_swapin_folio+0x22a4/0x2c10 [ 791.060948][ T3322] ? find_held_lock+0x2b/0x80 [ 791.060965][ T3322] ? filemap_get_entry+0x1a7/0x3b0 [ 791.060989][ T3322] ? __pfx_shmem_swapin_folio+0x10/0x10 [ 791.061024][ T3322] ? __pfx_filemap_get_entry+0x10/0x10 [ 791.061049][ T3322] ? find_held_lock+0x2b/0x80 [ 791.061070][ T3322] shmem_get_folio_gfp+0x56c/0x1900 [ 791.061106][ T3322] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 791.061138][ T3322] ? update_cfs_rq_load_avg+0x51/0x550 [ 791.061164][ T3322] shmem_fault+0x1f9/0xa20 [ 791.061194][ T3322] ? __lock_acquire+0x4a5/0x2630 [ 791.061218][ T3322] ? __pfx_shmem_fault+0x10/0x10 [ 791.061246][ T3322] ? set_next_entity+0x11e/0x9c0 [ 791.061284][ T3322] ? __pfx_filemap_map_pages+0x10/0x10 [ 791.061313][ T3322] __do_fault+0x10d/0x550 [ 791.061334][ T3322] ? __pfx_filemap_map_pages+0x10/0x10 [ 791.061362][ T3322] do_fault+0x2db/0x18e0 [ 791.061389][ T3322] __handle_mm_fault+0x1815/0x2b60 [ 791.061420][ T3322] ? mt_find+0x45e/0x8e0 [ 791.061442][ T3322] ? __pfx___handle_mm_fault+0x10/0x10 [ 791.061468][ T3322] ? __pfx_mt_find+0x10/0x10 [ 791.061500][ T3322] ? find_vma+0xbf/0x140 [ 791.061519][ T3322] ? __pfx_find_vma+0x10/0x10 [ 791.061540][ T3322] handle_mm_fault+0x36d/0xa20 [ 791.061572][ T3322] do_user_addr_fault+0x74c/0x12f0 [ 791.061599][ T3322] exc_page_fault+0x6f/0xd0 [ 791.061617][ T3322] asm_exc_page_fault+0x26/0x30 [ 791.061640][ T3322] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 791.061665][ T3322] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 791.061683][ T3322] RSP: 0018:ffffc90004947bb0 EFLAGS: 00050246 [ 791.061699][ T3322] RAX: 0000000000000001 RBX: 0000000000163fc0 RCX: 0000000000000040 [ 791.061711][ T3322] RDX: 0000000000000001 RSI: ffffc90004947d78 RDI: 0000000000163fc0 [ 791.061722][ T3322] RBP: ffffc90004947e68 R08: 0000000000000000 R09: fffff52000928fb6 [ 791.061733][ T3322] R10: ffffc90004947db7 R11: 0000000000000000 R12: 0000000000164000 [ 791.061743][ T3322] R13: 00007ffffffff000 R14: ffffc90004947d78 R15: 0000000000000040 [ 791.061767][ T3322] _copy_to_iter+0x391/0x1720 [ 791.061796][ T3322] ? chacha_block_generic+0x265/0x360 [ 791.061874][ T3322] ? __pfx__copy_to_iter+0x10/0x10 [ 791.061902][ T3322] ? __pfx___might_resched+0x10/0x10 [ 791.061937][ T3322] get_random_bytes_user+0x17b/0x3d0 [ 791.061985][ T3322] ? __pfx_get_random_bytes_user+0x10/0x10 [ 791.062019][ T3322] ? do_futex+0x192/0x350 [ 791.062051][ T3322] ? import_ubuf+0x1b6/0x220 [ 791.062076][ T3322] __x64_sys_getrandom+0x183/0x290 [ 791.062100][ T3322] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 791.062136][ T3322] do_syscall_64+0x106/0xf80 [ 791.062153][ T3322] ? clear_bhb_loop+0x40/0x90 [ 791.062176][ T3322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.062196][ T3322] RIP: 0033:0x7f1da459c819 [ 791.062212][ T3322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 791.062229][ T3322] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 791.062246][ T3322] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 791.062257][ T3322] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 791.062268][ T3322] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 791.062279][ T3322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.062289][ T3322] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 791.062313][ T3322] [ 791.966521][ T3322] memory: usage 3072kB, limit 3072kB, failcnt 128978 [ 791.973280][ T3322] memory+swap: usage 4884kB, limit 9007199254740988kB, failcnt 0 [ 791.981160][ T3322] kmem: usage 3072kB, limit 9007199254740988kB, failcnt 0 [ 791.988295][ T3322] Memory cgroup stats for /syz3: [ 791.988525][ T3322] cache 0 [ 791.996468][ T3322] rss 0 [ 791.999227][ T3322] rss_huge 0 [ 792.002516][ T3322] shmem 0 [ 792.005467][ T3322] mapped_file 0 [ 792.008927][ T3322] dirty 0 [ 792.011889][ T3322] writeback 12288 [ 792.015519][ T3322] workingset_refault_anon 7548 [ 792.020276][ T3322] workingset_refault_file 33614 [ 792.025158][ T3322] swap 1843200 [ 792.028538][ T3322] swapcached 494485504 [ 792.032638][ T3322] pgpgin 304553 [ 792.037778][ T3322] pgpgout 318793 [ 792.041415][ T3322] pgfault 354222 [ 792.044957][ T3322] pgmajfault 4611 [ 792.048605][ T3322] inactive_anon 12288 [ 792.052609][ T3322] active_anon 0 [ 792.056065][ T3322] inactive_file 0 [ 792.059692][ T3322] active_file 0 [ 792.063198][ T3322] unevictable 0 [ 792.066651][ T3322] hierarchical_memory_limit 3145728 [ 792.071882][ T3322] hierarchical_memsw_limit 9223372036854771712 [ 792.078030][ T3322] total_cache 0 [ 792.081733][ T3322] total_rss 0 [ 792.085015][ T3322] total_rss_huge 0 [ 792.088741][ T3322] total_shmem 0 [ 792.092239][ T3322] total_mapped_file 0 [ 792.096215][ T3322] total_dirty 0 [ 792.099675][ T3322] total_writeback 12288 [ 792.103859][ T3322] total_workingset_refault_anon 7548 [ 792.109135][ T3322] total_workingset_refault_file 33614 [ 792.114704][ T3322] total_swap 1843200 [ 792.118677][ T3322] total_swapcached 494485504 [ 792.123463][ T3322] total_pgpgin 304553 [ 792.127434][ T3322] total_pgpgout 318793 [ 792.131511][ T3322] total_pgfault 354222 [ 792.135568][ T3322] total_pgmajfault 4611 [ 792.140772][ T3322] total_inactive_anon 12288 [ 792.145281][ T3322] total_active_anon 0 [ 792.149266][ T3322] total_inactive_file 0 [ 792.154099][ T3322] total_active_file 0 [ 792.158093][ T3322] total_unevictable 0 [ 792.162210][ T3322] anon_cost 1066 [ 792.165836][ T3322] file_cost 0 [ 792.169113][ T3322] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.12285,pid=3321,uid=0 [ 792.186585][ T3322] Memory cgroup out of memory: Killed process 3321 (syz.3.12285) total-vm:137308kB, anon-rss:1232kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 792.578144][ T3386] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12304'. [ 794.225543][ T3454] FAULT_INJECTION: forcing a failure. [ 794.225543][ T3454] name failslab, interval 1, probability 0, space 0, times 0 [ 794.278422][ T3454] CPU: 0 UID: 0 PID: 3454 Comm: syz.2.12328 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 794.278458][ T3454] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 794.278467][ T3454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 794.278476][ T3454] Call Trace: [ 794.278484][ T3454] [ 794.278491][ T3454] dump_stack_lvl+0x100/0x190 [ 794.278525][ T3454] should_fail_ex.cold+0x5/0xa [ 794.278548][ T3454] should_failslab+0xc2/0x120 [ 794.278569][ T3454] __kmalloc_cache_noprof+0x7a/0x6f0 [ 794.278596][ T3454] ? create_filter_start.constprop.0+0x1c4/0x310 [ 794.278626][ T3454] ? __asan_memcpy+0x3c/0x60 [ 794.278655][ T3454] create_filter_start.constprop.0+0x1c4/0x310 [ 794.278688][ T3454] apply_subsystem_event_filter+0x188/0x17d0 [ 794.278725][ T3454] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 794.278761][ T3454] ? _copy_from_user+0x59/0xd0 [ 794.278787][ T3454] ? __pfx_subsystem_filter_write+0x10/0x10 [ 794.278816][ T3454] subsystem_filter_write+0x95/0x120 [ 794.278847][ T3454] vfs_writev+0x5ea/0xe10 [ 794.278876][ T3454] ? rcu_is_watching+0x12/0xc0 [ 794.278910][ T3454] ? __pfx_vfs_writev+0x10/0x10 [ 794.278938][ T3454] ? fdget_pos+0x2aa/0x380 [ 794.278975][ T3454] ? __fget_files+0x21f/0x3d0 [ 794.279003][ T3454] ? do_writev+0x13e/0x340 [ 794.279018][ T3454] do_writev+0x13e/0x340 [ 794.279034][ T3454] ? __pfx_do_writev+0x10/0x10 [ 794.279058][ T3454] do_syscall_64+0x106/0xf80 [ 794.279076][ T3454] ? clear_bhb_loop+0x40/0x90 [ 794.279098][ T3454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.279117][ T3454] RIP: 0033:0x7fdc01d9c819 [ 794.279133][ T3454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.279150][ T3454] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 794.279168][ T3454] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 794.279180][ T3454] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 794.279190][ T3454] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 794.279200][ T3454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.279210][ T3454] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 794.279234][ T3454] [ 794.795352][ T3460] NFSD: Failed to start, no listeners configured. [ 795.360430][T18664] Bluetooth: hci0: Malformed HCI Event [ 795.698574][ T3496] could not allocate digest TFM handle [ 795.883456][ T3515] FAULT_INJECTION: forcing a failure. [ 795.883456][ T3515] name failslab, interval 1, probability 0, space 0, times 0 [ 795.950517][ T3515] CPU: 0 UID: 0 PID: 3515 Comm: syz.3.12350 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 795.950554][ T3515] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 795.950563][ T3515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 795.950573][ T3515] Call Trace: [ 795.950580][ T3515] [ 795.950587][ T3515] dump_stack_lvl+0x100/0x190 [ 795.950621][ T3515] should_fail_ex.cold+0x5/0xa [ 795.950643][ T3515] ? sk_prot_alloc+0x10b/0x2a0 [ 795.950665][ T3515] should_failslab+0xc2/0x120 [ 795.950686][ T3515] __kmalloc_noprof+0xe0/0x850 [ 795.950719][ T3515] sk_prot_alloc+0x10b/0x2a0 [ 795.950740][ T3515] sk_alloc+0x36/0xe80 [ 795.950816][ T3515] alg_create+0x9e/0x150 [ 795.950863][ T3515] __sock_create+0x339/0x860 [ 795.950891][ T3515] __sys_socket+0x14d/0x260 [ 795.950915][ T3515] ? __pfx___sys_socket+0x10/0x10 [ 795.950945][ T3515] __x64_sys_socket+0x72/0xb0 [ 795.950968][ T3515] ? lockdep_hardirqs_on+0x78/0x100 [ 795.950988][ T3515] do_syscall_64+0x106/0xf80 [ 795.951006][ T3515] ? clear_bhb_loop+0x40/0x90 [ 795.951029][ T3515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.951047][ T3515] RIP: 0033:0x7f1da459c819 [ 795.951063][ T3515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.951081][ T3515] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 795.951098][ T3515] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 795.951110][ T3515] RDX: 0000000000000000 RSI: 0000000000080805 RDI: 0000000000000026 [ 795.951121][ T3515] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 795.951131][ T3515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.951141][ T3515] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 795.951163][ T3515] [ 796.667336][ T3525] Invalid ELF header len 5 [ 796.755957][ T3533] zswap: compressor not available [ 797.397048][ T3572] ovs_?: entered promiscuous mode [ 797.810322][ T3593] openvswitch: netlink: IP tunnel TTL not specified. [ 801.294143][ T3729] syz.1.12437 (3729) used obsolete PPPIOCDETACH ioctl [ 801.515431][ T3744] futex_wake_op: syz.3.12442 tries to shift op by -2048; fix this program [ 801.567683][ T3744] futex_wake_op: syz.3.12442 tries to shift op by -2048; fix this program [ 802.339737][ T3768] bridge0: port 3(batadv0) entered blocking state [ 802.374360][ T3768] bridge0: port 3(batadv0) entered disabled state [ 802.399259][ T3768] batadv0: entered allmulticast mode [ 802.429557][ T3768] batadv0: entered promiscuous mode [ 802.458627][ T3768] bridge0: port 3(batadv0) entered blocking state [ 802.465431][ T3768] bridge0: port 3(batadv0) entered forwarding state [ 802.473651][T19121] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 802.483172][T19121] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 802.505574][ T3772] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12455'. [ 802.820152][ T3784] input: jJǸ-9%vJ86 as /devices/virtual/input/input52 [ 804.805000][ T3869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12491'. [ 805.334404][ T3886] sctp: [Deprecated]: syz.2.12497 (pid 3886) Use of int in maxseg socket option. [ 805.334404][ T3886] Use struct sctp_assoc_value instead [ 805.454737][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 805.461927][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 806.154159][ T3918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12509'. [ 807.484851][ T3968] FAULT_INJECTION: forcing a failure. [ 807.484851][ T3968] name failslab, interval 1, probability 0, space 0, times 0 [ 807.544588][ T3968] CPU: 0 UID: 0 PID: 3968 Comm: syz.1.12531 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 807.544625][ T3968] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 807.544634][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 807.544645][ T3968] Call Trace: [ 807.544651][ T3968] [ 807.544658][ T3968] dump_stack_lvl+0x100/0x190 [ 807.544691][ T3968] should_fail_ex.cold+0x5/0xa [ 807.544713][ T3968] ? lsm_blob_alloc+0x68/0x90 [ 807.544750][ T3968] should_failslab+0xc2/0x120 [ 807.544771][ T3968] __kmalloc_noprof+0xe0/0x850 [ 807.544800][ T3968] ? trace_kmem_cache_alloc+0xf3/0x120 [ 807.544824][ T3968] lsm_blob_alloc+0x68/0x90 [ 807.544853][ T3968] security_sk_alloc+0x2d/0x290 [ 807.544876][ T3968] sk_prot_alloc+0x1d1/0x2a0 [ 807.544900][ T3968] sk_alloc+0x36/0xe80 [ 807.544928][ T3968] inet_create+0x3a0/0x1060 [ 807.544951][ T3968] ? inet_create+0x94/0x1060 [ 807.544978][ T3968] __sock_create+0x339/0x860 [ 807.545005][ T3968] mptcp_subflow_create_socket+0xec/0xa30 [ 807.545081][ T3968] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 807.545111][ T3968] __mptcp_nmpc_sk+0x17f/0x870 [ 807.545153][ T3968] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 807.545181][ T3968] ? __local_bh_enable_ip+0x9e/0x120 [ 807.545205][ T3968] mptcp_bind+0xa3/0x1e0 [ 807.545231][ T3968] __sys_bind+0x1a9/0x260 [ 807.545258][ T3968] ? __pfx___sys_bind+0x10/0x10 [ 807.545297][ T3968] __x64_sys_bind+0x72/0xb0 [ 807.545320][ T3968] ? lockdep_hardirqs_on+0x78/0x100 [ 807.545338][ T3968] do_syscall_64+0x106/0xf80 [ 807.545355][ T3968] ? clear_bhb_loop+0x40/0x90 [ 807.545378][ T3968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.545396][ T3968] RIP: 0033:0x7f598a79c819 [ 807.545412][ T3968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.545429][ T3968] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 807.545448][ T3968] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 807.545459][ T3968] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 807.545471][ T3968] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 807.545481][ T3968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 807.545492][ T3968] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 807.545515][ T3968] [ 809.849555][ T4029] FAULT_INJECTION: forcing a failure. [ 809.849555][ T4029] name failslab, interval 1, probability 0, space 0, times 0 [ 809.914039][ T4029] CPU: 0 UID: 0 PID: 4029 Comm: syz.1.12558 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 809.914075][ T4029] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 809.914084][ T4029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 809.914094][ T4029] Call Trace: [ 809.914100][ T4029] [ 809.914108][ T4029] dump_stack_lvl+0x100/0x190 [ 809.914140][ T4029] should_fail_ex.cold+0x5/0xa [ 809.914162][ T4029] should_failslab+0xc2/0x120 [ 809.914183][ T4029] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 809.914213][ T4029] ? alloc_empty_file+0x55/0x1c0 [ 809.914241][ T4029] alloc_empty_file+0x55/0x1c0 [ 809.914265][ T4029] alloc_file_pseudo+0x13a/0x230 [ 809.914290][ T4029] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 809.914313][ T4029] ? alloc_fd+0x476/0x790 [ 809.914333][ T4029] ? do_raw_spin_unlock+0x145/0x1e0 [ 809.914365][ T4029] __anon_inode_getfile+0xe8/0x280 [ 809.914390][ T4029] anon_inode_getfile_fmode+0x37/0xa0 [ 809.914414][ T4029] __do_sys_timerfd_create+0x2d6/0x3f0 [ 809.914438][ T4029] ? do_syscall_64+0x95/0xf80 [ 809.914458][ T4029] do_syscall_64+0x106/0xf80 [ 809.914474][ T4029] ? clear_bhb_loop+0x40/0x90 [ 809.914497][ T4029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.914515][ T4029] RIP: 0033:0x7f598a79c819 [ 809.914530][ T4029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 809.914547][ T4029] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 809.914565][ T4029] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 809.914576][ T4029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 809.914586][ T4029] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 809.914597][ T4029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 809.914607][ T4029] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 809.914639][ T4029] [ 810.164775][ T4030] Process accounting paused [ 811.040754][ T4067] bridge0: port 3(batadv0) entered blocking state [ 811.040875][ T4067] bridge0: port 3(batadv0) entered disabled state [ 811.040988][ T4067] batadv0: entered allmulticast mode [ 811.047992][ T4067] batadv0: entered promiscuous mode [ 811.048417][ T4067] bridge0: port 3(batadv0) entered blocking state [ 811.048502][ T4067] bridge0: port 3(batadv0) entered forwarding state [ 811.201300][T18497] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 811.201340][T18497] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 811.830652][ T4094] bridge0: port 3(dummy0) entered blocking state [ 811.890925][ T4094] bridge0: port 3(dummy0) entered disabled state [ 811.917699][ T4094] dummy0: entered allmulticast mode [ 811.948355][ T4094] dummy0: entered promiscuous mode [ 811.969627][ T4094] bridge0: port 3(dummy0) entered blocking state [ 811.976061][ T4094] bridge0: port 3(dummy0) entered forwarding state [ 812.009907][ T4098] bridge0: port 3(batadv0) entered blocking state [ 812.016626][ T4098] bridge0: port 3(batadv0) entered disabled state [ 812.052112][ T4098] batadv0: entered allmulticast mode [ 812.077913][ T4098] batadv0: entered promiscuous mode [ 812.105934][ T4098] bridge0: port 3(batadv0) entered blocking state [ 812.112515][ T4098] bridge0: port 3(batadv0) entered forwarding state [ 812.217374][T18497] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 812.226662][T18497] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 813.052651][ T4139] bridge0: port 4(batadv0) entered blocking state [ 813.081470][ T4139] bridge0: port 4(batadv0) entered disabled state [ 813.088033][ T4139] batadv0: entered allmulticast mode [ 813.140553][ T4139] batadv0: entered promiscuous mode [ 813.171472][ T4139] bridge0: port 4(batadv0) entered blocking state [ 813.178040][ T4139] bridge0: port 4(batadv0) entered forwarding state [ 813.230706][T19121] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 813.240008][T19121] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 814.571914][ T4189] FAULT_INJECTION: forcing a failure. [ 814.571914][ T4189] name failslab, interval 1, probability 0, space 0, times 0 [ 814.615407][ T4189] CPU: 0 UID: 0 PID: 4189 Comm: syz.3.12622 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 814.615443][ T4189] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 814.615451][ T4189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 814.615463][ T4189] Call Trace: [ 814.615469][ T4189] [ 814.615477][ T4189] dump_stack_lvl+0x100/0x190 [ 814.615509][ T4189] should_fail_ex.cold+0x5/0xa [ 814.615531][ T4189] should_failslab+0xc2/0x120 [ 814.615560][ T4189] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 814.615589][ T4189] ? prepare_creds+0x2c/0x950 [ 814.615618][ T4189] ? from_kuid_munged+0xaa/0x130 [ 814.615640][ T4189] prepare_creds+0x2c/0x950 [ 814.615671][ T4189] __sys_setfsuid+0xda/0x380 [ 814.615694][ T4189] do_syscall_64+0x106/0xf80 [ 814.615712][ T4189] ? clear_bhb_loop+0x40/0x90 [ 814.615739][ T4189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.615758][ T4189] RIP: 0033:0x7f1da459c819 [ 814.615773][ T4189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 814.615791][ T4189] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 000000000000007a [ 814.615810][ T4189] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 814.615821][ T4189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee01 [ 814.615832][ T4189] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 814.615843][ T4189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 814.615854][ T4189] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 814.615876][ T4189] [ 815.992251][ T4223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12636'. [ 817.383109][ T4260] bridge0: port 4(dummy0) entered blocking state [ 817.418986][ T4260] bridge0: port 4(dummy0) entered disabled state [ 817.425492][ T4260] dummy0: entered allmulticast mode [ 817.473919][ T4260] dummy0: entered promiscuous mode [ 817.508433][ T4260] bridge0: port 4(dummy0) entered blocking state [ 817.514950][ T4260] bridge0: port 4(dummy0) entered forwarding state [ 817.698010][ T4270] FAULT_INJECTION: forcing a failure. [ 817.698010][ T4270] name failslab, interval 1, probability 0, space 0, times 0 [ 817.761569][ T4270] CPU: 0 UID: 0 PID: 4270 Comm: syz.2.12654 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 817.761613][ T4270] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 817.761622][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 817.761633][ T4270] Call Trace: [ 817.761640][ T4270] [ 817.761647][ T4270] dump_stack_lvl+0x100/0x190 [ 817.761679][ T4270] should_fail_ex.cold+0x5/0xa [ 817.761701][ T4270] should_failslab+0xc2/0x120 [ 817.761724][ T4270] __kmalloc_cache_noprof+0x7a/0x6f0 [ 817.761750][ T4270] ? do_signalfd4+0x14e/0x480 [ 817.761777][ T4270] do_signalfd4+0x14e/0x480 [ 817.761802][ T4270] __x64_sys_signalfd+0x120/0x1a0 [ 817.761826][ T4270] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 817.761857][ T4270] do_syscall_64+0x106/0xf80 [ 817.761875][ T4270] ? clear_bhb_loop+0x40/0x90 [ 817.761897][ T4270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.761915][ T4270] RIP: 0033:0x7fdc01d9c819 [ 817.761931][ T4270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 817.761948][ T4270] RSP: 002b:00007fdc02c27028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 817.761966][ T4270] RAX: ffffffffffffffda RBX: 00007fdc02015fa0 RCX: 00007fdc01d9c819 [ 817.761977][ T4270] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 817.761988][ T4270] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 817.761999][ T4270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.762009][ T4270] R13: 00007fdc02016038 R14: 00007fdc02015fa0 R15: 00007ffdf00c16c8 [ 817.762032][ T4270] [ 818.339579][ T4280] zswap: compressor not available [ 819.302430][ T4332] ovs_: entered promiscuous mode [ 819.366391][ T30] audit: type=1800 audit(4295032986.911:51): pid=4339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.12673" name="SYSV00000014" dev="hugetlbfs" ino=0 res=0 errno=0 [ 819.746412][ T4354] bridge0: port 4(dummy0) entered blocking state [ 819.786829][ T4354] bridge0: port 4(dummy0) entered disabled state [ 819.793335][ T4354] dummy0: entered allmulticast mode [ 819.827513][ T4354] dummy0: entered promiscuous mode [ 819.843444][ T4356] FAULT_INJECTION: forcing a failure. [ 819.843444][ T4356] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 819.864671][ T4354] bridge0: port 4(dummy0) entered blocking state [ 819.871148][ T4354] bridge0: port 4(dummy0) entered forwarding state [ 819.898919][ T4356] CPU: 0 UID: 0 PID: 4356 Comm: syz.1.12679 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 819.898955][ T4356] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 819.898963][ T4356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 819.898974][ T4356] Call Trace: [ 819.898981][ T4356] [ 819.898988][ T4356] dump_stack_lvl+0x100/0x190 [ 819.899020][ T4356] should_fail_ex.cold+0x5/0xa [ 819.899043][ T4356] _copy_from_iter+0x1f4/0x1690 [ 819.899073][ T4356] ? __pfx__copy_from_iter+0x10/0x10 [ 819.899103][ T4356] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 819.899132][ T4356] skb_copy_datagram_from_iter+0x11f/0x720 [ 819.899166][ T4356] tun_get_user+0x1884/0x3e10 [ 819.899255][ T4356] ? __pfx_tun_get_user+0x10/0x10 [ 819.899278][ T4356] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 819.899313][ T4356] ? find_held_lock+0x2b/0x80 [ 819.899333][ T4356] ? tun_get+0x191/0x370 [ 819.899351][ T4356] ? tun_get+0x191/0x370 [ 819.899377][ T4356] tun_chr_write_iter+0xdc/0x200 [ 819.899401][ T4356] vfs_write+0x6ac/0x1070 [ 819.899421][ T4356] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 819.899445][ T4356] ? __pfx_vfs_write+0x10/0x10 [ 819.899462][ T4356] ? find_held_lock+0x2b/0x80 [ 819.899500][ T4356] __x64_sys_pwrite64+0x1eb/0x250 [ 819.899521][ T4356] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 819.899547][ T4356] do_syscall_64+0x106/0xf80 [ 819.899566][ T4356] ? clear_bhb_loop+0x40/0x90 [ 819.899588][ T4356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.899608][ T4356] RIP: 0033:0x7f598a79c819 [ 819.899625][ T4356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 819.899642][ T4356] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 819.899660][ T4356] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 819.899672][ T4356] RDX: 0000000000000084 RSI: 0000200000000480 RDI: 00000000000000c8 [ 819.899683][ T4356] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 819.899694][ T4356] R10: 0000000000000e83 R11: 0000000000000246 R12: 0000000000000000 [ 819.899705][ T4356] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 819.899726][ T4356] [ 820.383640][ T4368] netlink: 350 bytes leftover after parsing attributes in process `syz.3.12686'. [ 820.440115][ T4371] netlink: 206 bytes leftover after parsing attributes in process `syz.1.12688'. [ 821.132802][ T4393] bridge0: port 5(syz_tun) entered blocking state [ 821.181502][ T4393] bridge0: port 5(syz_tun) entered disabled state [ 821.221273][ T4393] syz_tun: entered allmulticast mode [ 821.256314][ T4393] syz_tun: entered promiscuous mode [ 821.289569][ T4393] bridge0: port 5(syz_tun) entered blocking state [ 821.296117][ T4393] bridge0: port 5(syz_tun) entered forwarding state [ 821.968561][ T4410] bridge0: port 5(bond0) entered blocking state [ 822.016054][ T4410] bridge0: port 5(bond0) entered disabled state [ 822.040455][ T4410] bond0: entered allmulticast mode [ 822.065981][ T4410] bond_slave_0: entered allmulticast mode [ 822.094540][ T4410] bond_slave_1: entered allmulticast mode [ 822.131400][ T4410] bond0: entered promiscuous mode [ 822.155051][ T4410] bond_slave_0: entered promiscuous mode [ 822.184206][ T4410] bond_slave_1: entered promiscuous mode [ 822.218620][ T4410] bridge0: port 5(bond0) entered blocking state [ 822.225098][ T4410] bridge0: port 5(bond0) entered forwarding state [ 823.431038][ T4445] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 823.485140][ T4445] CPU: 0 UID: 0 PID: 4445 Comm: syz.1.12716 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 823.485176][ T4445] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 823.485184][ T4445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 823.485194][ T4445] Call Trace: [ 823.485201][ T4445] [ 823.485209][ T4445] dump_stack_lvl+0x100/0x190 [ 823.485242][ T4445] sysfs_warn_dup.cold+0x1c/0x28 [ 823.485290][ T4445] sysfs_do_create_link_sd+0x113/0x140 [ 823.485323][ T4445] sysfs_create_link+0x61/0xc0 [ 823.485351][ T4445] device_add+0x675/0x1950 [ 823.485381][ T4445] ? __pfx_device_add+0x10/0x10 [ 823.485405][ T4445] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 823.485427][ T4445] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 823.485521][ T4445] wiphy_register+0x1e5b/0x2d30 [ 823.485543][ T4445] ? __rtnl_unlock+0xb9/0xf0 [ 823.485592][ T4445] ? netdev_run_todo+0x750/0x12c0 [ 823.485629][ T4445] ? __pfx_wiphy_register+0x10/0x10 [ 823.485652][ T4445] ? __asan_memset+0x23/0x50 [ 823.485680][ T4445] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 823.485728][ T4445] ieee80211_register_hw+0x2cfd/0x4140 [ 823.485798][ T4445] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 823.485819][ T4445] ? __pfx___debug_object_init+0x10/0x10 [ 823.485847][ T4445] ? find_held_lock+0x2b/0x80 [ 823.485867][ T4445] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 823.485888][ T4445] ? __hrtimer_setup+0x178/0x280 [ 823.485916][ T4445] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 823.485969][ T4445] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 823.485997][ T4445] hwsim_new_radio_nl+0xc1f/0x1340 [ 823.486021][ T4445] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 823.486049][ T4445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 823.486096][ T4445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 823.486124][ T4445] genl_family_rcv_msg_doit+0x214/0x300 [ 823.486150][ T4445] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 823.486176][ T4445] ? genl_get_cmd+0x3ef/0x720 [ 823.486202][ T4445] ? bpf_lsm_capable+0x9/0x10 [ 823.486223][ T4445] ? security_capable+0x80/0x260 [ 823.486243][ T4445] ? ns_capable+0xd2/0xf0 [ 823.486264][ T4445] genl_rcv_msg+0x560/0x800 [ 823.486290][ T4445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 823.486313][ T4445] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 823.486342][ T4445] netlink_rcv_skb+0x159/0x420 [ 823.486361][ T4445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 823.486385][ T4445] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 823.486414][ T4445] ? netlink_deliver_tap+0x1ae/0xcc0 [ 823.486464][ T4445] genl_rcv+0x28/0x40 [ 823.486489][ T4445] netlink_unicast+0x5aa/0x870 [ 823.486512][ T4445] ? __pfx_netlink_unicast+0x10/0x10 [ 823.486531][ T4445] ? __pfx___might_resched+0x10/0x10 [ 823.486559][ T4445] ? __lock_acquire+0x4a5/0x2630 [ 823.486589][ T4445] netlink_sendmsg+0x8b0/0xda0 [ 823.486614][ T4445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.486632][ T4445] ? __import_iovec+0x1d2/0x640 [ 823.486659][ T4445] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 823.486701][ T4445] ____sys_sendmsg+0x9e1/0xb70 [ 823.486723][ T4445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.486745][ T4445] ? __pfx_____sys_sendmsg+0x10/0x10 [ 823.486773][ T4445] ? __pfx_futex_wake_mark+0x10/0x10 [ 823.486807][ T4445] ___sys_sendmsg+0x190/0x1e0 [ 823.486832][ T4445] ? __pfx____sys_sendmsg+0x10/0x10 [ 823.486887][ T4445] __sys_sendmsg+0x170/0x220 [ 823.486918][ T4445] ? __pfx___sys_sendmsg+0x10/0x10 [ 823.486946][ T4445] ? __x64_sys_futex+0x34f/0x4d0 [ 823.486985][ T4445] do_syscall_64+0x106/0xf80 [ 823.487003][ T4445] ? clear_bhb_loop+0x40/0x90 [ 823.487026][ T4445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.487046][ T4445] RIP: 0033:0x7f598a79c819 [ 823.487062][ T4445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 823.487080][ T4445] RSP: 002b:00007f598b61f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.487099][ T4445] RAX: ffffffffffffffda RBX: 00007f598aa15fa0 RCX: 00007f598a79c819 [ 823.487111][ T4445] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 823.487121][ T4445] RBP: 00007f598a832c91 R08: 0000000000000000 R09: 0000000000000000 [ 823.487132][ T4445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.487143][ T4445] R13: 00007f598aa16038 R14: 00007f598aa15fa0 R15: 00007ffcedbac0c8 [ 823.487167][ T4445] [ 827.882668][ T4556] netlink: 338 bytes leftover after parsing attributes in process `syz.2.12758'. [ 828.974943][ T4592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12773'. [ 829.607705][ T4612] bridge0: port 4(veth0_to_bridge) entered blocking state [ 829.632390][ T4612] bridge0: port 4(veth0_to_bridge) entered disabled state [ 829.654329][ T4612] veth0_to_bridge: entered allmulticast mode [ 829.687330][ T4612] veth0_to_bridge: entered promiscuous mode [ 829.705207][ T4612] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 829.752382][ T4612] bridge0: port 4(veth0_to_bridge) entered blocking state [ 829.759655][ T4612] bridge0: port 4(veth0_to_bridge) entered forwarding state [ 830.407363][ T4631] [U] ^C [ 830.533019][ T4636] futex_wake_op: syz.0.12791 tries to shift op by -2048; fix this program [ 830.573797][ T4636] futex_wake_op: syz.0.12791 tries to shift op by -2048; fix this program [ 831.161892][ T4651] bridge_slave_1: left allmulticast mode [ 831.187327][ T4651] bridge_slave_1: left promiscuous mode [ 831.195625][ T4651] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.373001][ T4688] netlink: 'syz.0.12812': attribute type 2 has an invalid length. [ 834.217584][ T4748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12830'. [ 834.509696][ T30] audit: type=1804 audit(4295033002.130:52): pid=4759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.12831" name="file0" dev="tmpfs" ino=15969 res=1 errno=0 [ 834.687110][ T4732] syz.3.12828 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 834.747370][ T4732] CPU: 0 UID: 0 PID: 4732 Comm: syz.3.12828 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 834.747406][ T4732] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 834.747414][ T4732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 834.747425][ T4732] Call Trace: [ 834.747431][ T4732] [ 834.747438][ T4732] dump_stack_lvl+0x100/0x190 [ 834.747473][ T4732] dump_header+0xfb/0x606 [ 834.747494][ T4732] oom_kill_process.cold+0xd/0x330 [ 834.747517][ T4732] out_of_memory+0x340/0x14f0 [ 834.747552][ T4732] ? __pfx_out_of_memory+0x10/0x10 [ 834.747587][ T4732] mem_cgroup_out_of_memory+0xc6/0x130 [ 834.747615][ T4732] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 834.747641][ T4732] ? find_held_lock+0x2b/0x80 [ 834.747665][ T4732] ? do_raw_spin_unlock+0x145/0x1e0 [ 834.747694][ T4732] ? _raw_spin_unlock+0x28/0x50 [ 834.747725][ T4732] try_charge_memcg+0x652/0xc90 [ 834.747751][ T4732] ? __pfx_try_charge_memcg+0x10/0x10 [ 834.747771][ T4732] ? rcu_read_unlock+0x17/0x60 [ 834.747792][ T4732] ? rcu_read_unlock+0x17/0x60 [ 834.747818][ T4732] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 834.747851][ T4732] obj_cgroup_charge_account+0x33d/0x640 [ 834.747877][ T4732] __memcg_slab_post_alloc_hook+0x2dc/0x990 [ 834.747908][ T4732] ? __register_sysctl_table+0xac/0x1650 [ 834.747927][ T4732] __kmalloc_noprof+0x662/0x850 [ 834.747961][ T4732] __register_sysctl_table+0xac/0x1650 [ 834.747980][ T4732] ? is_module_address+0x5f/0xf0 [ 834.748009][ T4732] ? __pfx___register_sysctl_table+0x10/0x10 [ 834.748027][ T4732] ? is_module_address+0x69/0xf0 [ 834.748051][ T4732] ? register_net_sysctl_sz+0x222/0x430 [ 834.748135][ T4732] __addrconf_sysctl_register+0x1a2/0x360 [ 834.748188][ T4732] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 834.748222][ T4732] ? lockdep_init_map_type+0x5c/0x250 [ 834.748248][ T4732] ? mld_in_v1_mode+0x2b2/0x3a0 [ 834.748313][ T4732] addrconf_sysctl_register+0x163/0x200 [ 834.748347][ T4732] ipv6_add_dev+0xaf2/0x1520 [ 834.748385][ T4732] addrconf_notify+0x563/0x19c0 [ 834.748408][ T4732] ? ip6mr_device_event+0x1bc/0x230 [ 834.748452][ T4732] notifier_call_chain+0x99/0x420 [ 834.748483][ T4732] call_netdevice_notifiers_info+0xbe/0x110 [ 834.748526][ T4732] register_netdevice+0x16e6/0x2210 [ 834.748550][ T4732] ? __pfx_register_netdevice+0x10/0x10 [ 834.748577][ T4732] register_netdev+0x34/0x50 [ 834.748595][ T4732] sit_init_net+0x2c0/0x5f0 [ 834.748651][ T4732] ? __pfx_sit_init_net+0x10/0x10 [ 834.748677][ T4732] ops_init+0x1e2/0x5f0 [ 834.748702][ T4732] setup_net+0x118/0x3a0 [ 834.748721][ T4732] ? __pfx_setup_net+0x10/0x10 [ 834.748738][ T4732] ? lockdep_init_map_type+0x5c/0x250 [ 834.748764][ T4732] ? mutex_init_lockep+0x110/0x150 [ 834.748794][ T4732] copy_net_ns+0x46f/0x7c0 [ 834.748818][ T4732] create_new_namespaces+0x3ea/0xac0 [ 834.748844][ T4732] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 834.748868][ T4732] ksys_unshare+0x473/0xad0 [ 834.748891][ T4732] ? kfree+0x2ec/0x6b0 [ 834.748914][ T4732] ? rcu_is_watching+0x12/0xc0 [ 834.748944][ T4732] ? __pfx_ksys_unshare+0x10/0x10 [ 834.748970][ T4732] ? kcov_ioctl+0x16a/0x720 [ 834.748994][ T4732] __x64_sys_unshare+0x31/0x40 [ 834.749018][ T4732] do_syscall_64+0x106/0xf80 [ 834.749036][ T4732] ? clear_bhb_loop+0x40/0x90 [ 834.749059][ T4732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.749079][ T4732] RIP: 0033:0x7f1da459c819 [ 834.749096][ T4732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 834.749114][ T4732] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 834.749132][ T4732] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 834.749144][ T4732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 834.749155][ T4732] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 834.749166][ T4732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 834.749176][ T4732] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 834.749200][ T4732] [ 835.275421][ T4732] memory: usage 3072kB, limit 3072kB, failcnt 143684 [ 835.388719][T18664] Bluetooth: hci3: Malformed LE Event: 0x0b [ 835.522548][ T4732] memory+swap: usage 7640kB, limit 9007199254740988kB, failcnt 0 [ 835.531021][ T4732] kmem: usage 3052kB, limit 9007199254740988kB, failcnt 0 [ 835.540944][ T4732] Memory cgroup stats for /syz3: [ 835.541189][ T4732] cache 0 [ 835.599443][ T4732] rss 0 [ 835.602250][ T4732] rss_huge 0 [ 835.614531][ T4732] shmem 0 [ 835.617716][ T4732] mapped_file 0 [ 835.621232][ T4732] dirty 0 [ 835.635403][ T4732] writeback 0 [ 835.645301][ T4732] workingset_refault_anon 10428 [ 835.654157][ T4732] workingset_refault_file 33614 [ 835.659039][ T4732] swap 4677632 [ 835.670957][ T4732] swapcached 569200640 [ 835.685540][ T4732] pgpgin 326995 [ 835.685644][ T4732] pgpgout 342635 [ 835.685652][ T4732] pgfault 384917 [ 835.685659][ T4732] pgmajfault 5649 [ 835.685667][ T4732] inactive_anon 0 [ 835.685674][ T4732] active_anon 20480 [ 835.685681][ T4732] inactive_file 0 [ 835.685689][ T4732] active_file 0 [ 835.685696][ T4732] unevictable 0 [ 835.685703][ T4732] hierarchical_memory_limit 3145728 [ 835.685711][ T4732] hierarchical_memsw_limit 9223372036854771712 [ 835.685721][ T4732] total_cache 0 [ 835.685728][ T4732] total_rss 0 [ 835.685735][ T4732] total_rss_huge 0 [ 835.685748][ T4732] total_shmem 0 [ 835.685756][ T4732] total_mapped_file 0 [ 835.685764][ T4732] total_dirty 0 [ 835.685771][ T4732] total_writeback 0 [ 835.685779][ T4732] total_workingset_refault_anon 10428 [ 835.685787][ T4732] total_workingset_refault_file 33614 [ 835.685795][ T4732] total_swap 4677632 [ 835.685803][ T4732] total_swapcached 569200640 [ 835.685811][ T4732] total_pgpgin 326995 [ 835.685819][ T4732] total_pgpgout 342635 [ 835.685826][ T4732] total_pgfault 384917 [ 835.685834][ T4732] total_pgmajfault 5649 [ 835.685842][ T4732] total_inactive_anon 0 [ 835.685849][ T4732] total_active_anon 20480 [ 835.685857][ T4732] total_inactive_file 0 [ 835.685865][ T4732] total_active_file 0 [ 835.685872][ T4732] total_unevictable 0 [ 835.685880][ T4732] anon_cost 1066 [ 835.685887][ T4732] file_cost 0 [ 835.685895][ T4732] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.12634,pid=4231,uid=0 [ 835.688389][ T4732] Memory cgroup out of memory: Killed process 4231 (syz.3.12634) total-vm:106460kB, anon-rss:1236kB, file-rss:20800kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 835.708037][ T6249] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 835.708141][ T6249] CPU: 0 UID: 0 PID: 6249 Comm: syz-executor Tainted: G U I L syzkaller #0 PREEMPT(full) [ 835.708171][ T6249] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 835.708179][ T6249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 835.708199][ T6249] Call Trace: [ 835.708206][ T6249] [ 835.708214][ T6249] dump_stack_lvl+0x100/0x190 [ 835.708247][ T6249] dump_header+0xfb/0x606 [ 835.708268][ T6249] oom_kill_process.cold+0xd/0x330 [ 835.708290][ T6249] out_of_memory+0x340/0x14f0 [ 835.708324][ T6249] ? __pfx_out_of_memory+0x10/0x10 [ 835.708359][ T6249] mem_cgroup_out_of_memory+0xc6/0x130 [ 835.708388][ T6249] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 835.708414][ T6249] ? find_held_lock+0x2b/0x80 [ 835.708437][ T6249] ? do_raw_spin_unlock+0x145/0x1e0 [ 835.708466][ T6249] ? _raw_spin_unlock+0x28/0x50 [ 835.708497][ T6249] try_charge_memcg+0x652/0xc90 [ 835.708523][ T6249] ? __pfx_try_charge_memcg+0x10/0x10 [ 835.708548][ T6249] ? find_held_lock+0x2b/0x80 [ 835.708566][ T6249] ? rcu_read_unlock+0x17/0x60 [ 835.708587][ T6249] ? rcu_read_unlock+0x17/0x60 [ 835.708611][ T6249] charge_memcg+0xa6/0x280 [ 835.708632][ T6249] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 835.708659][ T6249] __swap_cache_prepare_and_add+0x817/0x9f0 [ 835.708690][ T6249] ? alloc_pages_mpol+0x25a/0x550 [ 835.708712][ T6249] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 835.708734][ T6249] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 835.708762][ T6249] ? __pfx_swap_entry_swapped+0x10/0x10 [ 835.708788][ T6249] swap_cache_alloc_folio+0x1cb/0x300 [ 835.708819][ T6249] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 835.708854][ T6249] swap_cluster_readahead+0x411/0x770 [ 835.708889][ T6249] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 835.708921][ T6249] ? update_cfs_rq_load_avg+0x51/0x550 [ 835.708952][ T6249] ? get_vma_policy+0x23d/0x3b0 [ 835.708976][ T6249] swapin_readahead+0x160/0x12c0 [ 835.709011][ T6249] ? __pfx_swapin_readahead+0x10/0x10 [ 835.709038][ T6249] ? find_held_lock+0x2b/0x80 [ 835.709055][ T6249] ? swap_table_get+0x103/0x2c0 [ 835.709080][ T6249] ? swap_table_get+0x103/0x2c0 [ 835.709110][ T6249] ? swap_table_get+0x10d/0x2c0 [ 835.709136][ T6249] ? swap_cache_get_folio+0x1ae/0x600 [ 835.709164][ T6249] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 835.709196][ T6249] ? __pfx_get_swap_device+0x10/0x10 [ 835.709220][ T6249] ? do_swap_page+0xb2e/0x6900 [ 835.709246][ T6249] do_swap_page+0xb2e/0x6900 [ 835.709283][ T6249] ? __pfx_do_swap_page+0x10/0x10 [ 835.709311][ T6249] ? do_wait+0x2f3/0x5a0 [ 835.709339][ T6249] ? rcu_is_watching+0x12/0xc0 [ 835.709368][ T6249] ? __pte_offset_map+0x179/0x310 [ 835.709390][ T6249] __handle_mm_fault+0x18c7/0x2b60 [ 835.709422][ T6249] ? reacquire_held_locks+0xce/0x1e0 [ 835.709448][ T6249] ? __pfx___handle_mm_fault+0x10/0x10 [ 835.709478][ T6249] ? lock_vma_under_rcu+0x17c/0x590 [ 835.709518][ T6249] handle_mm_fault+0x36d/0xa20 [ 835.709549][ T6249] do_user_addr_fault+0x5a3/0x12f0 [ 835.709574][ T6249] exc_page_fault+0x6f/0xd0 [ 835.709593][ T6249] asm_exc_page_fault+0x26/0x30 [ 835.709611][ T6249] RIP: 0033:0x7f1da446a819 [ 835.709628][ T6249] Code: 4d 89 e5 48 89 44 24 10 49 c1 e5 04 4d 29 e5 49 c1 e5 03 e8 a9 ad 12 00 85 c0 0f 85 62 0a 00 00 48 b8 db 34 b6 d7 82 de 1b 43 <48> f7 a4 24 98 00 00 00 48 8b 05 80 af ed 00 48 69 8c 24 90 00 00 [ 835.709646][ T6249] RSP: 002b:00007ffd589eff80 EFLAGS: 00010246 [ 835.709661][ T6249] RAX: 431bde82d7b634db RBX: 0000000000001667 RCX: 0000000000027e68 [ 835.709672][ T6249] RDX: 0000000000000345 RSI: 00007f1da53e3010 RDI: 003a6a39287aaadc [ 835.709684][ T6249] RBP: 00007ffd589effbc R08: 0000000000000000 R09: 0000000000000000 [ 835.709694][ T6249] R10: 00007f1da53e3000 R11: 0000000000000001 R12: 0000000000001388 [ 835.709705][ T6249] R13: 00000000000927c0 R14: 00000000000cc7db R15: 00007ffd589f0010 [ 835.709728][ T6249] [ 835.709734][ T6249] memory: usage 3072kB, limit 3072kB, failcnt 143684 [ 835.709747][ T6249] memory+swap: usage 3528kB, limit 9007199254740988kB, failcnt 0 [ 835.709760][ T6249] kmem: usage 3052kB, limit 9007199254740988kB, failcnt 0 [ 835.709771][ T6249] Memory cgroup stats for /syz3: [ 835.709923][ T6249] cache 0 [ 835.709932][ T6249] rss 0 [ 835.709938][ T6249] rss_huge 0 [ 835.709945][ T6249] shmem 0 [ 835.709952][ T6249] mapped_file 0 [ 835.709959][ T6249] dirty 0 [ 835.709965][ T6249] writeback 0 [ 835.709972][ T6249] workingset_refault_anon 10428 [ 835.709980][ T6249] workingset_refault_file 33614 [ 835.709988][ T6249] swap 466944 [ 835.709995][ T6249] swapcached 569200640 [ 835.710003][ T6249] pgpgin 326995 [ 835.710010][ T6249] pgpgout 342635 [ 835.710017][ T6249] pgfault 384917 [ 835.710024][ T6249] pgmajfault 5649 [ 835.710031][ T6249] inactive_anon 0 [ 835.710038][ T6249] active_anon 20480 [ 835.710046][ T6249] inactive_file 0 [ 835.710053][ T6249] active_file 0 [ 835.710060][ T6249] unevictable 0 [ 835.710067][ T6249] hierarchical_memory_limit 3145728 [ 835.710075][ T6249] hierarchical_memsw_limit 9223372036854771712 [ 835.710084][ T6249] total_cache 0 [ 835.710091][ T6249] total_rss 0 [ 835.710098][ T6249] total_rss_huge 0 [ 835.710105][ T6249] total_shmem 0 [ 835.710112][ T6249] total_mapped_file 0 [ 835.710119][ T6249] total_dirty 0 [ 835.710126][ T6249] total_writeback 0 [ 835.710133][ T6249] total_workingset_refault_anon 10428 [ 835.710142][ T6249] total_workingset_refault_file 33614 [ 835.710150][ T6249] total_swap 466944 [ 835.710158][ T6249] total_swapcached 569200640 [ 835.710165][ T6249] total_pgpgin 326995 [ 835.710173][ T6249] total_pgpgout 342635 [ 835.710186][ T6249] total_pgfault 384917 [ 835.710194][ T6249] total_pgmajfault 5649 [ 835.710201][ T6249] total_inactive_anon 0 [ 835.710209][ T6249] total_active_anon 20480 [ 835.710216][ T6249] total_inactive_file 0 [ 835.710224][ T6249] total_active_file 0 [ 835.710231][ T6249] total_unevictable 0 [ 835.710239][ T6249] anon_cost 1066 [ 835.710246][ T6249] file_cost 0 [ 835.710253][ T6249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.12828,pid=4731,uid=0 [ 835.712135][ T6249] Memory cgroup out of memory: Killed process 4731 (syz.3.12828) total-vm:102360kB, anon-rss:1232kB, file-rss:22304kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 835.741499][ T4748] ieee80211 phy41: Selected rate control algorithm 'minstrel_ht' [ 836.980491][ T4836] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12853'. [ 837.788854][ T4866] FAULT_INJECTION: forcing a failure. [ 837.788854][ T4866] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 837.788890][ T4866] CPU: 0 UID: 0 PID: 4866 Comm: syz.3.12865 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 837.788919][ T4866] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 837.788927][ T4866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 837.788938][ T4866] Call Trace: [ 837.788944][ T4866] [ 837.788950][ T4866] dump_stack_lvl+0x100/0x190 [ 837.788983][ T4866] should_fail_ex.cold+0x5/0xa [ 837.789001][ T4866] ? prepare_alloc_pages+0x16d/0x5f0 [ 837.789027][ T4866] should_fail_alloc_page+0xeb/0x140 [ 837.789049][ T4866] prepare_alloc_pages+0x1f0/0x5f0 [ 837.789071][ T4866] ? unwind_get_return_address+0x59/0xa0 [ 837.789096][ T4866] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 837.789132][ T4866] ? stack_trace_save+0x8e/0xc0 [ 837.789151][ T4866] ? __pfx_stack_trace_save+0x10/0x10 [ 837.789170][ T4866] ? stack_depot_save_flags+0x27/0x9d0 [ 837.789196][ T4866] ? find_held_lock+0x2b/0x80 [ 837.789214][ T4866] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 837.789246][ T4866] ? kasan_save_stack+0x3f/0x50 [ 837.789270][ T4866] ? kasan_save_track+0x14/0x30 [ 837.789286][ T4866] ? __kasan_slab_alloc+0x89/0x90 [ 837.789304][ T4866] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 837.789332][ T4866] ? security_inode_alloc+0x3b/0x2c0 [ 837.789352][ T4866] ? inode_init_always_gfp+0xced/0x1040 [ 837.789370][ T4866] ? alloc_inode+0x8e/0x250 [ 837.789394][ T4866] ? sock_alloc+0x44/0x280 [ 837.789411][ T4866] ? __sock_create+0xc2/0x860 [ 837.789431][ T4866] ? __sys_socket+0x14d/0x260 [ 837.789462][ T4866] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 837.789487][ T4866] ? policy_nodemask+0xed/0x4f0 [ 837.789509][ T4866] alloc_pages_mpol+0x1fb/0x550 [ 837.789530][ T4866] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 837.789556][ T4866] ? sk_prot_alloc+0x10b/0x2a0 [ 837.789575][ T4866] ___kmalloc_large_node+0x104/0x150 [ 837.789600][ T4866] __kmalloc_large_node_noprof+0x1c/0x70 [ 837.789625][ T4866] __kmalloc_noprof+0x5be/0x850 [ 837.789658][ T4866] sk_prot_alloc+0x10b/0x2a0 [ 837.789681][ T4866] sk_alloc+0x36/0xe80 [ 837.789708][ T4866] can_create+0x1e5/0x630 [ 837.789739][ T4866] __sock_create+0x339/0x860 [ 837.789764][ T4866] __sys_socket+0x14d/0x260 [ 837.789788][ T4866] ? __pfx___sys_socket+0x10/0x10 [ 837.789818][ T4866] __x64_sys_socket+0x72/0xb0 [ 837.789841][ T4866] ? lockdep_hardirqs_on+0x78/0x100 [ 837.789859][ T4866] do_syscall_64+0x106/0xf80 [ 837.789876][ T4866] ? clear_bhb_loop+0x40/0x90 [ 837.789900][ T4866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.789919][ T4866] RIP: 0033:0x7f1da459c819 [ 837.789935][ T4866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 837.789952][ T4866] RSP: 002b:00007f1da53e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 837.789970][ T4866] RAX: ffffffffffffffda RBX: 00007f1da4815fa0 RCX: 00007f1da459c819 [ 837.789982][ T4866] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 837.789992][ T4866] RBP: 00007f1da4632c91 R08: 0000000000000000 R09: 0000000000000000 [ 837.790002][ T4866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.790013][ T4866] R13: 00007f1da4816038 R14: 00007f1da4815fa0 R15: 00007ffd589efc18 [ 837.790036][ T4866] [ 907.487989][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 907.498800][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 955.003217][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 955.003242][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P3938/1:b..l P6231/1:b..l [ 955.003915][ C0] rcu: (detected by 0, t=10502 jiffies, g=180821, q=563 ncpus=1) [ 955.003930][ C0] task:udevd state:R running task stack:24600 pid:6231 tgid:6231 ppid:5195 task_flags:0x40014c flags:0x00080000 [ 955.003973][ C0] Call Trace: [ 955.003979][ C0] [ 955.003989][ C0] __schedule+0xfee/0x6120 [ 955.004022][ C0] ? is_bpf_text_address+0x8a/0x1a0 [ 955.004049][ C0] ? is_bpf_text_address+0x8a/0x1a0 [ 955.004077][ C0] ? kernel_text_address+0x8d/0x100 [ 955.004099][ C0] ? arch_stack_walk+0xa6/0xf0 [ 955.004115][ C0] ? __kernel_text_address+0xd/0x30 [ 955.004138][ C0] ? __pfx___schedule+0x10/0x10 [ 955.004161][ C0] ? mark_held_locks+0x40/0x70 [ 955.004183][ C0] preempt_schedule_irq+0x50/0x90 [ 955.004205][ C0] irqentry_exit+0x17b/0x670 [ 955.004222][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 955.004241][ C0] RIP: 0010:lock_acquire+0x5e/0x380 [ 955.004260][ C0] Code: 05 3b 5d 29 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 06 80 f5 0e 0f 82 c2 02 00 00 8b 35 ce b3 f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 5c 29 12 0f 85 02 03 00 00 48 83 c4 [ 955.004274][ C0] RSP: 0018:ffffc900039675f0 EFLAGS: 00000206 [ 955.004288][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 [ 955.004297][ C0] RDX: 0000000000000000 RSI: ffffffff8de5c59f RDI: ffffffff8c1b19a0 [ 955.004307][ C0] RBP: ffffffff8e7e7760 R08: 00000000f4608c0d R09: 0000000000000007 [ 955.004316][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 955.004325][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 955.004349][ C0] unwind_next_frame+0xd1/0x1ea0 [ 955.004365][ C0] ? unwind_next_frame+0xbd/0x1ea0 [ 955.004380][ C0] ? __unwind_start+0x2fb/0x7f0 [ 955.004395][ C0] ? get_stack_info_noinstr+0x18/0x130 [ 955.004418][ C0] __unwind_start+0x3d1/0x7f0 [ 955.004434][ C0] ? unwind_get_return_address+0x59/0xa0 [ 955.004450][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 955.004469][ C0] arch_stack_walk+0x73/0xf0 [ 955.004487][ C0] ? __unwind_start+0x2fb/0x7f0 [ 955.004505][ C0] ? tear_down_vmas+0x2a5/0x600 [ 955.004524][ C0] stack_trace_save+0x8e/0xc0 [ 955.004541][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 955.004560][ C0] ? tear_down_vmas+0x2a5/0x600 [ 955.004577][ C0] ? kasan_save_stack+0x3f/0x50 [ 955.004593][ C0] ? kasan_save_stack+0x30/0x50 [ 955.004609][ C0] kasan_save_stack+0x30/0x50 [ 955.004651][ C0] kasan_record_aux_stack+0xa7/0xc0 [ 955.004672][ C0] kmem_cache_free+0x434/0x6a0 [ 955.004706][ C0] tear_down_vmas+0x2a5/0x600 [ 955.004727][ C0] exit_mmap+0x469/0xa30 [ 955.004748][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 955.004766][ C0] ? trace_contention_end+0x140/0x180 [ 955.004792][ C0] ? uprobe_clear_state+0x5f/0x360 [ 955.004808][ C0] ? uprobe_clear_state+0x5f/0x360 [ 955.004826][ C0] ? __lock_acquire+0x4a5/0x2630 [ 955.004852][ C0] ? arch_uprobe_clear_state+0x107/0x150 [ 955.004879][ C0] __mmput+0x12a/0x410 [ 955.004898][ C0] mmput+0x67/0x80 [ 955.004913][ C0] do_exit+0x819/0x2b60 [ 955.004934][ C0] ? do_raw_spin_lock+0x128/0x260 [ 955.004955][ C0] ? __pfx_do_exit+0x10/0x10 [ 955.004972][ C0] ? do_group_exit+0x1bd/0x2a0 [ 955.004992][ C0] ? rcu_is_watching+0x12/0xc0 [ 955.005017][ C0] do_group_exit+0xd5/0x2a0 [ 955.005037][ C0] __x64_sys_exit_group+0x3e/0x50 [ 955.005057][ C0] x64_sys_call+0x102c/0x1530 [ 955.005075][ C0] do_syscall_64+0x106/0xf80 [ 955.005090][ C0] ? clear_bhb_loop+0x40/0x90 [ 955.005108][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.005123][ C0] RIP: 0033:0x7fb0c3ef16c5 [ 955.005137][ C0] RSP: 002b:00007ffc895f7788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 955.005151][ C0] RAX: ffffffffffffffda RBX: 000056344b6630b0 RCX: 00007fb0c3ef16c5 [ 955.005161][ C0] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000 [ 955.005170][ C0] RBP: 000056344b5fe910 R08: 0000000000000000 R09: 0000000000000000 [ 955.005179][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 955.005188][ C0] R13: 00007ffc895f77d0 R14: 0000000000000000 R15: 0000000000000000 [ 955.005206][ C0] [ 955.005212][ C0] task:kworker/0:0 state:R running task stack:26360 pid:3938 tgid:3938 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 955.005266][ C0] Workqueue: events ovs_dp_masks_rebalance [ 955.005319][ C0] Call Trace: [ 955.005324][ C0] [ 955.005332][ C0] __schedule+0xfee/0x6120 [ 955.005353][ C0] ? __lock_acquire+0x4a5/0x2630 [ 955.005381][ C0] ? __pfx___schedule+0x10/0x10 [ 955.005404][ C0] ? mark_held_locks+0x40/0x70 [ 955.005424][ C0] preempt_schedule_irq+0x50/0x90 [ 955.005446][ C0] irqentry_exit+0x17b/0x670 [ 955.005463][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 955.005479][ C0] RIP: 0010:lock_release+0x75/0x320 [ 955.005498][ C0] Code: f5 0e 45 85 c0 0f 84 48 01 00 00 65 8b 05 eb 9e 29 12 85 c0 0f 85 39 01 00 00 65 4c 8b 25 6b 57 29 12 41 8b bc 24 54 0b 00 00 <85> ff 0f 85 21 01 00 00 48 81 3b 40 a7 14 94 0f 84 14 01 00 00 9c [ 955.005511][ C0] RSP: 0018:ffffc90004647700 EFLAGS: 00000246 [ 955.005523][ C0] RAX: 0000000000000000 RBX: ffffffff8e7e7760 RCX: ffffffff917a1201 [ 955.005533][ C0] RDX: 0000000000000000 RSI: ffffffff8c1b1920 RDI: 0000000000000000 [ 955.005542][ C0] RBP: ffffffff81b7c2fe R08: 0000000000000001 R09: 0000000000000007 [ 955.005551][ C0] R10: 0000000000000200 R11: 000000000000cf19 R12: ffff88803128db80 [ 955.005560][ C0] R13: ffffc900046477b8 R14: ffffc90004647db0 R15: ffffc900046477ec [ 955.005572][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 955.005597][ C0] unwind_next_frame+0x3c3/0x1ea0 [ 955.005613][ C0] ? process_one_work+0xa23/0x19a0 [ 955.005636][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 955.005654][ C0] arch_stack_walk+0x94/0xf0 [ 955.005672][ C0] ? worker_thread+0x5ef/0xe50 [ 955.005701][ C0] stack_trace_save+0x8e/0xc0 [ 955.005717][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 955.005734][ C0] ? __lock_acquire+0x4a5/0x2630 [ 955.005752][ C0] ? __lock_acquire+0x4a5/0x2630 [ 955.005771][ C0] save_stack+0x162/0x1e0 [ 955.005786][ C0] ? __pfx_save_stack+0x10/0x10 [ 955.005804][ C0] ? __free_frozen_pages+0x7e1/0x10d0 [ 955.005823][ C0] ? qlist_free_all+0x47/0xe0 [ 955.005843][ C0] ? kasan_quarantine_reduce+0x1a0/0x1f0 [ 955.005864][ C0] ? __kasan_kmalloc+0x8a/0xb0 [ 955.005877][ C0] ? __kmalloc_noprof+0x301/0x850 [ 955.005897][ C0] ? ovs_flow_masks_rebalance+0xde/0xa00 [ 955.005933][ C0] ? ovs_dp_masks_rebalance+0x64/0xf0 [ 955.005951][ C0] ? process_one_work+0xa23/0x19a0 [ 955.005974][ C0] ? page_ext_put+0x3e/0xd0 [ 955.005992][ C0] __reset_page_owner+0x84/0x190 [ 955.006010][ C0] __free_frozen_pages+0x7e1/0x10d0 [ 955.006033][ C0] ? ovs_flow_masks_rebalance+0xde/0xa00 [ 955.006052][ C0] qlist_free_all+0x47/0xe0 [ 955.006074][ C0] kasan_quarantine_reduce+0x1a0/0x1f0 [ 955.006098][ C0] __kasan_kmalloc+0x8a/0xb0 [ 955.006113][ C0] __kmalloc_noprof+0x301/0x850 [ 955.006139][ C0] ovs_flow_masks_rebalance+0xde/0xa00 [ 955.006165][ C0] ovs_dp_masks_rebalance+0x64/0xf0 [ 955.006186][ C0] process_one_work+0xa23/0x19a0 [ 955.006214][ C0] ? __pfx_process_one_work+0x10/0x10 [ 955.006240][ C0] ? __pfx_ovs_dp_masks_rebalance+0x10/0x10 [ 955.006262][ C0] worker_thread+0x5ef/0xe50 [ 955.006287][ C0] ? __pfx_worker_thread+0x10/0x10 [ 955.006308][ C0] ? kthread+0x13a/0x450 [ 955.006326][ C0] ? __pfx_worker_thread+0x10/0x10 [ 955.006345][ C0] kthread+0x370/0x450 [ 955.006363][ C0] ? __pfx_kthread+0x10/0x10 [ 955.006383][ C0] ret_from_fork+0x754/0xd80 [ 955.006407][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 955.006431][ C0] ? __switch_to+0x7b4/0x1120 [ 955.006449][ C0] ? __pfx_kthread+0x10/0x10 [ 955.006470][ C0] ret_from_fork_asm+0x1a/0x30 [ 955.006497][ C0] [ 955.593241][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 955.603851][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.920342][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.920623][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.922040][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.922283][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.922994][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.923230][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.923803][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.924036][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.924641][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 993.924875][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 996.241465][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 996.253215][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.895029][ C0] net_ratelimit: 9800 callbacks suppressed [ 998.895050][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.895286][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.896215][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.896447][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.897365][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.897605][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.898525][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.898758][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.899650][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 998.899882][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1002.202598][ T31] INFO: task khugepaged:38 blocked for more than 149 seconds. [ 1002.202626][ T31] Tainted: G U I L syzkaller #0 [ 1002.202638][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.202646][ T31] task:khugepaged state:D stack:23560 pid:38 tgid:38 ppid:2 task_flags:0x200040 flags:0x00080000 [ 1002.202700][ T31] Call Trace: [ 1002.202707][ T31] [ 1002.202719][ T31] __schedule+0xfee/0x6120 [ 1002.202756][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1002.202794][ T31] ? __pfx___schedule+0x10/0x10 [ 1002.202823][ T31] ? find_held_lock+0x2b/0x80 [ 1002.202844][ T31] ? schedule+0x2bf/0x390 [ 1002.202877][ T31] schedule+0xdd/0x390 [ 1002.202907][ T31] schedule_timeout+0x1b2/0x280 [ 1002.202936][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1002.202971][ T31] ? mark_held_locks+0x40/0x70 [ 1002.203000][ T31] __wait_for_common+0x2e7/0x4c0 [ 1002.203020][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1002.203051][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1002.203071][ T31] ? touch_wq_lockdep_map+0x9c/0x1c0 [ 1002.203097][ T31] ? find_held_lock+0x2b/0x80 [ 1002.203116][ T31] ? __flush_work+0x928/0xcb0 [ 1002.203146][ T31] ? __flush_work+0x928/0xcb0 [ 1002.203178][ T31] ? __flush_work+0x4ca/0xcb0 [ 1002.203216][ T31] __flush_work+0x7c7/0xcb0 [ 1002.203257][ T31] ? __pfx___flush_work+0x10/0x10 [ 1002.203290][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 1002.203323][ T31] ? __pfx___might_resched+0x10/0x10 [ 1002.203354][ T31] ? queue_work_on+0x11b/0x1e0 [ 1002.203383][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 1002.203412][ T31] __lru_add_drain_all+0x416/0x650 [ 1002.203439][ T31] khugepaged+0x114/0x16a0 [ 1002.203473][ T31] ? __pfx_khugepaged+0x10/0x10 [ 1002.203497][ T31] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1002.203521][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1002.203546][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1002.203573][ T31] ? find_held_lock+0x2b/0x80 [ 1002.203592][ T31] ? __kthread_parkme+0xbb/0x230 [ 1002.203621][ T31] ? __kthread_parkme+0x18c/0x230 [ 1002.203646][ T31] ? kthread+0x13a/0x450 [ 1002.203672][ T31] ? __pfx_khugepaged+0x10/0x10 [ 1002.203695][ T31] kthread+0x370/0x450 [ 1002.203721][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.203749][ T31] ret_from_fork+0x754/0xd80 [ 1002.203781][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1002.203814][ T31] ? __switch_to+0x7b4/0x1120 [ 1002.203837][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.203866][ T31] ret_from_fork_asm+0x1a/0x30 [ 1002.203900][ T31] [ 1002.203974][ T31] INFO: task syz.2.12841:4784 blocked for more than 149 seconds. [ 1002.203990][ T31] Tainted: G U I L syzkaller #0 [ 1002.204001][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.204009][ T31] task:syz.2.12841 state:D stack:28248 pid:4784 tgid:4778 ppid:6257 task_flags:0x400040 flags:0x00080002 [ 1002.204063][ T31] Call Trace: [ 1002.204070][ T31] [ 1002.204080][ T31] __schedule+0xfee/0x6120 [ 1002.204111][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1002.204148][ T31] ? __pfx___schedule+0x10/0x10 [ 1002.204178][ T31] ? find_held_lock+0x2b/0x80 [ 1002.204198][ T31] ? schedule+0x2bf/0x390 [ 1002.204231][ T31] schedule+0xdd/0x390 [ 1002.204271][ T31] schedule_timeout+0x1b2/0x280 [ 1002.204298][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1002.204334][ T31] ? mark_held_locks+0x40/0x70 [ 1002.204363][ T31] __down_common+0x396/0x790 [ 1002.204389][ T31] ? __pfx___down_common+0x10/0x10 [ 1002.204417][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1002.204450][ T31] ? _raw_spin_lock_irqsave+0x52/0x60 [ 1002.204482][ T31] ? __pfx_rotate_show+0x10/0x10 [ 1002.204547][ T31] down+0x74/0xa0 [ 1002.204568][ T31] console_lock+0x5b/0xa0 [ 1002.204595][ T31] rotate_show+0x15/0x200 [ 1002.204616][ T31] dev_attr_show+0x52/0xa0 [ 1002.204647][ T31] ? __pfx_dev_attr_show+0x10/0x10 [ 1002.204674][ T31] sysfs_kf_seq_show+0x217/0x3a0 [ 1002.204707][ T31] seq_read_iter+0x32f/0x1270 [ 1002.204749][ T31] kernfs_fop_read_iter+0x46c/0x610 [ 1002.204774][ T31] ? rw_verify_area+0xce/0x6d0 [ 1002.204804][ T31] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1002.204830][ T31] vfs_read+0x825/0xb30 [ 1002.204852][ T31] ? __pfx_vfs_read+0x10/0x10 [ 1002.204886][ T31] ksys_read+0x12a/0x250 [ 1002.204905][ T31] ? __pfx_ksys_read+0x10/0x10 [ 1002.204931][ T31] do_syscall_64+0x106/0xf80 [ 1002.204951][ T31] ? clear_bhb_loop+0x40/0x90 [ 1002.204976][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.204998][ T31] RIP: 0033:0x7fdc01d9c819 [ 1002.205015][ T31] RSP: 002b:00007fdc02c06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1002.205035][ T31] RAX: ffffffffffffffda RBX: 00007fdc02016090 RCX: 00007fdc01d9c819 [ 1002.205048][ T31] RDX: 0000000006864a34 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1002.205061][ T31] RBP: 00007fdc01e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1002.205073][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1002.205085][ T31] R13: 00007fdc02016128 R14: 00007fdc02016090 R15: 00007ffdf00c16c8 [ 1002.205110][ T31] [ 1002.205126][ T31] [ 1002.205126][ T31] Showing all locks held in the system: [ 1002.205160][ T31] 1 lock held by khungtaskd/31: [ 1002.205172][ T31] #0: ffffffff8e7e7760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1002.205235][ T31] 1 lock held by khugepaged/38: [ 1002.205245][ T31] #0: ffffffff8e938b08 (lock#5){+.+.}-{4:4}, at: __lru_add_drain_all+0x6a/0x650 [ 1002.205305][ T31] 2 locks held by kworker/0:2/1212: [ 1002.205326][ T31] 2 locks held by kworker/R-bat_e/3410: [ 1002.205338][ T31] 1 lock held by dhcpcd/5489: [ 1002.205350][ T31] 4 locks held by sshd-session/5813: [ 1002.205361][ T31] 1 lock held by syz-executor/5814: [ 1002.205373][ T31] 2 locks held by udevd/6231: [ 1002.205383][ T31] 1 lock held by udevd/6234: [ 1002.205400][ T31] 4 locks held by syz-executor/6251: [ 1002.205415][ T31] 3 locks held by kworker/u10:0/18311: [ 1002.205426][ T31] 3 locks held by kworker/u10:1/18317: [ 1002.205437][ T31] 3 locks held by kworker/u10:2/18358: [ 1002.205448][ T31] 3 locks held by kworker/u10:3/18497: [ 1002.205459][ T31] 3 locks held by kworker/u10:4/19121: [ 1002.205471][ T31] 2 locks held by getty/32127: [ 1002.205482][ T31] #0: ffff8880373f10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1002.205541][ T31] #1: ffffc9000544b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1002.205593][ T31] 5 locks held by kworker/0:0/3938: [ 1002.205604][ T31] 6 locks held by syz.2.12841/4779: [ 1002.205615][ T31] 4 locks held by syz.2.12841/4784: [ 1002.205626][ T31] #0: ffff888021f9b278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1002.205676][ T31] #1: ffff8880545439e0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x1270 [ 1002.205734][ T31] #2: ffff888032a73488 (&of->mutex){+.+.}-{4:4}, at: kernfs_seq_start+0x4f/0x2a0 [ 1002.205784][ T31] #3: ffff8880206ecd28 (kn->active#128){.+.+}-{0:0}, at: kernfs_seq_start+0xbc/0x2a0 [ 1002.205845][ T31] 1 lock held by syz.1.12859/4850: [ 1002.205856][ T31] 3 locks held by kworker/u10:5/4868: [ 1002.205868][ T31] [ 1002.205873][ T31] ============================================= [ 1002.205873][ T31] [ 1002.205881][ T31] NMI backtrace for cpu 0 [ 1002.205895][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1002.205924][ T31] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1002.205932][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1002.205942][ T31] Call Trace: [ 1002.205948][ T31] [ 1002.205955][ T31] dump_stack_lvl+0x100/0x190 [ 1002.205983][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1002.206015][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1002.206044][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1002.206095][ T31] sys_info+0x141/0x190 [ 1002.206116][ T31] watchdog+0xd25/0x1050 [ 1002.206141][ T31] ? __pfx_watchdog+0x10/0x10 [ 1002.206160][ T31] ? __kthread_parkme+0x18c/0x230 [ 1002.206184][ T31] ? kthread+0x13a/0x450 [ 1002.206207][ T31] ? __pfx_watchdog+0x10/0x10 [ 1002.206225][ T31] kthread+0x370/0x450 [ 1002.206249][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.206276][ T31] ret_from_fork+0x754/0xd80 [ 1002.206305][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1002.206336][ T31] ? __switch_to+0x7b4/0x1120 [ 1002.206356][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.206383][ T31] ret_from_fork_asm+0x1a/0x30 [ 1002.206419][ T31] [ 1002.206436][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1002.206450][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1002.206478][ T31] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1002.206487][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1002.206497][ T31] Call Trace: [ 1002.206504][ T31] [ 1002.206510][ T31] dump_stack_lvl+0x100/0x190 [ 1002.206539][ T31] vpanic+0x552/0x970 [ 1002.206558][ T31] ? __pfx_vpanic+0x10/0x10 [ 1002.206577][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1002.206603][ T31] ? rcu_is_watching+0x12/0xc0 [ 1002.206636][ T31] panic+0xd1/0xe0 [ 1002.206654][ T31] ? __pfx_panic+0x10/0x10 [ 1002.206673][ T31] ? nmi_cpu_backtrace+0x79/0x200 [ 1002.206700][ T31] ? nmi_trigger_cpumask_backtrace+0x1be/0x230 [ 1002.206726][ T31] ? watchdog.cold+0x198/0x1ca [ 1002.206746][ T31] ? watchdog+0xd35/0x1050 [ 1002.206767][ T31] watchdog.cold+0x1a9/0x1ca [ 1002.206793][ T31] ? __pfx_watchdog+0x10/0x10 [ 1002.206813][ T31] ? __kthread_parkme+0x18c/0x230 [ 1002.206837][ T31] ? kthread+0x13a/0x450 [ 1002.206862][ T31] ? __pfx_watchdog+0x10/0x10 [ 1002.206880][ T31] kthread+0x370/0x450 [ 1002.206905][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.206932][ T31] ret_from_fork+0x754/0xd80 [ 1002.206962][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1002.206993][ T31] ? __switch_to+0x7b4/0x1120 [ 1002.207015][ T31] ? __pfx_kthread+0x10/0x10 [ 1002.207042][ T31] ret_from_fork_asm+0x1a/0x30 [ 1002.207073][ T31] [ 1002.207161][ T31] Kernel Offset: disabled