last executing test programs: 4.372094028s ago: executing program 1 (id=11523): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(r0, 0x114, 0x1, 0x0, 0x1b) 3.913399745s ago: executing program 1 (id=11531): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) pipe$auto(0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0xd76}, 0x2, 0x5) 3.477124886s ago: executing program 1 (id=11538): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x40) prctl$auto(0x4d, 0x10001, 0x0, 0xffeffffffffffffc, 0x0) socket(0x1e, 0x4, 0x0) 1.172455201s ago: executing program 3 (id=11574): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GET2(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60040010}, 0x10) 1.134051913s ago: executing program 3 (id=11575): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x8, 0x2000000000002) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, 0x10000000000402) 1.103490818s ago: executing program 3 (id=11576): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd1\x00', 0x8000, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 1.070269113s ago: executing program 3 (id=11577): socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) shutdown$auto(0x200000003, 0x1) 811.449056ms ago: executing program 1 (id=11581): r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0\x00') rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') 736.759717ms ago: executing program 2 (id=11582): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r0, &(0x7f0000000000)='system.posix_acl_access\x00') 703.32117ms ago: executing program 0 (id=11583): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x4b, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040)='+', 0x0) 611.708417ms ago: executing program 2 (id=11584): socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) getpeername$auto(0x3, 0x0, 0x0) 575.944583ms ago: executing program 0 (id=11585): r0 = openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bdi/7:11/wb_stats\x00', 0x2080, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f00000002c0)={0x2, 0x80, 0xffff, 0x5, &(0x7f0000000380)="d17ff256258d1c", 0xc694, 0x3, 0x80005, @stream_id=0x10000, 0x2004b, 0x471, 0x0}) close_range$auto(r0, r1, 0x0) 483.404415ms ago: executing program 2 (id=11586): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) sendto$auto(r0, 0x0, 0xb, 0xc, &(0x7f0000000000), 0x1c) 468.149248ms ago: executing program 1 (id=11587): socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) setsockopt$auto(0x4, 0x0, 0x480, 0xfffffffffffffffe, 0x0) 455.287474ms ago: executing program 0 (id=11588): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) ioctl$auto_USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0) 356.198254ms ago: executing program 2 (id=11589): r0 = setfsuid$auto(0xee00) r1 = setfsuid$auto(0xee01) setresuid$auto(r0, r1, r0) setresuid$auto(r1, 0xffffffffffffffff, 0x0) 331.939368ms ago: executing program 0 (id=11590): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x8, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r0, 0x40f, 0x4) 237.513271ms ago: executing program 2 (id=11591): close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x80003, 0x300) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/discover\x00', 0x541, 0x0) write$auto(0x3, 0x0, 0xfdef) 201.650721ms ago: executing program 0 (id=11592): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x7ffe) 179.06609ms ago: executing program 1 (id=11593): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) listen$auto(0x3, 0x81) 161.820095ms ago: executing program 3 (id=11594): socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) arch_prctl$auto(0x1021, 0x3) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) 57.66476ms ago: executing program 0 (id=11595): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x50) 29.074068ms ago: executing program 2 (id=11596): r0 = socket(0x2, 0x80002, 0x73) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf6, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3b}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 0s ago: executing program 3 (id=11597): setresuid$auto(0xee01, 0x1000, 0x607) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000000)={0x14, r0, 0xb77b02080cac5bcb, 0x70bd28, 0x259fdbff}, 0x14}}, 0x82) kernel console output (not intermixed with test programs): syzkaller #0 PREEMPT(full) [ 429.989106][T22491] Tainted: [U]=USER [ 429.989111][T22491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 429.989120][T22491] Call Trace: [ 429.989125][T22491] [ 429.989131][T22491] dump_stack_lvl+0x100/0x190 [ 429.989159][T22491] should_fail_ex.cold+0x5/0xa [ 429.989177][T22491] should_failslab+0xc2/0x120 [ 429.989200][T22491] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 429.989220][T22491] ? __anon_vma_prepare+0xae/0x5e0 [ 429.989243][T22491] __anon_vma_prepare+0xae/0x5e0 [ 429.989260][T22491] ? do_raw_spin_lock+0x128/0x260 [ 429.989282][T22491] __vmf_anon_prepare+0x11f/0x250 [ 429.989298][T22491] do_huge_pmd_anonymous_page+0x15c/0x1a60 [ 429.989320][T22491] ? __pmd_alloc+0x6aa/0x9c0 [ 429.989336][T22491] __handle_mm_fault+0x1e9e/0x2b60 [ 429.989357][T22491] ? mt_find+0x45e/0x8e0 [ 429.989375][T22491] ? __pfx___handle_mm_fault+0x10/0x10 [ 429.989391][T22491] ? __pfx_mt_find+0x10/0x10 [ 429.989423][T22491] handle_mm_fault+0x36d/0xa20 [ 429.989444][T22491] __get_user_pages+0xf9c/0x34d0 [ 429.989466][T22491] ? __pfx___get_user_pages+0x10/0x10 [ 429.989486][T22491] populate_vma_page_range+0x267/0x3f0 [ 429.989503][T22491] ? __pfx_populate_vma_page_range+0x10/0x10 [ 429.989518][T22491] ? __pfx_find_vma_intersection+0x10/0x10 [ 429.989541][T22491] ? do_mmap+0x93f/0x12f0 [ 429.989557][T22491] __mm_populate+0x107/0x3a0 [ 429.989573][T22491] ? __pfx___mm_populate+0x10/0x10 [ 429.989598][T22491] ? up_write+0x290/0x4f0 [ 429.989619][T22491] vm_mmap_pgoff+0x37f/0x470 [ 429.989636][T22491] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 429.989653][T22491] ? do_futex+0x192/0x350 [ 429.989671][T22491] ? __pfx_do_futex+0x10/0x10 [ 429.989692][T22491] ksys_mmap_pgoff+0xe1/0x650 [ 429.989715][T22491] ? __x64_sys_futex+0x34f/0x4d0 [ 429.989731][T22491] ? __x64_sys_futex+0x358/0x4d0 [ 429.989748][T22491] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 429.989771][T22491] ? xfd_validate_state+0x129/0x190 [ 429.989794][T22491] __x64_sys_mmap+0x125/0x190 [ 429.989816][T22491] do_syscall_64+0x106/0xf80 [ 429.989832][T22491] ? clear_bhb_loop+0x40/0x90 [ 429.989849][T22491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.989864][T22491] RIP: 0033:0x7f98ff99c629 [ 429.989878][T22491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 429.989892][T22491] RSP: 002b:00007f98fdbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 429.989907][T22491] RAX: ffffffffffffffda RBX: 00007f98ffc15fa0 RCX: 00007f98ff99c629 [ 429.989917][T22491] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 429.989926][T22491] RBP: 00007f98ffa32b39 R08: 0000000000000002 R09: 0000000000008000 [ 429.989935][T22491] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 429.989943][T22491] R13: 00007f98ffc16038 R14: 00007f98ffc15fa0 R15: 00007ffd08a30b08 [ 429.989963][T22491] [ 430.369077][T22499] ICMPv6: process `syz.1.7583' is using deprecated sysctl (syscall) net.ipv6.neigh.team_slave_0.base_reachable_time - use net.ipv6.neigh.team_slave_0.base_reachable_time_ms instead [ 430.918190][T22522] program syz.0.7592 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 431.126535][T22530] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 431.168033][T22530] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 431.866127][T22568] netlink: 'syz.1.7615': attribute type 1 has an invalid length. [ 431.928689][T22568] netlink: 33 bytes leftover after parsing attributes in process `syz.1.7615'. [ 434.200529][T22685] netlink: Unknown conntrack attr (type=257, max=9) [ 434.685292][T22708] netlink: zone id is out of range [ 434.706319][T22708] netlink: zone id is out of range [ 435.484673][T22740] netlink: set zone limit has 8 unknown bytes [ 435.663948][T22748] nfsd: Unknown parameter '*' [ 435.724745][T22752] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 436.324448][T22776] FAULT_INJECTION: forcing a failure. [ 436.324448][T22776] name failslab, interval 1, probability 0, space 0, times 0 [ 436.376781][T22779] FAULT_INJECTION: forcing a failure. [ 436.376781][T22779] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 436.401919][T22776] CPU: 0 UID: 0 PID: 22776 Comm: syz.0.7702 Tainted: G U L syzkaller #0 PREEMPT(full) [ 436.401949][T22776] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 436.401955][T22776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 436.401964][T22776] Call Trace: [ 436.401970][T22776] [ 436.401975][T22776] dump_stack_lvl+0x100/0x190 [ 436.402003][T22776] should_fail_ex.cold+0x5/0xa [ 436.402021][T22776] should_failslab+0xc2/0x120 [ 436.402043][T22776] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 436.402066][T22776] ? kstrdup_const+0x63/0x80 [ 436.402091][T22776] kstrdup+0x51/0xe0 [ 436.402111][T22776] kstrdup_const+0x63/0x80 [ 436.402131][T22776] alloc_vfsmnt+0xe5/0x6a0 [ 436.402147][T22776] ? __pfx___might_resched+0x10/0x10 [ 436.402168][T22776] clone_mnt+0x4b/0x930 [ 436.402188][T22776] copy_tree+0xfc/0xbf0 [ 436.402205][T22776] ? __pfx_down_write+0x10/0x10 [ 436.402233][T22776] copy_mnt_ns+0x2bd/0xc30 [ 436.402248][T22776] ? create_new_namespaces+0x30/0xac0 [ 436.402263][T22776] ? rcu_is_watching+0x12/0xc0 [ 436.402296][T22776] create_new_namespaces+0xd3/0xac0 [ 436.402315][T22776] ? bpf_lsm_capable+0x9/0x10 [ 436.402329][T22776] ? security_capable+0x80/0x260 [ 436.402354][T22776] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 436.402371][T22776] ksys_unshare+0x455/0xab0 [ 436.402389][T22776] ? __pfx_ksys_unshare+0x10/0x10 [ 436.402414][T22776] __x64_sys_unshare+0x31/0x40 [ 436.402431][T22776] do_syscall_64+0x106/0xf80 [ 436.402446][T22776] ? clear_bhb_loop+0x40/0x90 [ 436.402464][T22776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.402479][T22776] RIP: 0033:0x7f4674d9c629 [ 436.402492][T22776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.402506][T22776] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 436.402520][T22776] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 436.402531][T22776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 436.402542][T22776] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 436.402550][T22776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.402558][T22776] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 436.402578][T22776] [ 436.675996][T22779] CPU: 0 UID: 0 PID: 22779 Comm: syz.3.7704 Tainted: G U L syzkaller #0 PREEMPT(full) [ 436.676027][T22779] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 436.676032][T22779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 436.676042][T22779] Call Trace: [ 436.676047][T22779] [ 436.676053][T22779] dump_stack_lvl+0x100/0x190 [ 436.676080][T22779] should_fail_ex.cold+0x5/0xa [ 436.676095][T22779] ? prepare_alloc_pages+0x16d/0x5f0 [ 436.676112][T22779] should_fail_alloc_page+0xeb/0x140 [ 436.676135][T22779] prepare_alloc_pages+0x1f0/0x5f0 [ 436.676150][T22779] ? rcu_is_watching+0x12/0xc0 [ 436.676172][T22779] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 436.676192][T22779] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 436.676212][T22779] ? __pfx_css_rstat_updated+0x10/0x10 [ 436.676235][T22779] ? find_held_lock+0x2b/0x80 [ 436.676257][T22779] ? rcu_read_unlock+0x17/0x60 [ 436.676279][T22779] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 436.676299][T22779] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 436.676319][T22779] ? page_counter_charge+0x1d2/0x240 [ 436.676337][T22779] ? rcu_is_watching+0x12/0xc0 [ 436.676358][T22779] ? trace_mm_page_alloc+0x17a/0x1d0 [ 436.676380][T22779] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 436.676405][T22779] ? policy_nodemask+0xed/0x4f0 [ 436.676429][T22779] alloc_pages_mpol+0x1fb/0x550 [ 436.676453][T22779] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 436.676475][T22779] ? do_raw_spin_lock+0x128/0x260 [ 436.676494][T22779] ? find_held_lock+0x2b/0x80 [ 436.676515][T22779] ? __pud_alloc+0x575/0x760 [ 436.676531][T22779] alloc_pages_noprof+0x131/0x390 [ 436.676555][T22779] __pmd_alloc+0x3b/0x9c0 [ 436.676568][T22779] ? __pud_alloc+0x57a/0x760 [ 436.676584][T22779] walk_to_pmd+0x3a3/0x4c0 [ 436.676600][T22779] get_locked_pte+0x25/0xc0 [ 436.676616][T22779] map_ldt_struct+0x3c1/0xa70 [ 436.676644][T22779] ? __pfx_map_ldt_struct+0x10/0x10 [ 436.676666][T22779] ? alloc_pages_noprof+0x233/0x390 [ 436.676692][T22779] write_ldt+0x6d3/0xd40 [ 436.676718][T22779] ? __pfx_write_ldt+0x10/0x10 [ 436.676741][T22779] ? xfd_validate_state+0x129/0x190 [ 436.676766][T22779] __x64_sys_modify_ldt+0xb1/0x170 [ 436.676780][T22779] do_syscall_64+0x106/0xf80 [ 436.676796][T22779] ? clear_bhb_loop+0x40/0x90 [ 436.676814][T22779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.676828][T22779] RIP: 0033:0x7f98ff99c629 [ 436.676842][T22779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.676856][T22779] RSP: 002b:00007f98fdbf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 436.676871][T22779] RAX: ffffffffffffffda RBX: 00007f98ffc15fa0 RCX: 00007f98ff99c629 [ 436.676880][T22779] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 436.676889][T22779] RBP: 00007f98ffa32b39 R08: 0000000000000000 R09: 0000000000000000 [ 436.676898][T22779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.676907][T22779] R13: 00007f98ffc16038 R14: 00007f98ffc15fa0 R15: 00007ffd08a30b08 [ 436.676927][T22779] [ 437.104664][T22789] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 437.948225][T22823] netlink: 'syz.0.7722': attribute type 1 has an invalid length. [ 438.223920][T17789] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 438.231403][T17789] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 438.364427][T22839] nfs: Unknown parameter 'nl802154' [ 438.610815][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 438.619732][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.696483][T22893] [U] ^@ [ 439.994870][T22923] netlink: 'syz.3.7752': attribute type 3 has an invalid length. [ 440.687701][T22944] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 440.697148][T22945] FAULT_INJECTION: forcing a failure. [ 440.697148][T22945] name fail_futex, interval 1, probability 0, space 0, times 1 [ 440.755720][T22945] CPU: 0 UID: 0 PID: 22945 Comm: syz.2.7760 Tainted: G U L syzkaller #0 PREEMPT(full) [ 440.755749][T22945] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 440.755755][T22945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 440.755763][T22945] Call Trace: [ 440.755768][T22945] [ 440.755775][T22945] dump_stack_lvl+0x100/0x190 [ 440.755802][T22945] should_fail_ex.cold+0x5/0xa [ 440.755820][T22945] get_futex_key+0x106f/0x1620 [ 440.755839][T22945] ? __pfx_get_futex_key+0x10/0x10 [ 440.755862][T22945] futex_wait_setup+0x81/0x500 [ 440.755888][T22945] __futex_wait+0x19f/0x300 [ 440.755911][T22945] ? __pfx___futex_wait+0x10/0x10 [ 440.755935][T22945] ? __pfx_futex_wake_mark+0x10/0x10 [ 440.755967][T22945] ? __hrtimer_setup+0x178/0x280 [ 440.755988][T22945] ? ktime_add_safe+0x60/0x70 [ 440.756009][T22945] futex_wait+0xed/0x380 [ 440.756030][T22945] ? __pfx_futex_wait+0x10/0x10 [ 440.756050][T22945] ? __lock_acquire+0x4a5/0x2630 [ 440.756070][T22945] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 440.756095][T22945] do_futex+0x1ef/0x350 [ 440.756114][T22945] ? __pfx_do_futex+0x10/0x10 [ 440.756136][T22945] ? ktime_get+0x200/0x300 [ 440.756149][T22945] ? lockdep_hardirqs_on+0x78/0x100 [ 440.756165][T22945] ? read_tsc+0x9/0x20 [ 440.756182][T22945] __x64_sys_futex+0x34f/0x4d0 [ 440.756202][T22945] ? __pfx___x64_sys_futex+0x10/0x10 [ 440.756230][T22945] do_syscall_64+0x106/0xf80 [ 440.756245][T22945] ? clear_bhb_loop+0x40/0x90 [ 440.756263][T22945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.756277][T22945] RIP: 0033:0x7f0af079c629 [ 440.756291][T22945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 440.756305][T22945] RSP: 002b:00007f0aee9f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 440.756319][T22945] RAX: ffffffffffffffda RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 440.756328][T22945] RDX: 0000000000000eec RSI: 0000000000000000 RDI: 0000200000000000 [ 440.756337][T22945] RBP: 00007f0af0832b39 R08: 0000000000000000 R09: 0000000000000006 [ 440.756346][T22945] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 440.756354][T22945] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 440.756372][T22945] [ 441.193798][T22977] tipc: Started in network mode [ 441.198729][T22977] tipc: Node identity ffffffff, cluster identity 4711 [ 441.205552][T22977] tipc: Node number set to 4294967295 [ 441.560912][T22990] random: crng reseeded on system resumption [ 441.615988][T22990] Restarting kernel threads ... [ 441.637516][T22990] Done restarting kernel threads. [ 442.230749][T23015] binder: 23013:23015 ioctl c0046209 9 returned -22 [ 442.698091][T23039] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 443.568059][T23077] netlink: del zone limit has 8 unknown bytes [ 444.775258][T23128] netlink: 'syz.2.7825': attribute type 2 has an invalid length. [ 444.783004][T23128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7825'. [ 445.343364][T23152] binder: 23151:23152 ioctl c0046209 9 returned -22 [ 446.695130][T23199] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 447.438097][T23230] FAULT_INJECTION: forcing a failure. [ 447.438097][T23230] name failslab, interval 1, probability 0, space 0, times 0 [ 447.515689][T23230] CPU: 0 UID: 0 PID: 23230 Comm: syz.0.7867 Tainted: G U L syzkaller #0 PREEMPT(full) [ 447.515718][T23230] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 447.515724][T23230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 447.515733][T23230] Call Trace: [ 447.515739][T23230] [ 447.515749][T23230] dump_stack_lvl+0x100/0x190 [ 447.515777][T23230] should_fail_ex.cold+0x5/0xa [ 447.515794][T23230] should_failslab+0xc2/0x120 [ 447.515818][T23230] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 447.515839][T23230] ? sock_alloc_inode+0x25/0x1c0 [ 447.515857][T23230] ? __debug_object_init+0x2de/0x3d0 [ 447.515877][T23230] ? __pfx_sock_alloc_inode+0x10/0x10 [ 447.515897][T23230] sock_alloc_inode+0x25/0x1c0 [ 447.515915][T23230] alloc_inode+0x68/0x250 [ 447.515933][T23230] sock_alloc+0x44/0x280 [ 447.515949][T23230] ? security_socket_create+0x7f/0x250 [ 447.515968][T23230] __sock_create+0xc2/0x860 [ 447.515990][T23230] smc_create_clcsk+0x37/0xd0 [ 447.516013][T23230] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 447.516031][T23230] inet6_create+0xb21/0x12b0 [ 447.516048][T23230] ? inet6_create+0x7f/0x12b0 [ 447.516065][T23230] __sock_create+0x339/0x860 [ 447.516087][T23230] __sys_socket+0x14d/0x260 [ 447.516108][T23230] ? __pfx___sys_socket+0x10/0x10 [ 447.516133][T23230] __x64_sys_socket+0x72/0xb0 [ 447.516152][T23230] ? lockdep_hardirqs_on+0x78/0x100 [ 447.516168][T23230] do_syscall_64+0x106/0xf80 [ 447.516183][T23230] ? clear_bhb_loop+0x40/0x90 [ 447.516201][T23230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.516216][T23230] RIP: 0033:0x7f4674d9c629 [ 447.516230][T23230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.516243][T23230] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 447.516258][T23230] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 447.516268][T23230] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 000000000000000a [ 447.516276][T23230] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 447.516284][T23230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.516292][T23230] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 447.516311][T23230] [ 447.516321][T23230] socket: no more sockets [ 448.803605][T23262] : entered promiscuous mode [ 449.272817][T23279] Process accounting resumed [ 450.644685][T23346] FAULT_INJECTION: forcing a failure. [ 450.644685][T23346] name failslab, interval 1, probability 0, space 0, times 0 [ 450.774645][T23346] CPU: 0 UID: 0 PID: 23346 Comm: syz.3.7914 Tainted: G U L syzkaller #0 PREEMPT(full) [ 450.774675][T23346] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 450.774681][T23346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 450.774690][T23346] Call Trace: [ 450.774695][T23346] [ 450.774701][T23346] dump_stack_lvl+0x100/0x190 [ 450.774727][T23346] should_fail_ex.cold+0x5/0xa [ 450.774745][T23346] ? tomoyo_encode2+0xfb/0x3c0 [ 450.774759][T23346] should_failslab+0xc2/0x120 [ 450.774784][T23346] __kmalloc_noprof+0xe0/0x850 [ 450.774817][T23346] tomoyo_encode2+0xfb/0x3c0 [ 450.774835][T23346] tomoyo_encode+0x29/0x50 [ 450.774849][T23346] tomoyo_mount_acl+0x14c/0x8b0 [ 450.774871][T23346] ? is_bpf_text_address+0x8a/0x1a0 [ 450.774892][T23346] ? bpf_ksym_find+0x124/0x1c0 [ 450.774908][T23346] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 450.774934][T23346] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 450.774954][T23346] ? kernel_text_address+0x8d/0x100 [ 450.774975][T23346] ? unwind_get_return_address+0x59/0xa0 [ 450.775008][T23346] ? tomoyo_domain+0xb2/0x150 [ 450.775023][T23346] ? tomoyo_profile+0x47/0x60 [ 450.775041][T23346] tomoyo_mount_permission+0x214/0x460 [ 450.775063][T23346] ? tomoyo_mount_permission+0x1f6/0x460 [ 450.775086][T23346] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 450.775120][T23346] security_sb_mount+0xdd/0x270 [ 450.775141][T23346] path_mount+0x158/0x23d0 [ 450.775160][T23346] ? __pfx_path_mount+0x10/0x10 [ 450.775173][T23346] ? lockdep_hardirqs_on+0x78/0x100 [ 450.775192][T23346] ? putname+0xb1/0x110 [ 450.775205][T23346] ? kmem_cache_free+0x124/0x6a0 [ 450.775229][T23346] ? __x64_sys_mount+0x293/0x310 [ 450.775243][T23346] __x64_sys_mount+0x293/0x310 [ 450.775258][T23346] ? __pfx___x64_sys_mount+0x10/0x10 [ 450.775281][T23346] do_syscall_64+0x106/0xf80 [ 450.775296][T23346] ? clear_bhb_loop+0x40/0x90 [ 450.775314][T23346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.775329][T23346] RIP: 0033:0x7f98ff99c629 [ 450.775351][T23346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 450.775366][T23346] RSP: 002b:00007f98fdbf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 450.775381][T23346] RAX: ffffffffffffffda RBX: 00007f98ffc15fa0 RCX: 00007f98ff99c629 [ 450.775396][T23346] RDX: 0000200000000180 RSI: 0000200000000100 RDI: 0000000000000000 [ 450.775405][T23346] RBP: 00007f98ffa32b39 R08: 0000000000000000 R09: 0000000000000000 [ 450.775415][T23346] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 450.775423][T23346] R13: 00007f98ffc16038 R14: 00007f98ffc15fa0 R15: 00007ffd08a30b08 [ 450.775444][T23346] [ 453.623133][T23452] openvswitch: netlink: IP tunnel dst address not specified [ 454.800882][T23475] Process accounting resumed [ 455.621056][T23535] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 455.627557][T23535] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 456.857139][T23579] NFSD: Failed to start, no listeners configured. [ 457.482878][T23612] __vm_enough_memory: pid: 23612, comm: syz.2.8021, bytes: 4398046511104 not enough memory for the allocation [ 457.823509][T23631] openvswitch: netlink: Message has 4 unknown bytes. [ 459.948218][T23713] __vm_enough_memory: pid: 23713, comm: syz.3.8061, bytes: 4398046511104 not enough memory for the allocation [ 460.389289][T23725] bond0: option lp_interval: invalid value () [ 460.426273][T23725] bond0: option lp_interval: allowed values 1 - 2147483647 [ 460.501970][T23728] phram: not enough arguments [ 460.905772][T23741] ucma_write: process 4144 (syz.1.8072) changed security contexts after opening file descriptor, this is not allowed. [ 465.495272][T23959] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 465.581129][T23963] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 469.093795][T24097] dump_stack_lvl+0x100/0x190 [ 469.093823][T24097] should_fail_ex.cold+0x5/0xa [ 469.093840][T24097] should_failslab+0xc2/0x120 [ 469.093864][T24097] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 469.093884][T24097] ? kcm_create+0x11e/0x6a0 [ 469.093909][T24097] kcm_create+0x11e/0x6a0 [ 469.093932][T24097] __sock_create+0x339/0x860 [ 469.093956][T24097] __sys_socket+0x14d/0x260 [ 469.093978][T24097] ? __pfx___sys_socket+0x10/0x10 [ 469.094004][T24097] __x64_sys_socket+0x72/0xb0 [ 469.094024][T24097] ? lockdep_hardirqs_on+0x78/0x100 [ 469.094041][T24097] do_syscall_64+0x106/0xf80 [ 469.094055][T24097] ? clear_bhb_loop+0x40/0x90 [ 469.094073][T24097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.094088][T24097] RIP: 0033:0x7fb187f9c629 [ 469.094101][T24097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 469.094114][T24097] RSP: 002b:00007fb188f44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 469.094128][T24097] RAX: ffffffffffffffda RBX: 00007fb188215fa0 RCX: 00007fb187f9c629 [ 469.094137][T24097] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 469.094145][T24097] RBP: 00007fb188032b39 R08: 0000000000000000 R09: 0000000000000000 [ 469.094154][T24097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.094162][T24097] R13: 00007fb188216038 R14: 00007fb188215fa0 R15: 00007ffdde25df88 [ 469.094180][T24097] [ 469.830117][T24131] netlink: 'syz.1.8232': attribute type 1 has an invalid length. [ 473.067721][T24269] program syz.3.8278 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 475.094868][ T29] audit: type=1326 audit(4295051302.566:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24325 comm="syz.1.8300" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb187f9c629 code=0x0 [ 477.117169][T24366] netlink: NAT attribute has 1 unknown bytes [ 478.673845][T24410] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 479.120916][T24431] Process accounting paused [ 480.033909][T24463] netlink: zone id is out of range [ 480.039051][T24463] netlink: zone id is out of range [ 480.127748][T24463] netlink: zone id is out of range [ 480.178162][T24463] netlink: zone id is out of range [ 480.226789][T24463] netlink: zone id is out of range [ 480.300141][T24463] netlink: zone id is out of range [ 480.314519][T24408] kexec: Could not allocate control_code_buffer [ 480.342750][T24463] netlink: zone id is out of range [ 480.390267][T24463] netlink: zone id is out of range [ 480.446550][T24463] netlink: zone id is out of range [ 480.744323][T24491] sd 0:0:1:0: PR command failed: 1026 [ 480.777779][T24491] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 480.785401][T24491] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 482.444817][ T29] audit: type=1326 audit(4295051309.954:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24562 comm="syz.2.8388" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0af079c629 code=0x0 [ 482.469071][T24560] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 482.632391][ T29] audit: type=1326 audit(4295051310.145:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24572 comm="syz.3.8391" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f98ff99c629 code=0x0 [ 482.969026][T24587] net_ratelimit: 20 callbacks suppressed [ 482.969043][T24587] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 483.939416][T24624] capability: warning: `syz.2.8410' uses 32-bit capabilities (legacy support in use) [ 484.166865][T24632] nbd: must specify a device to reconfigure [ 484.771745][T24643] Process accounting paused [ 484.955745][T24658] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 485.011232][T24661] netlink: zone id is out of range [ 485.220388][T24669] openvswitch: netlink: IP tunnel dst address not specified [ 486.512583][T24730] netlink: ct family unspecified [ 486.554396][ T29] audit: type=1326 audit(4295051314.086:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24732 comm="syz.0.8455" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4674d9c629 code=0x0 [ 486.609553][T17789] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 486.818445][T24748] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 487.038921][T24764] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 489.301921][T24865] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 491.066950][T24943] CIFS: VFS: Invalid SecurityFlags: [ 491.679120][T24972] input input33: cannot allocate more than FF_MAX_EFFECTS effects [ 493.186254][T25063] nbd: must specify a size in bytes for the device [ 493.356035][T17789] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 493.756921][T25086] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 493.910915][T25091] CIFS: VFS: Invalid SecurityFlags: [ 494.103768][T25101] rtc_cmos 00:00: Alarms can be up to one day in the future [ 494.315055][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 494.324097][T25105] random: crng reseeded on system resumption [ 494.350139][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 494.396516][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 494.463375][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 494.502039][ T10] rtc rtc0: __rtc_set_alarm: err=-22 [ 495.272943][T25156] netlink: 'syz.0.8610': attribute type 11 has an invalid length. [ 495.333551][T25156] netlink: 'syz.0.8610': attribute type 11 has an invalid length. [ 495.395843][T25156] netlink: 'syz.0.8610': attribute type 11 has an invalid length. [ 498.808693][T25360] FAULT_INJECTION: forcing a failure. [ 498.808693][T25360] name failslab, interval 1, probability 0, space 0, times 0 [ 498.865967][T25360] CPU: 0 UID: 0 PID: 25360 Comm: syz.1.8667 Tainted: G U L syzkaller #0 PREEMPT(full) [ 498.865996][T25360] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 498.866002][T25360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 498.866010][T25360] Call Trace: [ 498.866016][T25360] [ 498.866022][T25360] dump_stack_lvl+0x100/0x190 [ 498.866049][T25360] should_fail_ex.cold+0x5/0xa [ 498.866066][T25360] should_failslab+0xc2/0x120 [ 498.866090][T25360] __kmalloc_cache_noprof+0x7a/0x6f0 [ 498.866107][T25360] ? sctp_endpoint_new+0xfc/0xb20 [ 498.866128][T25360] sctp_endpoint_new+0xfc/0xb20 [ 498.866146][T25360] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 498.866161][T25360] ? lockdep_init_map_type+0x5c/0x250 [ 498.866181][T25360] ? lockdep_init_map_type+0x5c/0x250 [ 498.866198][T25360] ? lockdep_init_map_type+0x5c/0x250 [ 498.866216][T25360] ? lockdep_init_map_type+0x5c/0x250 [ 498.866236][T25360] sctp_init_sock+0xe2b/0x1300 [ 498.866251][T25360] ? __pfx_sctp_init_sock+0x10/0x10 [ 498.866266][T25360] inet_create+0x94c/0x1060 [ 498.866287][T25360] ? inet_create+0x94/0x1060 [ 498.866310][T25360] __sock_create+0x339/0x860 [ 498.866334][T25360] __sys_socket+0x14d/0x260 [ 498.866355][T25360] ? __pfx___sys_socket+0x10/0x10 [ 498.866381][T25360] __x64_sys_socket+0x72/0xb0 [ 498.866400][T25360] ? lockdep_hardirqs_on+0x78/0x100 [ 498.866416][T25360] do_syscall_64+0x106/0xf80 [ 498.866431][T25360] ? clear_bhb_loop+0x40/0x90 [ 498.866448][T25360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.866463][T25360] RIP: 0033:0x7fb187f9c629 [ 498.866477][T25360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 498.866491][T25360] RSP: 002b:00007fb188f44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 498.866526][T25360] RAX: ffffffffffffffda RBX: 00007fb188215fa0 RCX: 00007fb187f9c629 [ 498.866537][T25360] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 498.866545][T25360] RBP: 00007fb188032b39 R08: 0000000000000000 R09: 0000000000000000 [ 498.866554][T25360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 498.866567][T25360] R13: 00007fb188216038 R14: 00007fb188215fa0 R15: 00007ffdde25df88 [ 498.866587][T25360] [ 499.216614][T25370] openvswitch: netlink: IP tunnel dst address not specified [ 499.520387][T25386] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 499.728597][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 499.735154][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.294522][T25406] openvswitch: netlink: Multiple metadata blocks provided [ 500.329066][T25408] netlink: 'syz.2.8690': attribute type 1 has an invalid length. [ 501.315387][T17789] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 501.315420][T17789] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 501.331016][T17789] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 501.331034][T17789] Bluetooth: hci0: Unknown advertising packet type: 0x31 [ 501.338134][T17789] Bluetooth: hci0: adv larger than maximum supported [ 501.347335][T17789] Bluetooth: hci0: Unknown advertising packet type: 0x57 [ 501.354271][T17789] Bluetooth: hci0: Malformed LE Event: 0x0d [ 501.849330][T25468] delete_channel: no stack [ 502.082673][T25475] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 502.569917][T25495] MTRR 1 not used [ 503.428966][T25536] netlink: 'syz.2.8746': attribute type 23 has an invalid length. [ 503.957372][T25564] netlink: 'syz.1.8756': attribute type 1 has an invalid length. [ 504.109807][T25570] delete_channel: no stack [ 504.280412][T25561] syz_tun: tun_chr_ioctl cmd 1074812117 [ 504.380729][T25583] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 505.560912][T25665] netlink: 'syz.2.8785': attribute type 2 has an invalid length. [ 506.439242][T25702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8802'. [ 506.623234][T25712] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 506.646622][T25713] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 507.484460][T25758] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 507.922040][T25777] netlink: get zone limit has 8 unknown bytes [ 508.292848][T17789] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 508.292875][T17789] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 508.308551][T17789] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 508.308588][T17789] Bluetooth: hci2: Malformed LE Event: 0x0d [ 508.367172][T17789] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 509.052473][T25821] Process accounting resumed [ 509.473744][T25848] netlink: 'syz.3.8859': attribute type 1 has an invalid length. [ 511.247277][T25862] kexec: Could not allocate control_code_buffer [ 511.470738][T25927] tc_dump_action: action bad kind [ 512.069798][T25950] ptrace attach of "./syz-executor exec"[5831] was attempted by ""[25950] [ 512.250201][T25963] netlink: 'syz.1.8903': attribute type 12 has an invalid length. [ 513.078923][T25998] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[25998] [ 514.726544][T26072] Process accounting resumed [ 515.666204][T26117] netlink: 2 bytes leftover after parsing attributes in process `syz.0.8969'. [ 516.049621][T26135] netlink: ct_mark mask cannot be 0 [ 516.258896][T26145] netlink: Setting conntrack mark requires 'commit' flag. [ 516.392189][T26151] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 518.576054][T26225] &#$@\]\-: entered promiscuous mode [ 521.751059][T26347] openvswitch: netlink: IP tunnel dst address not specified [ 522.271353][T26370] netlink: 'syz.0.9076': attribute type 1 has an invalid length. [ 522.481525][T26379] sctp: [Deprecated]: syz.2.9081 (pid 26379) Use of int in max_burst socket option deprecated. [ 522.481525][T26379] Use struct sctp_assoc_value instead [ 523.126292][T26404] netlink: 'syz.1.9089': attribute type 11 has an invalid length. [ 523.998971][T26442] nbd: couldn't find a device at index 35644 [ 524.248060][T26454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9112'. [ 524.358557][T26459] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9114'. [ 527.311854][T26628] delete_channel: no stack [ 527.645677][T26646] openvswitch: netlink: Flow key attr not present in new flow. [ 528.570685][T26689] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9193'. [ 528.608536][T26689] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9193'. [ 528.875704][T26703] netlink: 338 bytes leftover after parsing attributes in process `syz.2.9200'. [ 528.915506][T26703] netlink: 338 bytes leftover after parsing attributes in process `syz.2.9200'. [ 529.186835][T26717] netlink: Unknown NAT attribute (type=262, max=9) [ 529.358551][T26725] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 529.998576][T26752] : entered promiscuous mode [ 531.193792][T26811] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[26811] [ 532.150169][T26853] netlink: NAT attribute has 4 unknown bytes [ 533.500733][T26922] netlink: 'syz.2.9298': attribute type 1 has an invalid length. [ 533.537339][T26922] netlink: 'syz.2.9298': attribute type 1 has an invalid length. [ 533.600767][T26922] netlink: 124 bytes leftover after parsing attributes in process `syz.2.9298'. [ 533.647198][T26922] netlink: 100 bytes leftover after parsing attributes in process `syz.2.9298'. [ 535.112989][T26992] NFSD: Failed to start, no listeners configured. [ 535.424418][T17789] Bluetooth: hci2: ACL packet too small [ 536.300729][T27070] netlink: 'syz.3.9347': attribute type 11 has an invalid length. [ 536.372042][T27070] netlink: 'syz.3.9347': attribute type 11 has an invalid length. [ 536.397518][T27070] netlink: 'syz.3.9347': attribute type 11 has an invalid length. [ 536.432515][T27070] netlink: 'syz.3.9347': attribute type 11 has an invalid length. [ 536.482392][T27069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 538.648251][T27191] netlink: 'syz.0.9381': attribute type 2 has an invalid length. [ 538.937644][T27208] NFSD: Failed to start, no listeners configured. [ 539.131420][T27208] Process accounting paused [ 541.263546][T27314] netlink: Failed to add  helper -22 [ 544.323409][T27415] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9439'. [ 544.850664][T27400] Process accounting paused [ 544.913161][T27433] nbd: must specify an index to disconnect [ 548.766748][T27556] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 551.614481][T27656] netlink: 'syz.3.9536': attribute type 11 has an invalid length. [ 551.650686][T27656] netlink: 'syz.3.9536': attribute type 11 has an invalid length. [ 551.708452][T27656] netlink: 'syz.3.9536': attribute type 11 has an invalid length. [ 551.734920][T26966] syz.2.9316 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 551.834600][T26966] CPU: 0 UID: 0 PID: 26966 Comm: syz.2.9316 Tainted: G U L syzkaller #0 PREEMPT(full) [ 551.834645][T26966] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 551.834656][T26966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 551.834671][T26966] Call Trace: [ 551.834681][T26966] [ 551.834690][T26966] dump_stack_lvl+0x100/0x190 [ 551.834717][T26966] dump_header+0xfb/0x606 [ 551.834734][T26966] oom_kill_process.cold+0xd/0x330 [ 551.834752][T26966] out_of_memory+0x340/0x14f0 [ 551.834776][T26966] ? __pfx_out_of_memory+0x10/0x10 [ 551.834801][T26966] mem_cgroup_out_of_memory+0xc6/0x130 [ 551.834820][T26966] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 551.834836][T26966] ? find_held_lock+0x2b/0x80 [ 551.834863][T26966] ? do_raw_spin_unlock+0x145/0x1e0 [ 551.834884][T26966] ? _raw_spin_unlock+0x28/0x50 [ 551.834909][T26966] try_charge_memcg+0x652/0xc90 [ 551.834936][T26966] ? __pfx_try_charge_memcg+0x10/0x10 [ 551.834959][T26966] ? find_held_lock+0x2b/0x80 [ 551.834980][T26966] ? rcu_read_unlock+0x17/0x60 [ 551.834993][T26966] ? rcu_read_unlock+0x17/0x60 [ 551.835013][T26966] charge_memcg+0xa6/0x280 [ 551.835036][T26966] __mem_cgroup_charge+0x2b/0x1e0 [ 551.835053][T26966] shmem_alloc_and_add_folio+0x451/0xd40 [ 551.835079][T26966] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 551.835100][T26966] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 551.835126][T26966] shmem_get_folio_gfp+0x6ab/0x1900 [ 551.835150][T26966] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 551.835176][T26966] shmem_write_begin+0x1a4/0x420 [ 551.835199][T26966] ? __pfx_shmem_write_begin+0x10/0x10 [ 551.835220][T26966] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 551.835244][T26966] ? lockdep_hardirqs_on+0x78/0x100 [ 551.835262][T26966] generic_perform_write+0x292/0xa40 [ 551.835287][T26966] ? __pfx_generic_perform_write+0x10/0x10 [ 551.835310][T26966] ? file_update_time_flags+0x373/0x500 [ 551.835328][T26966] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 551.835341][T26966] shmem_file_write_iter+0x10e/0x140 [ 551.835357][T26966] __kernel_write_iter+0x2ac/0x920 [ 551.835380][T26966] ? __pfx___kernel_write_iter+0x10/0x10 [ 551.835401][T26966] ? __up_read+0x2c5/0x700 [ 551.835422][T26966] ? dump_user_range+0x73b/0xb50 [ 551.835441][T26966] dump_user_range+0x3f9/0xb50 [ 551.835460][T26966] ? __pfx_dump_user_range+0x10/0x10 [ 551.835486][T26966] ? __pfx_writenote+0x10/0x10 [ 551.835507][T26966] elf_core_dump+0x2d16/0x3c60 [ 551.835535][T26966] ? __pfx_elf_core_dump+0x10/0x10 [ 551.835551][T26966] ? kasan_save_stack+0x3f/0x50 [ 551.835571][T26966] ? kasan_save_track+0x14/0x30 [ 551.835590][T26966] ? __kasan_kmalloc+0xaa/0xb0 [ 551.835608][T26966] ? __kvmalloc_node_noprof+0x360/0xa00 [ 551.835630][T26966] ? irqentry_exit+0x1f8/0x670 [ 551.835644][T26966] ? asm_exc_page_fault+0x26/0x30 [ 551.835660][T26966] ? 0xffffffffff600000 [ 551.835706][T26966] ? vfs_coredump+0x27b4/0x5570 [ 551.835719][T26966] vfs_coredump+0x27b4/0x5570 [ 551.835741][T26966] ? __pfx_vfs_coredump+0x10/0x10 [ 551.835756][T26966] ? __lock_acquire+0x4a5/0x2630 [ 551.835781][T26966] ? lock_acquire+0x1cf/0x380 [ 551.835806][T26966] ? is_bpf_text_address+0x8a/0x1a0 [ 551.835827][T26966] ? bpf_ksym_find+0x124/0x1c0 [ 551.835848][T26966] ? __kernel_text_address+0xd/0x30 [ 551.835868][T26966] ? unwind_get_return_address+0x59/0xa0 [ 551.835883][T26966] ? arch_stack_walk+0xa6/0xf0 [ 551.835903][T26966] ? __sigqueue_free+0xbe/0x2a0 [ 551.835921][T26966] ? stack_trace_save+0x8e/0xc0 [ 551.835944][T26966] ? __pfx_stack_trace_save+0x10/0x10 [ 551.835968][T26966] ? stack_depot_save_flags+0x27/0x9d0 [ 551.835991][T26966] ? __lock_acquire+0x4a5/0x2630 [ 551.836041][T26966] ? proc_coredump_connector+0x2d3/0x4f0 [ 551.836056][T26966] ? __pfx_proc_coredump_connector+0x10/0x10 [ 551.836076][T26966] ? rcu_is_watching+0x12/0xc0 [ 551.836100][T26966] get_signal+0x1f2a/0x21e0 [ 551.836123][T26966] ? __pfx_get_signal+0x10/0x10 [ 551.836137][T26966] ? bad_area_access_error+0xab/0x1d0 [ 551.836159][T26966] ? fixup_vdso_exception+0x2d1/0x370 [ 551.836180][T26966] arch_do_signal_or_restart+0x91/0x770 [ 551.836198][T26966] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 551.836221][T26966] ? do_user_addr_fault+0x8d6/0x12f0 [ 551.836248][T26966] irqentry_exit+0x1f8/0x670 [ 551.836266][T26966] asm_exc_page_fault+0x26/0x30 [ 551.836280][T26966] RIP: 0033:0x0 [ 551.836290][T26966] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 551.836297][T26966] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 551.836309][T26966] RAX: 0000000000000000 RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 551.836318][T26966] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 551.836326][T26966] RBP: 00007f0af0832b39 R08: 0000000000000002 R09: 0000000000000000 [ 551.836335][T26966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 551.836343][T26966] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 551.836363][T26966] [ 551.836369][T26966] memory: usage 3072kB, limit 3072kB, failcnt 52625 [ 552.643229][T27680] openvswitch: netlink: Duplicate key (type 15). [ 552.843064][T27690] netlink: zone id is out of range [ 552.858711][T27690] netlink: zone id is out of range [ 552.864819][T27690] netlink: zone id is out of range [ 552.903741][T27690] netlink: zone id is out of range [ 552.913904][T27690] netlink: zone id is out of range [ 552.923972][T27690] netlink: zone id is out of range [ 552.933835][T27690] netlink: zone id is out of range [ 552.949440][T27690] netlink: zone id is out of range [ 552.968369][T26966] memory+swap: usage 71768kB, limit 9007199254740988kB, failcnt 0 [ 553.009920][T26966] kmem: usage 2432kB, limit 9007199254740988kB, failcnt 0 [ 553.037784][T26966] Memory cgroup stats for /syz2: [ 553.038026][T26966] cache 516096 [ 553.061371][T26966] rss 102400 [ 553.064591][T26966] rss_huge 0 [ 553.083523][T26966] shmem 516096 [ 553.102305][T26966] mapped_file 0 [ 553.105789][T26966] dirty 0 [ 553.135078][T26966] writeback 0 [ 553.138383][T26966] workingset_refault_anon 2577 [ 553.160870][T26966] workingset_refault_file 12070 [ 553.186062][T26966] swap 70344704 [ 553.195543][T26966] swapcached 209707008 [ 553.208367][T26966] pgpgin 247126 [ 553.223931][T26966] pgpgout 253458 [ 553.227526][T26966] pgfault 275571 [ 553.261736][T26966] pgmajfault 1639 [ 553.271473][T26966] inactive_anon 638976 [ 553.288212][T26966] active_anon 16384 [ 553.315272][T26966] inactive_file 0 [ 553.319340][T26966] active_file 0 [ 553.322787][T26966] unevictable 0 [ 553.346551][T26966] hierarchical_memory_limit 3145728 [ 553.376814][T26966] hierarchical_memsw_limit 9223372036854771712 [ 553.405590][T26966] total_cache 516096 [ 553.421858][T26966] total_rss 102400 [ 553.426141][T26966] total_rss_huge 0 [ 553.448308][T26966] total_shmem 516096 [ 553.461422][T26966] total_mapped_file 0 [ 553.485739][T26966] total_dirty 0 [ 553.502079][T26966] total_writeback 0 [ 553.519152][T26966] total_workingset_refault_anon 2577 [ 553.524459][T26966] total_workingset_refault_file 12070 [ 553.552276][T26966] total_swap 70344704 [ 553.556279][T26966] total_swapcached 209707008 [ 553.588324][T26966] total_pgpgin 247126 [ 553.596187][T26966] total_pgpgout 253458 [ 553.614935][T26966] total_pgfault 275571 [ 553.637661][T26966] total_pgmajfault 1639 [ 553.641834][T26966] total_inactive_anon 638976 [ 553.702813][T27721] delete_channel: no stack [ 553.741206][T26966] total_active_anon 16384 [ 553.771880][T26966] total_inactive_file 0 [ 553.811511][T26966] total_active_file 0 [ 553.831378][T26966] total_unevictable 0 [ 553.852301][T26966] anon_cost 0 [ 553.866478][T26966] file_cost 512 [ 553.874608][T26966] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.9316,pid=26966,uid=0 [ 553.995735][T26966] Memory cgroup out of memory: Killed process 26966 (syz.2.9316) total-vm:137172kB, anon-rss:1232kB, file-rss:53464kB, shmem-rss:0kB, UID:0 pgtables:260kB oom_score_adj:1000 [ 554.126371][T27645] syz.1.9530 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 554.141423][T27645] CPU: 0 UID: 0 PID: 27645 Comm: syz.1.9530 Tainted: G U L syzkaller #0 PREEMPT(full) [ 554.141451][T27645] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 554.141457][T27645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 554.141466][T27645] Call Trace: [ 554.141472][T27645] [ 554.141478][T27645] dump_stack_lvl+0x100/0x190 [ 554.141504][T27645] dump_header+0xfb/0x606 [ 554.141521][T27645] oom_kill_process.cold+0xd/0x330 [ 554.141539][T27645] out_of_memory+0x340/0x14f0 [ 554.141564][T27645] ? __pfx_out_of_memory+0x10/0x10 [ 554.141589][T27645] mem_cgroup_out_of_memory+0xc6/0x130 [ 554.141608][T27645] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 554.141626][T27645] ? find_held_lock+0x2b/0x80 [ 554.141653][T27645] ? do_raw_spin_unlock+0x145/0x1e0 [ 554.141674][T27645] ? _raw_spin_unlock+0x28/0x50 [ 554.141699][T27645] try_charge_memcg+0x652/0xc90 [ 554.141726][T27645] ? __pfx_try_charge_memcg+0x10/0x10 [ 554.141749][T27645] ? find_held_lock+0x2b/0x80 [ 554.141770][T27645] ? rcu_read_unlock+0x17/0x60 [ 554.141784][T27645] ? rcu_read_unlock+0x17/0x60 [ 554.141804][T27645] charge_memcg+0xa6/0x280 [ 554.141827][T27645] __mem_cgroup_charge+0x2b/0x1e0 [ 554.141845][T27645] do_anonymous_page+0xb62/0x1fb0 [ 554.141870][T27645] __handle_mm_fault+0x1d42/0x2b60 [ 554.141894][T27645] ? __pfx___handle_mm_fault+0x10/0x10 [ 554.141914][T27645] ? pte_offset_map_lock+0x174/0x320 [ 554.141937][T27645] ? find_held_lock+0x2b/0x80 [ 554.141966][T27645] ? follow_page_pte+0x5b3/0x1400 [ 554.141984][T27645] handle_mm_fault+0x36d/0xa20 [ 554.142006][T27645] __get_user_pages+0xf9c/0x34d0 [ 554.142029][T27645] ? __pfx___get_user_pages+0x10/0x10 [ 554.142049][T27645] populate_vma_page_range+0x267/0x3f0 [ 554.142067][T27645] ? __pfx_populate_vma_page_range+0x10/0x10 [ 554.142083][T27645] ? __pfx_find_vma_intersection+0x10/0x10 [ 554.142107][T27645] ? do_mmap+0x93f/0x12f0 [ 554.142123][T27645] __mm_populate+0x107/0x3a0 [ 554.142140][T27645] ? __pfx___mm_populate+0x10/0x10 [ 554.142157][T27645] ? up_write+0x290/0x4f0 [ 554.142179][T27645] vm_mmap_pgoff+0x37f/0x470 [ 554.142196][T27645] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 554.142220][T27645] ksys_mmap_pgoff+0xe1/0x650 [ 554.142244][T27645] ? kcov_ioctl+0x16a/0x720 [ 554.142265][T27645] ? kfree+0x2ec/0x6b0 [ 554.142281][T27645] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 554.142308][T27645] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 554.142337][T27645] __x64_sys_mmap+0x125/0x190 [ 554.142361][T27645] do_syscall_64+0x106/0xf80 [ 554.142377][T27645] ? clear_bhb_loop+0x40/0x90 [ 554.142395][T27645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.142410][T27645] RIP: 0033:0x7fb187f9c629 [ 554.142424][T27645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.142439][T27645] RSP: 002b:00007fb188f44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 554.142453][T27645] RAX: ffffffffffffffda RBX: 00007fb188215fa0 RCX: 00007fb187f9c629 [ 554.142463][T27645] RDX: 00000000000000df RSI: 0000000000400005 RDI: 0000000000000000 [ 554.142472][T27645] RBP: 00007fb188032b39 R08: 0000000000000002 R09: 0000000000008000 [ 554.142481][T27645] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 554.142490][T27645] R13: 00007fb188216038 R14: 00007fb188215fa0 R15: 00007ffdde25df88 [ 554.142510][T27645] [ 554.142515][T27645] memory: usage 3072kB, limit 3072kB, failcnt 48136 [ 554.512483][T27740] FAULT_INJECTION: forcing a failure. [ 554.512483][T27740] name failslab, interval 1, probability 0, space 0, times 0 [ 554.597029][T27740] CPU: 0 UID: 0 PID: 27740 Comm: syz.2.9564 Tainted: G U L syzkaller #0 PREEMPT(full) [ 554.597059][T27740] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 554.597065][T27740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 554.597075][T27740] Call Trace: [ 554.597080][T27740] [ 554.597087][T27740] dump_stack_lvl+0x100/0x190 [ 554.597114][T27740] should_fail_ex.cold+0x5/0xa [ 554.597133][T27740] should_failslab+0xc2/0x120 [ 554.597156][T27740] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 554.597177][T27740] ? alloc_empty_file+0x55/0x1c0 [ 554.597197][T27740] alloc_empty_file+0x55/0x1c0 [ 554.597214][T27740] alloc_file_pseudo+0x13a/0x230 [ 554.597231][T27740] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 554.597251][T27740] ? security_inode_init_security_anon+0x7b/0x230 [ 554.597286][T27740] __anon_inode_getfile+0xe8/0x280 [ 554.597305][T27740] new_userfaultfd+0x255/0x400 [ 554.597327][T27740] __x64_sys_userfaultfd+0x4b/0xb0 [ 554.597349][T27740] do_syscall_64+0x106/0xf80 [ 554.597364][T27740] ? clear_bhb_loop+0x40/0x90 [ 554.597382][T27740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.597398][T27740] RIP: 0033:0x7f0af079c629 [ 554.597411][T27740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.597425][T27740] RSP: 002b:00007f0aee9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 554.597440][T27740] RAX: ffffffffffffffda RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 554.597449][T27740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 554.597458][T27740] RBP: 00007f0af0832b39 R08: 0000000000000000 R09: 0000000000000000 [ 554.597466][T27740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.597474][T27740] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 554.597493][T27740] [ 555.198292][T27761] netlink: 'syz.0.9575': attribute type 11 has an invalid length. [ 555.229085][T27761] netlink: 'syz.0.9575': attribute type 11 has an invalid length. [ 555.260282][T27761] netlink: 'syz.0.9575': attribute type 11 has an invalid length. [ 555.347436][T27770] nbd: illegal input index 37139 [ 555.517985][T27645] memory+swap: usage 59168kB, limit 9007199254740988kB, failcnt 0 [ 555.552095][T27645] kmem: usage 956kB, limit 9007199254740988kB, failcnt 0 [ 555.591660][T27645] Memory cgroup stats for /syz1: [ 555.591870][T27645] cache 602112 [ 555.640356][T27645] rss 1286144 [ 555.669403][T27645] rss_huge 0 [ 555.679076][T27645] shmem 602112 [ 555.688721][T27645] mapped_file 0 [ 555.704495][T27645] dirty 0 [ 555.724108][T27645] writeback 0 [ 555.729955][T27783] net_ratelimit: 50 callbacks suppressed [ 555.729969][T27783] openvswitch: netlink: IP tunnel dst address not specified [ 555.749498][T27645] workingset_refault_anon 2921 [ 555.768494][T27645] workingset_refault_file 15972 [ 555.783317][T27645] swap 57688064 [ 555.794466][T27645] swapcached 193024000 [ 555.814443][T27645] pgpgin 194210 [ 555.835172][T27645] pgpgout 206377 [ 555.845145][T27645] pgfault 280858 [ 555.877938][T27645] pgmajfault 1392 [ 555.891269][T27645] inactive_anon 1536000 [ 555.915077][T27645] active_anon 352256 [ 555.933815][T27645] inactive_file 0 [ 555.950891][T27645] active_file 0 [ 555.966667][T27645] unevictable 0 [ 555.982685][T27645] hierarchical_memory_limit 3145728 [ 556.014993][T27645] hierarchical_memsw_limit 9223372036854771712 [ 556.044466][T27645] total_cache 602112 [ 556.068960][T27645] total_rss 1286144 [ 556.089562][T27645] total_rss_huge 0 [ 556.106846][T27645] total_shmem 602112 [ 556.115799][T27645] total_mapped_file 0 [ 556.128857][T27645] total_dirty 0 [ 556.146157][T27645] total_writeback 0 [ 556.165306][T27645] total_workingset_refault_anon 2921 [ 556.181445][T27645] total_workingset_refault_file 15972 [ 556.210650][T27645] total_swap 57688064 [ 556.233802][T27645] total_swapcached 193024000 [ 556.261748][T27645] total_pgpgin 194210 [ 556.285912][T27645] total_pgpgout 206377 [ 556.315563][T27645] total_pgfault 280858 [ 556.333323][T27645] total_pgmajfault 1392 [ 556.347069][T27645] total_inactive_anon 1536000 [ 556.367290][T27645] total_active_anon 352256 [ 556.412957][T27645] total_inactive_file 0 [ 556.424252][T27645] total_active_file 0 [ 556.442715][T27645] total_unevictable 0 [ 556.458348][T27645] anon_cost 0 [ 556.476240][T27645] file_cost 0 [ 556.496066][T27645] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.9360,pid=27125,uid=0 [ 556.574350][T27645] Memory cgroup out of memory: Killed process 27125 (syz.1.9360) total-vm:104272kB, anon-rss:1232kB, file-rss:56180kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:0 [ 556.654976][T27813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.706155][T27813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.924310][T27826] nbd: illegal input index -1073741824 [ 557.905511][T27865] vivid-007: ================= START STATUS ================= [ 557.913168][T27865] vivid-007: Enable Output Cropping: true grabbed [ 557.978897][T27865] vivid-007: Enable Output Composing: true grabbed [ 558.013336][T27865] vivid-007: Enable Output Scaler: true grabbed [ 558.063268][T27865] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 558.100533][T27865] vivid-007: Transmit Mode: HDMI grabbed [ 558.129846][T27865] vivid-007: Hotplug Present: 0x00000000 [ 558.181363][T27865] vivid-007: RxSense Present: 0x00000000 [ 558.213160][T27865] vivid-007: EDID Present: 0x00000000 [ 558.240642][T27865] vivid-007: ================== END STATUS ================== [ 558.268168][T27877] openvswitch: netlink: Key type 29 is not supported [ 558.459414][T27886] netlink: NAT attribute type 6 has unexpected length (4 != 2) [ 559.484377][T27938] No such timeout policy "" [ 559.526705][T27938] netlink: Failed to associated timeout policy '' [ 560.848637][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.856100][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 560.872310][T28011] netlink: set zone limit has 8 unknown bytes [ 562.987191][T28105] openvswitch: netlink: Flow key attribute not present in set flow. [ 563.227950][T28116] netlink: 'syz.3.9722': attribute type 11 has an invalid length. [ 563.235794][T28116] netlink: 'syz.3.9722': attribute type 11 has an invalid length. [ 563.312202][T28116] netlink: 'syz.3.9722': attribute type 11 has an invalid length. [ 563.504877][T28126] openvswitch: netlink: Duplicate or invalid key (type 0). [ 564.508629][T28175] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9746'. [ 566.537295][T28265] netlink: 'syz.2.9788': attribute type 1 has an invalid length. [ 566.696810][T28273] dlm: non-version read from control device 255 [ 566.823393][T28277] netlink: 'syz.1.9793': attribute type 11 has an invalid length. [ 567.859672][T28318] NFSD: Failed to start, no listeners configured. [ 568.249542][T28338] netlink: 'syz.3.9814': attribute type 4 has an invalid length. [ 568.281269][T28338] netlink: 'syz.3.9814': attribute type 1 has an invalid length. [ 568.354373][T28343] netlink: 'syz.0.9815': attribute type 1 has an invalid length. [ 569.248071][T28373] Process accounting resumed [ 569.771623][T28406] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9842'. [ 569.947296][T28411] openvswitch: netlink: IPv6 tunnel dst address is zero [ 571.534416][T28480] openvswitch: netlink: IP tunnel dst address not specified [ 571.742242][T28486] HfR: entered promiscuous mode [ 572.857065][T28537] netlink: NAT attribute has 4 unknown bytes [ 573.050017][T17789] Bluetooth: hci2: unexpected event 0x36 length: 123 > 7 [ 573.879739][T28590] openvswitch: netlink: IP tunnel dst address not specified [ 574.613073][T28624] openvswitch: netlink: IP tunnel TTL not specified. [ 574.902333][T28636] Process accounting resumed [ 575.726621][T28680] netlink: 'syz.1.9955': attribute type 11 has an invalid length. [ 576.359440][T28706] vivid-001: ================= START STATUS ================= [ 576.413532][T28706] vivid-001: Radio HW Seek Mode: Bounded [ 576.443377][T28706] vivid-001: Radio Programmable HW Seek: false [ 576.480266][T28706] vivid-001: RDS Rx I/O Mode: Block I/O [ 576.498635][T28706] vivid-001: Generate RBDS Instead of RDS: false [ 576.526809][T28706] vivid-001: RDS Reception: true [ 576.554175][T28706] vivid-001: RDS Program Type: 0 inactive [ 576.574391][T28706] vivid-001: RDS PS Name: inactive [ 576.618100][T28706] vivid-001: RDS Radio Text: inactive [ 576.647842][T28706] vivid-001: RDS Traffic Announcement: false inactive [ 576.674042][T28706] vivid-001: RDS Traffic Program: false inactive [ 576.709988][T28706] vivid-001: RDS Music: false inactive [ 576.721793][T28706] vivid-001: ================== END STATUS ================== [ 577.049620][T28736] netlink: 'syz.1.9976': attribute type 11 has an invalid length. [ 577.093523][T28736] netlink: 'syz.1.9976': attribute type 11 has an invalid length. [ 577.124561][T28736] netlink: 'syz.1.9976': attribute type 11 has an invalid length. [ 577.529773][T28771] netlink: 346 bytes leftover after parsing attributes in process `syz.1.9982'. [ 577.936438][T28789] openvswitch: netlink: IPv4 tunnel dst address is zero [ 580.491415][T28910] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 582.220034][T28985] FAULT_INJECTION: forcing a failure. [ 582.220034][T28985] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 582.288364][T28985] CPU: 0 UID: 0 PID: 28985 Comm: syz.0.10070 Tainted: G U L syzkaller #0 PREEMPT(full) [ 582.288394][T28985] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 582.288400][T28985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 582.288410][T28985] Call Trace: [ 582.288415][T28985] [ 582.288421][T28985] dump_stack_lvl+0x100/0x190 [ 582.288450][T28985] should_fail_ex.cold+0x5/0xa [ 582.288467][T28985] core_sys_select+0x938/0xbb0 [ 582.288493][T28985] ? __pfx_core_sys_select+0x10/0x10 [ 582.288533][T28985] ? ktime_get_ts64+0x2d2/0x3f0 [ 582.288549][T28985] ? read_tsc+0x9/0x20 [ 582.288564][T28985] ? ktime_get_ts64+0x256/0x3f0 [ 582.288580][T28985] kern_select+0x20c/0x270 [ 582.288603][T28985] ? __pfx_kern_select+0x10/0x10 [ 582.288629][T28985] __x64_sys_select+0xbd/0x160 [ 582.288650][T28985] ? do_syscall_64+0x95/0xf80 [ 582.288666][T28985] ? lockdep_hardirqs_on+0x78/0x100 [ 582.288687][T28985] do_syscall_64+0x106/0xf80 [ 582.288702][T28985] ? clear_bhb_loop+0x40/0x90 [ 582.288721][T28985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.288736][T28985] RIP: 0033:0x7f4674d9c629 [ 582.288749][T28985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 582.288764][T28985] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 582.288778][T28985] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 582.288788][T28985] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 582.288797][T28985] RBP: 00007f4674e32b39 R08: 00002000000001c0 R09: 0000000000000000 [ 582.288805][T28985] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000 [ 582.288814][T28985] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 582.288833][T28985] [ 583.168860][T29024] netlink: 'syz.2.10086': attribute type 11 has an invalid length. [ 583.518999][T29045] netlink: 148 bytes leftover after parsing attributes in process `syz.3.10094'. [ 584.647252][T29108] netlink: 'syz.3.10107': attribute type 3 has an invalid length. [ 584.747210][T29114] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 585.394933][T29156] netlink: 206 bytes leftover after parsing attributes in process `syz.3.10124'. [ 585.787622][T29178] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 585.960969][T29183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10131'. [ 586.025517][T29190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10134'. [ 586.344146][T29203] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 587.510766][T29272] netlink: 'syz.1.10158': attribute type 1 has an invalid length. [ 587.870835][T29290] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 589.239408][T29353] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10191'. [ 589.456318][T29359] netlink: zone id is out of range [ 589.856961][T29374] __vm_enough_memory: pid: 29374, comm: syz.2.10200, bytes: 4398046511104 not enough memory for the allocation [ 589.895592][T29375] FAULT_INJECTION: forcing a failure. [ 589.895592][T29375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.940839][T29375] CPU: 0 UID: 0 PID: 29375 Comm: syz.0.10201 Tainted: G U L syzkaller #0 PREEMPT(full) [ 589.940869][T29375] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 589.940875][T29375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 589.940884][T29375] Call Trace: [ 589.940889][T29375] [ 589.940896][T29375] dump_stack_lvl+0x100/0x190 [ 589.940923][T29375] should_fail_ex.cold+0x5/0xa [ 589.940941][T29375] _copy_to_user+0x32/0xd0 [ 589.940965][T29375] poll_select_finish+0x32f/0x670 [ 589.940987][T29375] ? __pfx_poll_select_finish+0x10/0x10 [ 589.941010][T29375] ? ktime_get_ts64+0x2d2/0x3f0 [ 589.941027][T29375] ? read_tsc+0x9/0x20 [ 589.941042][T29375] ? ktime_get_ts64+0x256/0x3f0 [ 589.941058][T29375] kern_select+0x21b/0x270 [ 589.941081][T29375] ? __pfx_kern_select+0x10/0x10 [ 589.941108][T29375] __x64_sys_select+0xbd/0x160 [ 589.941145][T29375] ? do_syscall_64+0x95/0xf80 [ 589.941162][T29375] ? lockdep_hardirqs_on+0x78/0x100 [ 589.941178][T29375] do_syscall_64+0x106/0xf80 [ 589.941192][T29375] ? clear_bhb_loop+0x40/0x90 [ 589.941211][T29375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.941225][T29375] RIP: 0033:0x7f4674d9c629 [ 589.941238][T29375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 589.941254][T29375] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 589.941269][T29375] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 589.941278][T29375] RDX: 0000200000000d00 RSI: 0000200000000180 RDI: 0000000000000092 [ 589.941287][T29375] RBP: 00007f4674e32b39 R08: 0000200000000e00 R09: 0000000000000000 [ 589.941296][T29375] R10: 0000200000000d80 R11: 0000000000000246 R12: 0000000000000000 [ 589.941304][T29375] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 589.941323][T29375] [ 590.490992][T29395] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10208'. [ 591.942610][T29466] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 593.580475][T29558] FAULT_INJECTION: forcing a failure. [ 593.580475][T29558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 593.642736][T29558] CPU: 0 UID: 0 PID: 29558 Comm: syz.2.10262 Tainted: G U L syzkaller #0 PREEMPT(full) [ 593.642768][T29558] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 593.642774][T29558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 593.642784][T29558] Call Trace: [ 593.642789][T29558] [ 593.642795][T29558] dump_stack_lvl+0x100/0x190 [ 593.642827][T29558] should_fail_ex.cold+0x5/0xa [ 593.642846][T29558] core_sys_select+0x9b9/0xbb0 [ 593.642878][T29558] ? __pfx_core_sys_select+0x10/0x10 [ 593.642923][T29558] ? ktime_get_ts64+0x2d2/0x3f0 [ 593.642939][T29558] ? read_tsc+0x9/0x20 [ 593.642956][T29558] ? ktime_get_ts64+0x256/0x3f0 [ 593.642974][T29558] kern_select+0x20c/0x270 [ 593.643009][T29558] ? __pfx_kern_select+0x10/0x10 [ 593.643043][T29558] __x64_sys_select+0xbd/0x160 [ 593.643067][T29558] ? do_syscall_64+0x95/0xf80 [ 593.643084][T29558] ? lockdep_hardirqs_on+0x78/0x100 [ 593.643100][T29558] do_syscall_64+0x106/0xf80 [ 593.643118][T29558] ? clear_bhb_loop+0x40/0x90 [ 593.643138][T29558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.643154][T29558] RIP: 0033:0x7f0af079c629 [ 593.643168][T29558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 593.643186][T29558] RSP: 002b:00007f0aee9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 593.643203][T29558] RAX: ffffffffffffffda RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 593.643215][T29558] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 593.643223][T29558] RBP: 00007f0af0832b39 R08: 00002000000001c0 R09: 0000000000000000 [ 593.643234][T29558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.643244][T29558] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 593.643263][T29558] [ 594.819523][T29607] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 595.581074][T17789] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 595.581100][T17789] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 595.596127][T17789] Bluetooth: hci1: Dropping invalid advertising data [ 595.603019][T17789] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 595.603041][T17789] Bluetooth: hci1: Dropping invalid advertising data [ 595.617037][T17789] Bluetooth: hci1: Malformed LE Event: 0x02 [ 596.356258][T29691] netlink: 'syz.2.10309': attribute type 1 has an invalid length. [ 596.599079][T29706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10315'. [ 597.098206][T29731] CIFS mount error: No usable UNC path provided in device string! [ 597.098206][T29731] [ 597.157275][T29731] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 597.360172][T29741] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 598.951879][T29814] IPVS: length: 131 != 8 [ 599.214047][T29823] Process accounting paused [ 600.128004][T29869] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 600.333795][T29877] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10387'. [ 600.390316][T29877] netlink: 29 bytes leftover after parsing attributes in process `syz.2.10387'. [ 600.586654][T29887] zram0: detected capacity change from 8 to 0 [ 600.625398][T29887] zram: Removed device: zram0 [ 600.835570][T17789] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 600.835595][T17789] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 600.850520][T17789] Bluetooth: hci3: Dropping invalid advertising data [ 600.858727][T17789] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 600.858752][T17789] Bluetooth: hci3: Dropping invalid advertising data [ 600.875318][T17789] Bluetooth: hci3: Malformed LE Event: 0x02 [ 600.887831][T29901] netlink: 'syz.1.10397': attribute type 2 has an invalid length. [ 601.629953][T29955] netlink: 'syz.0.10409': attribute type 2 has an invalid length. [ 603.568460][T30052] bonding: no command found in bonding_masters - use +ifname or -ifname [ 604.452780][T30088] netlink: 'syz.2.10468': attribute type 1 has an invalid length. [ 604.863695][T30107] Process accounting paused [ 605.505249][T30150] netlink: 'syz.2.10495': attribute type 1 has an invalid length. [ 605.554192][T30150] nbd: error processing sock list [ 606.801279][T30204] netlink: 'syz.1.10516': attribute type 1 has an invalid length. [ 607.274274][T30227] ksmbd: Unknown IPC event: 14, ignore. [ 607.296343][ T29] audit: type=1800 audit(4295051435.450:41): pid=30229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10528" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 607.363846][T30231] netlink: 342 bytes leftover after parsing attributes in process `syz.2.10529'. [ 608.452509][T30279] netlink: 'syz.2.10551': attribute type 1 has an invalid length. [ 608.504004][T30283] FAULT_INJECTION: forcing a failure. [ 608.504004][T30283] name failslab, interval 1, probability 0, space 0, times 0 [ 608.565866][T30283] CPU: 0 UID: 0 PID: 30283 Comm: syz.0.10552 Tainted: G U L syzkaller #0 PREEMPT(full) [ 608.565895][T30283] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 608.565901][T30283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 608.565910][T30283] Call Trace: [ 608.565915][T30283] [ 608.565922][T30283] dump_stack_lvl+0x100/0x190 [ 608.565948][T30283] should_fail_ex.cold+0x5/0xa [ 608.565967][T30283] should_failslab+0xc2/0x120 [ 608.565990][T30283] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 608.566010][T30283] ? alloc_empty_file+0x55/0x1c0 [ 608.566030][T30283] alloc_empty_file+0x55/0x1c0 [ 608.566048][T30283] alloc_file_pseudo+0x13a/0x230 [ 608.566065][T30283] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 608.566080][T30283] ? alloc_fd+0x476/0x790 [ 608.566102][T30283] ? do_raw_spin_unlock+0x145/0x1e0 [ 608.566125][T30283] __anon_inode_getfile+0xe8/0x280 [ 608.566150][T30283] anon_inode_getfile_fmode+0x37/0xa0 [ 608.566168][T30283] __do_sys_fanotify_init+0xa79/0xe50 [ 608.566192][T30283] do_syscall_64+0x106/0xf80 [ 608.566208][T30283] ? clear_bhb_loop+0x40/0x90 [ 608.566226][T30283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.566241][T30283] RIP: 0033:0x7f4674d9c629 [ 608.566255][T30283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 608.566270][T30283] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 608.566285][T30283] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 608.566294][T30283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 608.566303][T30283] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 608.566311][T30283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.566320][T30283] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 608.566338][T30283] [ 608.886999][T30291] netlink: 'syz.2.10556': attribute type 1 has an invalid length. [ 609.507877][T30324] netlink: 'syz.0.10570': attribute type 2 has an invalid length. [ 610.811135][T30378] netlink: 'syz.0.10591': attribute type 11 has an invalid length. [ 613.471082][T30485] bridge0: port 3(syz_tun) entered blocking state [ 613.497957][T30485] bridge0: port 3(syz_tun) entered disabled state [ 613.531938][T30485] syz_tun: entered allmulticast mode [ 613.557936][T30485] syz_tun: entered promiscuous mode [ 613.565042][T30489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10638'. [ 613.590211][T30485] bridge0: port 3(syz_tun) entered blocking state [ 613.597011][T30485] bridge0: port 3(syz_tun) entered forwarding state [ 614.762725][T30532] FAULT_INJECTION: forcing a failure. [ 614.762725][T30532] name failslab, interval 1, probability 0, space 0, times 0 [ 614.821192][T30532] CPU: 0 UID: 0 PID: 30532 Comm: syz.2.10658 Tainted: G U L syzkaller #0 PREEMPT(full) [ 614.821223][T30532] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 614.821229][T30532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 614.821239][T30532] Call Trace: [ 614.821244][T30532] [ 614.821250][T30532] dump_stack_lvl+0x100/0x190 [ 614.821277][T30532] should_fail_ex.cold+0x5/0xa [ 614.821295][T30532] should_failslab+0xc2/0x120 [ 614.821318][T30532] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 614.821338][T30532] ? sk_prot_alloc+0x60/0x2a0 [ 614.821356][T30532] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 614.821375][T30532] ? security_inode_alloc+0x3b/0x2c0 [ 614.821397][T30532] sk_prot_alloc+0x60/0x2a0 [ 614.821417][T30532] sk_alloc+0x36/0xe80 [ 614.821431][T30532] __vsock_create.constprop.0+0x3c/0xba0 [ 614.821453][T30532] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 614.821478][T30532] vsock_create+0x126/0x510 [ 614.821494][T30532] __sock_create+0x339/0x860 [ 614.821518][T30532] __sys_socket+0x14d/0x260 [ 614.821539][T30532] ? __pfx___sys_socket+0x10/0x10 [ 614.821566][T30532] __x64_sys_socket+0x72/0xb0 [ 614.821587][T30532] ? lockdep_hardirqs_on+0x78/0x100 [ 614.821602][T30532] do_syscall_64+0x106/0xf80 [ 614.821617][T30532] ? clear_bhb_loop+0x40/0x90 [ 614.821635][T30532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.821649][T30532] RIP: 0033:0x7f0af079c629 [ 614.821663][T30532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 614.821677][T30532] RSP: 002b:00007f0aee9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 614.821691][T30532] RAX: ffffffffffffffda RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 614.821702][T30532] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000028 [ 614.821711][T30532] RBP: 00007f0af0832b39 R08: 0000000000000000 R09: 0000000000000000 [ 614.821720][T30532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.821730][T30532] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 614.821749][T30532] [ 615.422983][T30539] bridge0: port 3(dummy0) entered blocking state [ 615.469204][T30539] bridge0: port 3(dummy0) entered disabled state [ 615.509811][T30539] dummy0: entered allmulticast mode [ 615.529345][T30539] dummy0: entered promiscuous mode [ 615.565663][T30539] bridge0: port 3(dummy0) entered blocking state [ 615.572130][T30539] bridge0: port 3(dummy0) entered forwarding state [ 615.857456][T30556] sctp: [Deprecated]: syz.0.10669 (pid 30556) Use of int in maxseg socket option. [ 615.857456][T30556] Use struct sctp_assoc_value instead [ 616.077342][T30520] kexec: Could not allocate control_code_buffer [ 616.396543][T30574] hugetlbfs: syz.3.10676 (30574): Using mlock ulimits for SHM_HUGETLB is obsolete [ 617.952059][T30633] could not allocate digest TFM handle  [ 620.203983][T30721] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10737'. [ 621.152422][T30744] random: crng reseeded on system resumption [ 621.969379][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 621.976428][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 622.042696][T30781] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10759'. [ 622.351619][T30742] Invalid ELF header len 5 [ 622.570560][T30798] sctp: [Deprecated]: syz.0.10766 (pid 30798) Use of struct sctp_assoc_value in delayed_ack socket option. [ 622.570560][T30798] Use struct sctp_sack_info instead [ 624.939998][T30884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10800'. [ 624.979134][T30884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10800'. [ 625.453920][ T29] audit: type=1326 audit(4295051453.704:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30896 comm="syz.3.10807" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f98ff99c629 code=0x0 [ 625.786208][T30911] random: crng reseeded on system resumption [ 626.914046][T30950] syz.2.10828 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 627.085429][T30950] CPU: 0 UID: 0 PID: 30950 Comm: syz.2.10828 Tainted: G U L syzkaller #0 PREEMPT(full) [ 627.085461][T30950] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 627.085467][T30950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 627.085476][T30950] Call Trace: [ 627.085482][T30950] [ 627.085488][T30950] dump_stack_lvl+0x100/0x190 [ 627.085514][T30950] dump_header+0xfb/0x606 [ 627.085531][T30950] oom_kill_process.cold+0xd/0x330 [ 627.085548][T30950] out_of_memory+0x340/0x14f0 [ 627.085573][T30950] ? __pfx_out_of_memory+0x10/0x10 [ 627.085597][T30950] mem_cgroup_out_of_memory+0xc6/0x130 [ 627.085617][T30950] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 627.085634][T30950] ? find_held_lock+0x2b/0x80 [ 627.085660][T30950] ? do_raw_spin_unlock+0x145/0x1e0 [ 627.085680][T30950] ? _raw_spin_unlock+0x28/0x50 [ 627.085706][T30950] try_charge_memcg+0x652/0xc90 [ 627.085733][T30950] ? __pfx_try_charge_memcg+0x10/0x10 [ 627.085760][T30950] ? find_held_lock+0x2b/0x80 [ 627.085781][T30950] ? rcu_read_unlock+0x17/0x60 [ 627.085794][T30950] ? rcu_read_unlock+0x17/0x60 [ 627.085811][T30950] charge_memcg+0xa6/0x280 [ 627.085833][T30950] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 627.085852][T30950] __swap_cache_prepare_and_add+0x528/0x9e0 [ 627.085880][T30950] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 627.085898][T30950] ? __pfx_swap_entry_swapped+0x10/0x10 [ 627.085926][T30950] swap_cache_alloc_folio+0x1cb/0x300 [ 627.085946][T30950] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 627.085965][T30950] ? lockdep_hardirqs_on+0x78/0x100 [ 627.085981][T30950] ? finish_task_switch.isra.0+0x205/0xb80 [ 627.085999][T30950] swap_cluster_readahead+0x411/0x770 [ 627.086023][T30950] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 627.086055][T30950] ? get_vma_policy+0x23f/0x3b0 [ 627.086071][T30950] swapin_readahead+0x160/0x12c0 [ 627.086097][T30950] ? __pfx_swapin_readahead+0x10/0x10 [ 627.086114][T30950] ? find_held_lock+0x2b/0x80 [ 627.086136][T30950] ? swap_table_get+0x103/0x2c0 [ 627.086152][T30950] ? swap_table_get+0x103/0x2c0 [ 627.086172][T30950] ? swap_table_get+0x10d/0x2c0 [ 627.086195][T30950] ? swap_cache_get_folio+0x1ae/0x600 [ 627.086214][T30950] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 627.086231][T30950] ? __pfx_get_swap_device+0x10/0x10 [ 627.086257][T30950] ? do_swap_page+0xb2e/0x68e0 [ 627.086274][T30950] do_swap_page+0xb2e/0x68e0 [ 627.086301][T30950] ? __pfx_do_swap_page+0x10/0x10 [ 627.086324][T30950] ? rcu_is_watching+0x12/0xc0 [ 627.086345][T30950] ? __pte_offset_map+0x179/0x310 [ 627.086370][T30950] __handle_mm_fault+0x18c1/0x2b60 [ 627.086392][T30950] ? reacquire_held_locks+0xce/0x1e0 [ 627.086409][T30950] ? __pfx___handle_mm_fault+0x10/0x10 [ 627.086431][T30950] ? lock_vma_under_rcu+0x17c/0x590 [ 627.086460][T30950] handle_mm_fault+0x36d/0xa20 [ 627.086482][T30950] do_user_addr_fault+0x5a3/0x12f0 [ 627.086510][T30950] exc_page_fault+0x6f/0xd0 [ 627.086526][T30950] asm_exc_page_fault+0x26/0x30 [ 627.086540][T30950] RIP: 0033:0x7f0af0760811 [ 627.086554][T30950] Code: 00 48 85 ff 0f 84 07 03 00 00 80 3d f8 bf de 00 1f 0f 87 2a 01 00 00 b8 80 00 00 00 41 bd 02 00 00 00 bb 20 00 00 00 48 01 e8 <48> 8b 70 08 48 8d 48 f0 48 39 f1 0f 84 89 fd ff ff 48 8b 56 18 48 [ 627.086567][T30950] RSP: 002b:00007ffdcf088ee0 EFLAGS: 00010206 [ 627.086580][T30950] RAX: 00007f0af09ebfa0 RBX: 0000000000000120 RCX: 0000000000000000 [ 627.086589][T30950] RDX: 0000000000000001 RSI: 0000000000000110 RDI: 00007f0af09ebe20 [ 627.086598][T30950] RBP: 00007f0af09ebe20 R08: 00000000ffffffff R09: 0000000000000000 [ 627.086607][T30950] R10: 0000000000021000 R11: 0000000000000206 R12: 0000000000000110 [ 627.086615][T30950] R13: 0000000000000012 R14: 00007f0af09ebe20 R15: 0000000000000000 [ 627.086634][T30950] [ 627.086661][T30950] memory: usage 3072kB, limit 3072kB, failcnt 71821 [ 628.303033][T30993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10844'. [ 628.457690][T30950] memory+swap: usage 3380kB, limit 9007199254740988kB, failcnt 0 [ 628.495302][T30950] kmem: usage 3064kB, limit 9007199254740988kB, failcnt 0 [ 628.533663][T30950] Memory cgroup stats for /syz2: [ 628.533888][T30950] cache 0 [ 628.592797][T30950] rss 4096 [ 628.595839][T30950] rss_huge 0 [ 628.621068][T30950] shmem 0 [ 628.631091][T30950] mapped_file 0 [ 628.634554][T30950] dirty 0 [ 628.654998][T30950] writeback 4096 [ 628.679038][T30950] workingset_refault_anon 3884 [ 628.717990][T30950] workingset_refault_file 12070 [ 628.722854][T30950] swap 315392 [ 628.726136][T30950] swapcached 299155456 [ 628.780335][T30950] pgpgin 284433 [ 628.804469][T30950] pgpgout 291848 [ 628.822320][T30950] pgfault 335232 [ 628.825885][T30950] pgmajfault 2352 [ 628.862967][T30950] inactive_anon 8192 [ 628.873247][T30950] active_anon 0 [ 628.898161][T30950] inactive_file 0 [ 628.901807][T30950] active_file 0 [ 628.949468][T30950] unevictable 0 [ 628.969523][T30950] hierarchical_memory_limit 3145728 [ 629.027753][T30950] hierarchical_memsw_limit 9223372036854771712 [ 629.033942][T30950] total_cache 0 [ 629.098381][T30950] total_rss 4096 [ 629.123443][T30950] total_rss_huge 0 [ 629.154638][T30950] total_shmem 0 [ 629.158117][T30950] total_mapped_file 0 [ 629.216934][T30950] total_dirty 0 [ 629.241190][T30950] total_writeback 4096 [ 629.267927][T30950] total_workingset_refault_anon 3884 [ 629.307578][T30950] total_workingset_refault_file 12070 [ 629.338832][T30950] total_swap 315392 [ 629.366810][T30950] total_swapcached 299155456 [ 629.396545][T30950] total_pgpgin 284433 [ 629.400550][T30950] total_pgpgout 291848 [ 629.453095][T30950] total_pgfault 335232 [ 629.457179][T30950] total_pgmajfault 2352 [ 629.461310][T30950] total_inactive_anon 8192 [ 629.504817][T30950] total_active_anon 0 [ 629.508925][T30950] total_inactive_file 0 [ 629.550046][T30950] total_active_file 0 [ 629.566694][T30950] total_unevictable 0 [ 629.570690][T30950] anon_cost 0 [ 629.581665][T31014] Process accounting resumed [ 629.600473][T30950] file_cost 512 [ 629.622328][T30950] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.10828,pid=30950,uid=0 [ 629.760458][T30950] Memory cgroup out of memory: Killed process 30950 (syz.2.10828) total-vm:104404kB, anon-rss:1232kB, file-rss:22632kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 631.295923][T31089] netlink: 342 bytes leftover after parsing attributes in process `syz.3.10884'. [ 631.493421][T31097] netlink: 'syz.3.10888': attribute type 1 has an invalid length. [ 634.415043][T31197] ovs_: entered promiscuous mode [ 634.817483][T31207] netlink: 'syz.1.10927': attribute type 33 has an invalid length. [ 634.951870][T31188] Process accounting resumed [ 635.770998][T31241] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10943'. [ 636.210263][T31255] bridge0: port 3(bond0) entered blocking state [ 636.246480][T31255] bridge0: port 3(bond0) entered disabled state [ 636.284471][T31255] bond0: entered allmulticast mode [ 636.317897][T31255] bond_slave_0: entered allmulticast mode [ 636.345254][T31255] bond_slave_1: entered allmulticast mode [ 636.383473][T31255] bond0: entered promiscuous mode [ 636.393106][T31255] bond_slave_0: entered promiscuous mode [ 636.434186][T31255] bond_slave_1: entered promiscuous mode [ 636.462335][T31255] bridge0: port 3(bond0) entered blocking state [ 636.468710][T31255] bridge0: port 3(bond0) entered forwarding state [ 638.717292][T31344] bridge0: port 3(bond0) entered blocking state [ 638.769136][T31344] bridge0: port 3(bond0) entered disabled state [ 638.812596][T31344] bond0: entered allmulticast mode [ 638.852802][T31344] bond_slave_0: entered allmulticast mode [ 638.894324][T31344] bond_slave_1: entered allmulticast mode [ 638.941905][T31344] bond0: entered promiscuous mode [ 638.982001][T31344] bond_slave_0: entered promiscuous mode [ 639.025308][T31344] bond_slave_1: entered promiscuous mode [ 639.064329][T31344] bridge0: port 3(bond0) entered blocking state [ 639.070740][T31344] bridge0: port 3(bond0) entered forwarding state [ 639.940457][T31384] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 641.498345][T31433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11013'. [ 644.546258][T31566] FAULT_INJECTION: forcing a failure. [ 644.546258][T31566] name failslab, interval 1, probability 0, space 0, times 0 [ 644.617872][T31566] CPU: 0 UID: 0 PID: 31566 Comm: syz.0.11056 Tainted: G U L syzkaller #0 PREEMPT(full) [ 644.617919][T31566] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 644.617925][T31566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 644.617935][T31566] Call Trace: [ 644.617940][T31566] [ 644.617946][T31566] dump_stack_lvl+0x100/0x190 [ 644.617974][T31566] should_fail_ex.cold+0x5/0xa [ 644.617992][T31566] should_failslab+0xc2/0x120 [ 644.618023][T31566] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 644.618043][T31566] ? sk_prot_alloc+0x60/0x2a0 [ 644.618065][T31566] sk_prot_alloc+0x60/0x2a0 [ 644.618084][T31566] sk_alloc+0x36/0xe80 [ 644.618098][T31566] pn_socket_create+0x22d/0x560 [ 644.618122][T31566] __sock_create+0x339/0x860 [ 644.618145][T31566] __sys_socket+0x14d/0x260 [ 644.618166][T31566] ? __pfx___sys_socket+0x10/0x10 [ 644.618192][T31566] __x64_sys_socket+0x72/0xb0 [ 644.618212][T31566] ? lockdep_hardirqs_on+0x78/0x100 [ 644.618228][T31566] do_syscall_64+0x106/0xf80 [ 644.618243][T31566] ? clear_bhb_loop+0x40/0x90 [ 644.618260][T31566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.618275][T31566] RIP: 0033:0x7f4674d9c629 [ 644.618289][T31566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 644.618303][T31566] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 644.618317][T31566] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 644.618327][T31566] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000023 [ 644.618335][T31566] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 644.618344][T31566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 644.618352][T31566] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 644.618371][T31566] [ 647.715452][T31654] IPVS: length: 7562853 != 24 [ 648.589509][T31676] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 648.654417][T31676] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 648.859823][T31676] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 648.909337][T31676] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 648.946635][T31682] syz.1.11105 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 649.041369][T31676] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 649.079446][T31682] CPU: 0 UID: 0 PID: 31682 Comm: syz.1.11105 Tainted: G U L syzkaller #0 PREEMPT(full) [ 649.079474][T31682] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 649.079480][T31682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 649.079489][T31682] Call Trace: [ 649.079494][T31682] [ 649.079500][T31682] dump_stack_lvl+0x100/0x190 [ 649.079526][T31682] dump_header+0xfb/0x606 [ 649.079542][T31682] oom_kill_process.cold+0xd/0x330 [ 649.079560][T31682] out_of_memory+0x340/0x14f0 [ 649.079584][T31682] ? __pfx_out_of_memory+0x10/0x10 [ 649.079609][T31682] mem_cgroup_out_of_memory+0xc6/0x130 [ 649.079628][T31682] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 649.079652][T31682] ? find_held_lock+0x2b/0x80 [ 649.079677][T31682] ? do_raw_spin_unlock+0x145/0x1e0 [ 649.079698][T31682] ? _raw_spin_unlock+0x28/0x50 [ 649.079724][T31682] try_charge_memcg+0x652/0xc90 [ 649.079751][T31682] ? __pfx_try_charge_memcg+0x10/0x10 [ 649.079778][T31682] ? find_held_lock+0x2b/0x80 [ 649.079799][T31682] ? rcu_read_unlock+0x17/0x60 [ 649.079812][T31682] ? rcu_read_unlock+0x17/0x60 [ 649.079828][T31682] charge_memcg+0xa6/0x280 [ 649.079851][T31682] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 649.079870][T31682] __swap_cache_prepare_and_add+0x528/0x9e0 [ 649.079898][T31682] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 649.079916][T31682] ? __pfx_swap_entry_swapped+0x10/0x10 [ 649.079944][T31682] swap_cache_alloc_folio+0x1cb/0x300 [ 649.079964][T31682] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 649.079984][T31682] ? finish_task_switch.isra.0+0x2c6/0xb80 [ 649.080002][T31682] swap_cluster_readahead+0x53b/0x770 [ 649.080023][T31682] ? __lock_acquire+0x4a5/0x2630 [ 649.080041][T31682] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 649.080073][T31682] ? get_vma_policy+0x23f/0x3b0 [ 649.080089][T31682] swapin_readahead+0x160/0x12c0 [ 649.080115][T31682] ? __pfx_swapin_readahead+0x10/0x10 [ 649.080132][T31682] ? find_held_lock+0x2b/0x80 [ 649.080154][T31682] ? swap_table_get+0x103/0x2c0 [ 649.080170][T31682] ? swap_table_get+0x103/0x2c0 [ 649.080190][T31682] ? swap_table_get+0x10d/0x2c0 [ 649.080207][T31682] ? swap_cache_get_folio+0x1ae/0x600 [ 649.080226][T31682] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 649.080243][T31682] ? __pfx_get_swap_device+0x10/0x10 [ 649.080269][T31682] ? do_swap_page+0xb2e/0x68e0 [ 649.080285][T31682] do_swap_page+0xb2e/0x68e0 [ 649.080312][T31682] ? __pfx_do_swap_page+0x10/0x10 [ 649.080334][T31682] ? rcu_is_watching+0x12/0xc0 [ 649.080355][T31682] ? __pte_offset_map+0x179/0x310 [ 649.080380][T31682] __handle_mm_fault+0x18c1/0x2b60 [ 649.080401][T31682] ? reacquire_held_locks+0xce/0x1e0 [ 649.080419][T31682] ? __pfx___handle_mm_fault+0x10/0x10 [ 649.080440][T31682] ? lock_vma_under_rcu+0x17c/0x590 [ 649.080469][T31682] handle_mm_fault+0x36d/0xa20 [ 649.080491][T31682] do_user_addr_fault+0x5a3/0x12f0 [ 649.080519][T31682] exc_page_fault+0x6f/0xd0 [ 649.080535][T31682] asm_exc_page_fault+0x26/0x30 [ 649.080549][T31682] RIP: 0033:0x7fb187f63092 [ 649.080563][T31682] Code: 00 00 48 f7 d8 48 85 d2 48 c7 c2 00 00 00 fc 48 0f 44 c2 4c 21 e8 48 03 40 18 4c 29 e8 49 39 c4 4c 0f 42 e0 48 89 de 48 89 ef 29 d3 ff ff 48 85 c0 0f 84 50 01 00 00 48 8b 50 f8 f6 c2 02 0f [ 649.080576][T31682] RSP: 002b:00007ffdde25ded0 EFLAGS: 00010246 [ 649.080589][T31682] RAX: 0000000000000000 RBX: 0000000000000110 RCX: 0000000000000000 [ 649.080598][T31682] RDX: 0000000000000001 RSI: 0000000000000110 RDI: 00007fb1881ebe20 [ 649.080606][T31682] RBP: 00007fb1881ebe20 R08: 00000000ffffffff R09: 0000000000000000 [ 649.080615][T31682] R10: 0000000000021000 R11: 0000000000000206 R12: 0000000000020500 [ 649.080623][T31682] R13: 000055555caa2b00 R14: 00007fb1881ebe20 R15: 0000000000000000 [ 649.080647][T31682] [ 649.440818][T31676] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 649.810334][T31682] memory: usage 1252kB, limit 3072kB, failcnt 84642 [ 649.827282][T31682] memory+swap: usage 1652kB, limit 9007199254740988kB, failcnt 0 [ 649.845593][T31682] kmem: usage 1012kB, limit 9007199254740988kB, failcnt 0 [ 649.857163][T31682] Memory cgroup stats for /syz1: [ 649.857275][T31682] cache 0 [ 649.875577][T31682] rss 16384 [ 649.886838][T31682] rss_huge 0 [ 649.890073][T31682] shmem 0 [ 649.892991][T31682] mapped_file 0 [ 649.896437][T31682] dirty 0 [ 649.906649][T31682] writeback 0 [ 649.916568][T31682] workingset_refault_anon 4587 [ 649.926536][T31682] workingset_refault_file 23138 [ 649.931389][T31682] swap 401408 [ 649.944900][T31682] swapcached 341757952 [ 649.956406][T31682] pgpgin 263701 [ 649.959879][T31682] pgpgout 287567 [ 649.963400][T31682] pgfault 346169 [ 650.014405][T31682] pgmajfault 2339 [ 650.028239][T31682] inactive_anon 0 [ 650.031916][T31682] active_anon 16384 [ 650.035701][T31682] inactive_file 0 [ 650.059547][T31682] active_file 0 [ 650.063023][T31682] unevictable 0 [ 650.085746][T31682] hierarchical_memory_limit 3145728 [ 650.105642][T31682] hierarchical_memsw_limit 9223372036854771712 [ 650.111837][T31682] total_cache 0 [ 650.115273][T31682] total_rss 16384 [ 650.125499][T31682] total_rss_huge 0 [ 650.129231][T31682] total_shmem 0 [ 650.142846][T31682] total_mapped_file 0 [ 650.155348][T31682] total_dirty 0 [ 650.158853][T31682] total_writeback 0 [ 650.162642][T31682] total_workingset_refault_anon 4587 [ 650.180243][T31682] total_workingset_refault_file 23138 [ 650.195217][T31682] total_swap 401408 [ 650.200726][T31682] total_swapcached 341757952 [ 650.215237][T31682] total_pgpgin 263701 [ 650.220098][T31682] total_pgpgout 287567 [ 650.224148][T31682] total_pgfault 346169 [ 650.234937][T31682] total_pgmajfault 2339 [ 650.249291][T31682] total_inactive_anon 0 [ 650.253455][T31682] total_active_anon 16384 [ 650.271987][T31682] total_inactive_file 0 [ 650.290489][T31682] total_active_file 0 [ 650.294488][T31682] total_unevictable 0 [ 650.334434][T31682] anon_cost 0 [ 650.338996][T31682] file_cost 0 [ 650.342268][T31682] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11105,pid=31682,uid=0 [ 650.391638][T31682] Memory cgroup out of memory: Killed process 31682 (syz.1.11105) total-vm:104404kB, anon-rss:1256kB, file-rss:22044kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:0 [ 650.472628][ T5822] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 650.522422][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 650.522451][ T5822] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 650.522456][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 650.522466][ T5822] Call Trace: [ 650.522472][ T5822] [ 650.522479][ T5822] dump_stack_lvl+0x100/0x190 [ 650.522504][ T5822] dump_header+0xfb/0x606 [ 650.522520][ T5822] oom_kill_process.cold+0xd/0x330 [ 650.522538][ T5822] out_of_memory+0x340/0x14f0 [ 650.522562][ T5822] ? __pfx_out_of_memory+0x10/0x10 [ 650.522587][ T5822] mem_cgroup_out_of_memory+0xc6/0x130 [ 650.522606][ T5822] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 650.522632][ T5822] ? find_held_lock+0x2b/0x80 [ 650.522658][ T5822] ? do_raw_spin_unlock+0x145/0x1e0 [ 650.522679][ T5822] ? _raw_spin_unlock+0x28/0x50 [ 650.522705][ T5822] try_charge_memcg+0x652/0xc90 [ 650.522731][ T5822] ? __pfx_try_charge_memcg+0x10/0x10 [ 650.522758][ T5822] ? find_held_lock+0x2b/0x80 [ 650.522779][ T5822] ? rcu_read_unlock+0x17/0x60 [ 650.522792][ T5822] ? rcu_read_unlock+0x17/0x60 [ 650.522808][ T5822] charge_memcg+0xa6/0x280 [ 650.522831][ T5822] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 650.522850][ T5822] __swap_cache_prepare_and_add+0x528/0x9e0 [ 650.522878][ T5822] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 650.522897][ T5822] ? __pfx_swap_entry_swapped+0x10/0x10 [ 650.522924][ T5822] swap_cache_alloc_folio+0x1cb/0x300 [ 650.522945][ T5822] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 650.522965][ T5822] ? rcu_is_watching+0x12/0xc0 [ 650.522989][ T5822] swap_cluster_readahead+0x411/0x770 [ 650.523013][ T5822] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 650.523035][ T5822] ? update_cfs_rq_load_avg+0x51/0x550 [ 650.523055][ T5822] ? __lock_acquire+0x4a5/0x2630 [ 650.523074][ T5822] ? get_vma_policy+0x23f/0x3b0 [ 650.523091][ T5822] swapin_readahead+0x160/0x12c0 [ 650.523116][ T5822] ? __pfx_swapin_readahead+0x10/0x10 [ 650.523133][ T5822] ? find_held_lock+0x2b/0x80 [ 650.523154][ T5822] ? swap_table_get+0x103/0x2c0 [ 650.523171][ T5822] ? swap_table_get+0x103/0x2c0 [ 650.523191][ T5822] ? swap_table_get+0x10d/0x2c0 [ 650.523208][ T5822] ? swap_cache_get_folio+0x1ae/0x600 [ 650.523227][ T5822] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 650.523244][ T5822] ? __pfx_get_swap_device+0x10/0x10 [ 650.523270][ T5822] ? do_swap_page+0xb2e/0x68e0 [ 650.523286][ T5822] do_swap_page+0xb2e/0x68e0 [ 650.523313][ T5822] ? __pfx_do_swap_page+0x10/0x10 [ 650.523331][ T5822] ? __free_object+0x2a8/0x400 [ 650.523348][ T5822] ? lockdep_hardirqs_on+0x78/0x100 [ 650.523368][ T5822] ? rcu_is_watching+0x12/0xc0 [ 650.523389][ T5822] ? __pte_offset_map+0x179/0x310 [ 650.523414][ T5822] __handle_mm_fault+0x18c1/0x2b60 [ 650.523435][ T5822] ? reacquire_held_locks+0xce/0x1e0 [ 650.523453][ T5822] ? __pfx___handle_mm_fault+0x10/0x10 [ 650.523474][ T5822] ? lock_vma_under_rcu+0x17c/0x590 [ 650.523504][ T5822] handle_mm_fault+0x36d/0xa20 [ 650.523526][ T5822] do_user_addr_fault+0x5a3/0x12f0 [ 650.523556][ T5822] exc_page_fault+0x6f/0xd0 [ 650.523571][ T5822] asm_exc_page_fault+0x26/0x30 [ 650.523585][ T5822] RIP: 0033:0x7f0af075cece [ 650.523599][ T5822] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 650.523621][ T5822] RSP: 002b:00007ffdcf0892c8 EFLAGS: 00010246 [ 650.523633][ T5822] RAX: 0000000000000000 RBX: 000055558c3e0500 RCX: 00007f0af075cece [ 650.523643][ T5822] RDX: 00007ffdcf089320 RSI: 0000000000000000 RDI: 0000000000000000 [ 650.523651][ T5822] RBP: 00007ffdcf08938c R08: 0000000000000000 R09: 0000000000000000 [ 650.523660][ T5822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 650.523668][ T5822] R13: 00000000000927c0 R14: 000000000009f65e R15: 00007ffdcf0893e0 [ 650.523687][ T5822] [ 651.384592][T17789] Bluetooth: hci0: command 0x0406 tx timeout [ 651.390870][T17789] Bluetooth: hci1: command 0x0406 tx timeout [ 651.398700][T17789] Bluetooth: hci3: command 0x0406 tx timeout [ 651.901930][ T5822] memory: usage 2812kB, limit 3072kB, failcnt 78327 [ 651.948522][ T5822] memory+swap: usage 3132kB, limit 9007199254740988kB, failcnt 0 [ 651.984443][ T5822] kmem: usage 2688kB, limit 9007199254740988kB, failcnt 0 [ 652.002772][ T5822] Memory cgroup stats for /syz2: [ 652.002995][ T5822] cache 0 [ 652.026655][ T5822] rss 0 [ 652.036010][ T5822] rss_huge 0 [ 652.039214][ T5822] shmem 0 [ 652.042127][ T5822] mapped_file 0 [ 652.075437][ T5822] dirty 0 [ 652.078397][ T5822] writeback 0 [ 652.081659][ T5822] workingset_refault_anon 4278 [ 652.106459][ T5822] workingset_refault_file 12070 [ 652.126769][ T5822] swap 327680 [ 652.130073][ T5822] swapcached 325738496 [ 652.134122][ T5822] pgpgin 294257 [ 652.161327][ T5822] pgpgout 301674 [ 652.182006][ T5822] pgfault 349977 [ 652.194417][ T5822] pgmajfault 2629 [ 652.199095][ T5822] inactive_anon 0 [ 652.202729][ T5822] active_anon 0 [ 652.222147][ T5822] inactive_file 0 [ 652.253139][ T5822] active_file 0 [ 652.266706][ T5822] unevictable 0 [ 652.270178][ T5822] hierarchical_memory_limit 3145728 [ 652.302780][ T5822] hierarchical_memsw_limit 9223372036854771712 [ 652.324058][ T5822] total_cache 0 [ 652.327538][ T5822] total_rss 0 [ 652.330804][ T5822] total_rss_huge 0 [ 652.357071][ T5822] total_shmem 0 [ 652.360552][ T5822] total_mapped_file 0 [ 652.384147][ T5822] total_dirty 0 [ 652.387627][ T5822] total_writeback 0 [ 652.406334][ T5822] total_workingset_refault_anon 4278 [ 652.428806][ T5822] total_workingset_refault_file 12070 [ 652.453444][ T5822] total_swap 327680 [ 652.457290][ T5822] total_swapcached 325738496 [ 652.461858][ T5822] total_pgpgin 294257 [ 652.489089][ T5822] total_pgpgout 301674 [ 652.511765][ T5822] total_pgfault 349977 [ 652.533008][ T5822] total_pgmajfault 2629 [ 652.537179][ T5822] total_inactive_anon 0 [ 652.541312][ T5822] total_active_anon 0 [ 652.573740][ T5822] total_inactive_file 0 [ 652.577918][ T5822] total_active_file 0 [ 652.581878][ T5822] total_unevictable 0 [ 652.603175][ T5822] anon_cost 0 [ 652.606481][ T5822] file_cost 512 [ 652.629336][ T5822] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.11112,pid=31697,uid=0 [ 652.685769][ T5822] Memory cgroup out of memory: Killed process 31697 (syz.2.11112) total-vm:104404kB, anon-rss:1232kB, file-rss:22644kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 652.914837][T31744] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11129'. [ 653.398686][T18099] Bluetooth: hci3: command 0x0406 tx timeout [ 653.404706][T18099] Bluetooth: hci1: command 0x0406 tx timeout [ 653.410971][T17789] Bluetooth: hci0: command 0x0406 tx timeout [ 654.769682][T18099] Bluetooth: hci3: unexpected event 0x03 length: 43 > 11 [ 656.166934][T31811] kexec: Could not allocate control_code_buffer [ 656.821868][T31884] FAULT_INJECTION: forcing a failure. [ 656.821868][T31884] name failslab, interval 1, probability 0, space 0, times 0 [ 656.922260][T31884] CPU: 0 UID: 0 PID: 31884 Comm: syz.0.11178 Tainted: G U L syzkaller #0 PREEMPT(full) [ 656.922290][T31884] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 656.922296][T31884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 656.922306][T31884] Call Trace: [ 656.922311][T31884] [ 656.922317][T31884] dump_stack_lvl+0x100/0x190 [ 656.922345][T31884] should_fail_ex.cold+0x5/0xa [ 656.922363][T31884] should_failslab+0xc2/0x120 [ 656.922387][T31884] __kmalloc_cache_noprof+0x7a/0x6f0 [ 656.922405][T31884] ? subflow_create_ctx+0x9b/0x2e0 [ 656.922426][T31884] subflow_create_ctx+0x9b/0x2e0 [ 656.922444][T31884] subflow_ulp_init+0xc3/0x4f0 [ 656.922462][T31884] tcp_set_ulp+0x32e/0x7f0 [ 656.922481][T31884] mptcp_subflow_create_socket+0x385/0xa30 [ 656.922504][T31884] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 656.922532][T31884] __mptcp_nmpc_sk+0x17f/0x870 [ 656.922554][T31884] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 656.922577][T31884] ? __local_bh_enable_ip+0x9e/0x120 [ 656.922594][T31884] mptcp_listen+0x135/0x4c0 [ 656.922608][T31884] ? __pfx_mptcp_listen+0x10/0x10 [ 656.922623][T31884] ? apparmor_socket_listen+0xf2/0x1a0 [ 656.922643][T31884] __sys_listen_socket+0x108/0x150 [ 656.922670][T31884] __sys_listen+0xa7/0x130 [ 656.922693][T31884] __x64_sys_listen+0x53/0x80 [ 656.922714][T31884] do_syscall_64+0x106/0xf80 [ 656.922729][T31884] ? clear_bhb_loop+0x40/0x90 [ 656.922749][T31884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.922764][T31884] RIP: 0033:0x7f4674d9c629 [ 656.922777][T31884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 656.922792][T31884] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 656.922807][T31884] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 656.922817][T31884] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000003 [ 656.922825][T31884] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 656.922834][T31884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.922843][T31884] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 656.922863][T31884] [ 658.332497][T31916] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 658.338973][T31916] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 659.508121][T31962] Process accounting paused [ 659.655406][T31977] bridge0: port 4(batadv0) entered blocking state [ 659.692858][T31977] bridge0: port 4(batadv0) entered disabled state [ 659.722371][T31977] batadv0: entered allmulticast mode [ 659.760866][T31977] batadv0: entered promiscuous mode [ 659.788627][T31977] bridge0: port 4(batadv0) entered blocking state [ 659.795202][T31977] bridge0: port 4(batadv0) entered forwarding state [ 660.024393][T18839] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 660.033920][T18839] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 661.304456][T32029] FAULT_INJECTION: forcing a failure. [ 661.304456][T32029] name failslab, interval 1, probability 0, space 0, times 0 [ 661.350900][T32029] CPU: 0 UID: 0 PID: 32029 Comm: syz.0.11235 Tainted: G U L syzkaller #0 PREEMPT(full) [ 661.350939][T32029] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 661.350946][T32029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 661.350954][T32029] Call Trace: [ 661.350960][T32029] [ 661.350966][T32029] dump_stack_lvl+0x100/0x190 [ 661.350992][T32029] should_fail_ex.cold+0x5/0xa [ 661.351010][T32029] should_failslab+0xc2/0x120 [ 661.351033][T32029] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 661.351052][T32029] ? security_inode_alloc+0x3b/0x2c0 [ 661.351072][T32029] ? lockdep_init_map_type+0x5c/0x250 [ 661.351093][T32029] security_inode_alloc+0x3b/0x2c0 [ 661.351117][T32029] inode_init_always_gfp+0xced/0x1040 [ 661.351142][T32029] alloc_inode+0x8e/0x250 [ 661.351159][T32029] create_pipe_files+0x4c/0x970 [ 661.351185][T32029] do_pipe2+0xbd/0x1e0 [ 661.351207][T32029] ? __pfx_do_pipe2+0x10/0x10 [ 661.351236][T32029] __x64_sys_pipe+0x33/0x50 [ 661.351249][T32029] do_syscall_64+0x106/0xf80 [ 661.351265][T32029] ? clear_bhb_loop+0x40/0x90 [ 661.351283][T32029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.351297][T32029] RIP: 0033:0x7f4674d9c629 [ 661.351311][T32029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.351325][T32029] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 661.351339][T32029] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 661.351349][T32029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 661.351358][T32029] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 661.351366][T32029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.351375][T32029] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 661.351395][T32029] [ 661.763046][T32035] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 661.799559][T32035] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 661.817482][T32035] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 661.835100][T32035] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 663.488514][T32088] syz.2.11257 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 663.560524][T32088] CPU: 0 UID: 0 PID: 32088 Comm: syz.2.11257 Tainted: G U L syzkaller #0 PREEMPT(full) [ 663.560552][T32088] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 663.560558][T32088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 663.560567][T32088] Call Trace: [ 663.560573][T32088] [ 663.560579][T32088] dump_stack_lvl+0x100/0x190 [ 663.560606][T32088] dump_header+0xfb/0x606 [ 663.560623][T32088] oom_kill_process.cold+0xd/0x330 [ 663.560642][T32088] out_of_memory+0x340/0x14f0 [ 663.560667][T32088] ? __pfx_out_of_memory+0x10/0x10 [ 663.560692][T32088] mem_cgroup_out_of_memory+0xc6/0x130 [ 663.560712][T32088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 663.560729][T32088] ? find_held_lock+0x2b/0x80 [ 663.560756][T32088] ? do_raw_spin_unlock+0x145/0x1e0 [ 663.560777][T32088] ? _raw_spin_unlock+0x28/0x50 [ 663.560803][T32088] try_charge_memcg+0x652/0xc90 [ 663.560830][T32088] ? __pfx_try_charge_memcg+0x10/0x10 [ 663.560863][T32088] ? find_held_lock+0x2b/0x80 [ 663.560884][T32088] ? rcu_read_unlock+0x17/0x60 [ 663.560898][T32088] ? rcu_read_unlock+0x17/0x60 [ 663.560914][T32088] charge_memcg+0xa6/0x280 [ 663.560938][T32088] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 663.560957][T32088] __swap_cache_prepare_and_add+0x528/0x9e0 [ 663.560985][T32088] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 663.561004][T32088] ? __pfx_swap_entry_swapped+0x10/0x10 [ 663.561032][T32088] swap_cache_alloc_folio+0x1cb/0x300 [ 663.561052][T32088] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 663.561072][T32088] ? __lock_acquire+0x4a5/0x2630 [ 663.561093][T32088] swap_cluster_readahead+0x411/0x770 [ 663.561117][T32088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 663.561155][T32088] ? get_vma_policy+0x23f/0x3b0 [ 663.561172][T32088] swapin_readahead+0x160/0x12c0 [ 663.561197][T32088] ? __pfx_swapin_readahead+0x10/0x10 [ 663.561215][T32088] ? find_held_lock+0x2b/0x80 [ 663.561236][T32088] ? swap_table_get+0x103/0x2c0 [ 663.561253][T32088] ? swap_table_get+0x103/0x2c0 [ 663.561273][T32088] ? swap_table_get+0x10d/0x2c0 [ 663.561291][T32088] ? swap_cache_get_folio+0x1ae/0x600 [ 663.561311][T32088] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 663.561328][T32088] ? __pfx_get_swap_device+0x10/0x10 [ 663.561353][T32088] ? do_swap_page+0xb2e/0x68e0 [ 663.561370][T32088] do_swap_page+0xb2e/0x68e0 [ 663.561398][T32088] ? __pfx_do_swap_page+0x10/0x10 [ 663.561418][T32088] ? __lock_acquire+0x4a5/0x2630 [ 663.561437][T32088] ? rcu_is_watching+0x12/0xc0 [ 663.561458][T32088] ? __pte_offset_map+0x179/0x310 [ 663.561483][T32088] __handle_mm_fault+0x18c1/0x2b60 [ 663.561506][T32088] ? reacquire_held_locks+0xce/0x1e0 [ 663.561524][T32088] ? __pfx___handle_mm_fault+0x10/0x10 [ 663.561545][T32088] ? lock_vma_under_rcu+0x17c/0x590 [ 663.561578][T32088] handle_mm_fault+0x36d/0xa20 [ 663.561600][T32088] do_user_addr_fault+0x5a3/0x12f0 [ 663.561630][T32088] exc_page_fault+0x6f/0xd0 [ 663.561646][T32088] asm_exc_page_fault+0x26/0x30 [ 663.561661][T32088] RIP: 0033:0x7f0af079c631 [ 663.561674][T32088] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 663.561689][T32088] RSP: 002b:00007f0aee9f6028 EFLAGS: 00010217 [ 663.561701][T32088] RAX: 0000000000000000 RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 663.561711][T32088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 663.561720][T32088] RBP: 00007f0af0832b39 R08: 0000000000000000 R09: 0000000000000000 [ 663.561729][T32088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 663.561737][T32088] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 663.561757][T32088] [ 663.561808][T32088] memory: usage 3072kB, limit 3072kB, failcnt 80172 [ 664.004050][T32127] bridge0: port 4(veth0_to_bridge) entered blocking state [ 664.011321][T18099] Bluetooth: hci1: command 0x0406 tx timeout [ 664.018399][T18099] Bluetooth: hci0: command 0x0406 tx timeout [ 664.024852][T18099] Bluetooth: hci3: command 0x0406 tx timeout [ 664.032653][T18099] Bluetooth: hci2: command 0x0406 tx timeout [ 664.083847][T32127] bridge0: port 4(veth0_to_bridge) entered disabled state [ 664.091119][T32127] veth0_to_bridge: entered allmulticast mode [ 664.123806][T32127] veth0_to_bridge: entered promiscuous mode [ 664.148352][T32127] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 664.175715][T32127] bridge0: port 4(veth0_to_bridge) entered blocking state [ 664.182979][T32127] bridge0: port 4(veth0_to_bridge) entered forwarding state [ 664.761403][T32088] memory+swap: usage 3364kB, limit 9007199254740988kB, failcnt 0 [ 664.771666][T32162] netlink: 186 bytes leftover after parsing attributes in process `syz.3.11276'. [ 664.795400][T32088] kmem: usage 3036kB, limit 9007199254740988kB, failcnt 0 [ 664.819619][T32088] Memory cgroup stats for /syz2: [ 664.819741][T32088] cache 0 [ 664.865514][T32088] rss 32768 [ 664.868647][T32088] rss_huge 0 [ 664.894536][T32088] shmem 0 [ 664.897494][T32088] mapped_file 0 [ 664.942599][T32088] dirty 0 [ 664.954734][T32088] writeback 32768 [ 664.972405][T32088] workingset_refault_anon 5146 [ 664.977193][T32088] workingset_refault_file 12070 [ 665.032968][T32088] swap 299008 [ 665.036273][T32088] swapcached 329674752 [ 665.057949][T32088] pgpgin 297498 [ 665.079871][T32088] pgpgout 304906 [ 665.083439][T32088] pgfault 356307 [ 665.086968][T32088] pgmajfault 3261 [ 665.138594][T32088] inactive_anon 36864 [ 665.163392][T32088] active_anon 0 [ 665.177037][T32088] inactive_file 0 [ 665.197240][T32088] active_file 0 [ 665.200724][T32088] unevictable 0 [ 665.266859][T32088] hierarchical_memory_limit 3145728 [ 665.272229][T32088] hierarchical_memsw_limit 9223372036854771712 [ 665.310391][T32088] total_cache 0 [ 665.313877][T32088] total_rss 32768 [ 665.345842][T32088] total_rss_huge 0 [ 665.371419][T32088] total_shmem 0 [ 665.374904][T32088] total_mapped_file 0 [ 665.407114][T32088] total_dirty 0 [ 665.411076][T32088] total_writeback 32768 [ 665.431756][T32088] total_workingset_refault_anon 5146 [ 665.460199][T32088] total_workingset_refault_file 12070 [ 665.501466][T32088] total_swap 299008 [ 665.521528][T32088] total_swapcached 329674752 [ 665.538845][T32088] total_pgpgin 297498 [ 665.542847][T32088] total_pgpgout 304906 [ 665.581227][T32088] total_pgfault 356307 [ 665.606341][T32088] total_pgmajfault 3261 [ 665.639113][T32088] total_inactive_anon 36864 [ 665.643635][T32088] total_active_anon 0 [ 665.677559][T32088] total_inactive_file 0 [ 665.681741][T32088] total_active_file 0 [ 665.725128][T32088] total_unevictable 0 [ 665.729147][T32088] anon_cost 0 [ 665.732431][T32088] file_cost 512 [ 665.787655][T32088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.11257,pid=32087,uid=0 [ 665.850158][T32088] Memory cgroup out of memory: Killed process 32087 (syz.2.11257) total-vm:104404kB, anon-rss:1260kB, file-rss:22380kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 666.118153][T11822] Bluetooth: hci1: Malformed HCI Event [ 666.468971][T32227] netlink: 350 bytes leftover after parsing attributes in process `syz.1.11302'. [ 666.972697][T32087] Process accounting paused [ 668.500263][T32306] netlink: 342 bytes leftover after parsing attributes in process `syz.1.11336'. [ 668.935406][T32321] FAULT_INJECTION: forcing a failure. [ 668.935406][T32321] name failslab, interval 1, probability 0, space 0, times 0 [ 668.992734][T32321] CPU: 0 UID: 0 PID: 32321 Comm: syz.2.11342 Tainted: G U L syzkaller #0 PREEMPT(full) [ 668.992764][T32321] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 668.992770][T32321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 668.992780][T32321] Call Trace: [ 668.992785][T32321] [ 668.992791][T32321] dump_stack_lvl+0x100/0x190 [ 668.992818][T32321] should_fail_ex.cold+0x5/0xa [ 668.992836][T32321] should_failslab+0xc2/0x120 [ 668.992861][T32321] __kmalloc_cache_noprof+0x7a/0x6f0 [ 668.992879][T32321] ? __request_module+0x2b7/0x6c0 [ 668.992897][T32321] ? lockdep_hardirqs_on+0x78/0x100 [ 668.992917][T32321] __request_module+0x2b7/0x6c0 [ 668.992937][T32321] ? __pfx___request_module+0x10/0x10 [ 668.992957][T32321] ? __mutex_unlock_slowpath+0x15c/0x790 [ 668.992988][T32321] snd_timer_open+0xd78/0x1020 [ 668.993010][T32321] ? snd_timer_instance_new+0x65/0x2e0 [ 668.993031][T32321] ? __pfx_snd_timer_open+0x10/0x10 [ 668.993053][T32321] ? kstrdup+0xb3/0xe0 [ 668.993076][T32321] __snd_timer_user_ioctl.isra.0+0xd6d/0x27c0 [ 668.993101][T32321] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 668.993128][T32321] ? rcu_is_watching+0x12/0xc0 [ 668.993153][T32321] ? snd_timer_user_ioctl+0x4a/0xd0 [ 668.993175][T32321] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 668.993195][T32321] ? __pfx___mutex_lock+0x10/0x10 [ 668.993214][T32321] ? find_held_lock+0x2b/0x80 [ 668.993246][T32321] snd_timer_user_ioctl+0x76/0xd0 [ 668.993267][T32321] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 668.993291][T32321] __x64_sys_ioctl+0x18e/0x210 [ 668.993311][T32321] do_syscall_64+0x106/0xf80 [ 668.993326][T32321] ? clear_bhb_loop+0x40/0x90 [ 668.993344][T32321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.993359][T32321] RIP: 0033:0x7f0af079c629 [ 668.993372][T32321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 668.993386][T32321] RSP: 002b:00007f0aee9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 668.993400][T32321] RAX: ffffffffffffffda RBX: 00007f0af0a15fa0 RCX: 00007f0af079c629 [ 668.993410][T32321] RDX: 0000200000000080 RSI: 0000000040345410 RDI: 0000000000000003 [ 668.993419][T32321] RBP: 00007f0af0832b39 R08: 0000000000000000 R09: 0000000000000000 [ 668.993428][T32321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.993436][T32321] R13: 00007f0af0a16038 R14: 00007f0af0a15fa0 R15: 00007ffdcf088fe8 [ 668.993455][T32321] [ 669.853992][T32348] syz.0.11352 (32348) used obsolete PPPIOCDETACH ioctl [ 671.723936][T32449] netlink: 338 bytes leftover after parsing attributes in process `syz.1.11393'. [ 673.425858][T32523] FAULT_INJECTION: forcing a failure. [ 673.425858][T32523] name failslab, interval 1, probability 0, space 0, times 0 [ 673.508217][T32523] CPU: 0 UID: 0 PID: 32523 Comm: syz.0.11422 Tainted: G U L syzkaller #0 PREEMPT(full) [ 673.508253][T32523] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 673.508259][T32523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 673.508268][T32523] Call Trace: [ 673.508273][T32523] [ 673.508279][T32523] dump_stack_lvl+0x100/0x190 [ 673.508306][T32523] should_fail_ex.cold+0x5/0xa [ 673.508324][T32523] should_failslab+0xc2/0x120 [ 673.508348][T32523] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 673.508368][T32523] ? security_inode_alloc+0x3b/0x2c0 [ 673.508388][T32523] ? lockdep_init_map_type+0x5c/0x250 [ 673.508409][T32523] security_inode_alloc+0x3b/0x2c0 [ 673.508430][T32523] inode_init_always_gfp+0xced/0x1040 [ 673.508458][T32523] alloc_inode+0x8e/0x250 [ 673.508475][T32523] alloc_anon_inode+0x2a/0x3e0 [ 673.508499][T32523] ioctx_alloc+0x4dc/0x21e0 [ 673.508520][T32523] ? find_held_lock+0x2b/0x80 [ 673.508542][T32523] ? __pfx_ioctx_alloc+0x10/0x10 [ 673.508561][T32523] __x64_sys_io_setup+0xc9/0x220 [ 673.508577][T32523] do_syscall_64+0x106/0xf80 [ 673.508593][T32523] ? clear_bhb_loop+0x40/0x90 [ 673.508610][T32523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.508625][T32523] RIP: 0033:0x7f4674d9c629 [ 673.508639][T32523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.508654][T32523] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 673.508668][T32523] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 673.508678][T32523] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e [ 673.508687][T32523] RBP: 00007f4674e32b39 R08: 0000000000000000 R09: 0000000000000000 [ 673.508695][T32523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.508703][T32523] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 673.508723][T32523] [ 674.886262][T32589] netlink: 21 bytes leftover after parsing attributes in process `syz.3.11449'. [ 676.614009][T32663] netlink: 'syz.2.11481': attribute type 2 has an invalid length. [ 677.571058][T32707] sctp: [Deprecated]: syz.1.11502 (pid 32707) Use of int in maxseg socket option. [ 677.571058][T32707] Use struct sctp_assoc_value instead [ 678.455341][T32738] netlink: 206 bytes leftover after parsing attributes in process `syz.0.11516'. [ 678.675941][T32747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11521'. [ 679.282096][ T303] Invalid ELF header magic: != ELF [ 679.574683][ T315] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11535'. [ 679.760055][ T322] FAULT_INJECTION: forcing a failure. [ 679.760055][ T322] name failslab, interval 1, probability 0, space 0, times 0 [ 679.821654][ T322] CPU: 0 UID: 0 PID: 322 Comm: syz.0.11539 Tainted: G U L syzkaller #0 PREEMPT(full) [ 679.821683][ T322] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 679.821689][ T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 679.821698][ T322] Call Trace: [ 679.821704][ T322] [ 679.821710][ T322] dump_stack_lvl+0x100/0x190 [ 679.821736][ T322] should_fail_ex.cold+0x5/0xa [ 679.821754][ T322] should_failslab+0xc2/0x120 [ 679.821777][ T322] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 679.821797][ T322] ? mas_alloc_nodes+0x280/0x390 [ 679.821823][ T322] mas_alloc_nodes+0x280/0x390 [ 679.821848][ T322] mas_preallocate+0x39c/0xf10 [ 679.821868][ T322] ? __pfx_mas_preallocate+0x10/0x10 [ 679.821890][ T322] ? vm_area_alloc+0x1f/0x160 [ 679.821909][ T322] ? lockdep_init_map_type+0x5c/0x250 [ 679.821963][ T322] __mmap_region+0x12b5/0x29e0 [ 679.821986][ T322] ? __pfx___mmap_region+0x10/0x10 [ 679.822007][ T322] ? __lock_acquire+0x4a5/0x2630 [ 679.822026][ T322] ? set_next_entity+0x11b/0x9c0 [ 679.822051][ T322] ? __lock_acquire+0x4a5/0x2630 [ 679.822067][ T322] ? find_held_lock+0x2b/0x80 [ 679.822097][ T322] ? find_held_lock+0x2b/0x80 [ 679.822117][ T322] ? finish_task_switch.isra.0+0x200/0xb80 [ 679.822133][ T322] ? finish_task_switch.isra.0+0x200/0xb80 [ 679.822155][ T322] ? trace_sched_exit_tp+0x13a/0x180 [ 679.822171][ T322] ? __schedule+0x1000/0x60e0 [ 679.822209][ T322] ? rcu_is_watching+0x12/0xc0 [ 679.822230][ T322] ? cap_capable+0x107/0x460 [ 679.822252][ T322] mmap_region+0x180/0x3e0 [ 679.822275][ T322] do_mmap+0xc63/0x12f0 [ 679.822293][ T322] ? __pfx_do_mmap+0x10/0x10 [ 679.822307][ T322] ? __pfx_down_write_killable+0x10/0x10 [ 679.822329][ T322] vm_mmap_pgoff+0x29e/0x470 [ 679.822347][ T322] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 679.822363][ T322] ? do_futex+0x192/0x350 [ 679.822381][ T322] ? __pfx_do_futex+0x10/0x10 [ 679.822402][ T322] ksys_mmap_pgoff+0xe1/0x650 [ 679.822425][ T322] ? __x64_sys_futex+0x34f/0x4d0 [ 679.822441][ T322] ? __x64_sys_futex+0x358/0x4d0 [ 679.822459][ T322] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 679.822482][ T322] ? xfd_validate_state+0x129/0x190 [ 679.822505][ T322] __x64_sys_mmap+0x125/0x190 [ 679.822528][ T322] do_syscall_64+0x106/0xf80 [ 679.822543][ T322] ? clear_bhb_loop+0x40/0x90 [ 679.822560][ T322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.822575][ T322] RIP: 0033:0x7f4674d9c629 [ 679.822589][ T322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 679.822603][ T322] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 679.822618][ T322] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 679.822628][ T322] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 679.822637][ T322] RBP: 00007f4674e32b39 R08: fffffffffffffffa R09: 0000000000008000 [ 679.822647][ T322] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 679.822656][ T322] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 679.822676][ T322] [ 680.593078][ T353] netlink: 206 bytes leftover after parsing attributes in process `syz.0.11553'. [ 681.301954][ T379] FAULT_INJECTION: forcing a failure. [ 681.301954][ T379] name failslab, interval 1, probability 0, space 0, times 0 [ 681.349083][ T379] CPU: 0 UID: 0 PID: 379 Comm: syz.0.11566 Tainted: G U L syzkaller #0 PREEMPT(full) [ 681.349113][ T379] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 681.349118][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 681.349127][ T379] Call Trace: [ 681.349133][ T379] [ 681.349139][ T379] dump_stack_lvl+0x100/0x190 [ 681.349166][ T379] should_fail_ex.cold+0x5/0xa [ 681.349183][ T379] should_failslab+0xc2/0x120 [ 681.349208][ T379] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 681.349228][ T379] ? __d_alloc+0x34/0xa80 [ 681.349247][ T379] __d_alloc+0x34/0xa80 [ 681.349263][ T379] d_alloc_pseudo+0x1c/0xc0 [ 681.349287][ T379] alloc_file_pseudo+0xcf/0x230 [ 681.349306][ T379] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 681.349330][ T379] __shmem_file_setup+0x221/0x490 [ 681.349349][ T379] ? __pfx___shmem_file_setup+0x10/0x10 [ 681.349370][ T379] ? vm_area_alloc+0x1f/0x160 [ 681.349389][ T379] shmem_zero_setup+0x96/0x1b0 [ 681.349411][ T379] __mmap_region+0x2198/0x29e0 [ 681.349434][ T379] ? __pfx___mmap_region+0x10/0x10 [ 681.349454][ T379] ? __lock_acquire+0x4a5/0x2630 [ 681.349473][ T379] ? set_next_entity+0x11b/0x9c0 [ 681.349497][ T379] ? __lock_acquire+0x4a5/0x2630 [ 681.349513][ T379] ? find_held_lock+0x2b/0x80 [ 681.349543][ T379] ? find_held_lock+0x2b/0x80 [ 681.349564][ T379] ? finish_task_switch.isra.0+0x200/0xb80 [ 681.349578][ T379] ? finish_task_switch.isra.0+0x200/0xb80 [ 681.349601][ T379] ? trace_sched_exit_tp+0x13a/0x180 [ 681.349617][ T379] ? __schedule+0x1000/0x60e0 [ 681.349655][ T379] ? rcu_is_watching+0x12/0xc0 [ 681.349676][ T379] ? cap_capable+0x107/0x460 [ 681.349697][ T379] mmap_region+0x180/0x3e0 [ 681.349721][ T379] do_mmap+0xc63/0x12f0 [ 681.349739][ T379] ? __pfx_do_mmap+0x10/0x10 [ 681.349754][ T379] ? __pfx_down_write_killable+0x10/0x10 [ 681.349777][ T379] vm_mmap_pgoff+0x29e/0x470 [ 681.349795][ T379] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 681.349818][ T379] ? do_futex+0x192/0x350 [ 681.349838][ T379] ? __pfx_do_futex+0x10/0x10 [ 681.349860][ T379] ksys_mmap_pgoff+0xe1/0x650 [ 681.349883][ T379] ? __x64_sys_futex+0x34f/0x4d0 [ 681.349900][ T379] ? __x64_sys_futex+0x358/0x4d0 [ 681.349919][ T379] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 681.349941][ T379] ? xfd_validate_state+0x129/0x190 [ 681.349965][ T379] __x64_sys_mmap+0x125/0x190 [ 681.349987][ T379] do_syscall_64+0x106/0xf80 [ 681.350002][ T379] ? clear_bhb_loop+0x40/0x90 [ 681.350020][ T379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.350035][ T379] RIP: 0033:0x7f4674d9c629 [ 681.350049][ T379] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 681.350063][ T379] RSP: 002b:00007f4675c1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 681.350079][ T379] RAX: ffffffffffffffda RBX: 00007f4675015fa0 RCX: 00007f4674d9c629 [ 681.350089][ T379] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 681.350098][ T379] RBP: 00007f4674e32b39 R08: fffffffffffffffa R09: 0000000000008000 [ 681.350108][ T379] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 681.350117][ T379] R13: 00007f4675016038 R14: 00007f4675015fa0 R15: 00007ffd6c0b6478 [ 681.350137][ T379] [ 682.965214][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 682.971540][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 683.198412][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.914369][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 744.316352][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 744.351175][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 790.027885][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 790.034895][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P17944/1:b..l [ 790.043383][ C0] rcu: (detected by 0, t=10502 jiffies, g=153065, q=924 ncpus=1) [ 790.051188][ C0] task:udevd state:R running task stack:27144 pid:17944 tgid:17944 ppid:5193 task_flags:0x40014c flags:0x00080000 [ 790.065812][ C0] Call Trace: [ 790.069089][ C0] [ 790.072010][ C0] __schedule+0xfee/0x60e0 [ 790.076428][ C0] ? arch_stack_walk+0xa6/0xf0 [ 790.081184][ C0] ? __pfx___schedule+0x10/0x10 [ 790.086020][ C0] ? mark_held_locks+0x40/0x70 [ 790.090773][ C0] preempt_schedule_irq+0x50/0x90 [ 790.095786][ C0] irqentry_exit+0x17b/0x670 [ 790.100365][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 790.106332][ C0] RIP: 0010:lock_acquire+0x5e/0x380 [ 790.111520][ C0] Code: 05 7b ae 28 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 46 47 f5 0e 0f 82 c2 02 00 00 8b 35 0e 7b f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 1d ae 28 12 0f 85 02 03 00 00 48 83 c4 [ 790.131111][ C0] RSP: 0018:ffffc9000d757620 EFLAGS: 00000206 [ 790.137160][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 [ 790.145116][ C0] RDX: 0000000000000000 RSI: ffffffff8de5414a RDI: ffffffff8c1aeb20 [ 790.153070][ C0] RBP: ffffffff8e7e9220 R08: 00000000a1bbbf67 R09: 0000000000000007 [ 790.161022][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 790.168974][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 790.176960][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 790.182144][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 790.187325][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 790.193474][ C0] unwind_next_frame+0xd1/0x1ea0 [ 790.198411][ C0] ? unwind_next_frame+0xbd/0x1ea0 [ 790.203503][ C0] ? kasan_save_track+0x14/0x30 [ 790.208345][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 790.214496][ C0] arch_stack_walk+0x94/0xf0 [ 790.219075][ C0] ? kasan_save_track+0x14/0x30 [ 790.223917][ C0] ? tear_down_vmas+0x2a5/0x600 [ 790.228760][ C0] stack_trace_save+0x8e/0xc0 [ 790.233429][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 790.238793][ C0] ? __lock_acquire+0x4a5/0x2630 [ 790.243719][ C0] ? kasan_save_stack+0x3f/0x50 [ 790.248573][ C0] ? kasan_save_stack+0x30/0x50 [ 790.253431][ C0] ? kasan_record_aux_stack+0xa7/0xc0 [ 790.258796][ C0] ? __call_rcu_common.constprop.0+0xa5/0x9b0 [ 790.264856][ C0] kasan_save_stack+0x30/0x50 [ 790.269525][ C0] ? kasan_save_stack+0x30/0x50 [ 790.274401][ C0] ? kasan_save_track+0x14/0x30 [ 790.279271][ C0] kasan_save_track+0x14/0x30 [ 790.283937][ C0] __kasan_kmalloc+0xaa/0xb0 [ 790.288518][ C0] kmem_cache_free+0x41f/0x6a0 [ 790.293272][ C0] tear_down_vmas+0x2a5/0x600 [ 790.297946][ C0] exit_mmap+0x469/0xa30 [ 790.302172][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 790.306940][ C0] ? trace_contention_end+0x140/0x180 [ 790.312303][ C0] ? uprobe_clear_state+0x5f/0x360 [ 790.317407][ C0] ? uprobe_clear_state+0x5f/0x360 [ 790.322511][ C0] ? __lock_acquire+0x4a5/0x2630 [ 790.327445][ C0] ? arch_uprobe_clear_state+0x107/0x150 [ 790.333069][ C0] __mmput+0x12a/0x410 [ 790.337125][ C0] mmput+0x67/0x80 [ 790.340831][ C0] do_exit+0x78a/0x2aa0 [ 790.344977][ C0] ? do_raw_spin_lock+0x128/0x260 [ 790.349987][ C0] ? __pfx_do_exit+0x10/0x10 [ 790.354564][ C0] ? do_group_exit+0x1bd/0x2a0 [ 790.359316][ C0] ? rcu_is_watching+0x12/0xc0 [ 790.364069][ C0] do_group_exit+0xd5/0x2a0 [ 790.368559][ C0] __x64_sys_exit_group+0x3e/0x50 [ 790.373571][ C0] x64_sys_call+0x102c/0x1530 [ 790.378231][ C0] do_syscall_64+0x106/0xf80 [ 790.382803][ C0] ? clear_bhb_loop+0x40/0x90 [ 790.387466][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.393343][ C0] RIP: 0033:0x7ff8d76f16c5 [ 790.397742][ C0] RSP: 002b:00007ffc66523628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 790.406137][ C0] RAX: ffffffffffffffda RBX: 0000562e7d94ab60 RCX: 00007ff8d76f16c5 [ 790.414088][ C0] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000 [ 790.422043][ C0] RBP: 0000562e7d923910 R08: 0000000000000000 R09: 0000000000000000 [ 790.429998][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.437952][ C0] R13: 00007ffc66523670 R14: 0000000000000000 R15: 0000000000000000 [ 790.445916][ C0]