last executing test programs: 1m22.101752369s ago: executing program 1 (id=9897): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/gpe02\x00', 0x2, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/kernel/timer_migration\x00', 0x242, 0x0) sendfile$auto(r1, r0, 0x0, 0x7fffe000) 1m21.682563893s ago: executing program 1 (id=9904): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/iscsi_transport/iser/handle\x00', 0x103400, 0x0) setresuid$auto(0x2, 0x7, 0x8080) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001c00)=""/4111, 0x100f) 1m20.974511441s ago: executing program 1 (id=9911): timerfd_create$auto_CLOCK_MONOTONIC(0x1, 0xfffffff8) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 1m20.260835477s ago: executing program 1 (id=9922): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x5, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x6551e4e0}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x14) 1m19.66454361s ago: executing program 1 (id=9930): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0xfffffffc}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0xc0d0) 1m19.169107555s ago: executing program 1 (id=9933): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) 1m2.685662251s ago: executing program 32 (id=9933): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) 2.973079007s ago: executing program 3 (id=10768): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000480)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@HWSIM_ATTR_RADIO_NAME={0x16, 0x11, '/dev/snd/midiC2D0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) 2.761215342s ago: executing program 0 (id=10769): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), r0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdc00, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@typed={0x5, 0x8, 0x0, 0x0, @binary="f5"}]}]}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x810) 2.610034189s ago: executing program 0 (id=10771): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x104, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0xe5, 0x4, 'nfs\x81\x9b\xb6$\x10\x16\xfb:\xb3\x15Y\x90\xf9\xc0\xc0\x88.!s\x1f\xe9\x1d\'&Hvn\xb1\x88\xbf\x15<\xa6e\xbc\xa1\xfa\xbeG\t*_kW_m\x1b:,\xc6\xa6\xfd\xba\xcd\xbe\xbe=\xc3\xbf\xd3f2!\xc4\x05EA\xac\x04\x83\xf1\x99\xa05\xfb\xf3\xf4?(\x9c\x8b\x9d\xdcV\xc5\x00\tm\xdez\xc9\xdbn\xb1\t\n\xe7\x8cd\xca\xd89\r\x1a@\xe1_\xb1_\xf8\xf3\xb1]\xad\xaf\xd9\xd0\xa8:\xd4<\x8d\xbc\rg[\x1d\x98\xb2r\xac\x83\xf8s\xafh@\x8c\xa7\xcd\xb3+Qy\"\xe8\x8ah,\xca|\xd9\xb3?Ha\xdb\xa3F\nGU&7\x15\x19\xeb\x9b\x9eU\xab\x86\x10\x9d\xaf>\xda(R\xcb\xe6\xf7\x8c\xf8\xb1\xdf\xe4t\xe6\x9f\x81\xb3\xbb\xc3\xbf\x8e\xd9VC\xa7\x03rJ.\xf6L\x94b\xc5\x03\xea\x84u\x92\xc0\xcd\x16\xfb<\x03\x00\x00'}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x104}}, 0x4000) 2.441924383s ago: executing program 4 (id=10781): r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r0, &(0x7f0000000000)='\x10\x00', 0x2fb) 2.326088494s ago: executing program 4 (id=10773): r0 = prctl$auto(0x7, 0x2, 0x0, 0x8000001, 0xd) write$auto(r0, &(0x7f0000000000)='/dev/audio1\x00', 0x100000a3d8) write$auto(r0, &(0x7f0000000040)='\x00', 0x9) 1.848314555s ago: executing program 2 (id=10775): r0 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x401, r0, @relative_id=0x13, 0xe600}, 0xf) 1.847857596s ago: executing program 0 (id=10776): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f0000000700)={0x18, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@OVS_METER_ATTR_KBPS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) 1.847811724s ago: executing program 3 (id=10777): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pipe2$auto(0x0, 0x80) close_range$auto(0x2, 0x8, 0x0) 1.649070684s ago: executing program 0 (id=10779): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x60742, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x4009, 0x3) lseek$auto(r0, 0x0, 0x4) 1.280605947s ago: executing program 4 (id=10780): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0xfdf3, 0x6) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) 1.277568038s ago: executing program 0 (id=10789): r0 = prctl$auto(0x7, 0x2, 0x0, 0x8000001, 0xd) write$auto(r0, &(0x7f0000000000)='/dev/audio1\x00', 0x100000a3d8) write$auto(r0, &(0x7f0000000040)='\x00', 0x9) 1.0619118s ago: executing program 4 (id=10782): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x24, r0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0xf}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040071}, 0x880) 1.061022967s ago: executing program 2 (id=10791): ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000100)={{@raw=0xfffffffe, 0x85, 0x60000, 0x9, "669cbbd9e9756f22fdffa188e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x6}, 0x0, @integer=@value=[0x42, 0x3, 0x4, 0x6, 0x9, 0xfffffffffffffffb, 0x9, 0x3, 0x101, 0xff, 0x6, 0x4, 0x6, 0x1, 0xa, 0xfffffffffffffffa, 0x1ff, 0x1, 0x400, 0x8, 0x5, 0x2, 0xe294, 0xa2, 0x8, 0x100000000, 0x2, 0x8, 0xae, 0xaeb, 0x3, 0xffffffffffffffff, 0x5, 0x8, 0xfffffffffffffffe, 0x10000, 0x55e2, 0x7, 0x8000, 0xe, 0xffffffffffffffff, 0x6, 0x9, 0x14f3, 0x1ff, 0x3, 0x6e7, 0x3, 0x66, 0x9, 0x0, 0x2, 0x7fffffff, 0x7, 0x9, 0x0, 0x401, 0x9, 0x6, 0x100000001, 0xffffffff, 0x800, 0x8001, 0x5, 0x5ed4, 0x1, 0x7, 0x80000000, 0x962, 0x5, 0xfffffffffffffffe, 0x8, 0xfffffffffffffff7, 0x401, 0x1, 0x3e44, 0x8, 0x4, 0x9, 0x1, 0xc98c, 0x68, 0x2, 0x6, 0x1, 0x3, 0xfffffffffffffffe, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff, 0x55, 0x8, 0x30, 0x2d, 0x0, 0x3, 0x2, 0x0, 0x726, 0x7fffffff, 0x1000, 0x10000, 0x0, 0x4, 0x1, 0xbf, 0x2, 0x4, 0x0, 0x5, 0x1, 0x0, 0x6, 0x9, 0x8000, 0xffff, 0x7, 0x140, 0x0, 0xc7dd, 0xfc05, 0x0, 0x4, 0x6, 0x8, 0x0, 0x0, 0x4], "282f77b07e718ed4d99a34617774e3a82f982e0f05e516c299a28a585e87e0d908e2c8e50de5016f1de5d432da2cc20e951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c85"}) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffebffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) 757.689401ms ago: executing program 4 (id=10783): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002180)={0x2e0, r1, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2c8, 0x1, 0x0, 0x1, [@nested={0x4, 0x6}, @nested={0x2bd, 0x4, 0x0, 0x1, [@generic="fc921cf096b39f43034e2db36a74c0ade1e6a4dafab35aa84881d05d1662bd8a8f48943ea4276b7e1465958d17dd9c9706336d0f4a94c7de9fa79cb659b67f43fa331b6f98fa8ad43a943eac1b528ba83992018ecb03ba5dba6660c32c87b1dc86b69a7f6e747504f11d7688a74c47a4ba", @nested={0x248, 0x122, 0x0, 0x1, [@typed={0x4, 0x3b}, @nested={0x240, 0x8b, 0x0, 0x1, [@typed={0x8, 0x26, 0x0, 0x0, @fd=r0}, @typed={0x8, 0x6e, 0x0, 0x0, @ipv4=@local}, @nested={0x22c, 0xbc, 0x0, 0x1, [@nested={0x228, 0x98, 0x0, 0x1, [@nested={0x222, 0x142, 0x0, 0x1, [@generic="4b8ef4dea62052d4391e1b7fcd2429f7195770e4ca6f21844850ff750ce04caf301dc66838e61817fb1f807d53f524a2ac569f0f1c754ec84650d22b883479398e9d766ecc3fa8de0f83e8f703cb19a0826ec7c4949c87bab590c6305dc6f742accc66d7f2c47d87ec1d7fde707f", @typed={0x71, 0x137, 0x0, 0x0, @binary="6af15d7fa2ec9194354a1069b7c806492e043fa1fdad718d351a10ddade114048ff1302faa59a651c349c5ec3cede0e3949d48b97b2bd1d493852ed30d3a7c2cead7511ef0c8d71cb13b68fb7475ceac2b9816379110f6b4d10d69aea84f032ee4c179ba7929c5d06329cbdf05"}, @nested={0x4, 0x34}, @nested={0x4d, 0x11f, 0x0, 0x1, [@nested={0x4, 0xf1}, @nested={0x4, 0x6c}, @generic="0d7112532deb3ef76f18436c6041ed69a31df55778585e94b7244ba30fca32a34652fd3f440a97d881a3e6c962f72b82c506b0f9531ca4e8321faaa8982bbdfd85"]}, @nested={0xe5, 0x7d, 0x0, 0x1, [@typed={0x8, 0xe4, 0x0, 0x0, @uid}, @nested={0x4, 0xaf}, @generic="cee0bd49dab2a617b70e1a2e040e6ba448f301800a8999cec0bec67eb0617ad3f9a0977d09fa35f0e26b923a2713f1104ff7a5b18a2629bbee5de69b17f06e13870462f79e9deb527b97fd65fc8b156b0f525dfca9340f14dc75ef0881c14f5b87a6c615ee754d72289dcac3c3", @typed={0x8, 0x2b, 0x0, 0x0, @pid}, @nested={0x60, 0xf6, 0x0, 0x1, [@nested={0x4, 0x148}, @generic="f6c5cccd25852c755b4331229a68ba8457bb2c5bc855fc277901cc018a78610faf86906cfd8f50da20a3cfe74a23710a32b0bd28cfddfe8fbcc03a4f9178ec9a", @nested={0x4, 0xde}, @nested={0x4, 0x43}, @nested={0x4, 0x78}, @typed={0xc, 0xa7, 0x0, 0x0, @u64=0xfffffffffffffffe}]}]}]}]}]}]}]}]}]}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x40}, 0x4) 757.167283ms ago: executing program 2 (id=10784): mmap$auto(0x0, 0x2020009, 0xe4, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x5, 0x84) getsockopt$auto(r0, 0x84, 0x1, 0x0, 0x0) 754.630333ms ago: executing program 3 (id=10785): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000002340), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_GET(r0, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000002380)={0x14, r1, 0x321, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x2004) 532.890381ms ago: executing program 2 (id=10786): socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2, 0x1000000004, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xcf, 0x0, 0x4) 526.900448ms ago: executing program 3 (id=10787): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x2000}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 296.133023ms ago: executing program 2 (id=10788): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mlock$auto(0x8001, 0xb) mlock$auto(0x7c88, 0x7fff) 232.577381ms ago: executing program 3 (id=10790): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x7, 0x0) socket(0x23, 0x80805, 0x0) 232.493411ms ago: executing program 4 (id=10792): mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4) 120.072726ms ago: executing program 0 (id=10793): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4d", 0x7) 17.578746ms ago: executing program 2 (id=10794): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x9, &(0x7f0000000080)={0x7fffffff, 0xd, 0xc000, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0x1000000f, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x10000}, {0x5, 0x1, 0x21bb800, 0x5, 0x6f, 0x2, 0x1, 0x8, 0x100002000}}) 0s ago: executing program 3 (id=10795): socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r0, 0xfd}, 0x6a) kernel console output (not intermixed with test programs): sm_exc_page_fault+0x26/0x30 [ 569.457167][ T5830] RIP: 0033:0x7fde1e266034 [ 569.457185][ T5830] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 68 f7 ea 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 79 f6 ea 00 48 01 d1 [ 569.457209][ T5830] RSP: 002b:00007ffc15c5a230 EFLAGS: 00010206 [ 569.457229][ T5830] RAX: 0000001b30e24000 RBX: 0000000000000e2a RCX: 000000000008b678 [ 569.457244][ T5830] RDX: 0000000009407255 RSI: 00007fde1f2a7010 RDI: 00232529d8b5c679 [ 569.457259][ T5830] RBP: 00007ffc15c5a26c R08: 0000000000000000 R09: 00007fde1f2a7000 [ 569.457273][ T5830] R10: 0000000000000001 R11: 000000000001b454 R12: 0000000000001388 [ 569.457287][ T5830] R13: 00000000000927c0 R14: 000000000008b82b R15: 00007ffc15c5a2c0 [ 569.457317][ T5830] [ 569.457326][ T5830] memory: usage 3072kB, limit 3072kB, failcnt 54520 [ 569.759102][T21081] FAULT_INJECTION: forcing a failure. [ 569.759102][T21081] name failslab, interval 1, probability 0, space 0, times 0 [ 569.809250][T21081] CPU: 0 UID: 0 PID: 21081 Comm: syz.0.7303 Tainted: G U L syzkaller #0 PREEMPT(full) [ 569.809292][T21081] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 569.809300][T21081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 569.809314][T21081] Call Trace: [ 569.809322][T21081] [ 569.809330][T21081] dump_stack_lvl+0x16c/0x1f0 [ 569.809371][T21081] should_fail_ex+0x512/0x640 [ 569.809398][T21081] ? __kmalloc_noprof+0xca/0x910 [ 569.809426][T21081] should_failslab+0xc2/0x120 [ 569.809464][T21081] __kmalloc_noprof+0xeb/0x910 [ 569.809490][T21081] ? udpv6_init_sock+0x24e/0x450 [ 569.809526][T21081] ? udpv6_init_sock+0x24e/0x450 [ 569.809555][T21081] udpv6_init_sock+0x24e/0x450 [ 569.809585][T21081] ? __pfx_udpv6_init_sock+0x10/0x10 [ 569.809617][T21081] inet6_create+0xb30/0x12b0 [ 569.809656][T21081] ? inet6_create+0x7f/0x12b0 [ 569.809695][T21081] __sock_create+0x339/0x8a0 [ 569.809730][T21081] __sys_socket+0x14d/0x260 [ 569.809751][T21081] ? fput+0x70/0xf0 [ 569.809773][T21081] ? __pfx___sys_socket+0x10/0x10 [ 569.809795][T21081] ? xfd_validate_state+0x61/0x180 [ 569.809816][T21081] ? __pfx_ksys_write+0x10/0x10 [ 569.809856][T21081] __x64_sys_socket+0x72/0xb0 [ 569.809878][T21081] ? lockdep_hardirqs_on+0x7c/0x110 [ 569.809914][T21081] do_syscall_64+0xcd/0xf80 [ 569.809953][T21081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.809977][T21081] RIP: 0033:0x7f9e1a98f7c9 [ 569.809995][T21081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.810017][T21081] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 569.810043][T21081] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 569.810058][T21081] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a [ 569.810072][T21081] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 569.810086][T21081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.810099][T21081] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 569.810129][T21081] [ 570.170279][T21089] syz_tun: tun_chr_ioctl cmd 2147767517 [ 570.682881][ T5830] memory+swap: usage 3192kB, limit 9007199254740988kB, failcnt 0 [ 570.705688][T21105] openvswitch: netlink: Message has 4 unknown bytes. [ 570.734374][ T5830] kmem: usage 404kB, limit 9007199254740988kB, failcnt 0 [ 570.776496][ T5830] Memory cgroup stats for /syz1: [ 570.776748][ T5830] cache 0 [ 570.828655][ T5830] rss 2732032 [ 570.832010][ T5830] rss_huge 2097152 [ 570.862571][ T5830] shmem 0 [ 570.875326][ T5830] mapped_file 0 [ 570.904491][ T5830] dirty 0 [ 570.907466][ T5830] writeback 0 [ 570.932739][ T5830] workingset_refault_anon 1587 [ 570.951889][ T5830] workingset_refault_file 21466 [ 570.981895][ T5830] swap 122880 [ 570.989356][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 570.996471][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 571.012982][ T5830] swapcached 8192 [ 571.024395][ T5830] pgpgin 162539 [ 571.036155][ T5830] pgpgout 168126 [ 571.061069][ T5830] pgfault 204202 [ 571.081338][ T5830] pgmajfault 1081 [ 571.090834][ T5830] inactive_anon 0 [ 571.116052][ T5830] active_anon 8192 [ 571.119820][ T5830] inactive_file 0 [ 571.148508][ T5830] active_file 0 [ 571.152027][ T5830] unevictable 2723840 [ 571.182051][ T5830] hierarchical_memory_limit 3145728 [ 571.219191][ T5830] hierarchical_memsw_limit 9223372036854771712 [ 571.252926][ T5830] total_cache 0 [ 571.256421][ T5830] total_rss 2732032 [ 571.260232][ T5830] total_rss_huge 2097152 [ 571.287195][T21119] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 571.303856][ T5830] total_shmem 0 [ 571.307443][ T5830] total_mapped_file 0 [ 571.311441][ T5830] total_dirty 0 [ 571.354799][ T5830] total_writeback 0 [ 571.358655][ T5830] total_workingset_refault_anon 1587 [ 571.407206][ T5830] total_workingset_refault_file 21466 [ 571.434511][ T5830] total_swap 122880 [ 571.438361][ T5830] total_swapcached 8192 [ 571.481736][ T5830] total_pgpgin 162539 [ 571.485757][ T5830] total_pgpgout 168126 [ 571.489866][ T5830] total_pgfault 204202 [ 571.531492][ T5830] total_pgmajfault 1081 [ 571.535697][ T5830] total_inactive_anon 0 [ 571.539860][ T5830] total_active_anon 8192 [ 571.583892][ T5830] total_inactive_file 0 [ 571.588174][ T5830] total_active_file 0 [ 571.625611][ T5830] total_unevictable 2723840 [ 571.644450][ T5830] anon_cost 48 [ 571.662597][ T5830] file_cost 0 [ 571.665920][ T5830] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.7297,pid=21068,uid=0 [ 571.749581][ T5830] Memory cgroup out of memory: Killed process 21068 (syz.1.7297) total-vm:108180kB, anon-rss:3804kB, file-rss:21548kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 571.794231][T21131] netlink: 'syz.3.7327': attribute type 1 has an invalid length. [ 572.339856][T21147] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 572.599927][T21151] netlink: 206 bytes leftover after parsing attributes in process `syz.2.7337'. [ 573.092726][T21159] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 573.757700][T21179] FAULT_INJECTION: forcing a failure. [ 573.757700][T21179] name failslab, interval 1, probability 0, space 0, times 0 [ 573.817539][T21179] CPU: 0 UID: 0 PID: 21179 Comm: syz.0.7350 Tainted: G U L syzkaller #0 PREEMPT(full) [ 573.817580][T21179] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 573.817589][T21179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 573.817602][T21179] Call Trace: [ 573.817610][T21179] [ 573.817619][T21179] dump_stack_lvl+0x16c/0x1f0 [ 573.817659][T21179] should_fail_ex+0x512/0x640 [ 573.817686][T21179] ? kmem_cache_alloc_noprof+0x62/0x770 [ 573.817719][T21179] should_failslab+0xc2/0x120 [ 573.817757][T21179] kmem_cache_alloc_noprof+0x83/0x770 [ 573.817785][T21179] ? security_file_alloc+0x34/0x2b0 [ 573.817822][T21179] ? security_file_alloc+0x34/0x2b0 [ 573.817851][T21179] security_file_alloc+0x34/0x2b0 [ 573.817882][T21179] init_file+0x93/0x4c0 [ 573.817906][T21179] alloc_empty_file+0x73/0x1e0 [ 573.817932][T21179] alloc_file_pseudo+0x13a/0x230 [ 573.817960][T21179] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 573.817986][T21179] ? security_inode_init_security_anon+0x79/0x240 [ 573.818019][T21179] __do_sys_memfd_secret+0x11d/0x490 [ 573.818058][T21179] do_syscall_64+0xcd/0xf80 [ 573.818096][T21179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.818120][T21179] RIP: 0033:0x7f9e1a98f7c9 [ 573.818138][T21179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.818161][T21179] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 573.818183][T21179] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 573.818199][T21179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 573.818213][T21179] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 573.818227][T21179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.818241][T21179] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 573.818272][T21179] [ 575.717321][T21223] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 575.928006][T21229] openvswitch: netlink: Flow actions attr not present in new flow. [ 576.027927][T21233] netlink: 'syz.0.7374': attribute type 1 has an invalid length. [ 576.662722][T21250] No such timeout policy "" [ 576.688196][T21250] netlink: Failed to associated timeout policy '' [ 576.779618][T21254] netlink: 'syz.0.7384': attribute type 1 has an invalid length. [ 576.813816][T21254] nbd: error processing sock list [ 577.035283][T21260] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 577.661371][T21281] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 578.099647][T21298] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 578.099647][T21298] The task syz.0.7403 (21298) triggered the difference, watch for misbehavior. [ 578.495772][T21308] NFSD: Failed to start, no listeners configured. [ 579.609793][T21342] openvswitch: netlink: Message has 4 unknown bytes. [ 580.976113][ T30] audit: type=1800 audit(4294967349.049:34): pid=21382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7443" name="lu_gp_id" dev="configfs" ino=57919 res=0 errno=0 [ 581.572973][T21397] delete_channel: no stack [ 582.019430][T21406] NFSD: Failed to start, no listeners configured. [ 584.086223][T11128] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 584.164458][T21477] netlink: ct family unspecified [ 585.243490][T21509] FAULT_INJECTION: forcing a failure. [ 585.243490][T21509] name failslab, interval 1, probability 0, space 0, times 0 [ 585.309628][T21509] CPU: 0 UID: 0 PID: 21509 Comm: syz.3.7501 Tainted: G U L syzkaller #0 PREEMPT(full) [ 585.309667][T21509] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 585.309676][T21509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 585.309689][T21509] Call Trace: [ 585.309697][T21509] [ 585.309705][T21509] dump_stack_lvl+0x16c/0x1f0 [ 585.309747][T21509] should_fail_ex+0x512/0x640 [ 585.309774][T21509] ? kmem_cache_alloc_noprof+0x62/0x770 [ 585.309807][T21509] should_failslab+0xc2/0x120 [ 585.309846][T21509] kmem_cache_alloc_noprof+0x83/0x770 [ 585.309875][T21509] ? alloc_empty_file+0x55/0x1e0 [ 585.309906][T21509] ? alloc_empty_file+0x55/0x1e0 [ 585.309931][T21509] alloc_empty_file+0x55/0x1e0 [ 585.309957][T21509] alloc_file_pseudo+0x13a/0x230 [ 585.309985][T21509] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 585.310015][T21509] ? do_raw_spin_unlock+0x172/0x230 [ 585.310047][T21509] __anon_inode_getfile+0xe8/0x280 [ 585.310075][T21509] anon_inode_getfile_fmode+0x37/0xa0 [ 585.310102][T21509] __do_sys_fanotify_init+0xa53/0xed0 [ 585.310139][T21509] do_syscall_64+0xcd/0xf80 [ 585.310188][T21509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.310213][T21509] RIP: 0033:0x7f2cb738f7c9 [ 585.310232][T21509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.310254][T21509] RSP: 002b:00007f2cb816c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 585.310277][T21509] RAX: ffffffffffffffda RBX: 00007f2cb75e5fa0 RCX: 00007f2cb738f7c9 [ 585.310292][T21509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 585.310306][T21509] RBP: 00007f2cb7413f91 R08: 0000000000000000 R09: 0000000000000000 [ 585.310321][T21509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.310334][T21509] R13: 00007f2cb75e6038 R14: 00007f2cb75e5fa0 R15: 00007ffee94fcb08 [ 585.310364][T21509] [ 585.636462][T21516] binder: 21515:21516 ioctl 400c620e 0 returned -14 [ 585.949222][T20824] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 586.279143][T21530] openvswitch: netlink: IP tunnel dst address not specified [ 589.835510][T21634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 590.045042][T21641] netlink: 'syz.0.7565': attribute type 11 has an invalid length. [ 590.070810][T21641] netlink: 'syz.0.7565': attribute type 11 has an invalid length. [ 590.108915][T21641] netlink: 'syz.0.7565': attribute type 11 has an invalid length. [ 590.140156][T21641] netlink: 'syz.0.7565': attribute type 11 has an invalid length. [ 590.889366][T21662] Â: entered promiscuous mode [ 592.855481][T21719] block nbd2: not configured, cannot reconfigure [ 593.210506][T21728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7602'. [ 593.262467][T21728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7602'. [ 594.175988][T21752] FAULT_INJECTION: forcing a failure. [ 594.175988][T21752] name failslab, interval 1, probability 0, space 0, times 0 [ 594.233815][T21752] CPU: 0 UID: 0 PID: 21752 Comm: syz.1.7613 Tainted: G U L syzkaller #0 PREEMPT(full) [ 594.233855][T21752] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 594.233864][T21752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 594.233877][T21752] Call Trace: [ 594.233885][T21752] [ 594.233894][T21752] dump_stack_lvl+0x16c/0x1f0 [ 594.233936][T21752] should_fail_ex+0x512/0x640 [ 594.233962][T21752] ? kmem_cache_alloc_noprof+0x62/0x770 [ 594.233996][T21752] should_failslab+0xc2/0x120 [ 594.234033][T21752] kmem_cache_alloc_noprof+0x83/0x770 [ 594.234062][T21752] ? __anon_vma_prepare+0xae/0x5e0 [ 594.234094][T21752] ? __anon_vma_prepare+0xae/0x5e0 [ 594.234118][T21752] __anon_vma_prepare+0xae/0x5e0 [ 594.234143][T21752] ? do_raw_spin_lock+0x12c/0x2b0 [ 594.234175][T21752] __vmf_anon_prepare+0x11c/0x240 [ 594.234221][T21752] do_huge_pmd_anonymous_page+0x161/0x2200 [ 594.234255][T21752] ? __pmd_alloc+0x6aa/0x9c0 [ 594.234296][T21752] __handle_mm_fault+0x25ca/0x2bb0 [ 594.234329][T21752] ? __pfx___handle_mm_fault+0x10/0x10 [ 594.234378][T21752] handle_mm_fault+0x3fe/0xad0 [ 594.234409][T21752] __get_user_pages+0x54e/0x3590 [ 594.234458][T21752] ? __pfx___get_user_pages+0x10/0x10 [ 594.234503][T21752] populate_vma_page_range+0x267/0x3f0 [ 594.234544][T21752] ? __pfx_populate_vma_page_range+0x10/0x10 [ 594.234582][T21752] ? __pfx_find_vma_intersection+0x10/0x10 [ 594.234619][T21752] ? do_mmap+0x69c/0x1210 [ 594.234662][T21752] __mm_populate+0x1d8/0x380 [ 594.234701][T21752] ? __pfx___mm_populate+0x10/0x10 [ 594.234741][T21752] ? up_write+0x282/0x4e0 [ 594.234769][T21752] vm_mmap_pgoff+0x37f/0x470 [ 594.234807][T21752] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 594.234848][T21752] ? __x64_sys_futex+0x1e0/0x4c0 [ 594.234874][T21752] ? __x64_sys_futex+0x1e9/0x4c0 [ 594.234905][T21752] ksys_mmap_pgoff+0x7d/0x5c0 [ 594.234939][T21752] ? xfd_validate_state+0x61/0x180 [ 594.234959][T21752] ? __pfx_ksys_write+0x10/0x10 [ 594.234997][T21752] __x64_sys_mmap+0x125/0x190 [ 594.235025][T21752] do_syscall_64+0xcd/0xf80 [ 594.235064][T21752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.235088][T21752] RIP: 0033:0x7fde1e38f7c9 [ 594.235108][T21752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.235131][T21752] RSP: 002b:00007fde1f2a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 594.235152][T21752] RAX: ffffffffffffffda RBX: 00007fde1e5e5fa0 RCX: 00007fde1e38f7c9 [ 594.235168][T21752] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 594.235182][T21752] RBP: 00007fde1e413f91 R08: 0000000000000002 R09: 0000000000008000 [ 594.235201][T21752] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 594.235216][T21752] R13: 00007fde1e5e6038 R14: 00007fde1e5e5fa0 R15: 00007ffc15c59ea8 [ 594.235247][T21752] [ 594.710689][T21762] netlink: 'syz.3.7620': attribute type 1 has an invalid length. [ 594.769112][T21764] netlink: zone id is out of range [ 595.254902][T21782] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 595.511656][T21733] Process accounting resumed [ 596.335805][T21813] netlink: 'syz.2.7641': attribute type 11 has an invalid length. [ 596.377514][T21813] netlink: 'syz.2.7641': attribute type 11 has an invalid length. [ 596.406027][T21813] netlink: 'syz.2.7641': attribute type 11 has an invalid length. [ 596.451754][T21813] netlink: 'syz.2.7641': attribute type 11 has an invalid length. [ 596.703518][T21818] Â: entered promiscuous mode [ 597.323439][T21836] openvswitch: netlink: IPv4 tunnel dst address is zero [ 597.486032][T21842] netlink: 'syz.3.7656': attribute type 11 has an invalid length. [ 597.528693][T21842] netlink: 'syz.3.7656': attribute type 11 has an invalid length. [ 597.559192][T21842] netlink: 'syz.3.7656': attribute type 11 has an invalid length. [ 597.595783][T21842] netlink: 'syz.3.7656': attribute type 11 has an invalid length. [ 598.768506][T21873] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 599.985272][T21907] aoe: copy from user failed [ 599.989932][T21907] aoe: could not set interface list: too many interfaces [ 601.178918][T21945] FAULT_INJECTION: forcing a failure. [ 601.178918][T21945] name failslab, interval 1, probability 0, space 0, times 0 [ 601.243467][T21945] CPU: 0 UID: 0 PID: 21945 Comm: syz.0.7703 Tainted: G U L syzkaller #0 PREEMPT(full) [ 601.243517][T21945] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 601.243525][T21945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 601.243539][T21945] Call Trace: [ 601.243546][T21945] [ 601.243555][T21945] dump_stack_lvl+0x16c/0x1f0 [ 601.243597][T21945] should_fail_ex+0x512/0x640 [ 601.243623][T21945] ? __kmalloc_cache_noprof+0x5f/0x800 [ 601.243653][T21945] should_failslab+0xc2/0x120 [ 601.243690][T21945] __kmalloc_cache_noprof+0x80/0x800 [ 601.243717][T21945] ? rcu_is_watching+0x12/0xc0 [ 601.243750][T21945] ? call_usermodehelper_setup+0xaf/0x360 [ 601.243780][T21945] ? __pfx_free_modprobe_argv+0x10/0x10 [ 601.243813][T21945] ? call_usermodehelper_setup+0xaf/0x360 [ 601.243841][T21945] call_usermodehelper_setup+0xaf/0x360 [ 601.243875][T21945] __request_module+0x3bd/0x660 [ 601.243907][T21945] ? __pfx___request_module+0x10/0x10 [ 601.243950][T21945] ? rcu_is_watching+0x12/0xc0 [ 601.243983][T21945] ? lockdep_hardirqs_on+0x7c/0x110 [ 601.244026][T21945] netlink_create+0x226/0x620 [ 601.244063][T21945] __sock_create+0x339/0x8a0 [ 601.244090][T21945] __sys_socket+0x14d/0x260 [ 601.244112][T21945] ? fput+0x70/0xf0 [ 601.244134][T21945] ? __pfx___sys_socket+0x10/0x10 [ 601.244156][T21945] ? xfd_validate_state+0x61/0x180 [ 601.244177][T21945] ? __pfx_ksys_write+0x10/0x10 [ 601.244229][T21945] __x64_sys_socket+0x72/0xb0 [ 601.244252][T21945] ? lockdep_hardirqs_on+0x7c/0x110 [ 601.244287][T21945] do_syscall_64+0xcd/0xf80 [ 601.244327][T21945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.244352][T21945] RIP: 0033:0x7f9e1a98f7c9 [ 601.244370][T21945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.244393][T21945] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 601.244415][T21945] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 601.244431][T21945] RDX: 000000000000001f RSI: 0000000000000003 RDI: 0000000000000010 [ 601.244445][T21945] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 601.244459][T21945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.244472][T21945] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 601.244509][T21945] [ 602.294432][T21974] random: crng reseeded on system resumption [ 603.063594][T22002] FAULT_INJECTION: forcing a failure. [ 603.063594][T22002] name failslab, interval 1, probability 0, space 0, times 0 [ 603.097901][T22002] CPU: 0 UID: 0 PID: 22002 Comm: syz.0.7728 Tainted: G U L syzkaller #0 PREEMPT(full) [ 603.097942][T22002] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 603.097951][T22002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 603.097965][T22002] Call Trace: [ 603.097972][T22002] [ 603.097981][T22002] dump_stack_lvl+0x16c/0x1f0 [ 603.098022][T22002] should_fail_ex+0x512/0x640 [ 603.098048][T22002] ? __kvmalloc_node_noprof+0x129/0xa40 [ 603.098085][T22002] should_failslab+0xc2/0x120 [ 603.098124][T22002] __kvmalloc_node_noprof+0x14a/0xa40 [ 603.098160][T22002] ? io_alloc_cache_init+0x38/0x170 [ 603.098206][T22002] ? io_alloc_cache_init+0x38/0x170 [ 603.098243][T22002] ? __init_waitqueue_head+0xca/0x150 [ 603.098272][T22002] io_alloc_cache_init+0x38/0x170 [ 603.098320][T22002] io_uring_setup+0x578/0x1f80 [ 603.098359][T22002] ? __pfx_io_uring_setup+0x10/0x10 [ 603.098393][T22002] ? do_futex+0x122/0x350 [ 603.098420][T22002] ? __pfx_do_futex+0x10/0x10 [ 603.098458][T22002] ? fput+0x70/0xf0 [ 603.098482][T22002] ? xfd_validate_state+0x61/0x180 [ 603.098503][T22002] ? __pfx_ksys_write+0x10/0x10 [ 603.098543][T22002] __x64_sys_io_uring_setup+0xc2/0x170 [ 603.098577][T22002] do_syscall_64+0xcd/0xf80 [ 603.098615][T22002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.098639][T22002] RIP: 0033:0x7f9e1a98f7c9 [ 603.098657][T22002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.098680][T22002] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 603.098702][T22002] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 603.098717][T22002] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000001d48 [ 603.098731][T22002] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 603.098744][T22002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.098758][T22002] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 603.098787][T22002] [ 607.393592][T22126] nbd: illegal input index 37139 [ 607.421502][T22128] openvswitch: netlink: Key type 29 is not supported [ 608.201679][T22156] netlink: 'syz.0.7803': attribute type 2 has an invalid length. [ 609.171638][T22189] openvswitch: netlink: Key type 29 is not supported [ 609.962886][T22216] openvswitch: netlink: Key type 29 is not supported [ 610.339018][T22230] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 610.447954][T22234] FAULT_INJECTION: forcing a failure. [ 610.447954][T22234] name failslab, interval 1, probability 0, space 0, times 0 [ 610.522447][T22234] CPU: 0 UID: 0 PID: 22234 Comm: syz.1.7840 Tainted: G U L syzkaller #0 PREEMPT(full) [ 610.522487][T22234] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 610.522496][T22234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 610.522510][T22234] Call Trace: [ 610.522518][T22234] [ 610.522533][T22234] dump_stack_lvl+0x16c/0x1f0 [ 610.522573][T22234] should_fail_ex+0x512/0x640 [ 610.522601][T22234] ? __kmalloc_noprof+0xca/0x910 [ 610.522629][T22234] should_failslab+0xc2/0x120 [ 610.522666][T22234] __kmalloc_noprof+0xeb/0x910 [ 610.522692][T22234] ? alloc_pipe_info+0x1ec/0x590 [ 610.522734][T22234] ? alloc_pipe_info+0x1ec/0x590 [ 610.522770][T22234] alloc_pipe_info+0x1ec/0x590 [ 610.522811][T22234] create_pipe_files+0x8c/0x9a0 [ 610.522852][T22234] do_pipe2+0xaf/0x1c0 [ 610.522889][T22234] ? __pfx_do_pipe2+0x10/0x10 [ 610.522927][T22234] ? xfd_validate_state+0x61/0x180 [ 610.522957][T22234] __x64_sys_pipe2+0x54/0x80 [ 610.522995][T22234] do_syscall_64+0xcd/0xf80 [ 610.523034][T22234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.523058][T22234] RIP: 0033:0x7fde1e38f7c9 [ 610.523076][T22234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.523099][T22234] RSP: 002b:00007fde1f2a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 610.523121][T22234] RAX: ffffffffffffffda RBX: 00007fde1e5e5fa0 RCX: 00007fde1e38f7c9 [ 610.523136][T22234] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 610.523150][T22234] RBP: 00007fde1e413f91 R08: 0000000000000000 R09: 0000000000000000 [ 610.523165][T22234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.523179][T22234] R13: 00007fde1e5e6038 R14: 00007fde1e5e5fa0 R15: 00007ffc15c59ea8 [ 610.523209][T22234] [ 612.918783][T22307] &#$@\]\-: entered promiscuous mode [ 614.049112][T22341] : entered promiscuous mode [ 614.055886][T22344] netlink: 'syz.0.7888': attribute type 12 has an invalid length. [ 614.569866][T22358] netlink: Setting conntrack mark requires 'commit' flag. [ 616.886303][T22434] nbd: illegal input index -1073741824 [ 617.579691][T22459] netlink: 'syz.3.7944': attribute type 1 has an invalid length. [ 618.040719][T22477] netlink: 'syz.2.7953': attribute type 10 has an invalid length. [ 621.631804][T22583] __vm_enough_memory: pid: 22583, comm: syz.3.8003, bytes: 4398046511104 not enough memory for the allocation [ 623.056782][T22623] openvswitch: netlink: IPv6 tunnel dst address is zero [ 623.629272][T22641] IPVS: length: 131 != 8 [ 623.962883][T22649] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 625.926875][T22659] Process accounting paused [ 627.811097][T22726] openvswitch: netlink: Duplicate or invalid key (type 0). [ 628.164766][T22735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8072'. [ 628.647450][T22746] MTRR 1 not used [ 629.945957][T20824] Bluetooth: hci3: SCO packet too small [ 630.059325][T22773] Invalid ELF header magic: != ELF [ 631.923042][T22812] netlink: 'syz.1.8109': attribute type 11 has an invalid length. [ 631.959078][T22812] netlink: 'syz.1.8109': attribute type 11 has an invalid length. [ 632.001372][T22812] netlink: 'syz.1.8109': attribute type 11 has an invalid length. [ 632.115790][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 632.122418][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.345119][T22824] netlink: Unknown conntrack attr (type=257, max=9) [ 633.131908][T22848] netlink: 'syz.2.8127': attribute type 1 has an invalid length. [ 633.170725][T22848] netlink: 33 bytes leftover after parsing attributes in process `syz.2.8127'. [ 634.135829][T22875] netlink: Unknown NAT attribute (type=262, max=9) [ 634.436219][T22881] nbd: couldn't find device at index 33904 [ 634.988530][T22896] netlink: Failed to add  helper -22 [ 635.954542][T22919] netlink: ct_mark mask cannot be 0 [ 636.250859][T22926] [U] ^\ [ 636.986105][T22944] sg_write: process 4249 (syz.0.8174) changed security contexts after opening file descriptor, this is not allowed. [ 637.285979][T22951] tc_dump_action: action bad kind [ 637.706757][ T30] audit: type=1326 audit(4294967406.074:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22959 comm="syz.2.8182" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff70518f7c9 code=0x0 [ 637.796573][T22962] sd 0:0:1:0: PR command failed: 1026 [ 637.830041][T22962] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 637.883483][T22962] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 638.330392][T22972] openvswitch: netlink: IP tunnel dst address not specified [ 643.633796][T23088] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 644.344851][T23102] netlink: NAT attribute type 6 has unexpected length (4 != 2) [ 645.408810][T23122] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 646.410621][T23142] delete_channel: no stack [ 646.909557][T23151] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 649.108008][T23203] FAULT_INJECTION: forcing a failure. [ 649.108008][T23203] name failslab, interval 1, probability 0, space 0, times 0 [ 649.169327][T23203] CPU: 0 UID: 0 PID: 23203 Comm: syz.0.8296 Tainted: G U L syzkaller #0 PREEMPT(full) [ 649.169369][T23203] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 649.169378][T23203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 649.169392][T23203] Call Trace: [ 649.169400][T23203] [ 649.169409][T23203] dump_stack_lvl+0x16c/0x1f0 [ 649.169451][T23203] should_fail_ex+0x512/0x640 [ 649.169478][T23203] ? __kmalloc_cache_noprof+0x5f/0x800 [ 649.169508][T23203] should_failslab+0xc2/0x120 [ 649.169545][T23203] __kmalloc_cache_noprof+0x80/0x800 [ 649.169579][T23203] ? getname_flags.part.0+0x292/0x550 [ 649.169612][T23203] ? getname_flags.part.0+0x292/0x550 [ 649.169638][T23203] getname_flags.part.0+0x292/0x550 [ 649.169669][T23203] getname_flags+0x93/0xf0 [ 649.169702][T23203] __x64_sys_symlink+0x65/0x90 [ 649.169726][T23203] do_syscall_64+0xcd/0xf80 [ 649.169765][T23203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.169791][T23203] RIP: 0033:0x7f9e1a98f7c9 [ 649.169809][T23203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.169833][T23203] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 649.169855][T23203] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 649.169871][T23203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000010c0 [ 649.169885][T23203] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 649.169900][T23203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 649.169914][T23203] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 649.169945][T23203] [ 652.367561][T23264] zero sized request [ 652.892830][ T5830] syz-executor invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), order=0, oom_score_adj=0 [ 652.967313][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 652.967355][ T5830] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 652.967364][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 652.967379][ T5830] Call Trace: [ 652.967387][ T5830] [ 652.967397][ T5830] dump_stack_lvl+0x16c/0x1f0 [ 652.967437][ T5830] dump_header+0x101/0x960 [ 652.967473][ T5830] oom_kill_process+0x176/0x910 [ 652.967503][ T5830] out_of_memory+0x350/0x1700 [ 652.967536][ T5830] ? __pfx_out_of_memory+0x10/0x10 [ 652.967581][ T5830] mem_cgroup_out_of_memory+0x118/0x130 [ 652.967611][ T5830] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 652.967646][ T5830] ? do_raw_spin_unlock+0x172/0x230 [ 652.967678][ T5830] try_charge_memcg+0x695/0xd30 [ 652.967720][ T5830] ? __pfx_try_charge_memcg+0x10/0x10 [ 652.967756][ T5830] ? peak_open+0x21/0x50 [ 652.967780][ T5830] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 652.967814][ T5830] __memcg_kmem_charge_page+0xda/0x420 [ 652.967854][ T5830] __alloc_frozen_pages_noprof+0x323/0x2430 [ 652.967884][ T5830] ? stack_trace_save+0x8e/0xc0 [ 652.967919][ T5830] ? __pfx_stack_trace_save+0x10/0x10 [ 652.967954][ T5830] ? rcu_is_watching+0x12/0xc0 [ 652.967986][ T5830] ? stack_depot_save_flags+0x29/0x9b0 [ 652.968018][ T5830] ? kasan_save_stack+0x42/0x60 [ 652.968048][ T5830] ? kasan_save_stack+0x33/0x60 [ 652.968077][ T5830] ? kasan_save_track+0x14/0x30 [ 652.968107][ T5830] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 652.968135][ T5830] ? copy_page_range+0x4620/0x6780 [ 652.968157][ T5830] ? copy_process+0x3b9f/0x7430 [ 652.968197][ T5830] ? __do_sys_clone+0xce/0x120 [ 652.968231][ T5830] ? do_syscall_64+0xcd/0xf80 [ 652.968266][ T5830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.968304][ T5830] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 652.968342][ T5830] ? policy_nodemask+0xea/0x4e0 [ 652.968381][ T5830] alloc_pages_mpol+0x1fb/0x550 [ 652.968419][ T5830] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 652.968463][ T5830] alloc_pages_noprof+0x131/0x390 [ 652.968500][ T5830] pte_alloc_one+0x1e/0x3d0 [ 652.968534][ T5830] __pte_alloc+0x6d/0x3f0 [ 652.968576][ T5830] ? __pfx___pte_alloc+0x10/0x10 [ 652.968614][ T5830] ? _raw_spin_unlock+0x28/0x50 [ 652.968644][ T5830] ? __pmd_alloc+0x6aa/0x9c0 [ 652.968684][ T5830] copy_page_range+0x3f3e/0x6780 [ 652.968712][ T5830] ? __lock_acquire+0x436/0x2890 [ 652.968762][ T5830] ? __pfx_copy_page_range+0x10/0x10 [ 652.968790][ T5830] ? mas_store+0xb4b/0x12f0 [ 652.968814][ T5830] ? __vma_enter_locked+0x1dc/0x770 [ 652.968840][ T5830] ? __pfx_mas_store+0x10/0x10 [ 652.968879][ T5830] dup_mmap+0xbea/0x20e0 [ 652.968932][ T5830] ? __pfx_dup_mmap+0x10/0x10 [ 652.968989][ T5830] copy_process+0x3b9f/0x7430 [ 652.969026][ T5830] ? do_wp_page+0x1c04/0x5010 [ 652.969071][ T5830] ? __pfx_copy_process+0x10/0x10 [ 652.969107][ T5830] ? do_raw_spin_lock+0x12c/0x2b0 [ 652.969147][ T5830] kernel_clone+0xfc/0x910 [ 652.969190][ T5830] ? __pfx_kernel_clone+0x10/0x10 [ 652.969243][ T5830] __do_sys_clone+0xce/0x120 [ 652.969278][ T5830] ? __pfx___do_sys_clone+0x10/0x10 [ 652.969313][ T5830] ? count_memcg_events+0x122/0x290 [ 652.969361][ T5830] ? do_user_addr_fault+0x843/0x1370 [ 652.969397][ T5830] do_syscall_64+0xcd/0xf80 [ 652.969435][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.969459][ T5830] RIP: 0033:0x7fde1e385f13 [ 652.969479][ T5830] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 652.969502][ T5830] RSP: 002b:00007ffc15c5a128 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 652.969525][ T5830] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fde1e385f13 [ 652.969540][ T5830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 652.969555][ T5830] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 652.969568][ T5830] R10: 000055558d6517d0 R11: 0000000000000246 R12: 0000000000000000 [ 652.969583][ T5830] R13: 00000000000927c0 R14: 000000000009ff8f R15: 00007ffc15c5a2c0 [ 652.969614][ T5830] [ 653.403358][T23277] openvswitch: netlink: IP tunnel dst address not specified [ 654.009657][ T5830] memory: usage 3072kB, limit 3072kB, failcnt 76399 [ 654.039674][ T5830] memory+swap: usage 50464kB, limit 9007199254740988kB, failcnt 0 [ 654.072033][ T5830] kmem: usage 1324kB, limit 9007199254740988kB, failcnt 0 [ 654.091277][ T5830] Memory cgroup stats for /syz1: [ 654.091542][ T5830] cache 1732608 [ 654.117050][ T5830] rss 57344 [ 654.120206][ T5830] rss_huge 0 [ 654.141740][ T5830] shmem 1732608 [ 654.145270][ T5830] mapped_file 0 [ 654.148755][ T5830] dirty 0 [ 654.170299][ T5830] writeback 0 [ 654.184176][ T5830] workingset_refault_anon 3122 [ 654.195537][ T5830] workingset_refault_file 29305 [ 654.200625][T23304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8345'. [ 654.215911][ T5830] swap 48529408 [ 654.219409][ T5830] swapcached 0 [ 654.241998][ T5830] pgpgin 204585 [ 654.245537][ T5830] pgpgout 218578 [ 654.249083][ T5830] pgfault 243128 [ 654.273277][ T5830] pgmajfault 1702 [ 654.276979][ T5830] inactive_anon 1593344 [ 654.311354][ T5830] active_anon 196608 [ 654.315296][ T5830] inactive_file 0 [ 654.332612][ T5830] active_file 0 [ 654.336108][ T5830] unevictable 0 [ 654.356880][ T5830] hierarchical_memory_limit 3145728 [ 654.374556][ T5830] hierarchical_memsw_limit 9223372036854771712 [ 654.402239][ T5830] total_cache 1732608 [ 654.406298][ T5830] total_rss 57344 [ 654.409944][ T5830] total_rss_huge 0 [ 654.440113][ T5830] total_shmem 1732608 [ 654.462342][ T5830] total_mapped_file 0 [ 654.466452][ T5830] total_dirty 0 [ 654.494207][ T5830] total_writeback 0 [ 654.498109][ T5830] total_workingset_refault_anon 3122 [ 654.518586][ T5830] total_workingset_refault_file 29305 [ 654.534104][ T5830] total_swap 48529408 [ 654.538136][ T5830] total_swapcached 0 [ 654.566599][ T5830] total_pgpgin 204585 [ 654.579523][ T5830] total_pgpgout 218578 [ 654.595877][ T5830] total_pgfault 243128 [ 654.609640][ T5830] total_pgmajfault 1702 [ 654.629539][ T5830] total_inactive_anon 1593344 [ 654.634260][ T5830] total_active_anon 196608 [ 654.638734][ T5830] total_inactive_file 0 [ 654.672686][ T5830] total_active_file 0 [ 654.676716][ T5830] total_unevictable 0 [ 654.694296][ T5830] anon_cost 75 [ 654.697868][ T5830] file_cost 1 [ 654.718777][ T5830] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.8149,pid=22894,uid=0 [ 654.774693][ T5830] Memory cgroup out of memory: Killed process 22894 (syz.1.8149) total-vm:104080kB, anon-rss:1160kB, file-rss:55836kB, shmem-rss:0kB, UID:0 pgtables:196kB oom_score_adj:1000 [ 654.945080][T23272] syz.3.8328 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 654.955355][T23272] CPU: 0 UID: 0 PID: 23272 Comm: syz.3.8328 Tainted: G U L syzkaller #0 PREEMPT(full) [ 654.955394][T23272] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 654.955403][T23272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 654.955417][T23272] Call Trace: [ 654.955426][T23272] [ 654.955436][T23272] dump_stack_lvl+0x16c/0x1f0 [ 654.955477][T23272] dump_header+0x101/0x960 [ 654.955506][T23272] oom_kill_process+0x176/0x910 [ 654.955534][T23272] out_of_memory+0x350/0x1700 [ 654.955567][T23272] ? __pfx_out_of_memory+0x10/0x10 [ 654.955601][T23272] mem_cgroup_out_of_memory+0x118/0x130 [ 654.955630][T23272] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 654.955666][T23272] ? do_raw_spin_unlock+0x172/0x230 [ 654.955699][T23272] try_charge_memcg+0x695/0xd30 [ 654.955742][T23272] ? __pfx_try_charge_memcg+0x10/0x10 [ 654.955779][T23272] ? find_held_lock+0x11/0x80 [ 654.955810][T23272] ? rcu_read_unlock+0x17/0x60 [ 654.955839][T23272] charge_memcg+0x8a/0x230 [ 654.955876][T23272] __mem_cgroup_charge+0x2b/0x1e0 [ 654.955901][T23272] do_wp_page+0x11be/0x5010 [ 654.955946][T23272] ? __pfx_do_wp_page+0x10/0x10 [ 654.956019][T23272] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 654.956054][T23272] __handle_mm_fault+0x1bd2/0x2bb0 [ 654.956085][T23272] ? reacquire_held_locks+0xcd/0x1f0 [ 654.956108][T23272] ? __pfx___handle_mm_fault+0x10/0x10 [ 654.956142][T23272] ? lock_vma_under_rcu+0x176/0x580 [ 654.956176][T23272] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 654.956217][T23272] handle_mm_fault+0x3fe/0xad0 [ 654.956248][T23272] do_user_addr_fault+0x60c/0x1370 [ 654.956280][T23272] ? rcu_is_watching+0x12/0xc0 [ 654.956316][T23272] exc_page_fault+0x64/0xc0 [ 654.956353][T23272] asm_exc_page_fault+0x26/0x30 [ 654.956376][T23272] RIP: 0033:0x7f2cb7264fe7 [ 654.956395][T23272] Code: 0f 85 11 0e 00 00 4c 89 44 24 28 31 c0 b9 40 42 0f 00 48 89 de ba 81 00 00 00 bf ca 00 00 00 c7 03 01 00 00 00 e8 c9 a7 12 00 <83> 05 be 2d 38 00 01 4c 8b 44 24 28 80 bc 24 e8 00 00 00 00 0f b6 [ 654.956418][T23272] RSP: 002b:00007ffee94fcc70 EFLAGS: 00010207 [ 654.956438][T23272] RAX: 0000000000000001 RBX: 00007f2cb75e5fa8 RCX: 00007f2cb738f7c9 [ 654.956453][T23272] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2cb75e5fa8 [ 654.956468][T23272] RBP: 0000000000000000 R08: 00007ffee94fcb07 R09: 00000001e94fcf5f [ 654.956482][T23272] R10: 00007f2cb75e5fa0 R11: 0000000000000246 R12: 00007f2cb75e5fac [ 654.956497][T23272] R13: 00007f2cb75e5fa0 R14: 0000000000001c26 R15: 0000000000000003 [ 654.956528][T23272] [ 654.956536][T23272] memory: usage 3072kB, limit 3072kB, failcnt 78900 [ 655.584805][T23328] nbd: couldn't find a device at index 35644 [ 655.706814][T23331] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 655.868448][T23272] memory+swap: usage 80528kB, limit 9007199254740988kB, failcnt 0 [ 655.891851][T23272] kmem: usage 1396kB, limit 9007199254740988kB, failcnt 0 [ 655.919910][T23272] Memory cgroup stats for /syz3: [ 655.920181][T23272] cache 1597440 [ 655.971232][T23272] rss 118784 [ 655.981980][T23272] rss_huge 0 [ 655.985225][T23272] shmem 1597440 [ 655.988686][T23272] mapped_file 0 [ 656.003264][T23334] Process accounting resumed [ 656.021961][T23272] dirty 0 [ 656.024938][T23272] writeback 0 [ 656.028253][T23272] workingset_refault_anon 2482 [ 656.060971][T23272] workingset_refault_file 28352 [ 656.082848][T23272] swap 79314944 [ 656.086353][T23272] swapcached 4096 [ 656.090001][T23272] pgpgin 212872 [ 656.111436][T23272] pgpgout 230851 [ 656.115023][T23272] pgfault 243865 [ 656.136552][T23272] pgmajfault 1698 [ 656.140220][T23272] inactive_anon 1671168 [ 656.164983][T23272] active_anon 45056 [ 656.168822][T23272] inactive_file 0 [ 656.192479][T23272] active_file 0 [ 656.195970][T23272] unevictable 0 [ 656.199431][T23272] hierarchical_memory_limit 3145728 [ 656.232197][T23272] hierarchical_memsw_limit 9223372036854771712 [ 656.238392][T23272] total_cache 1597440 [ 656.271830][T23272] total_rss 118784 [ 656.282785][T23272] total_rss_huge 0 [ 656.286550][T23272] total_shmem 1597440 [ 656.310346][T23272] total_mapped_file 0 [ 656.314366][T23272] total_dirty 0 [ 656.340251][T23272] total_writeback 0 [ 656.344096][T23272] total_workingset_refault_anon 2482 [ 656.365591][T23272] total_workingset_refault_file 28352 [ 656.385982][T23272] total_swap 79314944 [ 656.411291][T23272] total_swapcached 4096 [ 656.421300][T23272] total_pgpgin 212872 [ 656.425318][T23272] total_pgpgout 230851 [ 656.446531][T23272] total_pgfault 243865 [ 656.461204][T23272] total_pgmajfault 1698 [ 656.465505][T23272] total_inactive_anon 1671168 [ 656.510616][T23272] total_active_anon 45056 [ 656.514985][T23272] total_inactive_file 0 [ 656.529952][T23272] total_active_file 0 [ 656.537741][T23272] total_unevictable 0 [ 656.551563][T23272] anon_cost 85 [ 656.566421][T23272] file_cost 3 [ 656.578939][T23272] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.8068,pid=22729,uid=0 [ 656.639539][T23272] Memory cgroup out of memory: Killed process 22729 (syz.3.8068) total-vm:136980kB, anon-rss:1268kB, file-rss:56136kB, shmem-rss:24kB, UID:0 pgtables:268kB oom_score_adj:1000 [ 656.729728][T23358] netlink: 'syz.2.8371': attribute type 1 has an invalid length. [ 656.888984][T23273] sctp: [Deprecated]: syz.3.8328 (pid 23273) Use of int in max_burst socket option deprecated. [ 656.888984][T23273] Use struct sctp_assoc_value instead [ 656.973811][T23364] ptrace attach of "./syz-executor exec"[5838] was attempted by ""[23364] [ 658.615316][T23404] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 659.568149][ T30] audit: type=1800 audit(4295032965.046:36): pid=23431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8404" name="discovery_nqn" dev="configfs" ino=65387 res=0 errno=0 [ 659.649460][T23433] ptrace attach of "./syz-executor exec"[5838] was attempted by ""[23433] [ 659.875864][T23439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8408'. [ 662.776045][T23532] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8452'. [ 662.832269][T23537] netlink: 29 bytes leftover after parsing attributes in process `syz.1.8452'. [ 663.053643][T23541] netlink: 'syz.2.8456': attribute type 1 has an invalid length. [ 663.476210][T23553] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 663.509334][T23553] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 668.198722][T20824] Bluetooth: hci0: unexpected event 0x30 length: 47 > 3 [ 669.006725][T23697] CIFS mount error: No usable UNC path provided in device string! [ 669.006725][T23697] [ 669.094135][T23697] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 669.296509][T23705] program syz.0.8532 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 670.367722][T23731] openvswitch: netlink: Flow key attribute not present in set flow. [ 670.701379][T23742] FAULT_INJECTION: forcing a failure. [ 670.701379][T23742] name failslab, interval 1, probability 0, space 0, times 0 [ 670.755397][T23742] CPU: 0 UID: 0 PID: 23742 Comm: syz.0.8550 Tainted: G U L syzkaller #0 PREEMPT(full) [ 670.755442][T23742] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 670.755456][T23742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 670.755470][T23742] Call Trace: [ 670.755478][T23742] [ 670.755486][T23742] dump_stack_lvl+0x16c/0x1f0 [ 670.755533][T23742] should_fail_ex+0x512/0x640 [ 670.755560][T23742] ? kmem_cache_alloc_noprof+0x62/0x770 [ 670.755593][T23742] should_failslab+0xc2/0x120 [ 670.755632][T23742] kmem_cache_alloc_noprof+0x83/0x770 [ 670.755661][T23742] ? alloc_empty_file+0x55/0x1e0 [ 670.755692][T23742] ? alloc_empty_file+0x55/0x1e0 [ 670.755716][T23742] alloc_empty_file+0x55/0x1e0 [ 670.755742][T23742] alloc_file_pseudo+0x13a/0x230 [ 670.755770][T23742] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 670.755798][T23742] ? security_inode_init_security_anon+0x79/0x240 [ 670.755833][T23742] __anon_inode_getfile+0xe8/0x280 [ 670.755862][T23742] new_userfaultfd+0x260/0x490 [ 670.755896][T23742] __x64_sys_userfaultfd+0x4b/0xb0 [ 670.755933][T23742] do_syscall_64+0xcd/0xf80 [ 670.755972][T23742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.755998][T23742] RIP: 0033:0x7f9e1a98f7c9 [ 670.756016][T23742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.756039][T23742] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 670.756062][T23742] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 670.756078][T23742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 670.756092][T23742] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 670.756106][T23742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.756120][T23742] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 670.756153][T23742] [ 671.819130][T23763] bond0: invalid ARP target specified [ 672.463025][T23783] MTRR 1 not used [ 672.528670][T23786] openvswitch: netlink: Duplicate key (type 15). [ 674.276936][T20824] Bluetooth: hci0: command 0x0406 tx timeout [ 674.472976][T23843] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 675.002147][T23853] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 675.064353][T23853] CPU: 0 UID: 0 PID: 23853 Comm: syz.0.8603 Tainted: G U L syzkaller #0 PREEMPT(full) [ 675.064395][T23853] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 675.064404][T23853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 675.064418][T23853] Call Trace: [ 675.064426][T23853] [ 675.064435][T23853] dump_stack_lvl+0x16c/0x1f0 [ 675.064476][T23853] sysfs_warn_dup+0x7f/0xa0 [ 675.064504][T23853] sysfs_do_create_link_sd+0x124/0x140 [ 675.064535][T23853] sysfs_create_link+0x61/0xc0 [ 675.064562][T23853] device_add+0x652/0x1980 [ 675.064601][T23853] ? __pfx_device_add+0x10/0x10 [ 675.064634][T23853] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.064673][T23853] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 675.064716][T23853] wiphy_register+0x1ea1/0x2cc0 [ 675.064740][T23853] ? __rtnl_unlock+0x68/0xf0 [ 675.064777][T23853] ? __napi_busy_loop+0x6f0/0xa80 [ 675.064812][T23853] ? __pfx_wiphy_register+0x10/0x10 [ 675.064836][T23853] ? __asan_memset+0x23/0x50 [ 675.064875][T23853] ? ieee80211_init_rate_ctrl_alg+0x125/0x680 [ 675.064920][T23853] ieee80211_register_hw+0x2bb2/0x4160 [ 675.064956][T23853] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 675.064980][T23853] ? __pfx___debug_object_init+0x10/0x10 [ 675.065032][T23853] ? find_held_lock+0x2b/0x80 [ 675.065065][T23853] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.065102][T23853] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 675.065138][T23853] ? __hrtimer_setup+0x176/0x280 [ 675.065171][T23853] mac80211_hwsim_new_radio+0x3323/0x5150 [ 675.065215][T23853] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 675.065253][T23853] hwsim_new_radio_nl+0xba2/0x1330 [ 675.065283][T23853] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 675.065320][T23853] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 675.065363][T23853] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 675.065415][T23853] genl_family_rcv_msg_doit+0x209/0x2f0 [ 675.065458][T23853] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 675.065500][T23853] ? genl_get_cmd+0x194/0x580 [ 675.065543][T23853] ? bpf_lsm_capable+0x9/0x10 [ 675.065577][T23853] ? security_capable+0x7e/0x260 [ 675.065617][T23853] ? ns_capable+0xd7/0x110 [ 675.065651][T23853] genl_rcv_msg+0x55c/0x800 [ 675.065677][T23853] ? __pfx_genl_rcv_msg+0x10/0x10 [ 675.065701][T23853] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 675.065740][T23853] netlink_rcv_skb+0x158/0x420 [ 675.065776][T23853] ? __pfx_genl_rcv_msg+0x10/0x10 [ 675.065800][T23853] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 675.065849][T23853] ? netlink_deliver_tap+0x1ae/0xd30 [ 675.065887][T23853] genl_rcv+0x28/0x40 [ 675.065923][T23853] netlink_unicast+0x5aa/0x870 [ 675.065963][T23853] ? __pfx_netlink_unicast+0x10/0x10 [ 675.066004][T23853] ? __pfx___might_resched+0x10/0x10 [ 675.066037][T23853] ? __lock_acquire+0x436/0x2890 [ 675.066067][T23853] netlink_sendmsg+0x8c8/0xdd0 [ 675.066109][T23853] ? __pfx_netlink_sendmsg+0x10/0x10 [ 675.066151][T23853] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 675.066198][T23853] ____sys_sendmsg+0xa5d/0xc30 [ 675.066238][T23853] ? copy_msghdr_from_user+0x10a/0x160 [ 675.066270][T23853] ? __pfx_____sys_sendmsg+0x10/0x10 [ 675.066317][T23853] ? __pfx_futex_wake_mark+0x10/0x10 [ 675.066355][T23853] ___sys_sendmsg+0x134/0x1d0 [ 675.066388][T23853] ? __pfx____sys_sendmsg+0x10/0x10 [ 675.066420][T23853] ? futex_private_hash_put+0x160/0x1b0 [ 675.066479][T23853] __sys_sendmsg+0x16d/0x220 [ 675.066511][T23853] ? __pfx___sys_sendmsg+0x10/0x10 [ 675.066543][T23853] ? __x64_sys_futex+0x1e0/0x4c0 [ 675.066588][T23853] do_syscall_64+0xcd/0xf80 [ 675.066629][T23853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.066654][T23853] RIP: 0033:0x7f9e1a98f7c9 [ 675.066673][T23853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.066698][T23853] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 675.066721][T23853] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 675.066737][T23853] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 675.066753][T23853] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 675.066768][T23853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.066782][T23853] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 675.066814][T23853] [ 676.147652][T23857] FAULT_INJECTION: forcing a failure. [ 676.147652][T23857] name failslab, interval 1, probability 0, space 0, times 0 [ 676.240386][T23857] CPU: 0 UID: 0 PID: 23857 Comm: syz.3.8606 Tainted: G U L syzkaller #0 PREEMPT(full) [ 676.240428][T23857] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 676.240438][T23857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 676.240453][T23857] Call Trace: [ 676.240460][T23857] [ 676.240469][T23857] dump_stack_lvl+0x16c/0x1f0 [ 676.240512][T23857] should_fail_ex+0x512/0x640 [ 676.240539][T23857] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 676.240574][T23857] should_failslab+0xc2/0x120 [ 676.240613][T23857] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 676.240645][T23857] ? __d_alloc+0x35/0xa80 [ 676.240671][T23857] ? __d_alloc+0x35/0xa80 [ 676.240689][T23857] __d_alloc+0x35/0xa80 [ 676.240708][T23857] ? bpf_lsm_inode_permission+0x9/0x10 [ 676.240738][T23857] d_alloc+0x4a/0x1e0 [ 676.240760][T23857] vfs_tmpfile+0x148/0x9b0 [ 676.240811][T23857] path_openat+0x1936/0x3140 [ 676.240846][T23857] ? do_syscall_64+0xcd/0xf80 [ 676.240882][T23857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.240916][T23857] ? __pfx_path_openat+0x10/0x10 [ 676.240957][T23857] ? __lock_acquire+0x436/0x2890 [ 676.240984][T23857] do_filp_open+0x20b/0x470 [ 676.241022][T23857] ? __pfx_do_filp_open+0x10/0x10 [ 676.241079][T23857] ? _raw_spin_unlock+0x28/0x50 [ 676.241110][T23857] ? alloc_fd+0x471/0x7d0 [ 676.241154][T23857] do_sys_openat2+0x121/0x290 [ 676.241181][T23857] ? __pfx_do_sys_openat2+0x10/0x10 [ 676.241219][T23857] __x64_sys_open+0x153/0x1e0 [ 676.241247][T23857] ? __pfx___x64_sys_open+0x10/0x10 [ 676.241281][T23857] ? rcu_is_watching+0x12/0xc0 [ 676.241317][T23857] do_syscall_64+0xcd/0xf80 [ 676.241356][T23857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.241380][T23857] RIP: 0033:0x7f2cb738f7c9 [ 676.241399][T23857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.241428][T23857] RSP: 002b:00007f2cb816c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 676.241451][T23857] RAX: ffffffffffffffda RBX: 00007f2cb75e5fa0 RCX: 00007f2cb738f7c9 [ 676.241467][T23857] RDX: 0000000000000408 RSI: 0000000000591002 RDI: 0000200000000100 [ 676.241482][T23857] RBP: 00007f2cb7413f91 R08: 0000000000000000 R09: 0000000000000000 [ 676.241497][T23857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.241512][T23857] R13: 00007f2cb75e6038 R14: 00007f2cb75e5fa0 R15: 00007ffee94fcb08 [ 676.241543][T23857] [ 678.004992][T23898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8624'. [ 679.380422][T23937] netlink: 'syz.2.8644': attribute type 2 has an invalid length. [ 679.420694][T23937] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8644'. [ 681.745560][T24010] openvswitch: netlink: VXLAN extension 64 out of range max 1 [ 684.109608][T24068] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 684.603412][T11128] Bluetooth: hci0: unexpected event 0x36 length: 123 > 7 [ 685.883485][T24115] Process accounting paused [ 685.991235][T24120] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 689.726170][T24232] netlink: 'syz.2.8788': attribute type 1 has an invalid length. [ 690.601568][T24257] netlink: 'syz.1.8799': attribute type 1 has an invalid length. [ 693.226663][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.235975][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 695.258132][T24363] program syz.2.8849 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 697.267765][T24418] netlink: 'syz.2.8875': attribute type 1 has an invalid length. [ 698.163597][T24452] MTRR 1 not used [ 698.399728][T24462] openvswitch: netlink: Duplicate key (type 15). [ 700.393105][ T30] audit: type=1326 audit(4295033006.098:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24515 comm="syz.0.8920" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e1a98f7c9 code=0x0 [ 700.544287][T24520] ksmbd: Unknown IPC event: 14, ignore. [ 700.865269][T24530] netlink: 'syz.1.8926': attribute type 11 has an invalid length. [ 701.843639][T24561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8942'. [ 703.694881][T24619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8968'. [ 704.322218][T24639] netlink: Conntrack attr has 16 unknown bytes [ 706.567701][T24702] netlink: Conntrack attr has 16 unknown bytes [ 708.569967][T11128] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 708.577387][T11128] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 709.176734][T24777] perf: Dynamic interrupt throttling disabled, can hang your system! [ 713.297657][T24908] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 713.830998][T24922] netlink: 'syz.3.9106': attribute type 11 has an invalid length. [ 713.841272][T24922] netlink: 'syz.3.9106': attribute type 11 has an invalid length. [ 713.849212][T24922] netlink: 'syz.3.9106': attribute type 11 has an invalid length. [ 714.582066][T24950] nfsd: Unknown parameter 'ˆ*Ú' [ 715.914659][T24988] Process accounting resumed [ 717.101093][T25021] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 719.152562][T25071] netlink: NAT attribute has 4 unknown bytes [ 722.314803][T25165] netlink: zone id is out of range [ 722.974848][T25190] openvswitch: netlink: IP tunnel TTL not specified. [ 724.308737][T25239] openvswitch: netlink: IP tunnel TTL not specified. [ 728.861828][T25372] synth uevent: /module/orangefs: unknown uevent action string [ 730.539257][T25416] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 732.474693][T25474] netlink: 'syz.0.9362': attribute type 2 has an invalid length. [ 732.852661][T25487] netlink: 148 bytes leftover after parsing attributes in process `syz.1.9370'. [ 733.566855][T25512] FAULT_INJECTION: forcing a failure. [ 733.566855][T25512] name failslab, interval 1, probability 0, space 0, times 0 [ 733.632394][T25512] CPU: 0 UID: 0 PID: 25512 Comm: syz.3.9381 Tainted: G U L syzkaller #0 PREEMPT(full) [ 733.632435][T25512] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 733.632444][T25512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 733.632459][T25512] Call Trace: [ 733.632466][T25512] [ 733.632476][T25512] dump_stack_lvl+0x16c/0x1f0 [ 733.632519][T25512] should_fail_ex+0x512/0x640 [ 733.632546][T25512] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 733.632580][T25512] should_failslab+0xc2/0x120 [ 733.632617][T25512] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 733.632648][T25512] ? __d_alloc+0x35/0xa80 [ 733.632674][T25512] ? __d_alloc+0x35/0xa80 [ 733.632692][T25512] __d_alloc+0x35/0xa80 [ 733.632710][T25512] ? __pfx_from_vfsgid+0x10/0x10 [ 733.632743][T25512] d_alloc_pseudo+0x1c/0xc0 [ 733.632771][T25512] alloc_file_pseudo+0xcf/0x230 [ 733.632800][T25512] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 733.632827][T25512] ? hugetlbfs_get_inode+0x31f/0x700 [ 733.632855][T25512] hugetlb_file_setup+0x4ce/0x620 [ 733.632884][T25512] ksys_mmap_pgoff+0x189/0x5c0 [ 733.632925][T25512] __x64_sys_mmap+0x125/0x190 [ 733.632953][T25512] do_syscall_64+0xcd/0xf80 [ 733.632993][T25512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 733.633035][T25512] RIP: 0033:0x7f2cb738f7c9 [ 733.633054][T25512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 733.633078][T25512] RSP: 002b:00007f2cb816c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 733.633102][T25512] RAX: ffffffffffffffda RBX: 00007f2cb75e5fa0 RCX: 00007f2cb738f7c9 [ 733.633118][T25512] RDX: 00004000000000e3 RSI: 0000000000200004 RDI: 0000000000000000 [ 733.633133][T25512] RBP: 00007f2cb7413f91 R08: 000000000000000d R09: 0000300000000000 [ 733.633148][T25512] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 733.633163][T25512] R13: 00007f2cb75e6038 R14: 00007f2cb75e5fa0 R15: 00007ffee94fcb08 [ 733.633194][T25512] [ 734.436076][T25526] netlink: 148 bytes leftover after parsing attributes in process `syz.0.9388'. [ 734.472846][T25528] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 735.493396][T25562] FAULT_INJECTION: forcing a failure. [ 735.493396][T25562] name failslab, interval 1, probability 0, space 0, times 0 [ 735.545774][T25562] CPU: 0 UID: 0 PID: 25562 Comm: syz.1.9406 Tainted: G U L syzkaller #0 PREEMPT(full) [ 735.545815][T25562] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 735.545824][T25562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 735.545839][T25562] Call Trace: [ 735.545847][T25562] [ 735.545855][T25562] dump_stack_lvl+0x16c/0x1f0 [ 735.545898][T25562] should_fail_ex+0x512/0x640 [ 735.545924][T25562] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 735.545958][T25562] should_failslab+0xc2/0x120 [ 735.545997][T25562] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 735.546028][T25562] ? __d_alloc+0x35/0xa80 [ 735.546054][T25562] ? __d_alloc+0x35/0xa80 [ 735.546072][T25562] __d_alloc+0x35/0xa80 [ 735.546090][T25562] ? __pfx_from_vfsgid+0x10/0x10 [ 735.546123][T25562] d_alloc_pseudo+0x1c/0xc0 [ 735.546152][T25562] alloc_file_pseudo+0xcf/0x230 [ 735.546182][T25562] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 735.546210][T25562] ? hugetlbfs_get_inode+0x31f/0x700 [ 735.546238][T25562] hugetlb_file_setup+0x4ce/0x620 [ 735.546272][T25562] ksys_mmap_pgoff+0x189/0x5c0 [ 735.546313][T25562] __x64_sys_mmap+0x125/0x190 [ 735.546340][T25562] do_syscall_64+0xcd/0xf80 [ 735.546379][T25562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.546408][T25562] RIP: 0033:0x7fde1e38f7c9 [ 735.546427][T25562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.546451][T25562] RSP: 002b:00007fde1f2a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 735.546473][T25562] RAX: ffffffffffffffda RBX: 00007fde1e5e5fa0 RCX: 00007fde1e38f7c9 [ 735.546489][T25562] RDX: 00004000000000e3 RSI: 0000000000200004 RDI: 0000000000000000 [ 735.546504][T25562] RBP: 00007fde1e413f91 R08: 000000000000000d R09: 0000300000000000 [ 735.546519][T25562] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 735.546534][T25562] R13: 00007fde1e5e6038 R14: 00007fde1e5e5fa0 R15: 00007ffc15c59ea8 [ 735.546565][T25562] [ 736.221408][T25572] blktrace: Concurrent blktraces are not allowed on loop2 [ 736.893721][T25591] FAULT_INJECTION: forcing a failure. [ 736.893721][T25591] name failslab, interval 1, probability 0, space 0, times 0 [ 736.961071][T25591] CPU: 0 UID: 0 PID: 25591 Comm: syz.2.9419 Tainted: G U L syzkaller #0 PREEMPT(full) [ 736.961111][T25591] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 736.961121][T25591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 736.961135][T25591] Call Trace: [ 736.961143][T25591] [ 736.961152][T25591] dump_stack_lvl+0x16c/0x1f0 [ 736.961193][T25591] should_fail_ex+0x512/0x640 [ 736.961221][T25591] ? fs_reclaim_acquire+0xae/0x150 [ 736.961263][T25591] should_failslab+0xc2/0x120 [ 736.961301][T25591] __kmalloc_noprof+0xeb/0x910 [ 736.961328][T25591] ? tomoyo_encode2+0x100/0x3e0 [ 736.961365][T25591] ? tomoyo_encode2+0x100/0x3e0 [ 736.961395][T25591] tomoyo_encode2+0x100/0x3e0 [ 736.961431][T25591] tomoyo_encode+0x29/0x50 [ 736.961462][T25591] tomoyo_mount_acl+0x144/0x850 [ 736.961493][T25591] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 736.961535][T25591] ? kernel_text_address+0x8d/0x100 [ 736.961563][T25591] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 736.961594][T25591] ? arch_stack_walk+0xa6/0x100 [ 736.961651][T25591] ? tomoyo_domain+0xba/0x150 [ 736.961694][T25591] ? tomoyo_profile+0x47/0x60 [ 736.961734][T25591] tomoyo_mount_permission+0x16d/0x420 [ 736.961771][T25591] ? tomoyo_mount_permission+0x14f/0x420 [ 736.961804][T25591] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 736.961852][T25591] security_sb_mount+0x9b/0x260 [ 736.961880][T25591] path_mount+0x158/0x23a0 [ 736.961902][T25591] ? rcu_is_watching+0x12/0xc0 [ 736.961939][T25591] ? __pfx_path_mount+0x10/0x10 [ 736.961962][T25591] ? kmem_cache_free+0x2d8/0x770 [ 736.961992][T25591] ? putname+0xf5/0x1a0 [ 736.962018][T25591] ? putname+0xf5/0x1a0 [ 736.962036][T25591] ? putname+0xf5/0x1a0 [ 736.962060][T25591] ? __x64_sys_mount+0x293/0x310 [ 736.962081][T25591] __x64_sys_mount+0x293/0x310 [ 736.962104][T25591] ? __pfx___x64_sys_mount+0x10/0x10 [ 736.962136][T25591] do_syscall_64+0xcd/0xf80 [ 736.962176][T25591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.962201][T25591] RIP: 0033:0x7ff70518f7c9 [ 736.962219][T25591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.962244][T25591] RSP: 002b:00007ff705f88038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 736.962267][T25591] RAX: ffffffffffffffda RBX: 00007ff7053e5fa0 RCX: 00007ff70518f7c9 [ 736.962283][T25591] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 736.962298][T25591] RBP: 00007ff705213f91 R08: 0000000000000000 R09: 0000000000000000 [ 736.962312][T25591] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 736.962327][T25591] R13: 00007ff7053e6038 R14: 00007ff7053e5fa0 R15: 00007fff3fe7bca8 [ 736.962357][T25591] [ 739.161561][T25637] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 740.238063][T25665] openvswitch: netlink: Missing valid actions attribute. [ 740.724896][T25681] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 741.417264][T25702] netlink: 'syz.0.9469': attribute type 11 has an invalid length. [ 741.447653][T25702] netlink: 'syz.0.9469': attribute type 11 has an invalid length. [ 742.376327][T25735] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd1f [ 744.148939][ T30] audit: type=1107 audit(4295033050.076:38): pid=25786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 744.225490][ T30] audit: type=1107 audit(4295033050.096:39): pid=25786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 746.022480][T25837] Process accounting paused [ 746.045635][T25848] netlink: 'syz.3.9535': attribute type 1 has an invalid length. [ 746.771865][T11128] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 746.771900][T11128] Bluetooth: hci3: unexpected subevent 0x0e length: 725 > 15 [ 746.789097][T11128] Bluetooth: hci3: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 747.678167][T25902] netlink: 'syz.2.9560': attribute type 1 has an invalid length. [ 748.332884][T11128] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 748.332918][T11128] Bluetooth: hci1: unexpected subevent 0x0e length: 725 > 15 [ 748.349453][T11128] Bluetooth: hci1: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 749.469550][T25957] openvswitch: netlink: Flow key attr not present in new flow. [ 750.560178][T25969] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 750.596692][T25969] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 750.668876][T25969] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 750.699916][T25969] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 750.757350][T25969] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 750.778831][T25969] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 750.809326][T25969] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 750.875163][T25969] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 752.117339][T11128] Bluetooth: hci0: command 0x0406 tx timeout [ 752.669183][T11128] Bluetooth: hci1: command 0x0406 tx timeout [ 752.822183][T26069] FAULT_INJECTION: forcing a failure. [ 752.822183][T26069] name failslab, interval 1, probability 0, space 0, times 0 [ 752.846556][T11128] Bluetooth: hci3: command 0x0406 tx timeout [ 752.885160][T26069] CPU: 0 UID: 0 PID: 26069 Comm: syz.3.9641 Tainted: G U L syzkaller #0 PREEMPT(full) [ 752.885203][T26069] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 752.885212][T26069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 752.885227][T26069] Call Trace: [ 752.885235][T26069] [ 752.885244][T26069] dump_stack_lvl+0x16c/0x1f0 [ 752.885286][T26069] should_fail_ex+0x512/0x640 [ 752.885313][T26069] ? fs_reclaim_acquire+0xae/0x150 [ 752.885355][T26069] should_failslab+0xc2/0x120 [ 752.885393][T26069] kmem_cache_alloc_noprof+0x83/0x770 [ 752.885423][T26069] ? __pfx_map_id_range_down+0x10/0x10 [ 752.885457][T26069] ? security_inode_alloc+0x3b/0x2b0 [ 752.885489][T26069] ? security_inode_alloc+0x3b/0x2b0 [ 752.885513][T26069] security_inode_alloc+0x3b/0x2b0 [ 752.885540][T26069] inode_init_always_gfp+0xced/0x1040 [ 752.885581][T26069] alloc_inode+0x86/0x240 [ 752.885609][T26069] alloc_anon_inode+0x28/0x3e0 [ 752.885648][T26069] ioctx_alloc+0x4d1/0x2230 [ 752.885682][T26069] ? find_held_lock+0x2b/0x80 [ 752.885714][T26069] ? __pfx_ioctx_alloc+0x10/0x10 [ 752.885735][T26069] ? __might_fault+0x13b/0x190 [ 752.885770][T26069] __x64_sys_io_setup+0xc9/0x230 [ 752.885796][T26069] do_syscall_64+0xcd/0xf80 [ 752.885836][T26069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.885861][T26069] RIP: 0033:0x7f2cb738f7c9 [ 752.885880][T26069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.885941][T26069] RSP: 002b:00007f2cb816c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 752.885964][T26069] RAX: ffffffffffffffda RBX: 00007f2cb75e5fa0 RCX: 00007f2cb738f7c9 [ 752.885980][T26069] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e [ 752.885995][T26069] RBP: 00007f2cb7413f91 R08: 0000000000000000 R09: 0000000000000000 [ 752.886009][T26069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.886024][T26069] R13: 00007f2cb75e6038 R14: 00007f2cb75e5fa0 R15: 00007ffee94fcb08 [ 752.886055][T26069] [ 754.186357][T11128] Bluetooth: hci0: command 0x0406 tx timeout [ 754.347351][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 754.357531][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.738616][T11128] Bluetooth: hci1: command 0x0406 tx timeout [ 754.803397][T26125] openvswitch: netlink: Multiple metadata blocks provided [ 754.899933][T11128] Bluetooth: hci3: command 0x0406 tx timeout [ 755.713760][T26157] FAULT_INJECTION: forcing a failure. [ 755.713760][T26157] name failslab, interval 1, probability 0, space 0, times 0 [ 755.765703][T26157] CPU: 0 UID: 0 PID: 26157 Comm: syz.2.9684 Tainted: G U L syzkaller #0 PREEMPT(full) [ 755.765745][T26157] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 755.765755][T26157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 755.765769][T26157] Call Trace: [ 755.765776][T26157] [ 755.765785][T26157] dump_stack_lvl+0x16c/0x1f0 [ 755.765835][T26157] should_fail_ex+0x512/0x640 [ 755.765862][T26157] ? fs_reclaim_acquire+0xae/0x150 [ 755.765909][T26157] should_failslab+0xc2/0x120 [ 755.765947][T26157] kmem_cache_alloc_noprof+0x83/0x770 [ 755.765976][T26157] ? __pfx_map_id_range_down+0x10/0x10 [ 755.766012][T26157] ? security_inode_alloc+0x3b/0x2b0 [ 755.766043][T26157] ? security_inode_alloc+0x3b/0x2b0 [ 755.766067][T26157] security_inode_alloc+0x3b/0x2b0 [ 755.766094][T26157] inode_init_always_gfp+0xced/0x1040 [ 755.766136][T26157] alloc_inode+0x86/0x240 [ 755.766171][T26157] alloc_anon_inode+0x28/0x3e0 [ 755.766210][T26157] ioctx_alloc+0x4d1/0x2230 [ 755.766244][T26157] ? find_held_lock+0x2b/0x80 [ 755.766276][T26157] ? __pfx_ioctx_alloc+0x10/0x10 [ 755.766297][T26157] ? __might_fault+0x13b/0x190 [ 755.766332][T26157] __x64_sys_io_setup+0xc9/0x230 [ 755.766359][T26157] do_syscall_64+0xcd/0xf80 [ 755.766398][T26157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.766424][T26157] RIP: 0033:0x7ff70518f7c9 [ 755.766443][T26157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.766466][T26157] RSP: 002b:00007ff705f88038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 755.766488][T26157] RAX: ffffffffffffffda RBX: 00007ff7053e5fa0 RCX: 00007ff70518f7c9 [ 755.766504][T26157] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e [ 755.766518][T26157] RBP: 00007ff705213f91 R08: 0000000000000000 R09: 0000000000000000 [ 755.766533][T26157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.766546][T26157] R13: 00007ff7053e6038 R14: 00007ff7053e5fa0 R15: 00007fff3fe7bca8 [ 755.766577][T26157] [ 756.807655][T11128] Bluetooth: hci1: command 0x0406 tx timeout [ 756.971041][T11128] Bluetooth: hci3: command 0x0406 tx timeout [ 758.432551][T26238] FAULT_INJECTION: forcing a failure. [ 758.432551][T26238] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 758.494208][T26238] CPU: 0 UID: 0 PID: 26238 Comm: syz.0.9722 Tainted: G U L syzkaller #0 PREEMPT(full) [ 758.494250][T26238] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 758.494258][T26238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 758.494274][T26238] Call Trace: [ 758.494281][T26238] [ 758.494290][T26238] dump_stack_lvl+0x16c/0x1f0 [ 758.494332][T26238] should_fail_ex+0x512/0x640 [ 758.494370][T26238] should_fail_alloc_page+0xe7/0x130 [ 758.494412][T26238] prepare_alloc_pages+0x401/0x670 [ 758.494455][T26238] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 758.494487][T26238] ? mas_next_slot+0x12d3/0x1cb0 [ 758.494521][T26238] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 758.494551][T26238] ? mas_find+0x156/0x6d0 [ 758.494574][T26238] ? validate_mm+0x403/0x560 [ 758.494604][T26238] ? __pfx_validate_mm+0x10/0x10 [ 758.494635][T26238] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 758.494674][T26238] ? policy_nodemask+0xea/0x4e0 [ 758.494714][T26238] alloc_pages_mpol+0x1fb/0x550 [ 758.494753][T26238] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 758.494798][T26238] alloc_pages_noprof+0x131/0x390 [ 758.494837][T26238] __pmd_alloc+0x3b/0x9c0 [ 758.494877][T26238] move_page_tables+0x32a9/0x4380 [ 758.494913][T26238] ? __pfx_copy_vma+0x10/0x10 [ 758.494947][T26238] ? __pfx_move_page_tables+0x10/0x10 [ 758.494996][T26238] copy_vma_and_data+0x24e/0x790 [ 758.495028][T26238] ? __pfx_copy_vma_and_data+0x10/0x10 [ 758.495068][T26238] ? find_held_lock+0x2b/0x80 [ 758.495100][T26238] ? move_vma+0x533/0x1790 [ 758.495126][T26238] ? __vm_enough_memory+0x184/0x3f0 [ 758.495167][T26238] move_vma+0x545/0x1790 [ 758.495200][T26238] ? __pfx_move_vma+0x10/0x10 [ 758.495231][T26238] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 758.495269][T26238] ? cap_mmap_addr+0x4b/0x120 [ 758.495290][T26238] ? bpf_lsm_mmap_addr+0x9/0x10 [ 758.495318][T26238] ? security_mmap_addr+0x6c/0x1e0 [ 758.495349][T26238] ? __get_unmapped_area+0x267/0x3f0 [ 758.495392][T26238] ? vrm_set_new_addr+0x208/0x290 [ 758.495422][T26238] mremap_to+0x1b7/0x450 [ 758.495452][T26238] do_mremap+0x13a8/0x2020 [ 758.495483][T26238] ? futex_private_hash_put+0xe0/0x1b0 [ 758.495516][T26238] ? __pfx_do_mremap+0x10/0x10 [ 758.495550][T26238] ? ksys_write+0x190/0x250 [ 758.495592][T26238] __do_sys_mremap+0x119/0x170 [ 758.495620][T26238] ? __pfx___do_sys_mremap+0x10/0x10 [ 758.495657][T26238] ? __x64_sys_futex+0x1e0/0x4c0 [ 758.495702][T26238] do_syscall_64+0xcd/0xf80 [ 758.495741][T26238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.495766][T26238] RIP: 0033:0x7f9e1a98f7c9 [ 758.495785][T26238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.495809][T26238] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 758.495832][T26238] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 758.495848][T26238] RDX: 0000000000000004 RSI: 0000000000000002 RDI: 0000200000000000 [ 758.495862][T26238] RBP: 00007f9e1aa13f91 R08: 0000000100000000 R09: 0000000000000000 [ 758.495877][T26238] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 758.495892][T26238] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 758.495923][T26238] [ 759.376345][T26263] openvswitch: netlink: Multiple metadata blocks provided [ 759.564135][T26268] FAULT_INJECTION: forcing a failure. [ 759.564135][T26268] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 759.607710][T26268] CPU: 0 UID: 0 PID: 26268 Comm: syz.2.9735 Tainted: G U L syzkaller #0 PREEMPT(full) [ 759.607752][T26268] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 759.607761][T26268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 759.607775][T26268] Call Trace: [ 759.607782][T26268] [ 759.607791][T26268] dump_stack_lvl+0x16c/0x1f0 [ 759.607832][T26268] should_fail_ex+0x512/0x640 [ 759.607865][T26268] should_fail_alloc_page+0xe7/0x130 [ 759.607905][T26268] prepare_alloc_pages+0x401/0x670 [ 759.607950][T26268] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 759.607988][T26268] ? rcu_is_watching+0x12/0xc0 [ 759.608022][T26268] ? mod_memcg_lruvec_state+0x381/0x5f0 [ 759.608055][T26268] ? find_held_lock+0x2b/0x80 [ 759.608088][T26268] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 759.608133][T26268] ? __folio_mod_stat+0x18f/0x1f0 [ 759.608178][T26268] ? split_huge_pmd_locked+0x39c/0x4010 [ 759.608209][T26268] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 759.608256][T26268] ? policy_nodemask+0xea/0x4e0 [ 759.608296][T26268] alloc_pages_mpol+0x1fb/0x550 [ 759.608334][T26268] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 759.608378][T26268] ? __split_huge_pmd+0x203/0x350 [ 759.608411][T26268] alloc_pages_noprof+0x131/0x390 [ 759.608449][T26268] pte_alloc_one+0x1e/0x3d0 [ 759.608484][T26268] __pte_alloc+0x6d/0x3f0 [ 759.608518][T26268] ? __pfx___pte_alloc+0x10/0x10 [ 759.608552][T26268] ? _raw_spin_unlock+0x28/0x50 [ 759.608584][T26268] ? __pmd_alloc+0x6aa/0x9c0 [ 759.608624][T26268] move_page_tables+0x2c0a/0x4380 [ 759.608660][T26268] ? __pfx_copy_vma+0x10/0x10 [ 759.608694][T26268] ? __pfx_move_page_tables+0x10/0x10 [ 759.608743][T26268] copy_vma_and_data+0x24e/0x790 [ 759.608775][T26268] ? __pfx_copy_vma_and_data+0x10/0x10 [ 759.608815][T26268] ? find_held_lock+0x2b/0x80 [ 759.608847][T26268] ? move_vma+0x533/0x1790 [ 759.608872][T26268] ? __vm_enough_memory+0x184/0x3f0 [ 759.608914][T26268] move_vma+0x545/0x1790 [ 759.608947][T26268] ? __pfx_move_vma+0x10/0x10 [ 759.608978][T26268] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 759.609016][T26268] ? cap_mmap_addr+0x4b/0x120 [ 759.609037][T26268] ? bpf_lsm_mmap_addr+0x9/0x10 [ 759.609066][T26268] ? security_mmap_addr+0x6c/0x1e0 [ 759.609097][T26268] ? __get_unmapped_area+0x267/0x3f0 [ 759.609143][T26268] ? vrm_set_new_addr+0x208/0x290 [ 759.609173][T26268] mremap_to+0x1b7/0x450 [ 759.609203][T26268] do_mremap+0x13a8/0x2020 [ 759.609278][T26268] ? futex_private_hash_put+0xe0/0x1b0 [ 759.609311][T26268] ? __pfx_do_mremap+0x10/0x10 [ 759.609346][T26268] ? ksys_write+0x190/0x250 [ 759.609389][T26268] __do_sys_mremap+0x119/0x170 [ 759.609417][T26268] ? __pfx___do_sys_mremap+0x10/0x10 [ 759.609454][T26268] ? __x64_sys_futex+0x1e0/0x4c0 [ 759.609499][T26268] do_syscall_64+0xcd/0xf80 [ 759.609539][T26268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.609564][T26268] RIP: 0033:0x7ff70518f7c9 [ 759.609583][T26268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.609607][T26268] RSP: 002b:00007ff705f88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 759.609630][T26268] RAX: ffffffffffffffda RBX: 00007ff7053e5fa0 RCX: 00007ff70518f7c9 [ 759.609646][T26268] RDX: 0000000000000004 RSI: 0000000000000002 RDI: 0000200000000000 [ 759.609661][T26268] RBP: 00007ff705213f91 R08: 0000000100000000 R09: 0000000000000000 [ 759.609676][T26268] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 759.609691][T26268] R13: 00007ff7053e6038 R14: 00007ff7053e5fa0 R15: 00007fff3fe7bca8 [ 759.609722][T26268] [ 760.537290][T26287] openvswitch: netlink: Multiple metadata blocks provided [ 763.359287][T26345] netlink: 'syz.2.9770': attribute type 2 has an invalid length. [ 764.217585][T11128] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 764.217617][T11128] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 764.232913][T11128] Bluetooth: hci1: Dropping invalid advertising data [ 764.241985][T11128] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 764.242017][T11128] Bluetooth: hci1: Dropping invalid advertising data [ 764.256334][T11128] Bluetooth: hci1: Malformed LE Event: 0x02 [ 764.953362][T26393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9793'. [ 765.436074][T26407] netlink: 'syz.0.9799': attribute type 2 has an invalid length. [ 766.104723][T26419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9805'. [ 766.512613][T26426] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 767.174083][T26445] .^: entered promiscuous mode [ 767.900554][T26469] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 768.535190][T11128] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 768.535222][T11128] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 768.554012][T11128] Bluetooth: hci0: Dropping invalid advertising data [ 768.561028][T11128] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 768.561058][T11128] Bluetooth: hci0: Dropping invalid advertising data [ 768.574930][T11128] Bluetooth: hci0: Malformed LE Event: 0x02 [ 768.820003][T26495] nbd: must specify an index to disconnect [ 769.207091][ T30] audit: type=1326 audit(4295033075.266:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26499 comm="syz.0.9842" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e1a98f7c9 code=0x0 [ 771.029987][ T30] audit: type=1326 audit(4295033077.095:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.2.9861" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff70518f7c9 code=0x0 [ 773.350238][T26597] __vm_enough_memory: pid: 26597, comm: syz.3.9886, bytes: 4398046511104 not enough memory for the allocation [ 775.740045][T26654] sctp: [Deprecated]: syz.0.9913 (pid 26654) Use of struct sctp_assoc_value in delayed_ack socket option. [ 775.740045][T26654] Use struct sctp_sack_info instead [ 775.915966][T26656] Process accounting resumed [ 777.877729][T26716] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 778.097481][T26722] openvswitch: netlink: IP tunnel dst address not specified [ 778.824650][T26710] syz.1.9933 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 778.856866][T26710] CPU: 0 UID: 0 PID: 26710 Comm: syz.1.9933 Tainted: G U L syzkaller #0 PREEMPT(full) [ 778.856908][T26710] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 778.856917][T26710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 778.856932][T26710] Call Trace: [ 778.856941][T26710] [ 778.856950][T26710] dump_stack_lvl+0x16c/0x1f0 [ 778.856992][T26710] dump_header+0x101/0x960 [ 778.857021][T26710] oom_kill_process+0x176/0x910 [ 778.857049][T26710] out_of_memory+0x350/0x1700 [ 778.857079][T26710] ? __lock_acquire+0x436/0x2890 [ 778.857106][T26710] ? __pfx_out_of_memory+0x10/0x10 [ 778.857140][T26710] mem_cgroup_out_of_memory+0x118/0x130 [ 778.857170][T26710] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 778.857207][T26710] ? do_raw_spin_unlock+0x172/0x230 [ 778.857241][T26710] try_charge_memcg+0x695/0xd30 [ 778.857295][T26710] ? __pfx_try_charge_memcg+0x10/0x10 [ 778.857335][T26710] ? find_held_lock+0x11/0x80 [ 778.857367][T26710] ? rcu_read_unlock+0x17/0x60 [ 778.857397][T26710] charge_memcg+0x8a/0x230 [ 778.857436][T26710] __mem_cgroup_charge+0x2b/0x1e0 [ 778.857463][T26710] shmem_alloc_and_add_folio+0x50c/0xc20 [ 778.857499][T26710] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 778.857530][T26710] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 778.857565][T26710] shmem_get_folio_gfp+0x67f/0x1610 [ 778.857599][T26710] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 778.857628][T26710] ? ktime_get_coarse_real_ts64_mg+0x22c/0x300 [ 778.857658][T26710] ? lockdep_hardirqs_on+0x7c/0x110 [ 778.857700][T26710] shmem_fault+0x1fe/0xa00 [ 778.857728][T26710] ? __lock_acquire+0x436/0x2890 [ 778.857754][T26710] ? __pfx_shmem_fault+0x10/0x10 [ 778.857782][T26710] ? __up_read+0x2d1/0x700 [ 778.857819][T26710] __do_fault+0x10d/0x490 [ 778.857851][T26710] do_fault+0x302/0x1ad0 [ 778.857886][T26710] ? __pfx_filemap_map_pages+0x10/0x10 [ 778.857919][T26710] __handle_mm_fault+0x1919/0x2bb0 [ 778.857957][T26710] ? __pfx___handle_mm_fault+0x10/0x10 [ 778.857985][T26710] ? __pte_offset_map_lock+0x174/0x310 [ 778.858022][T26710] ? find_held_lock+0x2b/0x80 [ 778.858063][T26710] ? follow_page_pte+0x5cf/0x1390 [ 778.858110][T26710] handle_mm_fault+0x3fe/0xad0 [ 778.858141][T26710] __get_user_pages+0x54e/0x3590 [ 778.858186][T26710] ? down_read_killable+0x313/0x4c0 [ 778.858212][T26710] ? __pfx___get_user_pages+0x10/0x10 [ 778.858263][T26710] faultin_page_range+0x338/0x940 [ 778.858308][T26710] madvise_do_behavior+0x34c/0x530 [ 778.858335][T26710] ? __pfx_madvise_do_behavior+0x10/0x10 [ 778.858364][T26710] ? down_read+0x13d/0x460 [ 778.858401][T26710] do_madvise+0x176/0x240 [ 778.858423][T26710] ? __pfx_do_madvise+0x10/0x10 [ 778.858444][T26710] ? do_futex+0x122/0x350 [ 778.858477][T26710] ? count_memcg_events+0x122/0x290 [ 778.858525][T26710] ? xfd_validate_state+0x61/0x180 [ 778.858554][T26710] __x64_sys_madvise+0xa9/0x110 [ 778.858577][T26710] ? lockdep_hardirqs_on+0x7c/0x110 [ 778.858613][T26710] do_syscall_64+0xcd/0xf80 [ 778.858652][T26710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.858677][T26710] RIP: 0033:0x7fde1e38f7c9 [ 778.858696][T26710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.858720][T26710] RSP: 002b:00007fde1f2a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 778.858742][T26710] RAX: ffffffffffffffda RBX: 00007fde1e5e5fa0 RCX: 00007fde1e38f7c9 [ 778.858758][T26710] RDX: 0000000000000017 RSI: fffffffffffefffd RDI: 0000000000000000 [ 778.858772][T26710] RBP: 00007fde1e413f91 R08: 0000000000000000 R09: 0000000000000000 [ 778.858787][T26710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.858800][T26710] R13: 00007fde1e5e6038 R14: 00007fde1e5e5fa0 R15: 00007ffc15c59ea8 [ 778.858831][T26710] [ 778.862539][T26710] memory: usage 3072kB, limit 3072kB, failcnt 104015 [ 779.823435][T26763] sd 0:0:1:0: PR command failed: 1026 [ 779.829289][T26763] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 779.836015][T26763] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 780.142616][T26710] memory+swap: usage 38224kB, limit 9007199254740988kB, failcnt 0 [ 780.191453][T26710] kmem: usage 2452kB, limit 9007199254740988kB, failcnt 0 [ 780.229617][T26710] Memory cgroup stats for /syz1: [ 780.229781][T26710] cache 573440 [ 780.275652][T26710] rss 49152 [ 780.298415][T26710] rss_huge 0 [ 780.301668][T26710] shmem 155648 [ 780.305136][T26710] mapped_file 102400 [ 780.375400][T26710] dirty 0 [ 780.392649][T26710] writeback 12288 [ 780.415165][T26710] workingset_refault_anon 5720 [ 780.419967][T26710] workingset_refault_file 30007 [ 780.462693][T26710] swap 35995648 [ 780.480334][T26710] swapcached 61440 [ 780.484089][T26710] pgpgin 260235 [ 780.531630][T26710] pgpgout 274717 [ 780.552685][T26710] pgfault 317801 [ 780.584763][T26710] pgmajfault 2729 [ 780.588474][T26710] inactive_anon 0 [ 780.592130][T26710] active_anon 0 [ 780.612699][T11128] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 780.620259][T11128] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 780.675044][T26710] inactive_file 417792 [ 780.679163][T26710] active_file 0 [ 780.682628][T26710] unevictable 0 [ 780.722353][T26710] hierarchical_memory_limit 3145728 [ 780.755132][T26710] hierarchical_memsw_limit 9223372036854771712 [ 780.761427][T26710] total_cache 573440 [ 780.811122][T26710] total_rss 49152 [ 780.823430][T26710] total_rss_huge 0 [ 780.827219][T26710] total_shmem 155648 [ 780.858874][T26710] total_mapped_file 102400 [ 780.882870][T26710] total_dirty 0 [ 780.913619][T26710] total_writeback 12288 [ 780.917826][T26710] total_workingset_refault_anon 5720 [ 780.947638][T26710] total_workingset_refault_file 30007 [ 780.977715][T26710] total_swap 35995648 [ 780.981750][T26710] total_swapcached 61440 [ 781.023098][T26710] total_pgpgin 260235 [ 781.027135][T26710] total_pgpgout 274717 [ 781.051809][T26710] total_pgfault 317801 [ 781.055973][T26710] total_pgmajfault 2729 [ 781.060223][T26710] total_inactive_anon 0 [ 781.111909][T26710] total_active_anon 0 [ 781.115937][T26710] total_inactive_file 417792 [ 781.141211][T26710] total_active_file 0 [ 781.170974][T26710] total_unevictable 0 [ 781.188000][T26710] anon_cost 0 [ 781.204402][T26710] file_cost 17 [ 781.207934][T26710] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.9289,pid=25319,uid=0 [ 781.283128][T26710] Memory cgroup out of memory: Killed process 25319 (syz.1.9289) total-vm:104080kB, anon-rss:1140kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 782.101266][T26818] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9989'. [ 782.590697][T26828] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9993'. [ 783.355187][T26851] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10004'. [ 785.256667][T26893] NFSD: Failed to start, no listeners configured. [ 787.368064][T26936] HSR: entered promiscuous mode [ 788.054719][T26956] FAULT_INJECTION: forcing a failure. [ 788.054719][T26956] name failslab, interval 1, probability 0, space 0, times 0 [ 788.107041][T26958] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 788.118969][T26956] CPU: 0 UID: 0 PID: 26956 Comm: syz.2.10050 Tainted: G U L syzkaller #0 PREEMPT(full) [ 788.119011][T26956] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 788.119019][T26956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 788.119034][T26956] Call Trace: [ 788.119042][T26956] [ 788.119051][T26956] dump_stack_lvl+0x16c/0x1f0 [ 788.119092][T26956] should_fail_ex+0x512/0x640 [ 788.119120][T26956] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 788.119155][T26956] should_failslab+0xc2/0x120 [ 788.119192][T26956] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 788.119222][T26956] ? __debug_object_init+0x2de/0x3d0 [ 788.119260][T26956] ? sock_alloc_inode+0x25/0x1c0 [ 788.119310][T26956] ? __pfx_sock_alloc_inode+0x10/0x10 [ 788.119346][T26956] ? sock_alloc_inode+0x25/0x1c0 [ 788.119379][T26956] sock_alloc_inode+0x25/0x1c0 [ 788.119415][T26956] alloc_inode+0x64/0x240 [ 788.119443][T26956] sock_alloc+0x40/0x280 [ 788.119478][T26956] __sock_create+0xc2/0x8a0 [ 788.119500][T26956] ? lockdep_init_map_type+0x5c/0x270 [ 788.119528][T26956] smc_create+0x15d/0x2a0 [ 788.119561][T26956] __sock_create+0x339/0x8a0 [ 788.119587][T26956] __sys_socket+0x14d/0x260 [ 788.119609][T26956] ? fput+0x70/0xf0 [ 788.119632][T26956] ? __pfx___sys_socket+0x10/0x10 [ 788.119654][T26956] ? xfd_validate_state+0x61/0x180 [ 788.119676][T26956] ? __pfx_ksys_write+0x10/0x10 [ 788.119717][T26956] __x64_sys_socket+0x72/0xb0 [ 788.119739][T26956] ? lockdep_hardirqs_on+0x7c/0x110 [ 788.119776][T26956] do_syscall_64+0xcd/0xf80 [ 788.119815][T26956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.119840][T26956] RIP: 0033:0x7ff70518f7c9 [ 788.119858][T26956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 788.119882][T26956] RSP: 002b:00007ff705f88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 788.119905][T26956] RAX: ffffffffffffffda RBX: 00007ff7053e5fa0 RCX: 00007ff70518f7c9 [ 788.119921][T26956] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 788.119936][T26956] RBP: 00007ff705213f91 R08: 0000000000000000 R09: 0000000000000000 [ 788.119950][T26956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.119965][T26956] R13: 00007ff7053e6038 R14: 00007ff7053e5fa0 R15: 00007fff3fe7bca8 [ 788.119997][T26956] [ 788.120008][T26956] socket: no more sockets [ 789.842511][T26710] syz.1.9933 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=0 [ 789.891551][T26710] CPU: 0 UID: 0 PID: 26710 Comm: syz.1.9933 Tainted: G U L syzkaller #0 PREEMPT(full) [ 789.891593][T26710] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 789.891602][T26710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 789.891616][T26710] Call Trace: [ 789.891623][T26710] [ 789.891632][T26710] dump_stack_lvl+0x16c/0x1f0 [ 789.891674][T26710] dump_header+0x101/0x960 [ 789.891702][T26710] oom_kill_process+0x176/0x910 [ 789.891730][T26710] out_of_memory+0x350/0x1700 [ 789.891756][T26710] ? __lock_acquire+0x436/0x2890 [ 789.891781][T26710] ? __pfx_out_of_memory+0x10/0x10 [ 789.891814][T26710] mem_cgroup_out_of_memory+0x118/0x130 [ 789.891842][T26710] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 789.891876][T26710] ? do_raw_spin_unlock+0x172/0x230 [ 789.891908][T26710] try_charge_memcg+0x695/0xd30 [ 789.891949][T26710] ? __pfx_try_charge_memcg+0x10/0x10 [ 789.891985][T26710] ? peak_open+0x21/0x50 [ 789.892009][T26710] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 789.892042][T26710] obj_cgroup_charge_account+0x336/0x670 [ 789.892084][T26710] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 789.892127][T26710] ? kasan_save_track+0x14/0x30 [ 789.892169][T26710] kmem_cache_alloc_lru_noprof+0x58f/0x770 [ 789.892201][T26710] ? xas_nomem+0x101/0x2c0 [ 789.892241][T26710] ? xas_nomem+0x101/0x2c0 [ 789.892274][T26710] xas_nomem+0x101/0x2c0 [ 789.892307][T26710] ? _raw_spin_unlock_irq+0x23/0x50 [ 789.892343][T26710] shmem_add_to_page_cache+0x6de/0xa70 [ 789.892376][T26710] ? __pfx_shmem_add_to_page_cache+0x10/0x10 [ 789.892417][T26710] shmem_alloc_and_add_folio+0x662/0xc20 [ 789.892451][T26710] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 789.892481][T26710] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 789.892515][T26710] shmem_get_folio_gfp+0x67f/0x1610 [ 789.892549][T26710] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 789.892585][T26710] shmem_fault+0x1fe/0xa00 [ 789.892614][T26710] ? __pfx_shmem_fault+0x10/0x10 [ 789.892639][T26710] ? trace_kmem_cache_alloc+0x28/0xb0 [ 789.892677][T26710] ? __up_read+0x2d1/0x700 [ 789.892701][T26710] ? ptlock_alloc+0x1f/0x70 [ 789.892727][T26710] ? lockdep_init_map_type+0x5c/0x270 [ 789.892752][T26710] ? __raw_spin_lock_init+0x3a/0x110 [ 789.892785][T26710] __do_fault+0x10d/0x490 [ 789.892816][T26710] do_fault+0x302/0x1ad0 [ 789.892851][T26710] ? __pfx_filemap_map_pages+0x10/0x10 [ 789.892884][T26710] __handle_mm_fault+0x1919/0x2bb0 [ 789.892918][T26710] ? __pfx___handle_mm_fault+0x10/0x10 [ 789.892944][T26710] ? mtree_load+0x2f9/0xa30 [ 789.893003][T26710] handle_mm_fault+0x3fe/0xad0 [ 789.893033][T26710] __get_user_pages+0x54e/0x3590 [ 789.893079][T26710] ? down_read_killable+0x313/0x4c0 [ 789.893106][T26710] ? __pfx___get_user_pages+0x10/0x10 [ 789.893157][T26710] faultin_page_range+0x338/0x940 [ 789.893202][T26710] madvise_do_behavior+0x34c/0x530 [ 789.893229][T26710] ? __pfx_madvise_do_behavior+0x10/0x10 [ 789.893254][T26710] ? down_read+0x13d/0x460 [ 789.893291][T26710] do_madvise+0x176/0x240 [ 789.893313][T26710] ? __pfx_do_madvise+0x10/0x10 [ 789.893334][T26710] ? do_futex+0x122/0x350 [ 789.893368][T26710] ? count_memcg_events+0x122/0x290 [ 789.893414][T26710] ? xfd_validate_state+0x61/0x180 [ 789.893442][T26710] __x64_sys_madvise+0xa9/0x110 [ 789.893465][T26710] ? lockdep_hardirqs_on+0x7c/0x110 [ 789.893501][T26710] do_syscall_64+0xcd/0xf80 [ 789.893540][T26710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.893564][T26710] RIP: 0033:0x7fde1e38f7c9 [ 789.893582][T26710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.893607][T26710] RSP: 002b:00007fde1f2a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 789.893630][T26710] RAX: ffffffffffffffda RBX: 00007fde1e5e5fa0 RCX: 00007fde1e38f7c9 [ 789.893645][T26710] RDX: 0000000000000017 RSI: fffffffffffefffd RDI: 0000000000000000 [ 789.893660][T26710] RBP: 00007fde1e413f91 R08: 0000000000000000 R09: 0000000000000000 [ 789.893675][T26710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.893689][T26710] R13: 00007fde1e5e6038 R14: 00007fde1e5e5fa0 R15: 00007ffc15c59ea8 [ 789.893720][T26710] [ 789.893728][T26710] memory: usage 3072kB, limit 3072kB, failcnt 107668 [ 790.532625][T26995] netlink: 'syz.0.10069': attribute type 11 has an invalid length. [ 790.847218][T26710] memory+swap: usage 66912kB, limit 9007199254740988kB, failcnt 0 [ 790.881337][T26710] kmem: usage 2448kB, limit 9007199254740988kB, failcnt 0 [ 790.900433][T26710] Memory cgroup stats for /syz1: [ 790.900597][T26710] cache 573440 [ 790.910572][T26710] rss 49152 [ 790.913700][T26710] rss_huge 0 [ 790.916896][T26710] shmem 155648 [ 790.947562][T26710] mapped_file 102400 [ 790.971187][T26710] dirty 0 [ 790.977728][T26710] writeback 12288 [ 790.987780][T26710] workingset_refault_anon 5730 [ 791.003307][T26710] workingset_refault_file 30007 [ 791.008282][T26710] swap 65372160 [ 791.030921][T26710] swapcached 61440 [ 791.040372][T26710] pgpgin 264719 [ 791.043869][T26710] pgpgout 281926 [ 791.047419][T26710] pgfault 322270 [ 791.076741][T26710] pgmajfault 2729 [ 791.089454][T26710] inactive_anon 0 [ 791.093142][T26710] active_anon 0 [ 791.096617][T26710] inactive_file 417792 [ 791.139228][T26710] active_file 0 [ 791.142733][T26710] unevictable 0 [ 791.146197][T26710] hierarchical_memory_limit 3145728 [ 791.173456][T26710] hierarchical_memsw_limit 9223372036854771712 [ 791.198823][T26710] total_cache 573440 [ 791.202850][T26710] total_rss 49152 [ 791.206497][T26710] total_rss_huge 0 [ 791.224346][T26710] total_shmem 155648 [ 791.228282][T26710] total_mapped_file 102400 [ 791.272625][T26710] total_dirty 0 [ 791.276133][T26710] total_writeback 12288 [ 791.285126][T26710] total_workingset_refault_anon 5730 [ 791.305612][T26710] total_workingset_refault_file 30007 [ 791.322421][T26710] total_swap 65372160 [ 791.326452][T26710] total_swapcached 61440 [ 791.358179][T26710] total_pgpgin 264719 [ 791.368934][T26710] total_pgpgout 281926 [ 791.375705][T26710] total_pgfault 322270 [ 791.397749][T26710] total_pgmajfault 2729 [ 791.401958][T26710] total_inactive_anon 0 [ 791.406128][T26710] total_active_anon 0 [ 791.435160][T26710] total_inactive_file 417792 [ 791.457412][T26710] total_active_file 0 [ 791.461485][T26710] total_unevictable 0 [ 791.465469][T26710] anon_cost 0 [ 791.496112][T26710] file_cost 18 [ 791.508355][T26710] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.9849,pid=26517,uid=0 [ 791.556144][T26710] Memory cgroup out of memory: Killed process 26517 (syz.1.9849) total-vm:104080kB, anon-rss:1268kB, file-rss:54900kB, shmem-rss:0kB, UID:0 pgtables:180kB oom_score_adj:0 [ 792.250666][T27036] nbd: must specify a device to reconfigure [ 793.661280][ T32] oom_reaper: reaped process 26517 (syz.1.9849), now anon-rss:12kB, file-rss:53780kB, shmem-rss:0kB [ 793.741935][ T5839] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 793.812027][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 793.812068][ T5839] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 793.812077][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 793.812091][ T5839] Call Trace: [ 793.812099][ T5839] [ 793.812108][ T5839] dump_stack_lvl+0x16c/0x1f0 [ 793.812147][ T5839] dump_header+0x101/0x960 [ 793.812176][ T5839] oom_kill_process+0x176/0x910 [ 793.812205][ T5839] out_of_memory+0x350/0x1700 [ 793.812231][ T5839] ? __lock_acquire+0x436/0x2890 [ 793.812257][ T5839] ? __pfx_out_of_memory+0x10/0x10 [ 793.812291][ T5839] mem_cgroup_out_of_memory+0x118/0x130 [ 793.812321][ T5839] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 793.812356][ T5839] ? do_raw_spin_unlock+0x172/0x230 [ 793.812388][ T5839] try_charge_memcg+0x695/0xd30 [ 793.812431][ T5839] ? __pfx_try_charge_memcg+0x10/0x10 [ 793.812474][ T5839] ? find_held_lock+0x2b/0x80 [ 793.812510][ T5839] charge_memcg+0x8a/0x230 [ 793.812546][ T5839] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 793.812574][ T5839] __read_swap_cache_async+0x397/0x500 [ 793.812608][ T5839] ? __pfx___read_swap_cache_async+0x10/0x10 [ 793.812639][ T5839] ? __page_table_check_puds_set+0x1d0/0x250 [ 793.812677][ T5839] ? lockdep_hardirqs_on+0x7c/0x110 [ 793.812718][ T5839] swap_cluster_readahead+0x432/0x770 [ 793.812755][ T5839] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 793.812799][ T5839] ? __pfx___might_resched+0x10/0x10 [ 793.812843][ T5839] ? get_vma_policy+0x242/0x3c0 [ 793.812867][ T5839] swapin_readahead+0x160/0x1220 [ 793.812899][ T5839] ? __lock_acquire+0x436/0x2890 [ 793.812924][ T5839] ? __pfx_swapin_readahead+0x10/0x10 [ 793.812954][ T5839] ? find_held_lock+0x2b/0x80 [ 793.812983][ T5839] ? swap_cache_get_folio+0x267/0x8e0 [ 793.813009][ T5839] ? swap_cache_get_folio+0x267/0x8e0 [ 793.813034][ T5839] ? swap_cache_get_folio+0x267/0x8e0 [ 793.813064][ T5839] ? swap_cache_get_folio+0x267/0x8e0 [ 793.813091][ T5839] ? swap_cache_get_folio+0x293/0x8e0 [ 793.813120][ T5839] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 793.813146][ T5839] ? __pfx_get_swap_device+0x10/0x10 [ 793.813181][ T5839] ? rcu_read_unlock+0x2d/0xb0 [ 793.813212][ T5839] ? do_swap_page+0x962/0x64a0 [ 793.813234][ T5839] do_swap_page+0x962/0x64a0 [ 793.813262][ T5839] ? __lock_acquire+0x436/0x2890 [ 793.813283][ T5839] ? find_held_lock+0x2b/0x80 [ 793.813318][ T5839] ? __pfx_do_swap_page+0x10/0x10 [ 793.813344][ T5839] ? __pfx_default_wake_function+0x10/0x10 [ 793.813385][ T5839] ? rcu_is_watching+0x12/0xc0 [ 793.813418][ T5839] ? ___pte_offset_map+0x175/0x380 [ 793.813455][ T5839] __handle_mm_fault+0x19cb/0x2bb0 [ 793.813488][ T5839] ? __pfx___handle_mm_fault+0x10/0x10 [ 793.813529][ T5839] ? find_vma+0xbf/0x140 [ 793.813560][ T5839] ? __pfx_find_vma+0x10/0x10 [ 793.813596][ T5839] handle_mm_fault+0x3fe/0xad0 [ 793.813632][ T5839] do_user_addr_fault+0x7a6/0x1370 [ 793.813665][ T5839] ? rcu_is_watching+0x12/0xc0 [ 793.813701][ T5839] exc_page_fault+0x64/0xc0 [ 793.813736][ T5839] asm_exc_page_fault+0x26/0x30 [ 793.813759][ T5839] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 793.813787][ T5839] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 793.813814][ T5839] RSP: 0018:ffffc900041cfb90 EFLAGS: 00050206 [ 793.813833][ T5839] RAX: 0000000000000001 RBX: 00007f2cb75b5d60 RCX: 00000000000000b8 [ 793.813847][ T5839] RDX: ffffed1006633673 RSI: 00007f2cb75b6000 RDI: ffff88803319b2e0 [ 793.813863][ T5839] RBP: 0000000000000358 R08: 0000000000000001 R09: ffffed1006633672 [ 793.813877][ T5839] R10: ffff88803319b397 R11: 0000000000000000 R12: 0000000000000000 [ 793.813892][ T5839] R13: ffff88803319b040 R14: 00007f2cb75b5d60 R15: ffff88803319b040 [ 793.813921][ T5839] _copy_from_user+0x98/0xd0 [ 793.813949][ T5839] do_ip6t_set_ctl+0xa04/0xbc0 [ 793.813975][ T5839] ? find_held_lock+0x2b/0x80 [ 793.814006][ T5839] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 793.814048][ T5839] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 793.814080][ T5839] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 793.814133][ T5839] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 793.814175][ T5839] nf_setsockopt+0x8d/0xf0 [ 793.814215][ T5839] ipv6_setsockopt+0x135/0x170 [ 793.814243][ T5839] tcp_setsockopt+0xa7/0x100 [ 793.814274][ T5839] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 793.814313][ T5839] do_sock_setsockopt+0xf3/0x1d0 [ 793.814352][ T5839] __sys_setsockopt+0x120/0x1a0 [ 793.814386][ T5839] __x64_sys_setsockopt+0xbd/0x160 [ 793.814414][ T5839] ? do_syscall_64+0x91/0xf80 [ 793.814449][ T5839] ? lockdep_hardirqs_on+0x7c/0x110 [ 793.814485][ T5839] do_syscall_64+0xcd/0xf80 [ 793.814523][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.814546][ T5839] RIP: 0033:0x7f2cb73916ba [ 793.814565][ T5839] Code: ff ff ff c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 [ 793.814588][ T5839] RSP: 002b:00007ffee94fc798 EFLAGS: 00000202 ORIG_RAX: 0000000000000036 [ 793.814609][ T5839] RAX: ffffffffffffffda RBX: 00007ffee94fc820 RCX: 00007f2cb73916ba [ 793.814625][ T5839] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 793.814639][ T5839] RBP: 0000000000000003 R08: 00000000000003b8 R09: 0079746972756365 [ 793.814653][ T5839] R10: 00007f2cb75b5d00 R11: 0000000000000202 R12: 00007f2cb75b5ca0 [ 793.814668][ T5839] R13: 00007ffee94fc7bc R14: 0000000000000000 R15: 00007f2cb75b7e60 [ 793.814699][ T5839] [ 793.814973][ T5839] memory: usage 2912kB, limit 3072kB, failcnt 108476 [ 794.434453][T27042] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 795.109192][T20824] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 795.235174][T20824] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 795.243921][T20824] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 795.251963][T20824] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 795.259742][T20824] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 796.050546][T11122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.075309][ T5839] memory+swap: usage 8232kB, limit 9007199254740988kB, failcnt 0 [ 796.092956][ T5839] kmem: usage 1476kB, limit 9007199254740988kB, failcnt 0 [ 796.126119][ T5839] Memory cgroup stats for /syz1: [ 796.126296][ T5839] cache 438272 [ 796.192634][ T5839] rss 0 [ 796.208054][ T5839] rss_huge 0 [ 796.211294][ T5839] shmem 0 [ 796.236123][ T5839] mapped_file 0 [ 796.239632][ T5839] dirty 0 [ 796.282538][ T5839] writeback 0 [ 796.285883][ T5839] workingset_refault_anon 5766 [ 796.290649][ T5839] workingset_refault_file 30113 [ 796.313842][T11122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.355423][ T5839] swap 2781184 [ 796.358910][ T5839] swapcached 20480 [ 796.385808][ T5839] pgpgin 264861 [ 796.389316][ T5839] pgpgout 282112 [ 796.395897][T27048] chnl_net:caif_netlink_parms(): no params data found [ 796.426963][ T5839] pgfault 322321 [ 796.430564][ T5839] pgmajfault 2755 [ 796.471415][ T5839] inactive_anon 20480 [ 796.482233][ T5839] active_anon 0 [ 796.485727][ T5839] inactive_file 438272 [ 796.511595][ T5839] active_file 0 [ 796.515100][ T5839] unevictable 0 [ 796.518562][ T5839] hierarchical_memory_limit 3145728 [ 796.557163][T11122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.580924][ T5839] hierarchical_memsw_limit 9223372036854771712 [ 796.587120][ T5839] total_cache 438272 [ 796.606242][ T5839] total_rss 0 [ 796.609564][ T5839] total_rss_huge 0 [ 796.650713][ T5839] total_shmem 0 [ 796.654213][ T5839] total_mapped_file 0 [ 796.658230][ T5839] total_dirty 0 [ 796.697655][ T5839] total_writeback 0 [ 796.710250][ T5839] total_workingset_refault_anon 5766 [ 796.715572][ T5839] total_workingset_refault_file 30113 [ 796.751937][T11122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.769824][ T5839] total_swap 2781184 [ 796.773760][ T5839] total_swapcached 20480 [ 796.778005][ T5839] total_pgpgin 264861 [ 796.820328][ T5839] total_pgpgout 282112 [ 796.824439][ T5839] total_pgfault 322321 [ 796.828602][ T5839] total_pgmajfault 2755 [ 796.891472][ T5839] total_inactive_anon 20480 [ 796.896023][ T5839] total_active_anon 0 [ 796.945343][ T5839] total_inactive_file 438272 [ 796.963837][ T5839] total_active_file 0 [ 796.967870][ T5839] total_unevictable 0 [ 796.993916][ T5839] anon_cost 28 [ 796.997340][ T5839] file_cost 4 [ 797.029323][ T5839] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.9933,pid=26708,uid=0 [ 797.081937][ T5839] Memory cgroup out of memory: OOM victim 26708 (syz.1.9933) is already exiting. Skip killing the task [ 797.172161][T27048] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.204260][T27048] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.229090][T27048] bridge_slave_0: entered allmulticast mode [ 797.269760][T27048] bridge_slave_0: entered promiscuous mode [ 797.313602][T27048] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.354824][T27048] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.400161][T27048] bridge_slave_1: entered allmulticast mode [ 797.434638][T27048] bridge_slave_1: entered promiscuous mode [ 797.481471][T20824] Bluetooth: hci4: command tx timeout [ 797.657873][T11122] bridge_slave_1: left allmulticast mode [ 797.695154][T11122] bridge_slave_1: left promiscuous mode [ 797.717321][T11122] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.778428][T11122] bridge_slave_0: left allmulticast mode [ 797.784104][T11122] bridge_slave_0: left promiscuous mode [ 797.834534][T11122] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.960335][T27114] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 797.967076][T27114] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 798.426287][T11122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 798.446590][T11122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 798.467655][T11122] bond0 (unregistering): Released all slaves [ 798.495985][T27048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 798.592486][T27048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 798.695160][T11122] Â: left promiscuous mode [ 798.838511][T11122] : left promiscuous mode [ 798.925763][T27048] team0: Port device team_slave_0 added [ 798.986079][T27048] team0: Port device team_slave_1 added [ 799.347503][T27048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 799.354491][T27048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 799.552796][T20824] Bluetooth: hci4: command tx timeout [ 799.563521][T27048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 799.678280][T27048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 799.723657][T27048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 799.828598][T27154] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4.128.4294967291), cmd(3) [ 799.883808][T27048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 800.403804][T27048] hsr_slave_0: entered promiscuous mode [ 800.410232][T27048] hsr_slave_1: entered promiscuous mode [ 800.482867][T27048] debugfs: 'hsr0' already exists in 'hsr' [ 800.517259][T27048] Cannot create hsr debugfs directory [ 801.132039][T27187] netlink: 'syz.3.10149': attribute type 11 has an invalid length. [ 801.621011][T20824] Bluetooth: hci4: command tx timeout [ 801.864687][T11122] hsr_slave_0: left promiscuous mode [ 801.913398][T11122] hsr_slave_1: left promiscuous mode [ 801.943654][T11122] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 801.954235][T27209] netlink: 'syz.2.10157': attribute type 1 has an invalid length. [ 801.980705][T11122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.996062][T27209] netlink: 'syz.2.10157': attribute type 1 has an invalid length. [ 802.034753][T27209] netlink: 124 bytes leftover after parsing attributes in process `syz.2.10157'. [ 802.045458][T11122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 802.072572][T11122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 802.089165][T27209] netlink: 100 bytes leftover after parsing attributes in process `syz.2.10157'. [ 802.229541][T11122] veth1_macvtap: left promiscuous mode [ 802.292359][T11122] veth0_macvtap: left promiscuous mode [ 802.298074][T11122] veth1_vlan: left promiscuous mode [ 802.337316][T11122] veth0_vlan: left promiscuous mode [ 802.387172][T27224] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 803.684776][T20824] Bluetooth: hci4: command tx timeout [ 804.270030][T11122] team0 (unregistering): Port device team_slave_1 removed [ 804.403513][T11122] team0 (unregistering): Port device team_slave_0 removed [ 806.200864][T27289] Process accounting paused [ 806.230050][T27048] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 806.361365][T27048] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 806.450905][T27048] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 806.550042][T27306] tc_dump_action: action bad kind [ 806.558762][T27048] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 807.095206][T27048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 807.207993][T27048] 8021q: adding VLAN 0 to HW filter on device team0 [ 807.269931][T11122] bridge0: port 1(bridge_slave_0) entered blocking state [ 807.277156][T11122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 807.385169][T11122] bridge0: port 2(bridge_slave_1) entered blocking state [ 807.392362][T11122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 807.412215][T27336] openvswitch: netlink: Message has 20 unknown bytes. [ 807.668618][T27342] netlink: 'syz.2.10205': attribute type 1 has an invalid length. [ 808.502958][T27048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.917331][T27379] dlm: non-version read from control device 1 [ 809.554321][T27401] netlink: zone id is out of range [ 809.559573][T27401] netlink: zone id is out of range [ 809.598573][T27401] netlink: zone id is out of range [ 809.640368][T27401] netlink: zone id is out of range [ 809.687295][T27401] netlink: zone id is out of range [ 809.718024][T27401] netlink: zone id is out of range [ 809.755215][T27401] netlink: zone id is out of range [ 809.802333][T27401] netlink: zone id is out of range [ 809.834255][T27401] netlink: zone id is out of range [ 809.884955][T27048] veth0_vlan: entered promiscuous mode [ 809.953981][T27048] veth1_vlan: entered promiscuous mode [ 810.116847][T27048] veth0_macvtap: entered promiscuous mode [ 810.163193][T27048] veth1_macvtap: entered promiscuous mode [ 810.262242][T27048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.330810][T27048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.407342][T11066] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.474999][T11066] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.540217][T11066] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.639951][T11066] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.842982][T27429] netlink: 'syz.3.10235': attribute type 1 has an invalid length. [ 810.872022][T11239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 810.946990][T11239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.109213][T11104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.138570][T11104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.593354][T27446] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 811.812171][T27451] FAULT_INJECTION: forcing a failure. [ 811.812171][T27451] name failslab, interval 1, probability 0, space 0, times 0 [ 811.897762][T27451] CPU: 0 UID: 0 PID: 27451 Comm: syz.3.10242 Tainted: G U L syzkaller #0 PREEMPT(full) [ 811.897803][T27451] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 811.897812][T27451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 811.897826][T27451] Call Trace: [ 811.897833][T27451] [ 811.897842][T27451] dump_stack_lvl+0x16c/0x1f0 [ 811.897892][T27451] should_fail_ex+0x512/0x640 [ 811.897919][T27451] ? __kmalloc_cache_noprof+0x5f/0x800 [ 811.897950][T27451] should_failslab+0xc2/0x120 [ 811.897990][T27451] __kmalloc_cache_noprof+0x80/0x800 [ 811.898016][T27451] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 811.898052][T27451] ? sctp_endpoint_new+0xfc/0xb20 [ 811.898095][T27451] ? sctp_endpoint_new+0xfc/0xb20 [ 811.898133][T27451] sctp_endpoint_new+0xfc/0xb20 [ 811.898173][T27451] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 811.898213][T27451] ? lockdep_init_map_type+0x5c/0x270 [ 811.898240][T27451] ? lockdep_init_map_type+0x5c/0x270 [ 811.898268][T27451] sctp_init_sock+0xe2b/0x1310 [ 811.898305][T27451] ? __pfx_sctp_init_sock+0x10/0x10 [ 811.898343][T27451] inet_create+0x939/0x1040 [ 811.898373][T27451] ? inet_create+0x93/0x1040 [ 811.898410][T27451] __sock_create+0x339/0x8a0 [ 811.898438][T27451] __sys_socket+0x14d/0x260 [ 811.898460][T27451] ? fput+0x70/0xf0 [ 811.898482][T27451] ? __pfx___sys_socket+0x10/0x10 [ 811.898505][T27451] ? xfd_validate_state+0x61/0x180 [ 811.898527][T27451] ? __pfx_ksys_write+0x10/0x10 [ 811.898566][T27451] __x64_sys_socket+0x72/0xb0 [ 811.898592][T27451] ? lockdep_hardirqs_on+0x7c/0x110 [ 811.898629][T27451] do_syscall_64+0xcd/0xf80 [ 811.898667][T27451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.898692][T27451] RIP: 0033:0x7f2cb738f7c9 [ 811.898711][T27451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 811.898734][T27451] RSP: 002b:00007f2cb816c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 811.898766][T27451] RAX: ffffffffffffffda RBX: 00007f2cb75e5fa0 RCX: 00007f2cb738f7c9 [ 811.898782][T27451] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 811.898796][T27451] RBP: 00007f2cb7413f91 R08: 0000000000000000 R09: 0000000000000000 [ 811.898811][T27451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 811.898825][T27451] R13: 00007f2cb75e6038 R14: 00007f2cb75e5fa0 R15: 00007ffee94fcb08 [ 811.898856][T27451] [ 813.550872][T27494] netlink: 'syz.0.10262': attribute type 1 has an invalid length. [ 814.618238][T20824] Bluetooth: hci4: unexpected event 0x2c length: 42 > 17 [ 815.495859][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 815.512258][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.589603][T27588] netlink: 'syz.0.10306': attribute type 1 has an invalid length. [ 817.097515][T27604] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 817.475699][T27614] netlink: 'syz.0.10319': attribute type 11 has an invalid length. [ 818.080276][T27630] net_ratelimit: 49 callbacks suppressed [ 818.080296][T27630] openvswitch: netlink: IP tunnel dst address not specified [ 818.344068][T27634] NFSD: Failed to start, no listeners configured. [ 818.623042][T27645] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 818.629626][T27645] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 820.533697][T27698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10358'. [ 821.042320][T27714] sd 0:0:1:0: PR command failed: 1026 [ 821.064156][T27714] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 821.092113][T27714] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 821.432753][T27703] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 823.964803][T27797] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 824.821920][T27823] netlink: 'syz.0.10403': attribute type 1 has an invalid length. [ 825.383288][T27839] netlink: get zone limit has 8 unknown bytes [ 826.143648][T27859] NFSD: Failed to start, no listeners configured. [ 829.438271][T27958] FAULT_INJECTION: forcing a failure. [ 829.438271][T27958] name failslab, interval 1, probability 0, space 0, times 0 [ 829.489902][T27958] CPU: 0 UID: 0 PID: 27958 Comm: syz.0.10461 Tainted: G U L syzkaller #0 PREEMPT(full) [ 829.489944][T27958] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 829.489953][T27958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 829.489968][T27958] Call Trace: [ 829.489976][T27958] [ 829.489985][T27958] dump_stack_lvl+0x16c/0x1f0 [ 829.490025][T27958] should_fail_ex+0x512/0x640 [ 829.490053][T27958] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 829.490087][T27958] should_failslab+0xc2/0x120 [ 829.490125][T27958] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 829.490155][T27958] ? __debug_object_init+0x2de/0x3d0 [ 829.490200][T27958] ? sock_alloc_inode+0x25/0x1c0 [ 829.490243][T27958] ? __pfx_sock_alloc_inode+0x10/0x10 [ 829.490278][T27958] ? sock_alloc_inode+0x25/0x1c0 [ 829.490311][T27958] sock_alloc_inode+0x25/0x1c0 [ 829.490347][T27958] alloc_inode+0x64/0x240 [ 829.490374][T27958] sock_alloc+0x40/0x280 [ 829.490408][T27958] __sock_create+0xc2/0x8a0 [ 829.490429][T27958] ? lockdep_init_map_type+0x5c/0x270 [ 829.490457][T27958] smc_create+0x15d/0x2a0 [ 829.490490][T27958] __sock_create+0x339/0x8a0 [ 829.490516][T27958] __sys_socket+0x14d/0x260 [ 829.490538][T27958] ? fput+0x70/0xf0 [ 829.490560][T27958] ? __pfx___sys_socket+0x10/0x10 [ 829.490583][T27958] ? xfd_validate_state+0x61/0x180 [ 829.490604][T27958] ? __pfx_ksys_write+0x10/0x10 [ 829.490645][T27958] __x64_sys_socket+0x72/0xb0 [ 829.490667][T27958] ? lockdep_hardirqs_on+0x7c/0x110 [ 829.490704][T27958] do_syscall_64+0xcd/0xf80 [ 829.490743][T27958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.490768][T27958] RIP: 0033:0x7f9e1a98f7c9 [ 829.490787][T27958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 829.490811][T27958] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 829.490834][T27958] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 829.490849][T27958] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 829.490864][T27958] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 829.490878][T27958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 829.490892][T27958] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 829.490923][T27958] [ 829.490935][T27958] socket: no more sockets [ 830.884851][T27994] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10468'. [ 831.382127][T28008] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10477'. [ 832.729657][T28045] NFSD: Failed to start, no listeners configured. [ 833.771409][T28074] HSR: entered promiscuous mode [ 833.833981][T28077] NFSD: Failed to start, no listeners configured. [ 836.531702][T28143] Process accounting resumed [ 837.473786][T28181] nbd: must specify a device to reconfigure [ 837.802034][T28188] NFSD: Failed to start, no listeners configured. [ 838.041530][T28198] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4.128.4294967291), cmd(3) [ 839.036628][T28227] netlink: 'syz.0.10572': attribute type 11 has an invalid length. [ 839.215372][T28232] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 840.810461][T28278] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 842.032105][T28315] netlink: 'syz.2.10623': attribute type 1 has an invalid length. [ 843.102375][T28340] tc_dump_action: action bad kind [ 844.017657][T28367] openvswitch: netlink: Message has 20 unknown bytes. [ 844.102752][T28372] netlink: 'syz.0.10640': attribute type 1 has an invalid length. [ 844.668317][T28391] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 845.518906][T28419] netlink: zone id is out of range [ 845.586116][T28419] netlink: zone id is out of range [ 845.591270][T28419] netlink: zone id is out of range [ 845.615847][T28419] netlink: zone id is out of range [ 845.630812][T28419] netlink: zone id is out of range [ 845.644211][T28419] netlink: zone id is out of range [ 845.652731][T28419] netlink: zone id is out of range [ 846.026416][T28430] net_ratelimit: 50 callbacks suppressed [ 846.026436][T28430] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 846.317576][T28433] netlink: 'syz.0.10678': attribute type 1 has an invalid length. [ 846.359587][T28433] netlink: 'syz.0.10678': attribute type 1 has an invalid length. [ 846.391869][T28433] netlink: 124 bytes leftover after parsing attributes in process `syz.0.10678'. [ 846.429266][T28433] netlink: 100 bytes leftover after parsing attributes in process `syz.0.10678'. [ 846.633374][T28444] netlink: 'syz.2.10675': attribute type 11 has an invalid length. [ 847.519178][T28469] netlink: 'syz.4.10687': attribute type 11 has an invalid length. [ 850.215990][T28547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10724'. [ 850.411033][T28551] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 851.099289][T28571] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10736'. [ 853.874054][T28642] openvswitch: netlink: IP tunnel dst address not specified [ 853.979643][T28645] NFSD: Failed to start, no listeners configured. [ 855.570184][T28674] openvswitch: netlink: IP tunnel dst address not specified [ 855.846089][T28680] netlink: zone id is out of range [ 855.871535][T28680] netlink: zone id is out of range [ 855.896783][T28680] netlink: zone id is out of range [ 855.921967][T28680] netlink: zone id is out of range [ 855.950720][T28680] netlink: zone id is out of range [ 855.978032][T28680] netlink: zone id is out of range [ 856.003367][T28680] netlink: zone id is out of range [ 856.028435][T28680] netlink: zone id is out of range [ 856.358486][T28690] sctp: [Deprecated]: syz.4.10792 (pid 28690) Use of int in max_burst socket option deprecated. [ 856.358486][T28690] Use struct sctp_assoc_value instead [ 856.451203][T28692] ================================================================== [ 856.451219][T28692] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x15d4/0x17b0 [ 856.451264][T28692] Write of size 8 at addr ffffc90003b49000 by task syz.0.10793/28692 [ 856.451285][T28692] [ 856.451299][T28692] CPU: 0 UID: 0 PID: 28692 Comm: syz.0.10793 Tainted: G U L syzkaller #0 PREEMPT(full) [ 856.451336][T28692] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 856.451346][T28692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 856.451361][T28692] Call Trace: [ 856.451375][T28692] [ 856.451384][T28692] dump_stack_lvl+0x116/0x1f0 [ 856.451423][T28692] print_report+0xcd/0x630 [ 856.451460][T28692] ? __virt_addr_valid+0x81/0x610 [ 856.451502][T28692] ? sys_fillrect+0x15d4/0x17b0 [ 856.451536][T28692] kasan_report+0xe0/0x110 [ 856.451573][T28692] ? sys_fillrect+0x15d4/0x17b0 [ 856.451612][T28692] sys_fillrect+0x15d4/0x17b0 [ 856.451651][T28692] ? __pfx_sys_fillrect+0x10/0x10 [ 856.451689][T28692] ? __pfx_bit_putcs+0x10/0x10 [ 856.451716][T28692] ? bit_cursor+0xeca/0x17e0 [ 856.451746][T28692] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 856.451787][T28692] bit_clear+0x17d/0x220 [ 856.451815][T28692] ? __pfx_bit_clear+0x10/0x10 [ 856.451843][T28692] ? fb_get_color_depth+0x120/0x250 [ 856.451869][T28692] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 856.451909][T28692] ? __pfx_bit_clear+0x10/0x10 [ 856.451936][T28692] __fbcon_clear+0x679/0x7d0 [ 856.451965][T28692] fbcon_scroll+0x48b/0x640 [ 856.451993][T28692] con_scroll+0x45f/0x690 [ 856.452028][T28692] do_con_write+0x5565/0x8280 [ 856.452074][T28692] ? __pfx_do_con_write+0x10/0x10 [ 856.452117][T28692] con_write+0x23/0xb0 [ 856.452152][T28692] n_tty_write+0x434/0x1280 [ 856.452183][T28692] ? __pfx_n_tty_write+0x10/0x10 [ 856.452207][T28692] ? __pfx_woken_wake_function+0x10/0x10 [ 856.452238][T28692] ? file_tty_write.constprop.0+0x6f3/0x9b0 [ 856.452276][T28692] ? __pfx_n_tty_write+0x10/0x10 [ 856.452301][T28692] file_tty_write.constprop.0+0x503/0x9b0 [ 856.452341][T28692] redirected_tty_write+0xd4/0x120 [ 856.452382][T28692] vfs_write+0x7d3/0x11d0 [ 856.452418][T28692] ? __pfx_redirected_tty_write+0x10/0x10 [ 856.452456][T28692] ? __pfx_vfs_write+0x10/0x10 [ 856.452489][T28692] ? find_held_lock+0x2b/0x80 [ 856.452530][T28692] ksys_write+0x12a/0x250 [ 856.452564][T28692] ? __pfx_ksys_write+0x10/0x10 [ 856.452604][T28692] do_syscall_64+0xcd/0xf80 [ 856.452642][T28692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.452667][T28692] RIP: 0033:0x7f9e1a98f7c9 [ 856.452686][T28692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.452710][T28692] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 856.452734][T28692] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 856.452750][T28692] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000003 [ 856.452765][T28692] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 856.452780][T28692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.452795][T28692] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 856.452819][T28692] [ 856.452827][T28692] [ 856.452833][T28692] The buggy address belongs to a vmalloc virtual mapping [ 856.452851][T28692] Memory state around the buggy address: [ 856.452864][T28692] ffffc90003b48f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 856.452881][T28692] ffffc90003b48f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 856.452898][T28692] >ffffc90003b49000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 856.452912][T28692] ^ [ 856.452924][T28692] ffffc90003b49080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 856.452941][T28692] ffffc90003b49100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 856.452955][T28692] ================================================================== [ 856.452968][T28692] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 856.452986][T28692] CPU: 0 UID: 0 PID: 28692 Comm: syz.0.10793 Tainted: G U L syzkaller #0 PREEMPT(full) [ 856.453023][T28692] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 856.453032][T28692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 856.453047][T28692] Call Trace: [ 856.453054][T28692] [ 856.453062][T28692] dump_stack_lvl+0x3d/0x1f0 [ 856.453099][T28692] vpanic+0x640/0x6f0 [ 856.453123][T28692] panic+0xca/0xd0 [ 856.453145][T28692] ? __pfx_panic+0x10/0x10 [ 856.453175][T28692] check_panic_on_warn+0xab/0xb0 [ 856.453202][T28692] end_report+0x107/0x160 [ 856.453239][T28692] kasan_report+0xee/0x110 [ 856.453276][T28692] ? sys_fillrect+0x15d4/0x17b0 [ 856.453316][T28692] sys_fillrect+0x15d4/0x17b0 [ 856.453355][T28692] ? __pfx_sys_fillrect+0x10/0x10 [ 856.453401][T28692] ? __pfx_bit_putcs+0x10/0x10 [ 856.453429][T28692] ? bit_cursor+0xeca/0x17e0 [ 856.453459][T28692] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 856.453500][T28692] bit_clear+0x17d/0x220 [ 856.453528][T28692] ? __pfx_bit_clear+0x10/0x10 [ 856.453557][T28692] ? fb_get_color_depth+0x120/0x250 [ 856.453583][T28692] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 856.453623][T28692] ? __pfx_bit_clear+0x10/0x10 [ 856.453651][T28692] __fbcon_clear+0x679/0x7d0 [ 856.453681][T28692] fbcon_scroll+0x48b/0x640 [ 856.453708][T28692] con_scroll+0x45f/0x690 [ 856.453744][T28692] do_con_write+0x5565/0x8280 [ 856.453790][T28692] ? __pfx_do_con_write+0x10/0x10 [ 856.453833][T28692] con_write+0x23/0xb0 [ 856.453869][T28692] n_tty_write+0x434/0x1280 [ 856.453900][T28692] ? __pfx_n_tty_write+0x10/0x10 [ 856.453925][T28692] ? __pfx_woken_wake_function+0x10/0x10 [ 856.453956][T28692] ? file_tty_write.constprop.0+0x6f3/0x9b0 [ 856.453994][T28692] ? __pfx_n_tty_write+0x10/0x10 [ 856.454020][T28692] file_tty_write.constprop.0+0x503/0x9b0 [ 856.454060][T28692] redirected_tty_write+0xd4/0x120 [ 856.454096][T28692] vfs_write+0x7d3/0x11d0 [ 856.454131][T28692] ? __pfx_redirected_tty_write+0x10/0x10 [ 856.454169][T28692] ? __pfx_vfs_write+0x10/0x10 [ 856.454203][T28692] ? find_held_lock+0x2b/0x80 [ 856.454244][T28692] ksys_write+0x12a/0x250 [ 856.454278][T28692] ? __pfx_ksys_write+0x10/0x10 [ 856.454318][T28692] do_syscall_64+0xcd/0xf80 [ 856.454356][T28692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.454386][T28692] RIP: 0033:0x7f9e1a98f7c9 [ 856.454403][T28692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.454428][T28692] RSP: 002b:00007f9e1b799038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 856.454450][T28692] RAX: ffffffffffffffda RBX: 00007f9e1abe5fa0 RCX: 00007f9e1a98f7c9 [ 856.454468][T28692] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000003 [ 856.454484][T28692] RBP: 00007f9e1aa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 856.454500][T28692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.454515][T28692] R13: 00007f9e1abe6038 R14: 00007f9e1abe5fa0 R15: 00007ffd3ec7d238 [ 856.454540][T28692] [ 856.454610][T28692] Kernel Offset: disabled