last executing test programs: 4.09386898s ago: executing program 1 (id=15162): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) r0 = socket(0x11, 0x3, 0xfffff958) ioctl$sock_SIOCGIFINDEX(r0, 0x8954, 0x0) 3.689861948s ago: executing program 1 (id=15175): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) fanotify_mark$auto(0x0, 0x451, 0xa, r0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) fallocate$auto(r1, 0x0, 0x400000a, 0x4b) 3.34084736s ago: executing program 1 (id=15170): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/modules\x00', 0x389e81, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0xe0182, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) 2.49416567s ago: executing program 1 (id=15177): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r0, 0x0) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) close_range$auto(0x2, 0x8, 0x0) 2.401168623s ago: executing program 2 (id=15178): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x20, r1, 0x170b, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40840}, 0x4000840) 2.235857264s ago: executing program 2 (id=15179): mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) io_uring_enter$auto(r0, 0x27, 0x3, 0x0, 0x0, 0x7) 1.328598152s ago: executing program 3 (id=15184): pwrite64$auto(0xffffffffffffffff, &(0x7f0000000140)='-$!\x00\xfa\xef\t\xa4\xe9\xb2r\x8cQ \xa6\xb7v\x93\xb6\b\xba\xfe\x1e\xab\xe7KC6z\x1a\xf0\x83~\xcd\x9a\x83\b\xb6\xb2\xd6PR\xbe\xec\xea\t\xde.\xc6%\x16\xc8\\\xb2\xe86\xe1\x84k\xa8\x02\xcb\xc9 \x1flY\xcb\xfa\xd9\xe0\xb8\x93\x12\xbc\xcf\xc2\'\x90\x9d\x1c\xb0\x1d\xb8\x80\xb4V\x9c\xf6J\xe8\"\xef@\xcd t\xe8\xe9Ip\xa74\x82\xb0\x9a\xecj\x9f\x8f\x9a\xe22\x8e\xce1\x9d\x0fW\xe7\xfb\"[\x17\x83\xfc}\xc7\xab\x93\xe4\x1ekP1\x01\bB\xbf*a\x93\xbd\xa7\xc8', 0x5, 0x4) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="f4ffffff", @ANYBLOB="0100"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380), 0x7b2}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 1.327988979s ago: executing program 0 (id=15192): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) open(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0xb5d1af1605322d93) 1.213555674s ago: executing program 0 (id=15185): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0), 0xca400, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x44884}, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) bpf$auto(0x12, 0x0, 0x26) 1.103918364s ago: executing program 1 (id=15186): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) readv$auto(r1, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) getsockopt$auto(r0, 0x10e, 0x9, 0xfffffffffffffffe, 0x0) 1.091706731s ago: executing program 3 (id=15187): r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) fremovexattr$auto(r0, &(0x7f0000000000)='system.posix_acl_access\x00') 970.485854ms ago: executing program 0 (id=15188): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x20, r1, 0x170b, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40840}, 0x4000840) 849.763728ms ago: executing program 3 (id=15189): r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r1, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0456ed"], 0x14}, 0x1, 0x0, 0x0, 0x4854}, 0x40) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r1) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fcdbdf250a9e00ff15000000140001"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) 804.147041ms ago: executing program 0 (id=15190): socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1700", @ANYBLOB="7f"], 0x1ac}}, 0x40000) sendmsg$auto_ETHTOOL_MSG_PSE_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 578.048167ms ago: executing program 2 (id=15191): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x10008, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, 0x0, 0x7ffffff9, 0x70da, 0x0) 577.723396ms ago: executing program 3 (id=15193): sendto$auto(0xffffffffffffffff, 0x0, 0x6f9, 0xfffffff8, 0x0, 0x36) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram2\x00', 0x10ba02, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x400000000006) 452.09361ms ago: executing program 0 (id=15194): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="13fd2bbd14c7323c91bb3844000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x82, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x6, 0x0) 374.012146ms ago: executing program 2 (id=15195): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') 227.95944ms ago: executing program 0 (id=15196): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r0, 0x0) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) close_range$auto(0x2, 0x8, 0x0) 227.881046ms ago: executing program 2 (id=15197): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) socket(0x25, 0x1, 0x3) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) 227.478216ms ago: executing program 3 (id=15198): mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) sendmsg$auto_CTRL_CMD_GETFAMILY(r0, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x4004890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) 190.557241ms ago: executing program 1 (id=15199): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_mISDN_fops_timerdev(r0, &(0x7f0000000500)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r0, 0x80044940, 0x0) 113.095745ms ago: executing program 2 (id=15200): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x80000007, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) ioperm$auto(0x7, 0x6, 0x2) wait4$auto(r0, 0x0, 0x80000000, 0x0) 0s ago: executing program 3 (id=15201): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) kernel console output (not intermixed with test programs): 4.131730][ T7957] workingset_refault_anon 13533 [ 904.136555][ T7957] workingset_refault_file 43744 [ 904.158403][ T7957] swap 921600 [ 904.161709][ T7957] swapcached 388177920 [ 904.168286][ T7957] pgpgin 331449 [ 904.175920][ T7957] pgpgout 331438 [ 904.186063][ T7957] pgfault 431077 [ 904.201782][ T7957] pgmajfault 7742 [ 904.218185][ T7957] inactive_anon 0 [ 904.221993][ T7957] active_anon 36864 [ 904.258248][ T7957] inactive_file 0 [ 904.267809][ T7957] active_file 0 [ 904.276958][ T7957] unevictable 0 [ 904.290674][ T7957] hierarchical_memory_limit 3145728 [ 904.295881][ T7957] hierarchical_memsw_limit 9223372036854771712 [ 904.316817][ T7957] total_cache 0 [ 904.339603][ T7957] total_rss 36864 [ 904.358452][ T7957] total_rss_huge 0 [ 904.362191][ T7957] total_shmem 0 [ 904.380987][ T7957] total_mapped_file 0 [ 904.397134][ T7957] total_dirty 0 [ 904.407086][ T7957] total_writeback 0 [ 904.417066][ T7957] total_workingset_refault_anon 13533 [ 904.422454][ T7957] total_workingset_refault_file 43744 [ 904.443117][ T7957] total_swap 921600 [ 904.453187][ T7957] total_swapcached 388177920 [ 904.463280][ T7957] total_pgpgin 331449 [ 904.467328][ T7957] total_pgpgout 331438 [ 904.476707][ T7957] total_pgfault 431077 [ 904.480774][ T7957] total_pgmajfault 7742 [ 904.495103][ T7957] total_inactive_anon 0 [ 904.505330][ T7957] total_active_anon 36864 [ 904.517257][ T7957] total_inactive_file 0 [ 904.522284][ T7957] total_active_file 0 [ 904.536475][ T7957] total_unevictable 0 [ 904.546343][ T7957] anon_cost 449 [ 904.556320][ T7957] file_cost 0 [ 904.559620][ T7957] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14424,pid=7955,uid=0 [ 904.609552][ T7957] Memory cgroup out of memory: Killed process 7955 (syz.3.14424) total-vm:104672kB, anon-rss:1264kB, file-rss:22660kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 905.259500][ T8036] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14436'. [ 905.723357][ T8039] syz.3.14438 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 905.861111][ T8039] CPU: 0 UID: 0 PID: 8039 Comm: syz.3.14438 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 905.861150][ T8039] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 905.861160][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 905.861170][ T8039] Call Trace: [ 905.861176][ T8039] [ 905.861182][ T8039] dump_stack_lvl+0x100/0x190 [ 905.861213][ T8039] dump_header+0xfb/0x606 [ 905.861232][ T8039] oom_kill_process.cold+0xd/0x330 [ 905.861251][ T8039] out_of_memory+0x340/0x14f0 [ 905.861280][ T8039] ? __pfx_out_of_memory+0x10/0x10 [ 905.861309][ T8039] mem_cgroup_out_of_memory+0xc6/0x130 [ 905.861333][ T8039] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 905.861353][ T8039] ? find_held_lock+0x2b/0x80 [ 905.861374][ T8039] ? do_raw_spin_unlock+0x145/0x1e0 [ 905.861397][ T8039] ? _raw_spin_unlock+0x28/0x50 [ 905.861423][ T8039] try_charge_memcg+0x652/0xc90 [ 905.861445][ T8039] ? __pfx_try_charge_memcg+0x10/0x10 [ 905.861461][ T8039] ? rcu_read_unlock+0x17/0x60 [ 905.861478][ T8039] ? rcu_read_unlock+0x17/0x60 [ 905.861500][ T8039] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 905.861525][ T8039] obj_cgroup_charge_account+0x33d/0x640 [ 905.861547][ T8039] __memcg_slab_post_alloc_hook+0x2dc/0x990 [ 905.861573][ T8039] __kmalloc_node_track_caller_noprof+0x66e/0x850 [ 905.861599][ T8039] ? __devinet_sysctl_register+0xbc/0x360 [ 905.861617][ T8039] ? register_net_sysctl_sz+0x201/0x430 [ 905.861721][ T8039] kmemdup_noprof+0x29/0x60 [ 905.861737][ T8039] __devinet_sysctl_register+0xbc/0x360 [ 905.861754][ T8039] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 905.861787][ T8039] ? inetdev_init+0x245/0x570 [ 905.861801][ T8039] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 905.861818][ T8039] ? copy_net_ns+0x46f/0x7c0 [ 905.861833][ T8039] ? create_new_namespaces+0x3ea/0xac0 [ 905.861849][ T8039] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 905.861865][ T8039] ? ksys_unshare+0x473/0xad0 [ 905.861884][ T8039] ? __x64_sys_unshare+0x31/0x40 [ 905.861903][ T8039] ? do_syscall_64+0x106/0xf80 [ 905.861926][ T8039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.861944][ T8039] devinet_sysctl_register+0x17b/0x210 [ 905.861962][ T8039] inetdev_init+0x2b8/0x570 [ 905.861978][ T8039] inetdev_event+0x7fa/0x17f0 [ 905.861994][ T8039] ? ib_netdevice_event+0xfc/0x330 [ 905.862075][ T8039] ? __pfx_inetdev_event+0x10/0x10 [ 905.862091][ T8039] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 905.862111][ T8039] notifier_call_chain+0x99/0x420 [ 905.862136][ T8039] call_netdevice_notifiers_info+0xbe/0x110 [ 905.862155][ T8039] register_netdevice+0x16e6/0x2210 [ 905.862184][ T8039] ? __pfx_register_netdevice+0x10/0x10 [ 905.862214][ T8039] register_netdev+0x34/0x50 [ 905.862238][ T8039] sit_init_net+0x2c0/0x5f0 [ 905.862284][ T8039] ? __pfx_sit_init_net+0x10/0x10 [ 905.862303][ T8039] ops_init+0x1e2/0x5f0 [ 905.862329][ T8039] setup_net+0x118/0x3a0 [ 905.862354][ T8039] ? __pfx_setup_net+0x10/0x10 [ 905.862376][ T8039] ? lockdep_init_map_type+0x5c/0x250 [ 905.862398][ T8039] ? mutex_init_lockep+0x110/0x150 [ 905.862423][ T8039] copy_net_ns+0x46f/0x7c0 [ 905.862441][ T8039] create_new_namespaces+0x3ea/0xac0 [ 905.862462][ T8039] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 905.862482][ T8039] ksys_unshare+0x473/0xad0 [ 905.862504][ T8039] ? __pfx_ksys_unshare+0x10/0x10 [ 905.862531][ T8039] __x64_sys_unshare+0x31/0x40 [ 905.862551][ T8039] do_syscall_64+0x106/0xf80 [ 905.862573][ T8039] ? clear_bhb_loop+0x40/0x90 [ 905.862592][ T8039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.862608][ T8039] RIP: 0033:0x7fe2aed9c799 [ 905.862623][ T8039] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.862639][ T8039] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 905.862654][ T8039] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 905.862665][ T8039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 905.862674][ T8039] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 905.862683][ T8039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.862693][ T8039] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 905.862714][ T8039] [ 905.862725][ T8039] memory: usage 3072kB, limit 3072kB, failcnt 137530 [ 906.304497][ T8070] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14443'. [ 907.155422][ T8039] memory+swap: usage 3852kB, limit 9007199254740988kB, failcnt 0 [ 907.169187][ T8039] kmem: usage 2908kB, limit 9007199254740988kB, failcnt 0 [ 907.188004][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14451'. [ 907.197317][ T8039] Memory cgroup stats for /syz3: [ 907.197430][ T8039] cache 0 [ 907.211577][ T8039] rss 4096 [ 907.216038][ T8039] rss_huge 0 [ 907.219360][ T8039] shmem 0 [ 907.222778][ T8039] mapped_file 0 [ 907.226275][ T8039] dirty 0 [ 907.229229][ T8039] writeback 0 [ 907.233558][ T8039] workingset_refault_anon 13690 [ 907.238449][ T8039] workingset_refault_file 43744 [ 907.244286][ T8039] swap 933888 [ 907.247604][ T8039] swapcached 388325376 [ 907.251689][ T8039] pgpgin 331643 [ 907.257833][ T8039] pgpgout 331637 [ 907.261427][ T8039] pgfault 431252 [ 907.266267][ T8039] pgmajfault 7771 [ 907.270782][ T8039] inactive_anon 24576 [ 907.275140][ T8039] active_anon 0 [ 907.278648][ T8039] inactive_file 0 [ 907.283791][ T8039] active_file 0 [ 907.287648][ T8039] unevictable 0 [ 907.291144][ T8039] hierarchical_memory_limit 3145728 [ 907.297311][ T8039] hierarchical_memsw_limit 9223372036854771712 [ 907.305638][ T8039] total_cache 0 [ 907.309266][ T8039] total_rss 4096 [ 907.313453][ T8039] total_rss_huge 0 [ 907.317234][ T8039] total_shmem 0 [ 907.320845][ T8039] total_mapped_file 0 [ 907.330199][ T8039] total_dirty 0 [ 907.334115][ T8039] total_writeback 0 [ 907.337978][ T8039] total_workingset_refault_anon 13690 [ 907.343738][ T8039] total_workingset_refault_file 43744 [ 907.349274][ T8039] total_swap 933888 [ 907.353986][ T8039] total_swapcached 388325376 [ 907.358656][ T8039] total_pgpgin 331643 [ 907.365324][ T8039] total_pgpgout 331637 [ 907.369459][ T8039] total_pgfault 431252 [ 907.374511][ T8039] total_pgmajfault 7771 [ 907.378875][ T8039] total_inactive_anon 24576 [ 907.383809][ T8039] total_active_anon 0 [ 907.387839][ T8039] total_inactive_file 0 [ 907.392504][ T8039] total_active_file 0 [ 907.396555][ T8039] total_unevictable 0 [ 907.400570][ T8039] anon_cost 7 [ 907.405922][ T8039] file_cost 0 [ 907.409342][ T8039] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14438,pid=8038,uid=0 [ 907.425296][ T8039] Memory cgroup out of memory: Killed process 8038 (syz.3.14438) total-vm:104408kB, anon-rss:1232kB, file-rss:22716kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 907.677752][ T8105] netlink: 330 bytes leftover after parsing attributes in process `syz.3.14454'. [ 908.003387][ T8117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.14459'. [ 908.073040][ T8119] netlink: 342 bytes leftover after parsing attributes in process `syz.2.14460'. [ 908.279297][ T30] audit: type=1804 audit(2147483711.765:51): pid=8121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.14458" name="file0" dev="tmpfs" ino=19295 res=1 errno=0 [ 908.336257][ T30] audit: type=1804 audit(2147483711.795:52): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.14458" name="file0" dev="tmpfs" ino=19295 res=1 errno=0 [ 908.608300][ T8140] netlink: 330 bytes leftover after parsing attributes in process `syz.3.14467'. [ 908.855131][T16686] Bluetooth: hci2: unexpected event 0x03 length: 725 > 11 [ 909.107347][ T8166] netlink: 330 bytes leftover after parsing attributes in process `syz.3.14479'. [ 909.401614][T16686] block nbd2: Receive control failed (result -32) [ 909.704828][ T8183] syz.3.14487 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 909.718967][ T8190] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14490'. [ 909.774015][ T8183] CPU: 0 UID: 0 PID: 8183 Comm: syz.3.14487 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 909.774052][ T8183] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 909.774061][ T8183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 909.774071][ T8183] Call Trace: [ 909.774077][ T8183] [ 909.774083][ T8183] dump_stack_lvl+0x100/0x190 [ 909.774111][ T8183] dump_header+0xfb/0x606 [ 909.774128][ T8183] oom_kill_process.cold+0xd/0x330 [ 909.774146][ T8183] out_of_memory+0x340/0x14f0 [ 909.774175][ T8183] ? __pfx_out_of_memory+0x10/0x10 [ 909.774204][ T8183] mem_cgroup_out_of_memory+0xc6/0x130 [ 909.774227][ T8183] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 909.774248][ T8183] ? find_held_lock+0x2b/0x80 [ 909.774267][ T8183] ? do_raw_spin_unlock+0x145/0x1e0 [ 909.774291][ T8183] ? _raw_spin_unlock+0x28/0x50 [ 909.774316][ T8183] try_charge_memcg+0x652/0xc90 [ 909.774341][ T8183] ? __pfx_try_charge_memcg+0x10/0x10 [ 909.774361][ T8183] ? find_held_lock+0x2b/0x80 [ 909.774376][ T8183] ? rcu_read_unlock+0x17/0x60 [ 909.774392][ T8183] ? rcu_read_unlock+0x17/0x60 [ 909.774412][ T8183] charge_memcg+0xa6/0x280 [ 909.774429][ T8183] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 909.774451][ T8183] __swap_cache_prepare_and_add+0x528/0x9e0 [ 909.774489][ T8183] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 909.774511][ T8183] ? __pfx_swap_entry_swapped+0x10/0x10 [ 909.774533][ T8183] swap_cache_alloc_folio+0x1cb/0x300 [ 909.774557][ T8183] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 909.774585][ T8183] swap_cluster_readahead+0x411/0x770 [ 909.774612][ T8183] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 909.774643][ T8183] ? finish_task_switch.isra.0+0x200/0xb80 [ 909.774663][ T8183] ? get_vma_policy+0x23f/0x3b0 [ 909.774683][ T8183] swapin_readahead+0x160/0x12c0 [ 909.774706][ T8183] ? rcu_is_watching+0x12/0xc0 [ 909.774735][ T8183] ? __pfx_swapin_readahead+0x10/0x10 [ 909.774756][ T8183] ? find_held_lock+0x2b/0x80 [ 909.774770][ T8183] ? swap_table_get+0x103/0x2c0 [ 909.774789][ T8183] ? swap_table_get+0x103/0x2c0 [ 909.774813][ T8183] ? swap_table_get+0x10d/0x2c0 [ 909.774834][ T8183] ? swap_cache_get_folio+0x1ae/0x600 [ 909.774856][ T8183] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 909.774876][ T8183] ? __pfx_get_swap_device+0x10/0x10 [ 909.774895][ T8183] ? do_swap_page+0xb2e/0x6900 [ 909.774916][ T8183] do_swap_page+0xb2e/0x6900 [ 909.774939][ T8183] ? __free_object+0x2a8/0x400 [ 909.774964][ T8183] ? lockdep_hardirqs_on+0x78/0x100 [ 909.774995][ T8183] ? __pfx_do_swap_page+0x10/0x10 [ 909.775020][ T8183] ? rcu_is_watching+0x12/0xc0 [ 909.775044][ T8183] ? __pte_offset_map+0x179/0x310 [ 909.775062][ T8183] __handle_mm_fault+0x18c1/0x2b60 [ 909.775088][ T8183] ? reacquire_held_locks+0xce/0x1e0 [ 909.775108][ T8183] ? __pfx___handle_mm_fault+0x10/0x10 [ 909.775136][ T8183] ? lock_vma_under_rcu+0x17c/0x590 [ 909.775174][ T8183] handle_mm_fault+0x36d/0xa20 [ 909.775199][ T8183] do_user_addr_fault+0x5a3/0x12f0 [ 909.775220][ T8183] exc_page_fault+0x6f/0xd0 [ 909.775248][ T8183] asm_exc_page_fault+0x26/0x30 [ 909.775263][ T8183] RIP: 0033:0x7fe2aed9c7ab [ 909.775277][ T8183] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 [ 909.775292][ T8183] RSP: 002b:00007ffd9638c1c8 EFLAGS: 00010213 [ 909.775305][ T8183] RAX: 000000000000006e RBX: 00000000000df08f RCX: ffffffffffffffe8 [ 909.775314][ T8183] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe2af015fac [ 909.775323][ T8183] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 909.775332][ T8183] R10: 00007ffd9638c2d0 R11: 0000000000000246 R12: 00007ffd9638c2f0 [ 909.775341][ T8183] R13: 00007fe2af015fac R14: 00000000000df0c1 R15: 00007ffd9638c2d0 [ 909.775361][ T8183] [ 909.775768][ T8183] memory: usage 3072kB, limit 3072kB, failcnt 137718 [ 910.342017][ T8197] futex_wake_op: syz.1.14493 tries to shift op by -2048; fix this program [ 911.034302][ T8183] memory+swap: usage 3916kB, limit 9007199254740988kB, failcnt 0 [ 911.069572][ T8183] kmem: usage 2364kB, limit 9007199254740988kB, failcnt 0 [ 911.099507][ T8183] Memory cgroup stats for /syz3: [ 911.099626][ T8183] cache 0 [ 911.125280][ T8183] rss 724992 [ 911.128590][ T8183] rss_huge 0 [ 911.158130][ T8183] shmem 0 [ 911.161120][ T8183] mapped_file 0 [ 911.186715][ T8183] dirty 0 [ 911.189673][ T8183] writeback 0 [ 911.214174][ T8183] workingset_refault_anon 13739 [ 911.239335][ T8183] workingset_refault_file 43761 [ 911.262105][ T8183] swap 864256 [ 911.275552][ T8183] swapcached 388386816 [ 911.279750][ T8183] pgpgin 332303 [ 911.306040][ T8183] pgpgout 332126 [ 911.309607][ T8183] pgfault 432700 [ 911.342930][ T8183] pgmajfault 7790 [ 911.357126][ T8183] inactive_anon 0 [ 911.360778][ T8183] active_anon 724992 [ 911.395334][ T8183] inactive_file 0 [ 911.398991][ T8183] active_file 0 [ 911.422314][ T8183] unevictable 0 [ 911.441112][ T8183] hierarchical_memory_limit 3145728 [ 911.463586][ T8183] hierarchical_memsw_limit 9223372036854771712 [ 911.497602][ T8183] total_cache 0 [ 911.511470][ T8183] total_rss 724992 [ 911.526629][ T8183] total_rss_huge 0 [ 911.546856][ T8183] total_shmem 0 [ 911.560344][ T8183] total_mapped_file 0 [ 911.564349][ T8183] total_dirty 0 [ 911.567879][ T8183] total_writeback 0 [ 911.619719][ T8183] total_workingset_refault_anon 13739 [ 911.633277][ T8183] total_workingset_refault_file 43761 [ 911.638657][ T8183] total_swap 864256 [ 911.678522][ T8183] total_swapcached 388386816 [ 911.699846][ T8183] total_pgpgin 332303 [ 911.703843][ T8183] total_pgpgout 332126 [ 911.747737][ T8183] total_pgfault 432700 [ 911.764244][ T8183] total_pgmajfault 7790 [ 911.774357][ T8183] total_inactive_anon 0 [ 911.778528][ T8183] total_active_anon 724992 [ 911.813454][ T8183] total_inactive_file 0 [ 911.817627][ T8183] total_active_file 0 [ 911.849086][ T8183] total_unevictable 0 [ 911.883420][ T8183] anon_cost 14 [ 911.897258][ T8183] file_cost 0 [ 911.921392][ T8183] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14487,pid=8183,uid=0 [ 911.997431][ T8183] Memory cgroup out of memory: Killed process 8183 (syz.3.14487) total-vm:108376kB, anon-rss:1940kB, file-rss:21456kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 912.285717][ T8245] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14512'. [ 912.635071][ T8259] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14517'. [ 913.358592][ T8259] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14517'. [ 914.842149][ T8380] netlink: 334 bytes leftover after parsing attributes in process `syz.1.14546'. [ 915.248170][ T8404] net_ratelimit: 5 callbacks suppressed [ 915.248188][ T8404] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 915.361299][ T8404] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 915.878672][ T8424] netlink: 334 bytes leftover after parsing attributes in process `syz.1.14560'. [ 916.159832][T16686] block nbd3: Receive control failed (result -32) [ 916.475152][ T8442] syz.3.14567 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 916.525407][ T8442] CPU: 0 UID: 0 PID: 8442 Comm: syz.3.14567 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 916.525445][ T8442] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 916.525455][ T8442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 916.525465][ T8442] Call Trace: [ 916.525471][ T8442] [ 916.525478][ T8442] dump_stack_lvl+0x100/0x190 [ 916.525507][ T8442] dump_header+0xfb/0x606 [ 916.525525][ T8442] oom_kill_process.cold+0xd/0x330 [ 916.525544][ T8442] out_of_memory+0x340/0x14f0 [ 916.525574][ T8442] ? __pfx_out_of_memory+0x10/0x10 [ 916.525602][ T8442] mem_cgroup_out_of_memory+0xc6/0x130 [ 916.525625][ T8442] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 916.525646][ T8442] ? find_held_lock+0x2b/0x80 [ 916.525666][ T8442] ? do_raw_spin_unlock+0x145/0x1e0 [ 916.525689][ T8442] ? _raw_spin_unlock+0x28/0x50 [ 916.525720][ T8442] try_charge_memcg+0x652/0xc90 [ 916.525742][ T8442] ? __pfx_try_charge_memcg+0x10/0x10 [ 916.525759][ T8442] ? find_held_lock+0x2b/0x80 [ 916.525774][ T8442] ? rcu_read_unlock+0x17/0x60 [ 916.525791][ T8442] ? rcu_read_unlock+0x17/0x60 [ 916.525814][ T8442] charge_memcg+0xa6/0x280 [ 916.525831][ T8442] __mem_cgroup_charge+0x2b/0x1e0 [ 916.525852][ T8442] do_anonymous_page+0xb62/0x1fb0 [ 916.525881][ T8442] __handle_mm_fault+0x1d42/0x2b60 [ 916.525908][ T8442] ? __pfx___handle_mm_fault+0x10/0x10 [ 916.525930][ T8442] ? pte_offset_map_lock+0x174/0x320 [ 916.525947][ T8442] ? find_held_lock+0x2b/0x80 [ 916.525969][ T8442] ? follow_page_pte+0x5b3/0x1400 [ 916.525991][ T8442] handle_mm_fault+0x36d/0xa20 [ 916.526016][ T8442] __get_user_pages+0xf9c/0x34d0 [ 916.526042][ T8442] ? __pfx___get_user_pages+0x10/0x10 [ 916.526066][ T8442] populate_vma_page_range+0x267/0x3f0 [ 916.526086][ T8442] ? __pfx_populate_vma_page_range+0x10/0x10 [ 916.526105][ T8442] ? __pfx_find_vma_intersection+0x10/0x10 [ 916.526123][ T8442] ? do_mmap+0x93f/0x12f0 [ 916.526143][ T8442] __mm_populate+0x107/0x3a0 [ 916.526162][ T8442] ? __pfx___mm_populate+0x10/0x10 [ 916.526183][ T8442] ? up_write+0x290/0x4f0 [ 916.526207][ T8442] vm_mmap_pgoff+0x37f/0x470 [ 916.526229][ T8442] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 916.526256][ T8442] ksys_mmap_pgoff+0xe1/0x650 [ 916.526274][ T8442] ? kcov_ioctl+0x16a/0x720 [ 916.526288][ T8442] ? kfree+0x2ec/0x6b0 [ 916.526307][ T8442] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 916.526323][ T8442] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 916.526350][ T8442] __x64_sys_mmap+0x125/0x190 [ 916.526376][ T8442] do_syscall_64+0x106/0xf80 [ 916.526399][ T8442] ? clear_bhb_loop+0x40/0x90 [ 916.526418][ T8442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.526434][ T8442] RIP: 0033:0x7fe2aed9c799 [ 916.526450][ T8442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 916.526465][ T8442] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 916.526480][ T8442] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 916.526491][ T8442] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 916.526500][ T8442] RBP: 00007fe2aee32c99 R08: 0000000000000002 R09: 0000000000008000 [ 916.526510][ T8442] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 916.526519][ T8442] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 916.526540][ T8442] [ 916.526546][ T8442] memory: usage 3072kB, limit 3072kB, failcnt 138860 [ 916.935422][ T8454] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14573'. [ 916.972664][ T8450] nbd: socks must be embedded in a SOCK_ITEM attr [ 916.988334][ T8450] block nbd4: shutting down sockets [ 917.338759][ T8469] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14578'. [ 917.685714][ T8442] memory+swap: usage 3912kB, limit 9007199254740988kB, failcnt 0 [ 917.723843][ T8442] kmem: usage 2300kB, limit 9007199254740988kB, failcnt 0 [ 917.748298][ T8442] Memory cgroup stats for /syz3: [ 917.748413][ T8442] cache 0 [ 917.778034][ T8442] rss 790528 [ 917.786141][ T8442] rss_huge 0 [ 917.801436][ T8442] shmem 0 [ 917.804399][ T8442] mapped_file 0 [ 917.847279][ T8442] dirty 0 [ 917.850241][ T8442] writeback 0 [ 917.853513][ T8442] workingset_refault_anon 13910 [ 917.885807][ T8442] workingset_refault_file 43826 [ 917.903001][ T8494] FAULT_INJECTION: forcing a failure. [ 917.903001][ T8494] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 917.924471][ T8442] swap 860160 [ 917.941229][ T8442] swapcached 394080256 [ 917.945334][ T8442] pgpgin 334661 [ 917.969787][ T8494] CPU: 0 UID: 0 PID: 8494 Comm: syz.2.14591 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 917.969826][ T8494] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 917.969836][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 917.969845][ T8494] Call Trace: [ 917.969851][ T8494] [ 917.969858][ T8494] dump_stack_lvl+0x100/0x190 [ 917.969887][ T8494] should_fail_ex.cold+0x5/0xa [ 917.969904][ T8494] ? prepare_alloc_pages+0x16d/0x5f0 [ 917.969925][ T8494] should_fail_alloc_page+0xeb/0x140 [ 917.969943][ T8494] prepare_alloc_pages+0x1f0/0x5f0 [ 917.969965][ T8494] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 917.969992][ T8494] ? __lock_acquire+0x4a5/0x2630 [ 917.970018][ T8494] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 917.970043][ T8494] ? do_raw_spin_lock+0x128/0x260 [ 917.970065][ T8494] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 917.970086][ T8494] ? find_held_lock+0x2b/0x80 [ 917.970107][ T8494] ? __lock_acquire+0x4a5/0x2630 [ 917.970126][ T8494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 917.970143][ T8494] ? policy_nodemask+0xed/0x4f0 [ 917.970162][ T8494] alloc_pages_mpol+0x1fb/0x550 [ 917.970179][ T8494] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 917.970197][ T8494] ? __lock_acquire+0x4a5/0x2630 [ 917.970219][ T8494] folio_alloc_mpol_noprof+0x36/0x340 [ 917.970239][ T8494] shmem_alloc_folio+0x135/0x160 [ 917.970261][ T8494] shmem_alloc_and_add_folio+0x371/0xd40 [ 917.970289][ T8494] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 917.970314][ T8494] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 917.970342][ T8494] shmem_get_folio_gfp+0x6ab/0x1900 [ 917.970369][ T8494] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 917.970393][ T8494] ? filemap_map_pages+0xe69/0x2020 [ 917.970419][ T8494] shmem_fault+0x1f9/0xa20 [ 917.970442][ T8494] ? __lock_acquire+0x4a5/0x2630 [ 917.970461][ T8494] ? __pfx_shmem_fault+0x10/0x10 [ 917.970498][ T8494] ? __pfx_filemap_map_pages+0x10/0x10 [ 917.970526][ T8494] __do_fault+0x10d/0x550 [ 917.970545][ T8494] do_fault+0xabb/0x1990 [ 917.970566][ T8494] __handle_mm_fault+0x180f/0x2b60 [ 917.970590][ T8494] ? mt_find+0x45e/0x8e0 [ 917.970608][ T8494] ? __pfx___handle_mm_fault+0x10/0x10 [ 917.970627][ T8494] ? __pfx_mt_find+0x10/0x10 [ 917.970652][ T8494] ? find_vma+0xbf/0x140 [ 917.970666][ T8494] ? __pfx_find_vma+0x10/0x10 [ 917.970684][ T8494] handle_mm_fault+0x36d/0xa20 [ 917.970709][ T8494] do_user_addr_fault+0x74c/0x12f0 [ 917.970732][ T8494] exc_page_fault+0x6f/0xd0 [ 917.970755][ T8494] asm_exc_page_fault+0x26/0x30 [ 917.970771][ T8494] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 917.970790][ T8494] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 917.970805][ T8494] RSP: 0018:ffffc9000495fa40 EFLAGS: 00050206 [ 917.970819][ T8494] RAX: 0000000000000001 RBX: ffff8880789ab000 RCX: 0000000000001000 [ 917.970829][ T8494] RDX: 0000000000000001 RSI: 0000000000004000 RDI: ffff8880789ab000 [ 917.970839][ T8494] RBP: 0000000000004000 R08: 0000000000000001 R09: ffffed100f1357ff [ 917.970848][ T8494] R10: ffff8880789abfff R11: 0000000000000000 R12: ffffc9000495fd80 [ 917.970857][ T8494] R13: 0000000000004000 R14: 0000000000001000 R15: 0000000000000000 [ 917.970876][ T8494] _copy_from_iter+0x355/0x1690 [ 917.970975][ T8494] ? policy_nodemask+0xed/0x4f0 [ 917.970993][ T8494] ? __pfx__copy_from_iter+0x10/0x10 [ 917.971012][ T8494] ? alloc_pages_mpol+0x25a/0x550 [ 917.971031][ T8494] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 917.971052][ T8494] copy_page_from_iter+0xde/0x180 [ 917.971073][ T8494] anon_pipe_write+0xae4/0x1d40 [ 917.971096][ T8494] ? __pfx_anon_pipe_write+0x10/0x10 [ 917.971113][ T8494] ? apparmor_file_permission+0x13f/0x1c0 [ 917.971133][ T8494] ? bpf_lsm_file_permission+0x9/0x10 [ 917.971147][ T8494] ? security_file_permission+0x76/0x210 [ 917.971167][ T8494] ? rw_verify_area+0xce/0x6d0 [ 917.971190][ T8494] vfs_write+0x6ac/0x1070 [ 917.971205][ T8494] ? __pfx_anon_pipe_write+0x10/0x10 [ 917.971223][ T8494] ? __pfx_vfs_write+0x10/0x10 [ 917.971236][ T8494] ? find_held_lock+0x2b/0x80 [ 917.971263][ T8494] ksys_write+0x1f8/0x250 [ 917.971278][ T8494] ? __pfx_ksys_write+0x10/0x10 [ 917.971298][ T8494] do_syscall_64+0x106/0xf80 [ 917.971320][ T8494] ? clear_bhb_loop+0x40/0x90 [ 917.971338][ T8494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.971354][ T8494] RIP: 0033:0x7f8438b9c799 [ 917.971368][ T8494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 917.971382][ T8494] RSP: 002b:00007f8436df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 917.971397][ T8494] RAX: ffffffffffffffda RBX: 00007f8438e15fa0 RCX: 00007f8438b9c799 [ 917.971407][ T8494] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 917.971416][ T8494] RBP: 00007f8438c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 917.971426][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 917.971436][ T8494] R13: 00007f8438e16038 R14: 00007f8438e15fa0 R15: 00007fffd7fb9578 [ 917.971456][ T8494] [ 918.474873][ T8442] pgpgout 334468 [ 918.478423][ T8442] pgfault 435941 [ 918.481950][ T8442] pgmajfault 7891 [ 918.486412][ T8442] inactive_anon 0 [ 918.490053][ T8442] active_anon 790528 [ 918.493968][ T8442] inactive_file 0 [ 918.497578][ T8442] active_file 0 [ 918.501028][ T8442] unevictable 0 [ 918.504514][ T8442] hierarchical_memory_limit 3145728 [ 918.510574][ T8442] hierarchical_memsw_limit 9223372036854771712 [ 918.516803][ T8442] total_cache 0 [ 918.520251][ T8442] total_rss 790528 [ 918.523992][ T8442] total_rss_huge 0 [ 918.527691][ T8442] total_shmem 0 [ 918.531141][ T8442] total_mapped_file 0 [ 918.535122][ T8442] total_dirty 0 [ 918.538561][ T8442] total_writeback 0 [ 918.542362][ T8442] total_workingset_refault_anon 13910 [ 918.547796][ T8442] total_workingset_refault_file 43826 [ 918.553164][ T8442] total_swap 860160 [ 918.557003][ T8442] total_swapcached 394080256 [ 918.561571][ T8442] total_pgpgin 334661 [ 918.565579][ T8442] total_pgpgout 334468 [ 918.569642][ T8442] total_pgfault 435941 [ 918.573715][ T8442] total_pgmajfault 7891 [ 918.577855][ T8442] total_inactive_anon 0 [ 918.581984][ T8442] total_active_anon 790528 [ 918.586480][ T8442] total_inactive_file 0 [ 918.590613][ T8442] total_active_file 0 [ 918.594606][ T8442] total_unevictable 0 [ 918.598564][ T8442] anon_cost 11 [ 918.601910][ T8442] file_cost 0 [ 918.605202][ T8442] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14567,pid=8441,uid=0 [ 918.620960][ T8442] Memory cgroup out of memory: Killed process 8441 (syz.3.14567) total-vm:108376kB, anon-rss:2008kB, file-rss:21456kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 918.691968][ T8500] netlink: 'syz.0.14595': attribute type 27 has an invalid length. [ 918.699955][ T8500] netlink: 334 bytes leftover after parsing attributes in process `syz.0.14595'. [ 919.790230][ T8538] netlink: 330 bytes leftover after parsing attributes in process `syz.2.14608'. [ 920.969306][ T8525] syz.3.14607 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 921.023052][ T8525] CPU: 0 UID: 0 PID: 8525 Comm: syz.3.14607 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 921.023097][ T8525] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 921.023106][ T8525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 921.023116][ T8525] Call Trace: [ 921.023122][ T8525] [ 921.023129][ T8525] dump_stack_lvl+0x100/0x190 [ 921.023159][ T8525] dump_header+0xfb/0x606 [ 921.023178][ T8525] oom_kill_process.cold+0xd/0x330 [ 921.023197][ T8525] out_of_memory+0x340/0x14f0 [ 921.023228][ T8525] ? __pfx_out_of_memory+0x10/0x10 [ 921.023257][ T8525] mem_cgroup_out_of_memory+0xc6/0x130 [ 921.023280][ T8525] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 921.023301][ T8525] ? find_held_lock+0x2b/0x80 [ 921.023321][ T8525] ? do_raw_spin_unlock+0x145/0x1e0 [ 921.023344][ T8525] ? _raw_spin_unlock+0x28/0x50 [ 921.023367][ T8525] try_charge_memcg+0x652/0xc90 [ 921.023389][ T8525] ? __pfx_try_charge_memcg+0x10/0x10 [ 921.023406][ T8525] ? find_held_lock+0x2b/0x80 [ 921.023420][ T8525] ? rcu_read_unlock+0x17/0x60 [ 921.023438][ T8525] ? rcu_read_unlock+0x17/0x60 [ 921.023462][ T8525] charge_memcg+0xa6/0x280 [ 921.023479][ T8525] __mem_cgroup_charge+0x2b/0x1e0 [ 921.023500][ T8525] shmem_alloc_and_add_folio+0x451/0xd40 [ 921.023529][ T8525] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 921.023555][ T8525] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 921.023584][ T8525] shmem_get_folio_gfp+0x6ab/0x1900 [ 921.023609][ T8525] ? find_held_lock+0x2b/0x80 [ 921.023625][ T8525] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 921.023650][ T8525] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 921.023671][ T8525] ? lockdep_hardirqs_on+0x78/0x100 [ 921.023696][ T8525] shmem_fault+0x1f9/0xa20 [ 921.023719][ T8525] ? __lock_acquire+0x4a5/0x2630 [ 921.023739][ T8525] ? __pfx_shmem_fault+0x10/0x10 [ 921.023763][ T8525] ? __up_read+0x2c5/0x700 [ 921.023792][ T8525] ? __pfx_filemap_map_pages+0x10/0x10 [ 921.023816][ T8525] __do_fault+0x10d/0x550 [ 921.023834][ T8525] ? __pfx_filemap_map_pages+0x10/0x10 [ 921.023856][ T8525] do_fault+0x2db/0x1990 [ 921.023877][ T8525] __handle_mm_fault+0x180f/0x2b60 [ 921.023904][ T8525] ? __pfx___handle_mm_fault+0x10/0x10 [ 921.023926][ T8525] ? pte_offset_map_lock+0x174/0x320 [ 921.023943][ T8525] ? find_held_lock+0x2b/0x80 [ 921.023964][ T8525] ? follow_page_pte+0x5b3/0x1400 [ 921.023986][ T8525] handle_mm_fault+0x36d/0xa20 [ 921.024011][ T8525] __get_user_pages+0xf9c/0x34d0 [ 921.024035][ T8525] ? down_read_killable+0x30e/0x4c0 [ 921.024052][ T8525] ? __pfx___get_user_pages+0x10/0x10 [ 921.024076][ T8525] ? faultin_page_range+0x3a3/0x9e0 [ 921.024099][ T8525] faultin_page_range+0x1f1/0x9e0 [ 921.024122][ T8525] madvise_do_behavior+0x354/0x510 [ 921.024143][ T8525] ? __pfx_madvise_do_behavior+0x10/0x10 [ 921.024173][ T8525] do_madvise+0x195/0x240 [ 921.024191][ T8525] ? __pfx_do_madvise+0x10/0x10 [ 921.024209][ T8525] ? do_futex+0x192/0x350 [ 921.024248][ T8525] __x64_sys_madvise+0xa9/0x110 [ 921.024267][ T8525] ? lockdep_hardirqs_on+0x78/0x100 [ 921.024289][ T8525] do_syscall_64+0x106/0xf80 [ 921.024312][ T8525] ? clear_bhb_loop+0x40/0x90 [ 921.024331][ T8525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.024347][ T8525] RIP: 0033:0x7fe2aed9c799 [ 921.024362][ T8525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 921.024377][ T8525] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 921.024392][ T8525] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 921.024403][ T8525] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 921.024413][ T8525] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 921.024422][ T8525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 921.024431][ T8525] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 921.024454][ T8525] [ 921.024666][ T8525] memory: usage 3072kB, limit 3072kB, failcnt 141526 [ 922.453531][ T8525] memory+swap: usage 14812kB, limit 9007199254740988kB, failcnt 0 [ 922.497306][ T8525] kmem: usage 2376kB, limit 9007199254740988kB, failcnt 0 [ 922.533875][ T8525] Memory cgroup stats for /syz3: [ 922.533996][ T8525] cache 335872 [ 922.570086][ T8525] rss 12288 [ 922.580162][ T8525] rss_huge 0 [ 922.590108][ T8525] shmem 335872 [ 922.602911][ T8525] mapped_file 335872 [ 922.617037][ T8525] dirty 0 [ 922.624668][ T8525] writeback 4096 [ 922.638424][ T8525] workingset_refault_anon 14061 [ 922.662224][ T8525] workingset_refault_file 43826 [ 922.679130][ T8525] swap 12193792 [ 922.689205][ T8525] swapcached 405872640 [ 922.705947][ T8525] pgpgin 337885 [ 922.719803][ T8525] pgpgout 337763 [ 922.727964][ T8525] pgfault 439372 [ 922.750358][ T8525] pgmajfault 7928 [ 922.757052][ T8525] inactive_anon 339968 [ 922.776563][ T8525] active_anon 28672 [ 922.787404][ T8525] inactive_file 0 [ 922.798296][ T8525] active_file 0 [ 922.809780][ T8525] unevictable 0 [ 922.824663][ T8525] hierarchical_memory_limit 3145728 [ 922.849540][ T8525] hierarchical_memsw_limit 9223372036854771712 [ 922.866100][ T8525] total_cache 335872 [ 922.879534][ T8525] total_rss 12288 [ 922.896366][ T8525] total_rss_huge 0 [ 922.908871][ T8525] total_shmem 335872 [ 922.922849][ T8525] total_mapped_file 335872 [ 922.942395][ T8525] total_dirty 0 [ 922.947629][ T8525] total_writeback 4096 [ 922.961385][ T8525] total_workingset_refault_anon 14061 [ 922.982816][ T8525] total_workingset_refault_file 43826 [ 922.998143][ T8525] total_swap 12193792 [ 923.005001][ T8525] total_swapcached 405872640 [ 923.019892][ T8525] total_pgpgin 337885 [ 923.025007][ T8525] total_pgpgout 337763 [ 923.034917][ T8525] total_pgfault 439372 [ 923.045167][ T8525] total_pgmajfault 7928 [ 923.055079][ T8525] total_inactive_anon 339968 [ 923.065902][ T8525] total_active_anon 28672 [ 923.070572][ T8525] total_inactive_file 0 [ 923.081028][ T8525] total_active_file 0 [ 923.090142][ T8525] total_unevictable 0 [ 923.100090][ T8525] anon_cost 619 [ 923.105454][ T8525] file_cost 0 [ 923.116431][ T8525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14607,pid=8524,uid=0 [ 923.149835][ T8525] Memory cgroup out of memory: Killed process 8524 (syz.3.14607) total-vm:137308kB, anon-rss:1240kB, file-rss:22244kB, shmem-rss:328kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 924.060063][ T8681] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14659'. [ 924.704031][ T8702] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14665'. [ 925.262724][ T8717] netlink: 16 bytes leftover after parsing attributes in process `syz.2.14670'. [ 926.275531][T16686] block nbd4: Receive control failed (result -32) [ 927.579470][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 927.585760][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 927.618611][T16686] block nbd5: Receive control failed (result -32) [ 930.013751][ T8778] syz.3.14694 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 930.076097][ T8778] CPU: 0 UID: 0 PID: 8778 Comm: syz.3.14694 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 930.076136][ T8778] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 930.076146][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 930.076156][ T8778] Call Trace: [ 930.076162][ T8778] [ 930.076169][ T8778] dump_stack_lvl+0x100/0x190 [ 930.076198][ T8778] dump_header+0xfb/0x606 [ 930.076216][ T8778] oom_kill_process.cold+0xd/0x330 [ 930.076235][ T8778] out_of_memory+0x340/0x14f0 [ 930.076264][ T8778] ? __pfx_out_of_memory+0x10/0x10 [ 930.076293][ T8778] mem_cgroup_out_of_memory+0xc6/0x130 [ 930.076317][ T8778] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 930.076338][ T8778] ? find_held_lock+0x2b/0x80 [ 930.076357][ T8778] ? do_raw_spin_unlock+0x145/0x1e0 [ 930.076380][ T8778] ? _raw_spin_unlock+0x28/0x50 [ 930.076404][ T8778] try_charge_memcg+0x652/0xc90 [ 930.076425][ T8778] ? __pfx_try_charge_memcg+0x10/0x10 [ 930.076442][ T8778] ? find_held_lock+0x2b/0x80 [ 930.076456][ T8778] ? rcu_read_unlock+0x17/0x60 [ 930.076473][ T8778] ? rcu_read_unlock+0x17/0x60 [ 930.076497][ T8778] charge_memcg+0xa6/0x280 [ 930.076514][ T8778] __mem_cgroup_charge+0x2b/0x1e0 [ 930.076535][ T8778] shmem_alloc_and_add_folio+0x451/0xd40 [ 930.076564][ T8778] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 930.076589][ T8778] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 930.076618][ T8778] shmem_get_folio_gfp+0x6ab/0x1900 [ 930.076645][ T8778] ? find_held_lock+0x2b/0x80 [ 930.076660][ T8778] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 930.076685][ T8778] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 930.076706][ T8778] ? lockdep_hardirqs_on+0x78/0x100 [ 930.076731][ T8778] shmem_fault+0x1f9/0xa20 [ 930.076754][ T8778] ? __lock_acquire+0x4a5/0x2630 [ 930.076773][ T8778] ? __pfx_shmem_fault+0x10/0x10 [ 930.076798][ T8778] ? __up_read+0x2c5/0x700 [ 930.076827][ T8778] ? __pfx_filemap_map_pages+0x10/0x10 [ 930.076850][ T8778] __do_fault+0x10d/0x550 [ 930.076868][ T8778] ? __pfx_filemap_map_pages+0x10/0x10 [ 930.076897][ T8778] do_fault+0x2db/0x1990 [ 930.076918][ T8778] __handle_mm_fault+0x180f/0x2b60 [ 930.076946][ T8778] ? __pfx___handle_mm_fault+0x10/0x10 [ 930.076968][ T8778] ? pte_offset_map_lock+0x174/0x320 [ 930.076985][ T8778] ? find_held_lock+0x2b/0x80 [ 930.077007][ T8778] ? follow_page_pte+0x5b3/0x1400 [ 930.077029][ T8778] handle_mm_fault+0x36d/0xa20 [ 930.077054][ T8778] __get_user_pages+0xf9c/0x34d0 [ 930.077077][ T8778] ? down_read_killable+0x30e/0x4c0 [ 930.077095][ T8778] ? __pfx___get_user_pages+0x10/0x10 [ 930.077119][ T8778] faultin_page_range+0x1f1/0x9e0 [ 930.077142][ T8778] madvise_do_behavior+0x354/0x510 [ 930.077163][ T8778] ? __pfx_madvise_do_behavior+0x10/0x10 [ 930.077193][ T8778] do_madvise+0x195/0x240 [ 930.077212][ T8778] ? __pfx_do_madvise+0x10/0x10 [ 930.077230][ T8778] ? do_futex+0x192/0x350 [ 930.077270][ T8778] __x64_sys_madvise+0xa9/0x110 [ 930.077288][ T8778] ? lockdep_hardirqs_on+0x78/0x100 [ 930.077311][ T8778] do_syscall_64+0x106/0xf80 [ 930.077333][ T8778] ? clear_bhb_loop+0x40/0x90 [ 930.077352][ T8778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.077368][ T8778] RIP: 0033:0x7fe2aed9c799 [ 930.077383][ T8778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 930.077398][ T8778] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 930.077413][ T8778] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 930.077423][ T8778] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 930.077433][ T8778] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 930.077442][ T8778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 930.077452][ T8778] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 930.077472][ T8778] [ 930.077478][ T8778] memory: usage 3072kB, limit 3072kB, failcnt 143956 [ 931.745449][ T8778] memory+swap: usage 11268kB, limit 9007199254740988kB, failcnt 0 [ 931.769411][ T8778] kmem: usage 2344kB, limit 9007199254740988kB, failcnt 0 [ 931.807919][ T8778] Memory cgroup stats for /syz3: [ 931.808037][ T8778] cache 651264 [ 931.818020][ T8856] netlink: 330 bytes leftover after parsing attributes in process `syz.0.14714'. [ 931.849799][ T8778] rss 16384 [ 931.875571][ T8778] rss_huge 0 [ 931.889993][ T8778] shmem 651264 [ 931.903788][ T8778] mapped_file 651264 [ 931.918649][ T8778] dirty 0 [ 931.937251][ T8778] writeback 12288 [ 931.956885][ T8778] workingset_refault_anon 14700 [ 931.982835][ T8778] workingset_refault_file 43830 [ 931.995633][ T8778] swap 8396800 [ 932.010573][ T8778] swapcached 417591296 [ 932.032823][ T8778] pgpgin 342101 [ 932.046060][ T8778] pgpgout 341928 [ 932.076642][ T8778] pgfault 446258 [ 932.090353][ T8778] pgmajfault 8193 [ 932.104877][ T8778] inactive_anon 12288 [ 932.125296][ T8778] active_anon 589824 [ 932.135608][ T8778] inactive_file 0 [ 932.163687][ T8778] active_file 0 [ 932.172949][ T8778] unevictable 0 [ 932.187086][ T8778] hierarchical_memory_limit 3145728 [ 932.202716][ T8778] hierarchical_memsw_limit 9223372036854771712 [ 932.231430][ T8778] total_cache 651264 [ 932.244111][ T8778] total_rss 16384 [ 932.264804][ T8778] total_rss_huge 0 [ 932.293558][ T8778] total_shmem 651264 [ 932.299320][ T8868] netlink: 330 bytes leftover after parsing attributes in process `syz.1.14720'. [ 932.309248][ T8778] total_mapped_file 651264 [ 932.324305][ T8778] total_dirty 0 [ 932.334911][ T8778] total_writeback 12288 [ 932.357814][ T8778] total_workingset_refault_anon 14700 [ 932.381852][ T8778] total_workingset_refault_file 43830 [ 932.414044][ T8778] total_swap 8396800 [ 932.431983][ T8778] total_swapcached 417591296 [ 932.446755][ T8778] total_pgpgin 342101 [ 932.463878][ T8778] total_pgpgout 341928 [ 932.501091][ T8778] total_pgfault 446258 [ 932.511194][ T8778] total_pgmajfault 8193 [ 932.534270][ T8778] total_inactive_anon 12288 [ 932.557910][ T8778] total_active_anon 589824 [ 932.584995][ T8778] total_inactive_file 0 [ 932.607926][ T8778] total_active_file 0 [ 932.628409][ T8778] total_unevictable 0 [ 932.648555][ T8778] anon_cost 21 [ 932.677759][ T8778] file_cost 0 [ 932.688028][ T8778] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14694,pid=8777,uid=0 [ 932.759745][ T8778] Memory cgroup out of memory: Killed process 8777 (syz.3.14694) total-vm:137308kB, anon-rss:1244kB, file-rss:22464kB, shmem-rss:460kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 932.970850][ T8879] netlink: 326 bytes leftover after parsing attributes in process `syz.1.14725'. [ 933.947461][ T8898] netlink: 130 bytes leftover after parsing attributes in process `syz.0.14731'. [ 934.272304][ T8908] x_tables: duplicate underflow at hook 4 [ 934.447692][ T8916] netlink: 'syz.3.14739': attribute type 2 has an invalid length. [ 934.824722][ T8926] syz.3.14742 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 934.930386][ T8926] CPU: 0 UID: 0 PID: 8926 Comm: syz.3.14742 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 934.930424][ T8926] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 934.930433][ T8926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 934.930442][ T8926] Call Trace: [ 934.930448][ T8926] [ 934.930455][ T8926] dump_stack_lvl+0x100/0x190 [ 934.930483][ T8926] dump_header+0xfb/0x606 [ 934.930501][ T8926] oom_kill_process.cold+0xd/0x330 [ 934.930520][ T8926] out_of_memory+0x340/0x14f0 [ 934.930548][ T8926] ? __pfx_out_of_memory+0x10/0x10 [ 934.930577][ T8926] mem_cgroup_out_of_memory+0xc6/0x130 [ 934.930599][ T8926] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 934.930620][ T8926] ? find_held_lock+0x2b/0x80 [ 934.930639][ T8926] ? do_raw_spin_unlock+0x145/0x1e0 [ 934.930662][ T8926] ? _raw_spin_unlock+0x28/0x50 [ 934.930685][ T8926] try_charge_memcg+0x652/0xc90 [ 934.930707][ T8926] ? __pfx_try_charge_memcg+0x10/0x10 [ 934.930727][ T8926] ? find_held_lock+0x2b/0x80 [ 934.930741][ T8926] ? rcu_read_unlock+0x17/0x60 [ 934.930758][ T8926] ? rcu_read_unlock+0x17/0x60 [ 934.930777][ T8926] charge_memcg+0xa6/0x280 [ 934.930793][ T8926] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 934.930816][ T8926] __swap_cache_prepare_and_add+0x528/0x9e0 [ 934.930847][ T8926] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 934.930868][ T8926] ? __pfx_swap_entry_swapped+0x10/0x10 [ 934.930890][ T8926] swap_cache_alloc_folio+0x1cb/0x300 [ 934.930913][ T8926] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 934.930941][ T8926] swap_cluster_readahead+0x411/0x770 [ 934.930969][ T8926] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 934.931000][ T8926] ? finish_task_switch.isra.0+0x200/0xb80 [ 934.931020][ T8926] ? get_vma_policy+0x23f/0x3b0 [ 934.931040][ T8926] swapin_readahead+0x160/0x12c0 [ 934.931063][ T8926] ? rcu_is_watching+0x12/0xc0 [ 934.931092][ T8926] ? __pfx_swapin_readahead+0x10/0x10 [ 934.931113][ T8926] ? find_held_lock+0x2b/0x80 [ 934.931127][ T8926] ? swap_table_get+0x103/0x2c0 [ 934.931147][ T8926] ? swap_table_get+0x103/0x2c0 [ 934.931171][ T8926] ? swap_table_get+0x10d/0x2c0 [ 934.931191][ T8926] ? swap_cache_get_folio+0x1ae/0x600 [ 934.931213][ T8926] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 934.931234][ T8926] ? __pfx_get_swap_device+0x10/0x10 [ 934.931260][ T8926] ? do_swap_page+0xb2e/0x6900 [ 934.931280][ T8926] do_swap_page+0xb2e/0x6900 [ 934.931303][ T8926] ? __free_object+0x2a8/0x400 [ 934.931327][ T8926] ? lockdep_hardirqs_on+0x78/0x100 [ 934.931355][ T8926] ? __pfx_do_swap_page+0x10/0x10 [ 934.931381][ T8926] ? rcu_is_watching+0x12/0xc0 [ 934.931404][ T8926] ? __pte_offset_map+0x179/0x310 [ 934.931422][ T8926] __handle_mm_fault+0x18c1/0x2b60 [ 934.931447][ T8926] ? reacquire_held_locks+0xce/0x1e0 [ 934.931468][ T8926] ? __pfx___handle_mm_fault+0x10/0x10 [ 934.931493][ T8926] ? lock_vma_under_rcu+0x17c/0x590 [ 934.931525][ T8926] handle_mm_fault+0x36d/0xa20 [ 934.931550][ T8926] do_user_addr_fault+0x5a3/0x12f0 [ 934.931571][ T8926] exc_page_fault+0x6f/0xd0 [ 934.931594][ T8926] asm_exc_page_fault+0x26/0x30 [ 934.931609][ T8926] RIP: 0033:0x7fe2aed9c7ab [ 934.931623][ T8926] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 [ 934.931638][ T8926] RSP: 002b:00007ffd9638c1c8 EFLAGS: 00010213 [ 934.931650][ T8926] RAX: 000000000000006e RBX: 00000000000e536b RCX: ffffffffffffffe8 [ 934.931660][ T8926] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe2af015fac [ 934.931669][ T8926] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 934.931678][ T8926] R10: 00007ffd9638c2d0 R11: 0000000000000246 R12: 00007ffd9638c2f0 [ 934.931687][ T8926] R13: 00007fe2af015fac R14: 00000000000e539d R15: 00007ffd9638c2d0 [ 934.931707][ T8926] [ 935.472666][ T8926] memory: usage 3068kB, limit 3072kB, failcnt 145073 [ 935.479422][ T8926] memory+swap: usage 3976kB, limit 9007199254740988kB, failcnt 0 [ 935.487308][ T8926] kmem: usage 2304kB, limit 9007199254740988kB, failcnt 0 [ 935.494400][ T8926] Memory cgroup stats for /syz3: [ 935.494508][ T8926] cache 634880 [ 935.502835][ T8926] rss 4096 [ 935.505878][ T8926] rss_huge 0 [ 935.509058][ T8926] shmem 634880 [ 935.512407][ T8926] mapped_file 634880 [ 935.516413][ T8926] dirty 0 [ 935.520168][ T8926] writeback 0 [ 935.523519][ T8926] workingset_refault_anon 14826 [ 935.528466][ T8926] workingset_refault_file 43830 [ 935.533296][ T8926] swap 929792 [ 935.536629][ T8926] swapcached 422006784 [ 935.540729][ T8926] pgpgin 343701 [ 935.544173][ T8926] pgpgout 343510 [ 935.547761][ T8926] pgfault 448383 [ 935.551332][ T8926] pgmajfault 8238 [ 935.554943][ T8926] inactive_anon 147456 [ 935.559009][ T8926] active_anon 634880 [ 935.562917][ T8926] inactive_file 0 [ 935.566552][ T8926] active_file 0 [ 935.570016][ T8926] unevictable 0 [ 935.573511][ T8926] hierarchical_memory_limit 3145728 [ 935.578727][ T8926] hierarchical_memsw_limit 9223372036854771712 [ 935.584943][ T8926] total_cache 634880 [ 935.588816][ T8926] total_rss 4096 [ 935.592373][ T8926] total_rss_huge 0 [ 935.596127][ T8926] total_shmem 634880 [ 935.600015][ T8926] total_mapped_file 634880 [ 935.604407][ T8926] total_dirty 0 [ 935.607922][ T8926] total_writeback 0 [ 935.611710][ T8926] total_workingset_refault_anon 14826 [ 935.617149][ T8926] total_workingset_refault_file 43830 [ 935.623102][ T8926] total_swap 929792 [ 935.627319][ T8926] total_swapcached 422006784 [ 935.631892][ T8926] total_pgpgin 343701 [ 935.635971][ T8926] total_pgpgout 343510 [ 935.640017][ T8926] total_pgfault 448383 [ 935.644077][ T8926] total_pgmajfault 8238 [ 935.648480][ T8926] total_inactive_anon 147456 [ 935.653064][ T8926] total_active_anon 634880 [ 935.657542][ T8926] total_inactive_file 0 [ 935.661780][ T8926] total_active_file 0 [ 935.665798][ T8926] total_unevictable 0 [ 935.669760][ T8926] anon_cost 269 [ 935.673267][ T8926] file_cost 0 [ 935.676580][ T8926] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14742,pid=8926,uid=0 [ 935.691512][ T8926] Memory cgroup out of memory: Killed process 8926 (syz.3.14742) total-vm:169944kB, anon-rss:1232kB, file-rss:22436kB, shmem-rss:620kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 936.104575][ T8947] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14752'. [ 936.219714][ T8942] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14752'. [ 937.226207][ T8967] netlink: 326 bytes leftover after parsing attributes in process `syz.2.14761'. [ 937.334272][ T8966] syz.3.14760 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 937.395659][ T8966] CPU: 0 UID: 0 PID: 8966 Comm: syz.3.14760 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 937.395697][ T8966] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 937.395706][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 937.395716][ T8966] Call Trace: [ 937.395722][ T8966] [ 937.395729][ T8966] dump_stack_lvl+0x100/0x190 [ 937.395757][ T8966] dump_header+0xfb/0x606 [ 937.395775][ T8966] oom_kill_process.cold+0xd/0x330 [ 937.395794][ T8966] out_of_memory+0x340/0x14f0 [ 937.395822][ T8966] ? __pfx_out_of_memory+0x10/0x10 [ 937.395851][ T8966] mem_cgroup_out_of_memory+0xc6/0x130 [ 937.395874][ T8966] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 937.395895][ T8966] ? find_held_lock+0x2b/0x80 [ 937.395914][ T8966] ? do_raw_spin_unlock+0x145/0x1e0 [ 937.395938][ T8966] ? _raw_spin_unlock+0x28/0x50 [ 937.395961][ T8966] try_charge_memcg+0x652/0xc90 [ 937.395983][ T8966] ? __pfx_try_charge_memcg+0x10/0x10 [ 937.396001][ T8966] ? find_held_lock+0x2b/0x80 [ 937.396022][ T8966] ? rcu_read_unlock+0x17/0x60 [ 937.396040][ T8966] ? rcu_read_unlock+0x17/0x60 [ 937.396063][ T8966] charge_memcg+0xa6/0x280 [ 937.396080][ T8966] __mem_cgroup_charge+0x2b/0x1e0 [ 937.396101][ T8966] shmem_alloc_and_add_folio+0x451/0xd40 [ 937.396131][ T8966] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 937.396156][ T8966] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 937.396185][ T8966] shmem_get_folio_gfp+0x6ab/0x1900 [ 937.396213][ T8966] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 937.396235][ T8966] ? rcu_is_watching+0x12/0xc0 [ 937.396259][ T8966] ? inode_set_ctime_current+0x283/0x8a0 [ 937.396282][ T8966] shmem_fault+0x1f9/0xa20 [ 937.396306][ T8966] ? __lock_acquire+0x4a5/0x2630 [ 937.396325][ T8966] ? __pfx_shmem_fault+0x10/0x10 [ 937.396349][ T8966] ? __up_read+0x2c5/0x700 [ 937.396370][ T8966] ? __mark_inode_dirty+0x55c/0x1790 [ 937.396399][ T8966] ? __pfx_filemap_map_pages+0x10/0x10 [ 937.396422][ T8966] __do_fault+0x10d/0x550 [ 937.396440][ T8966] ? __pfx_filemap_map_pages+0x10/0x10 [ 937.396463][ T8966] do_fault+0x2db/0x1990 [ 937.396484][ T8966] __handle_mm_fault+0x180f/0x2b60 [ 937.396511][ T8966] ? __pfx___handle_mm_fault+0x10/0x10 [ 937.396534][ T8966] ? pte_offset_map_lock+0x174/0x320 [ 937.396551][ T8966] ? find_held_lock+0x2b/0x80 [ 937.396572][ T8966] ? follow_page_pte+0x5b3/0x1400 [ 937.396594][ T8966] handle_mm_fault+0x36d/0xa20 [ 937.396620][ T8966] __get_user_pages+0xf9c/0x34d0 [ 937.396643][ T8966] ? down_read_killable+0x30e/0x4c0 [ 937.396660][ T8966] ? __pfx___get_user_pages+0x10/0x10 [ 937.396684][ T8966] faultin_page_range+0x1f1/0x9e0 [ 937.396707][ T8966] madvise_do_behavior+0x354/0x510 [ 937.396729][ T8966] ? __pfx_madvise_do_behavior+0x10/0x10 [ 937.396759][ T8966] do_madvise+0x195/0x240 [ 937.396778][ T8966] ? __pfx_do_madvise+0x10/0x10 [ 937.396796][ T8966] ? do_futex+0x192/0x350 [ 937.396835][ T8966] __x64_sys_madvise+0xa9/0x110 [ 937.396853][ T8966] ? lockdep_hardirqs_on+0x78/0x100 [ 937.396876][ T8966] do_syscall_64+0x106/0xf80 [ 937.396898][ T8966] ? clear_bhb_loop+0x40/0x90 [ 937.396917][ T8966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.396933][ T8966] RIP: 0033:0x7fe2aed9c799 [ 937.396947][ T8966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 937.396961][ T8966] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 937.396976][ T8966] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 937.396987][ T8966] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 937.396996][ T8966] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 937.397010][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.397019][ T8966] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 937.397040][ T8966] [ 937.397046][ T8966] memory: usage 3072kB, limit 3072kB, failcnt 145891 [ 938.605443][ T8966] memory+swap: usage 4096kB, limit 9007199254740988kB, failcnt 0 [ 938.613945][ T8966] kmem: usage 2304kB, limit 9007199254740988kB, failcnt 0 [ 938.621854][ T8966] Memory cgroup stats for /syz3: [ 938.621974][ T8966] cache 520192 [ 938.633488][ T8966] rss 4096 [ 938.636512][ T8966] rss_huge 0 [ 938.640137][ T8966] shmem 520192 [ 938.643497][ T8966] mapped_file 520192 [ 938.647422][ T8966] dirty 0 [ 938.651419][ T8966] writeback 4096 [ 938.655009][ T8966] workingset_refault_anon 14968 [ 938.660492][ T8966] workingset_refault_file 43830 [ 938.665621][ T8966] swap 1282048 [ 938.669701][ T8966] swapcached 426614784 [ 938.673757][ T8966] pgpgin 345228 [ 938.678382][ T8966] pgpgout 345093 [ 938.682454][ T8966] pgfault 450216 [ 938.685988][ T8966] pgmajfault 8297 [ 938.689961][ T8966] inactive_anon 544768 [ 938.694016][ T8966] active_anon 4096 [ 938.697715][ T8966] inactive_file 0 [ 938.701852][ T8966] active_file 0 [ 938.705309][ T8966] unevictable 0 [ 938.709571][ T8966] hierarchical_memory_limit 3145728 [ 938.714819][ T8966] hierarchical_memsw_limit 9223372036854771712 [ 938.721267][ T8966] total_cache 520192 [ 938.725201][ T8966] total_rss 4096 [ 938.729400][ T8966] total_rss_huge 0 [ 938.733110][ T8966] total_shmem 520192 [ 938.737049][ T8966] total_mapped_file 520192 [ 938.744188][ T8966] total_dirty 0 [ 938.748235][ T8966] total_writeback 4096 [ 938.752693][ T8966] total_workingset_refault_anon 14968 [ 938.758049][ T8966] total_workingset_refault_file 43830 [ 938.764446][ T8966] total_swap 1282048 [ 938.768592][ T8966] total_swapcached 426614784 [ 938.773270][ T8966] total_pgpgin 345228 [ 938.777332][ T8966] total_pgpgout 345093 [ 938.783011][ T8966] total_pgfault 450216 [ 938.787100][ T8966] total_pgmajfault 8297 [ 938.792036][ T8966] total_inactive_anon 544768 [ 938.796702][ T8966] total_active_anon 4096 [ 938.801753][ T8966] total_inactive_file 0 [ 938.806284][ T8966] total_active_file 0 [ 938.811353][ T8966] total_unevictable 0 [ 938.815329][ T8966] anon_cost 352 [ 938.819230][ T8966] file_cost 0 [ 938.822504][ T8966] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14760,pid=8962,uid=0 [ 938.837701][ T8966] Memory cgroup out of memory: Killed process 8962 (syz.3.14760) total-vm:169944kB, anon-rss:1232kB, file-rss:22428kB, shmem-rss:508kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 939.082010][ T8986] syz.3.14766 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 939.151861][ T8986] CPU: 0 UID: 0 PID: 8986 Comm: syz.3.14766 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 939.151906][ T8986] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 939.151916][ T8986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 939.151925][ T8986] Call Trace: [ 939.151931][ T8986] [ 939.151937][ T8986] dump_stack_lvl+0x100/0x190 [ 939.151966][ T8986] dump_header+0xfb/0x606 [ 939.151983][ T8986] oom_kill_process.cold+0xd/0x330 [ 939.152001][ T8986] out_of_memory+0x340/0x14f0 [ 939.152030][ T8986] ? __pfx_out_of_memory+0x10/0x10 [ 939.152058][ T8986] mem_cgroup_out_of_memory+0xc6/0x130 [ 939.152081][ T8986] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 939.152101][ T8986] ? find_held_lock+0x2b/0x80 [ 939.152120][ T8986] ? do_raw_spin_unlock+0x145/0x1e0 [ 939.152143][ T8986] ? _raw_spin_unlock+0x28/0x50 [ 939.152166][ T8986] try_charge_memcg+0x652/0xc90 [ 939.152187][ T8986] ? __pfx_try_charge_memcg+0x10/0x10 [ 939.152208][ T8986] ? find_held_lock+0x2b/0x80 [ 939.152222][ T8986] ? rcu_read_unlock+0x17/0x60 [ 939.152239][ T8986] ? rcu_read_unlock+0x17/0x60 [ 939.152258][ T8986] charge_memcg+0xa6/0x280 [ 939.152274][ T8986] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 939.152297][ T8986] __swap_cache_prepare_and_add+0x528/0x9e0 [ 939.152328][ T8986] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 939.152349][ T8986] ? __pfx_swap_entry_swapped+0x10/0x10 [ 939.152371][ T8986] swap_cache_alloc_folio+0x1cb/0x300 [ 939.152394][ T8986] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 939.152423][ T8986] swap_cluster_readahead+0x411/0x770 [ 939.152450][ T8986] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 939.152481][ T8986] ? finish_task_switch.isra.0+0x200/0xb80 [ 939.152501][ T8986] ? get_vma_policy+0x23f/0x3b0 [ 939.152521][ T8986] swapin_readahead+0x160/0x12c0 [ 939.152543][ T8986] ? rcu_is_watching+0x12/0xc0 [ 939.152571][ T8986] ? __pfx_swapin_readahead+0x10/0x10 [ 939.152593][ T8986] ? find_held_lock+0x2b/0x80 [ 939.152607][ T8986] ? swap_table_get+0x103/0x2c0 [ 939.152626][ T8986] ? swap_table_get+0x103/0x2c0 [ 939.152650][ T8986] ? swap_table_get+0x10d/0x2c0 [ 939.152670][ T8986] ? swap_cache_get_folio+0x1ae/0x600 [ 939.152693][ T8986] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 939.152713][ T8986] ? __pfx_get_swap_device+0x10/0x10 [ 939.152732][ T8986] ? do_swap_page+0xb2e/0x6900 [ 939.152753][ T8986] do_swap_page+0xb2e/0x6900 [ 939.152776][ T8986] ? __free_object+0x2a8/0x400 [ 939.152799][ T8986] ? lockdep_hardirqs_on+0x78/0x100 [ 939.152827][ T8986] ? __pfx_do_swap_page+0x10/0x10 [ 939.152853][ T8986] ? rcu_is_watching+0x12/0xc0 [ 939.152876][ T8986] ? __pte_offset_map+0x179/0x310 [ 939.152899][ T8986] __handle_mm_fault+0x18c1/0x2b60 [ 939.152924][ T8986] ? reacquire_held_locks+0xce/0x1e0 [ 939.152945][ T8986] ? __pfx___handle_mm_fault+0x10/0x10 [ 939.152969][ T8986] ? lock_vma_under_rcu+0x17c/0x590 [ 939.153002][ T8986] handle_mm_fault+0x36d/0xa20 [ 939.153027][ T8986] do_user_addr_fault+0x5a3/0x12f0 [ 939.153048][ T8986] exc_page_fault+0x6f/0xd0 [ 939.153071][ T8986] asm_exc_page_fault+0x26/0x30 [ 939.153086][ T8986] RIP: 0033:0x7fe2aed9c7ab [ 939.153099][ T8986] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 [ 939.153114][ T8986] RSP: 002b:00007ffd9638c1c8 EFLAGS: 00010213 [ 939.153126][ T8986] RAX: 000000000000006e RBX: 00000000000e641c RCX: ffffffffffffffe8 [ 939.153137][ T8986] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe2af015fac [ 939.153146][ T8986] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 939.153154][ T8986] R10: 00007ffd9638c2d0 R11: 0000000000000246 R12: 00007ffd9638c2f0 [ 939.153164][ T8986] R13: 00007fe2af015fac R14: 00000000000e644e R15: 00007ffd9638c2d0 [ 939.153184][ T8986] [ 939.153189][ T8986] memory: usage 3072kB, limit 3072kB, failcnt 146009 [ 939.788827][ T9001] netlink: 74 bytes leftover after parsing attributes in process `syz.2.14775'. [ 939.974049][ T8986] memory+swap: usage 3984kB, limit 9007199254740988kB, failcnt 0 [ 940.010572][ T8986] kmem: usage 2324kB, limit 9007199254740988kB, failcnt 0 [ 940.037374][ T8986] Memory cgroup stats for /syz3: [ 940.037489][ T8986] cache 753664 [ 940.067251][ T8986] rss 12288 [ 940.070385][ T8986] rss_huge 0 [ 940.086817][ T8986] shmem 753664 [ 940.090211][ T8986] mapped_file 753664 [ 940.112163][ T8986] dirty 0 [ 940.121924][ T8986] writeback 0 [ 940.131019][ T8986] workingset_refault_anon 14991 [ 940.146440][ T8986] workingset_refault_file 43830 [ 940.163671][ T8986] swap 933888 [ 940.189209][ T8986] swapcached 427003904 [ 940.201782][ T8986] pgpgin 345470 [ 940.224032][ T8986] pgpgout 345283 [ 940.227598][ T8986] pgfault 450515 [ 940.250212][ T8986] pgmajfault 8304 [ 940.270086][ T8986] inactive_anon 0 [ 940.285828][ T8986] active_anon 765952 [ 940.289740][ T8986] inactive_file 0 [ 940.329732][ T8986] active_file 0 [ 940.339295][ T8986] unevictable 0 [ 940.352166][ T8986] hierarchical_memory_limit 3145728 [ 940.379371][ T8986] hierarchical_memsw_limit 9223372036854771712 [ 940.404269][ T8986] total_cache 753664 [ 940.408181][ T8986] total_rss 12288 [ 940.448598][ T8986] total_rss_huge 0 [ 940.457600][ T8986] total_shmem 753664 [ 940.479990][ T8986] total_mapped_file 753664 [ 940.489621][ T8986] total_dirty 0 [ 940.502404][ T8986] total_writeback 0 [ 940.506218][ T8986] total_workingset_refault_anon 14991 [ 940.537858][ T8986] total_workingset_refault_file 43830 [ 940.559594][ T8986] total_swap 933888 [ 940.563425][ T8986] total_swapcached 427003904 [ 940.596432][ T8986] total_pgpgin 345470 [ 940.618544][ T8986] total_pgpgout 345283 [ 940.636224][ T8986] total_pgfault 450515 [ 940.658860][ T8986] total_pgmajfault 8304 [ 940.670272][ T8986] total_inactive_anon 0 [ 940.696884][ T8986] total_active_anon 765952 [ 940.715361][ T8986] total_inactive_file 0 [ 940.733952][ T8986] total_active_file 0 [ 940.737981][ T8986] total_unevictable 0 [ 940.768643][ T9023] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14784'. [ 940.777998][ T8986] anon_cost 21 [ 940.781537][ T8986] file_cost 0 [ 940.784822][ T8986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14766,pid=8986,uid=0 [ 940.834735][ T9023] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14784'. [ 940.869859][ T8986] Memory cgroup out of memory: Killed process 8986 (syz.3.14766) total-vm:137176kB, anon-rss:1232kB, file-rss:22428kB, shmem-rss:504kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 941.133204][ T9030] netlink: 330 bytes leftover after parsing attributes in process `syz.1.14788'. [ 941.588226][ T9050] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14791'. [ 942.315155][ T9079] FAULT_INJECTION: forcing a failure. [ 942.315155][ T9079] name failslab, interval 1, probability 0, space 0, times 0 [ 942.370326][ T9079] CPU: 0 UID: 0 PID: 9079 Comm: syz.2.14808 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 942.370365][ T9079] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 942.370375][ T9079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 942.370385][ T9079] Call Trace: [ 942.370390][ T9079] [ 942.370397][ T9079] dump_stack_lvl+0x100/0x190 [ 942.370425][ T9079] should_fail_ex.cold+0x5/0xa [ 942.370445][ T9079] should_failslab+0xc2/0x120 [ 942.370462][ T9079] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 942.370486][ T9079] ? alloc_inode+0x68/0x250 [ 942.370507][ T9079] ? simple_start_creating+0xb0/0x110 [ 942.370541][ T9079] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 942.370651][ T9079] alloc_inode+0x68/0x250 [ 942.370672][ T9079] new_inode+0x22/0x1c0 [ 942.370695][ T9079] debugfs_create_symlink+0xd1/0x220 [ 942.370740][ T9079] drm_debugfs_clients_add+0x199/0x210 [ 942.370764][ T9079] drm_file_alloc+0x5c6/0xb40 [ 942.370838][ T9079] drm_open_helper+0x1fc/0x540 [ 942.370861][ T9079] drm_open+0x1a0/0x3e0 [ 942.370882][ T9079] ? __pfx_drm_open+0x10/0x10 [ 942.370902][ T9079] drm_stub_open+0x20f/0x380 [ 942.370944][ T9079] ? __pfx_drm_stub_open+0x10/0x10 [ 942.370965][ T9079] chrdev_open+0x234/0x6a0 [ 942.370982][ T9079] ? __pfx_apparmor_file_open+0x10/0x10 [ 942.370999][ T9079] ? __pfx_chrdev_open+0x10/0x10 [ 942.371016][ T9079] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 942.371038][ T9079] do_dentry_open+0x6d8/0x1660 [ 942.371054][ T9079] ? __pfx_chrdev_open+0x10/0x10 [ 942.371075][ T9079] vfs_open+0x82/0x3f0 [ 942.371098][ T9079] path_openat+0x208c/0x31a0 [ 942.371120][ T9079] ? __pfx_path_openat+0x10/0x10 [ 942.371144][ T9079] do_file_open+0x20e/0x430 [ 942.371161][ T9079] ? __pfx_do_file_open+0x10/0x10 [ 942.371191][ T9079] ? alloc_fd+0x476/0x790 [ 942.371209][ T9079] ? do_getname+0x191/0x390 [ 942.371230][ T9079] do_sys_openat2+0x10d/0x1e0 [ 942.371250][ T9079] ? __pfx_do_sys_openat2+0x10/0x10 [ 942.371272][ T9079] ? __fget_files+0x21f/0x3d0 [ 942.371291][ T9079] __x64_sys_openat+0x12d/0x210 [ 942.371312][ T9079] ? __pfx___x64_sys_openat+0x10/0x10 [ 942.371340][ T9079] do_syscall_64+0x106/0xf80 [ 942.371362][ T9079] ? clear_bhb_loop+0x40/0x90 [ 942.371381][ T9079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.371398][ T9079] RIP: 0033:0x7f8438b9c799 [ 942.371413][ T9079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 942.371428][ T9079] RSP: 002b:00007f8436df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 942.371444][ T9079] RAX: ffffffffffffffda RBX: 00007f8438e15fa0 RCX: 00007f8438b9c799 [ 942.371455][ T9079] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 942.371465][ T9079] RBP: 00007f8438c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 942.371476][ T9079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.371486][ T9079] R13: 00007f8438e16038 R14: 00007f8438e15fa0 R15: 00007fffd7fb9578 [ 942.371506][ T9079] [ 942.371514][ T9079] debugfs: out of free dentries, can not create symlink 'device' [ 942.704228][ T9085] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14801'. [ 942.986329][ T9090] syz.3.14802 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 943.056213][ T9090] CPU: 0 UID: 0 PID: 9090 Comm: syz.3.14802 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 943.056251][ T9090] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 943.056261][ T9090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.056271][ T9090] Call Trace: [ 943.056277][ T9090] [ 943.056284][ T9090] dump_stack_lvl+0x100/0x190 [ 943.056312][ T9090] dump_header+0xfb/0x606 [ 943.056330][ T9090] oom_kill_process.cold+0xd/0x330 [ 943.056349][ T9090] out_of_memory+0x340/0x14f0 [ 943.056385][ T9090] ? __pfx_out_of_memory+0x10/0x10 [ 943.056414][ T9090] mem_cgroup_out_of_memory+0xc6/0x130 [ 943.056438][ T9090] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 943.056458][ T9090] ? find_held_lock+0x2b/0x80 [ 943.056477][ T9090] ? do_raw_spin_unlock+0x145/0x1e0 [ 943.056501][ T9090] ? _raw_spin_unlock+0x28/0x50 [ 943.056524][ T9090] try_charge_memcg+0x652/0xc90 [ 943.056546][ T9090] ? __pfx_try_charge_memcg+0x10/0x10 [ 943.056563][ T9090] ? find_held_lock+0x2b/0x80 [ 943.056578][ T9090] ? rcu_read_unlock+0x17/0x60 [ 943.056595][ T9090] ? rcu_read_unlock+0x17/0x60 [ 943.056619][ T9090] charge_memcg+0xa6/0x280 [ 943.056636][ T9090] __mem_cgroup_charge+0x2b/0x1e0 [ 943.056657][ T9090] shmem_alloc_and_add_folio+0x451/0xd40 [ 943.056686][ T9090] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 943.056712][ T9090] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 943.056741][ T9090] shmem_get_folio_gfp+0x6ab/0x1900 [ 943.056767][ T9090] ? find_held_lock+0x2b/0x80 [ 943.056783][ T9090] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 943.056808][ T9090] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 943.056829][ T9090] ? lockdep_hardirqs_on+0x78/0x100 [ 943.056854][ T9090] shmem_fault+0x1f9/0xa20 [ 943.056880][ T9090] ? __lock_acquire+0x4a5/0x2630 [ 943.056900][ T9090] ? __pfx_shmem_fault+0x10/0x10 [ 943.056925][ T9090] ? __up_read+0x2c5/0x700 [ 943.056954][ T9090] ? __pfx_filemap_map_pages+0x10/0x10 [ 943.056978][ T9090] __do_fault+0x10d/0x550 [ 943.056996][ T9090] ? __pfx_filemap_map_pages+0x10/0x10 [ 943.057018][ T9090] do_fault+0x2db/0x1990 [ 943.057039][ T9090] __handle_mm_fault+0x180f/0x2b60 [ 943.057066][ T9090] ? __pfx___handle_mm_fault+0x10/0x10 [ 943.057089][ T9090] ? pte_offset_map_lock+0x174/0x320 [ 943.057106][ T9090] ? find_held_lock+0x2b/0x80 [ 943.057127][ T9090] ? follow_page_pte+0x5b3/0x1400 [ 943.057149][ T9090] handle_mm_fault+0x36d/0xa20 [ 943.057175][ T9090] __get_user_pages+0xf9c/0x34d0 [ 943.057198][ T9090] ? down_read_killable+0x30e/0x4c0 [ 943.057215][ T9090] ? __pfx___get_user_pages+0x10/0x10 [ 943.057239][ T9090] faultin_page_range+0x1f1/0x9e0 [ 943.057263][ T9090] madvise_do_behavior+0x354/0x510 [ 943.057284][ T9090] ? __pfx_madvise_do_behavior+0x10/0x10 [ 943.057315][ T9090] do_madvise+0x195/0x240 [ 943.057333][ T9090] ? __pfx_do_madvise+0x10/0x10 [ 943.057356][ T9090] ? do_futex+0x192/0x350 [ 943.057395][ T9090] __x64_sys_madvise+0xa9/0x110 [ 943.057413][ T9090] ? lockdep_hardirqs_on+0x78/0x100 [ 943.057435][ T9090] do_syscall_64+0x106/0xf80 [ 943.057458][ T9090] ? clear_bhb_loop+0x40/0x90 [ 943.057476][ T9090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.057492][ T9090] RIP: 0033:0x7fe2aed9c799 [ 943.057506][ T9090] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.057521][ T9090] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 943.057536][ T9090] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 943.057546][ T9090] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 943.057556][ T9090] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 943.057565][ T9090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.057574][ T9090] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 943.057595][ T9090] [ 943.064336][ T9090] memory: usage 3072kB, limit 3072kB, failcnt 146253 [ 943.920062][ T9129] netlink: 'syz.1.14809': attribute type 19 has an invalid length. [ 943.975233][ T9129] netlink: 334 bytes leftover after parsing attributes in process `syz.1.14809'. [ 944.034838][ T9090] memory+swap: usage 3972kB, limit 9007199254740988kB, failcnt 0 [ 944.081967][ T9090] kmem: usage 2304kB, limit 9007199254740988kB, failcnt 0 [ 944.121788][ T9135] netlink: 342 bytes leftover after parsing attributes in process `syz.2.14812'. [ 944.134209][ T9090] Memory cgroup stats for /syz3: [ 944.134327][ T9090] cache 761856 [ 944.162912][ T9135] netlink: 342 bytes leftover after parsing attributes in process `syz.2.14812'. [ 944.178992][ T9090] rss 4096 [ 944.188481][ T9090] rss_huge 0 [ 944.198569][ T9090] shmem 761856 [ 944.208137][ T9090] mapped_file 761856 [ 944.227430][ T9090] dirty 0 [ 944.248267][ T9090] writeback 0 [ 944.262960][ T9090] workingset_refault_anon 15084 [ 944.267846][ T9090] workingset_refault_file 43830 [ 944.312196][ T9090] swap 921600 [ 944.315502][ T9090] swapcached 427327488 [ 944.347629][ T9090] pgpgin 346042 [ 944.355342][ T9148] netlink: 342 bytes leftover after parsing attributes in process `syz.2.14816'. [ 944.372147][ T9090] pgpgout 345850 [ 944.381256][ T9090] pgfault 453632 [ 944.398445][ T9090] pgmajfault 8310 [ 944.415391][ T9090] inactive_anon 20480 [ 944.435720][ T9090] active_anon 765952 [ 944.462777][ T9090] inactive_file 0 [ 944.466437][ T9090] active_file 0 [ 944.494686][ T9090] unevictable 0 [ 944.498163][ T9090] hierarchical_memory_limit 3145728 [ 944.535390][ T9090] hierarchical_memsw_limit 9223372036854771712 [ 944.571075][ T9090] total_cache 761856 [ 944.574990][ T9090] total_rss 4096 [ 944.609834][ T9090] total_rss_huge 0 [ 944.614132][ T9090] total_shmem 761856 [ 944.643075][ T9090] total_mapped_file 761856 [ 944.647516][ T9090] total_dirty 0 [ 944.680685][ T9090] total_writeback 0 [ 944.700079][ T9090] total_workingset_refault_anon 15084 [ 944.705492][ T9090] total_workingset_refault_file 43830 [ 944.751906][ T9090] total_swap 921600 [ 944.755735][ T9090] total_swapcached 427327488 [ 944.783373][ T9090] total_pgpgin 346042 [ 944.802504][ T9090] total_pgpgout 345850 [ 944.806586][ T9090] total_pgfault 453632 [ 944.823450][ T9090] total_pgmajfault 8310 [ 944.843079][ T9090] total_inactive_anon 20480 [ 944.853170][ T9090] total_active_anon 765952 [ 944.867078][ T9090] total_inactive_file 0 [ 944.888219][ T9090] total_active_file 0 [ 944.907052][ T9090] total_unevictable 0 [ 944.911056][ T9090] anon_cost 31 [ 944.924646][ T9090] file_cost 0 [ 944.928752][ T9090] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14802,pid=9087,uid=0 [ 944.961814][ T9090] Memory cgroup out of memory: Killed process 9087 (syz.3.14802) total-vm:137176kB, anon-rss:1232kB, file-rss:22428kB, shmem-rss:744kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 945.316657][ T9207] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14824'. [ 945.342869][ T9208] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14832'. [ 945.599707][ T9218] netlink: 330 bytes leftover after parsing attributes in process `syz.0.14826'. [ 945.625717][ T9219] netlink: 330 bytes leftover after parsing attributes in process `syz.2.14827'. [ 946.339235][ T30] audit: type=1804 audit(2147483750.033:53): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.14841" name="/newroot/1531/file0" dev="tmpfs" ino=7779 res=1 errno=0 [ 946.452224][ T30] audit: type=1804 audit(2147483750.053:54): pid=9276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.14841" name="/newroot/1531/file0" dev="tmpfs" ino=7779 res=1 errno=0 [ 946.844480][ T9281] syz.3.14836 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 946.910814][ T9281] CPU: 0 UID: 0 PID: 9281 Comm: syz.3.14836 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 946.910885][ T9281] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 946.910903][ T9281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 946.910913][ T9281] Call Trace: [ 946.910919][ T9281] [ 946.910925][ T9281] dump_stack_lvl+0x100/0x190 [ 946.910954][ T9281] dump_header+0xfb/0x606 [ 946.910972][ T9281] oom_kill_process.cold+0xd/0x330 [ 946.910991][ T9281] out_of_memory+0x340/0x14f0 [ 946.911019][ T9281] ? __pfx_out_of_memory+0x10/0x10 [ 946.911048][ T9281] mem_cgroup_out_of_memory+0xc6/0x130 [ 946.911071][ T9281] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 946.911092][ T9281] ? find_held_lock+0x2b/0x80 [ 946.911111][ T9281] ? do_raw_spin_unlock+0x145/0x1e0 [ 946.911134][ T9281] ? _raw_spin_unlock+0x28/0x50 [ 946.911158][ T9281] try_charge_memcg+0x652/0xc90 [ 946.911179][ T9281] ? __pfx_try_charge_memcg+0x10/0x10 [ 946.911196][ T9281] ? find_held_lock+0x2b/0x80 [ 946.911210][ T9281] ? rcu_read_unlock+0x17/0x60 [ 946.911227][ T9281] ? rcu_read_unlock+0x17/0x60 [ 946.911250][ T9281] charge_memcg+0xa6/0x280 [ 946.911267][ T9281] __mem_cgroup_charge+0x2b/0x1e0 [ 946.911288][ T9281] do_anonymous_page+0xb62/0x1fb0 [ 946.911317][ T9281] __handle_mm_fault+0x1d42/0x2b60 [ 946.911345][ T9281] ? __pfx___handle_mm_fault+0x10/0x10 [ 946.911367][ T9281] ? pte_offset_map_lock+0x174/0x320 [ 946.911384][ T9281] ? find_held_lock+0x2b/0x80 [ 946.911406][ T9281] ? follow_page_pte+0x5b3/0x1400 [ 946.911428][ T9281] handle_mm_fault+0x36d/0xa20 [ 946.911453][ T9281] __get_user_pages+0xf9c/0x34d0 [ 946.911479][ T9281] ? __pfx___get_user_pages+0x10/0x10 [ 946.911503][ T9281] populate_vma_page_range+0x267/0x3f0 [ 946.911524][ T9281] ? __pfx_populate_vma_page_range+0x10/0x10 [ 946.911542][ T9281] ? __pfx_find_vma_intersection+0x10/0x10 [ 946.911560][ T9281] ? do_mmap+0x93f/0x12f0 [ 946.911580][ T9281] __mm_populate+0x107/0x3a0 [ 946.911599][ T9281] ? __pfx___mm_populate+0x10/0x10 [ 946.911620][ T9281] ? up_write+0x290/0x4f0 [ 946.911644][ T9281] vm_mmap_pgoff+0x37f/0x470 [ 946.911665][ T9281] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 946.911684][ T9281] ? do_futex+0x192/0x350 [ 946.911704][ T9281] ? __pfx_do_futex+0x10/0x10 [ 946.911725][ T9281] ? snd_pcm_oss_ioctl+0x2b6/0x3720 [ 946.911748][ T9281] ksys_mmap_pgoff+0xe1/0x650 [ 946.911765][ T9281] ? __x64_sys_futex+0x34f/0x4d0 [ 946.911784][ T9281] ? __x64_sys_futex+0x358/0x4d0 [ 946.911805][ T9281] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 946.911822][ T9281] ? xfd_validate_state+0x129/0x190 [ 946.911849][ T9281] __x64_sys_mmap+0x125/0x190 [ 946.911874][ T9281] do_syscall_64+0x106/0xf80 [ 946.911901][ T9281] ? clear_bhb_loop+0x40/0x90 [ 946.911920][ T9281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.911936][ T9281] RIP: 0033:0x7fe2aed9c799 [ 946.911950][ T9281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 946.911965][ T9281] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 946.911981][ T9281] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 946.911992][ T9281] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 946.912001][ T9281] RBP: 00007fe2aee32c99 R08: 0000000000000002 R09: 0000000000008000 [ 946.912010][ T9281] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 946.912020][ T9281] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 946.912040][ T9281] [ 946.912046][ T9281] memory: usage 3072kB, limit 3072kB, failcnt 147579 [ 947.477512][ T9281] memory+swap: usage 6956kB, limit 9007199254740988kB, failcnt 0 [ 947.567444][ T9281] kmem: usage 2308kB, limit 9007199254740988kB, failcnt 0 [ 947.594596][ T9281] Memory cgroup stats for /syz3: [ 947.594713][ T9281] cache 0 [ 947.613912][ T9281] rss 761856 [ 947.617141][ T9281] rss_huge 0 [ 947.620348][ T9281] shmem 0 [ 947.627372][ T9281] mapped_file 0 [ 947.630856][ T9281] dirty 0 [ 947.660189][ T9281] writeback 0 [ 947.675019][ T9281] workingset_refault_anon 15175 [ 947.679893][ T9281] workingset_refault_file 43830 [ 947.698461][ T9281] swap 3977216 [ 947.708891][ T9281] swapcached 434421760 [ 947.714033][ T9281] pgpgin 348256 [ 947.717491][ T9281] pgpgout 348070 [ 947.721121][ T9281] pgfault 456122 [ 947.730116][ T9281] pgmajfault 8347 [ 947.734749][ T9281] inactive_anon 8192 [ 947.738638][ T9281] active_anon 753664 [ 947.743141][ T9281] inactive_file 0 [ 947.748031][ T9281] active_file 0 [ 947.751521][ T9281] unevictable 0 [ 947.755796][ T9281] hierarchical_memory_limit 3145728 [ 947.764599][ T9281] hierarchical_memsw_limit 9223372036854771712 [ 947.770785][ T9281] total_cache 0 [ 947.774658][ T9281] total_rss 761856 [ 947.778365][ T9281] total_rss_huge 0 [ 947.783180][ T9281] total_shmem 0 [ 947.786714][ T9281] total_mapped_file 0 [ 947.790697][ T9281] total_dirty 0 [ 947.795084][ T9281] total_writeback 0 [ 947.798963][ T9281] total_workingset_refault_anon 15175 [ 947.804690][ T9281] total_workingset_refault_file 43830 [ 947.810118][ T9281] total_swap 3977216 [ 947.814337][ T9281] total_swapcached 434421760 [ 947.818937][ T9281] total_pgpgin 348256 [ 947.824332][ T9281] total_pgpgout 348070 [ 947.828915][ T9281] total_pgfault 456122 [ 947.833545][ T9281] total_pgmajfault 8347 [ 947.837784][ T9281] total_inactive_anon 8192 [ 947.842710][ T9281] total_active_anon 753664 [ 947.848435][ T9281] total_inactive_file 0 [ 947.853451][ T9281] total_active_file 0 [ 947.857423][ T9281] total_unevictable 0 [ 947.861760][ T9281] anon_cost 44 [ 947.865118][ T9281] file_cost 0 [ 947.868407][ T9281] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14836,pid=9279,uid=0 [ 947.886839][ T9281] Memory cgroup out of memory: Killed process 9279 (syz.3.14836) total-vm:108376kB, anon-rss:1972kB, file-rss:22564kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 947.948723][ T9343] netlink: 330 bytes leftover after parsing attributes in process `syz.2.14840'. [ 948.325048][ T9363] Format for adding new port is "id [perm_addr]" (uint MAC). [ 948.701617][ T9377] futex_wake_op: syz.3.14853 tries to shift op by -2048; fix this program [ 948.736317][ T9377] 0x000400000001-0x00042b86614e : "" [ 948.752248][ T9377] mtd: partition "" is out of reach -- disabled [ 948.827187][ T9377] ftl_cs: FTL header not found. [ 949.787600][T16686] block nbd6: Receive control failed (result -32) [ 949.926086][ T9420] syz.3.14866 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 949.974544][ T9431] netlink: 342 bytes leftover after parsing attributes in process `syz.0.14867'. [ 950.005257][ T9420] CPU: 0 UID: 0 PID: 9420 Comm: syz.3.14866 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 950.005296][ T9420] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 950.005307][ T9420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 950.005317][ T9420] Call Trace: [ 950.005323][ T9420] [ 950.005329][ T9420] dump_stack_lvl+0x100/0x190 [ 950.005358][ T9420] dump_header+0xfb/0x606 [ 950.005376][ T9420] oom_kill_process.cold+0xd/0x330 [ 950.005396][ T9420] out_of_memory+0x340/0x14f0 [ 950.005424][ T9420] ? __pfx_out_of_memory+0x10/0x10 [ 950.005453][ T9420] mem_cgroup_out_of_memory+0xc6/0x130 [ 950.005476][ T9420] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 950.005497][ T9420] ? find_held_lock+0x2b/0x80 [ 950.005516][ T9420] ? do_raw_spin_unlock+0x145/0x1e0 [ 950.005539][ T9420] ? _raw_spin_unlock+0x28/0x50 [ 950.005570][ T9420] try_charge_memcg+0x652/0xc90 [ 950.005592][ T9420] ? __pfx_try_charge_memcg+0x10/0x10 [ 950.005608][ T9420] ? find_held_lock+0x2b/0x80 [ 950.005623][ T9420] ? rcu_read_unlock+0x17/0x60 [ 950.005640][ T9420] ? rcu_read_unlock+0x17/0x60 [ 950.005663][ T9420] charge_memcg+0xa6/0x280 [ 950.005680][ T9420] __mem_cgroup_charge+0x2b/0x1e0 [ 950.005700][ T9420] do_anonymous_page+0xb62/0x1fb0 [ 950.005730][ T9420] __handle_mm_fault+0x1d42/0x2b60 [ 950.005757][ T9420] ? __pfx___handle_mm_fault+0x10/0x10 [ 950.005780][ T9420] ? pte_offset_map_lock+0x174/0x320 [ 950.005797][ T9420] ? find_held_lock+0x2b/0x80 [ 950.005818][ T9420] ? follow_page_pte+0x5b3/0x1400 [ 950.005840][ T9420] handle_mm_fault+0x36d/0xa20 [ 950.005865][ T9420] __get_user_pages+0xf9c/0x34d0 [ 950.005891][ T9420] ? __pfx___get_user_pages+0x10/0x10 [ 950.005915][ T9420] populate_vma_page_range+0x267/0x3f0 [ 950.005936][ T9420] ? __pfx_populate_vma_page_range+0x10/0x10 [ 950.005955][ T9420] ? __pfx_find_vma_intersection+0x10/0x10 [ 950.005974][ T9420] ? do_mmap+0x93f/0x12f0 [ 950.005998][ T9420] __mm_populate+0x107/0x3a0 [ 950.006022][ T9420] ? __pfx___mm_populate+0x10/0x10 [ 950.006043][ T9420] ? up_write+0x290/0x4f0 [ 950.006068][ T9420] vm_mmap_pgoff+0x37f/0x470 [ 950.006089][ T9420] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 950.006116][ T9420] ksys_mmap_pgoff+0xe1/0x650 [ 950.006134][ T9420] ? kcov_ioctl+0x16a/0x720 [ 950.006148][ T9420] ? kfree+0x2ec/0x6b0 [ 950.006168][ T9420] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 950.006184][ T9420] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 950.006211][ T9420] __x64_sys_mmap+0x125/0x190 [ 950.006237][ T9420] do_syscall_64+0x106/0xf80 [ 950.006260][ T9420] ? clear_bhb_loop+0x40/0x90 [ 950.006279][ T9420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.006295][ T9420] RIP: 0033:0x7fe2aed9c799 [ 950.006309][ T9420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.006325][ T9420] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 950.006340][ T9420] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 950.006350][ T9420] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 950.006359][ T9420] RBP: 00007fe2aee32c99 R08: 0000000000000002 R09: 0000000000008000 [ 950.006369][ T9420] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 950.006378][ T9420] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 950.006398][ T9420] [ 950.006404][ T9420] memory: usage 2948kB, limit 3072kB, failcnt 148694 [ 950.516234][ T9464] futex_wake_op: syz.0.14868 tries to shift op by -2048; fix this program [ 951.346585][ T9420] memory+swap: usage 3888kB, limit 9007199254740988kB, failcnt 0 [ 951.365701][ T9420] kmem: usage 2360kB, limit 9007199254740988kB, failcnt 0 [ 951.401862][ T9420] Memory cgroup stats for /syz3: [ 951.401973][ T9420] cache 0 [ 951.421947][ T9420] rss 585728 [ 951.430888][ T9420] rss_huge 0 [ 951.446628][ T9420] shmem 0 [ 951.451779][ T9420] mapped_file 0 [ 951.464675][ T9420] dirty 0 [ 951.474621][ T9420] writeback 0 [ 951.485247][ T9420] workingset_refault_anon 15385 [ 951.500290][ T9420] workingset_refault_file 44410 [ 951.519246][ T9420] swap 966656 [ 951.531114][ T9420] swapcached 434843648 [ 951.546409][ T9420] pgpgin 349818 [ 951.557533][ T9420] pgpgout 349672 [ 951.569103][ T9420] pgfault 458412 [ 951.580224][ T9420] pgmajfault 8522 [ 951.593519][ T9420] inactive_anon 24576 [ 951.604649][ T9420] active_anon 573440 [ 951.608552][ T9420] inactive_file 0 [ 951.632314][ T9420] active_file 0 [ 951.643465][ T9420] unevictable 0 [ 951.654855][ T9420] hierarchical_memory_limit 3145728 [ 951.670188][ T9420] hierarchical_memsw_limit 9223372036854771712 [ 951.692472][ T9420] total_cache 0 [ 951.695949][ T9420] total_rss 585728 [ 951.699647][ T9420] total_rss_huge 0 [ 951.726888][ T9420] total_shmem 0 [ 951.730371][ T9420] total_mapped_file 0 [ 951.752300][ T9420] total_dirty 0 [ 951.781280][ T9420] total_writeback 0 [ 951.785113][ T9420] total_workingset_refault_anon 15385 [ 951.810706][ T9420] total_workingset_refault_file 44410 [ 951.816105][ T9420] total_swap 966656 [ 951.841182][ T9420] total_swapcached 434843648 [ 951.851527][ T9420] total_pgpgin 349818 [ 951.855674][ T9420] total_pgpgout 349672 [ 951.859767][ T9420] total_pgfault 458412 [ 951.900718][ T9420] total_pgmajfault 8522 [ 951.904936][ T9420] total_inactive_anon 24576 [ 951.909441][ T9420] total_active_anon 573440 [ 951.931510][ T9420] total_inactive_file 0 [ 951.945869][ T9420] total_active_file 0 [ 951.960699][ T9420] total_unevictable 0 [ 951.974881][ T9420] anon_cost 91 [ 951.978288][ T9420] file_cost 0 [ 951.992560][ T9420] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14866,pid=9416,uid=0 [ 952.050497][ T9420] Memory cgroup out of memory: Killed process 9416 (syz.3.14866) total-vm:108376kB, anon-rss:1584kB, file-rss:21456kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 952.243461][ T9492] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14875'. [ 952.646603][ T9501] FAULT_INJECTION: forcing a failure. [ 952.646603][ T9501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 952.702401][ T9501] CPU: 0 UID: 0 PID: 9501 Comm: syz.2.14881 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 952.702440][ T9501] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 952.702450][ T9501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.702460][ T9501] Call Trace: [ 952.702466][ T9501] [ 952.702473][ T9501] dump_stack_lvl+0x100/0x190 [ 952.702503][ T9501] should_fail_ex.cold+0x5/0xa [ 952.702524][ T9501] _copy_from_iter+0x43a/0x1690 [ 952.702547][ T9501] ? __pfx__copy_from_iter+0x10/0x10 [ 952.702565][ T9501] ? rcu_is_watching+0x12/0xc0 [ 952.702590][ T9501] ? trace_kmalloc+0x101/0x130 [ 952.702605][ T9501] ? __kmalloc_large_node_noprof+0x5d/0x70 [ 952.702625][ T9501] ? __kmalloc_noprof+0x320/0x850 [ 952.702651][ T9501] qrtr_tun_write_iter+0xe7/0x1b0 [ 952.702671][ T9501] do_iter_readv_writev+0x6ee/0x920 [ 952.702696][ T9501] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 952.702722][ T9501] ? bpf_lsm_file_permission+0x9/0x10 [ 952.702737][ T9501] ? security_file_permission+0x76/0x210 [ 952.702757][ T9501] ? rw_verify_area+0xce/0x6d0 [ 952.702781][ T9501] vfs_writev+0x360/0xe10 [ 952.702809][ T9501] ? __pfx_vfs_writev+0x10/0x10 [ 952.702844][ T9501] ? __fget_files+0x21f/0x3d0 [ 952.702863][ T9501] ? do_writev+0x13e/0x340 [ 952.702884][ T9501] do_writev+0x13e/0x340 [ 952.702907][ T9501] ? __pfx_do_writev+0x10/0x10 [ 952.702934][ T9501] do_syscall_64+0x106/0xf80 [ 952.702956][ T9501] ? clear_bhb_loop+0x40/0x90 [ 952.702974][ T9501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.702990][ T9501] RIP: 0033:0x7f8438b9c799 [ 952.703004][ T9501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 952.703019][ T9501] RSP: 002b:00007f8436df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 952.703034][ T9501] RAX: ffffffffffffffda RBX: 00007f8438e15fa0 RCX: 00007f8438b9c799 [ 952.703045][ T9501] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000003 [ 952.703054][ T9501] RBP: 00007f8438c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 952.703063][ T9501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 952.703072][ T9501] R13: 00007f8438e16038 R14: 00007f8438e15fa0 R15: 00007fffd7fb9578 [ 952.703093][ T9501] [ 953.749560][ T9496] syz.3.14877 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 953.782380][ T9496] CPU: 0 UID: 0 PID: 9496 Comm: syz.3.14877 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 953.782418][ T9496] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 953.782428][ T9496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 953.782438][ T9496] Call Trace: [ 953.782444][ T9496] [ 953.782451][ T9496] dump_stack_lvl+0x100/0x190 [ 953.782480][ T9496] dump_header+0xfb/0x606 [ 953.782498][ T9496] oom_kill_process.cold+0xd/0x330 [ 953.782517][ T9496] out_of_memory+0x340/0x14f0 [ 953.782546][ T9496] ? __pfx_out_of_memory+0x10/0x10 [ 953.782574][ T9496] mem_cgroup_out_of_memory+0xc6/0x130 [ 953.782598][ T9496] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 953.782618][ T9496] ? find_held_lock+0x2b/0x80 [ 953.782638][ T9496] ? do_raw_spin_unlock+0x145/0x1e0 [ 953.782662][ T9496] ? _raw_spin_unlock+0x28/0x50 [ 953.782685][ T9496] try_charge_memcg+0x652/0xc90 [ 953.782706][ T9496] ? __pfx_try_charge_memcg+0x10/0x10 [ 953.782723][ T9496] ? find_held_lock+0x2b/0x80 [ 953.782738][ T9496] ? rcu_read_unlock+0x17/0x60 [ 953.782755][ T9496] ? rcu_read_unlock+0x17/0x60 [ 953.782778][ T9496] charge_memcg+0xa6/0x280 [ 953.782795][ T9496] __mem_cgroup_charge+0x2b/0x1e0 [ 953.782816][ T9496] do_anonymous_page+0xb62/0x1fb0 [ 953.782845][ T9496] __handle_mm_fault+0x1d42/0x2b60 [ 953.782872][ T9496] ? __pfx___handle_mm_fault+0x10/0x10 [ 953.782894][ T9496] ? pte_offset_map_lock+0x174/0x320 [ 953.782911][ T9496] ? find_held_lock+0x2b/0x80 [ 953.782932][ T9496] ? follow_page_pte+0x5b3/0x1400 [ 953.782955][ T9496] handle_mm_fault+0x36d/0xa20 [ 953.782982][ T9496] __get_user_pages+0xf9c/0x34d0 [ 953.783008][ T9496] ? __pfx___get_user_pages+0x10/0x10 [ 953.783038][ T9496] populate_vma_page_range+0x267/0x3f0 [ 953.783059][ T9496] ? __pfx_populate_vma_page_range+0x10/0x10 [ 953.783077][ T9496] ? __pfx_find_vma_intersection+0x10/0x10 [ 953.783095][ T9496] ? do_mmap+0x93f/0x12f0 [ 953.783115][ T9496] __mm_populate+0x107/0x3a0 [ 953.783135][ T9496] ? __pfx___mm_populate+0x10/0x10 [ 953.783155][ T9496] ? up_write+0x290/0x4f0 [ 953.783179][ T9496] vm_mmap_pgoff+0x37f/0x470 [ 953.783200][ T9496] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 953.783227][ T9496] ksys_mmap_pgoff+0xe1/0x650 [ 953.783245][ T9496] ? kcov_ioctl+0x16a/0x720 [ 953.783259][ T9496] ? kfree+0x2ec/0x6b0 [ 953.783279][ T9496] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 953.783295][ T9496] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 953.783321][ T9496] __x64_sys_mmap+0x125/0x190 [ 953.783348][ T9496] do_syscall_64+0x106/0xf80 [ 953.783370][ T9496] ? clear_bhb_loop+0x40/0x90 [ 953.783389][ T9496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.783405][ T9496] RIP: 0033:0x7fe2aed9c799 [ 953.783419][ T9496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 953.783434][ T9496] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 953.783450][ T9496] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 953.783461][ T9496] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 953.783470][ T9496] RBP: 00007fe2aee32c99 R08: 0000000000000002 R09: 0000000000008000 [ 953.783479][ T9496] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 953.783488][ T9496] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 953.783510][ T9496] [ 953.784818][ T9496] memory: usage 3072kB, limit 3072kB, failcnt 149345 [ 954.974883][ T9496] memory+swap: usage 6648kB, limit 9007199254740988kB, failcnt 0 [ 955.014879][ T9496] kmem: usage 2364kB, limit 9007199254740988kB, failcnt 0 [ 955.043203][ T9496] Memory cgroup stats for /syz3: [ 955.043313][ T9496] cache 0 [ 955.075661][ T9496] rss 700416 [ 955.085724][ T9496] rss_huge 0 [ 955.088940][ T9496] shmem 0 [ 955.143585][ T9496] mapped_file 0 [ 955.147063][ T9496] dirty 0 [ 955.149983][ T9496] writeback 0 [ 955.178441][ T9496] workingset_refault_anon 15472 [ 955.212300][ T9496] workingset_refault_file 44410 [ 955.240451][ T9496] swap 3649536 [ 955.261910][ T9496] swapcached 437899264 [ 955.284427][ T9496] pgpgin 350814 [ 955.287913][ T9496] pgpgout 350637 [ 955.319313][ T9496] pgfault 459469 [ 955.352624][ T9496] pgmajfault 8543 [ 955.363158][ T9496] inactive_anon 24576 [ 955.382265][ T9496] active_anon 700416 [ 955.405517][ T9496] inactive_file 0 [ 955.426329][ T9496] active_file 0 [ 955.441730][ T9496] unevictable 0 [ 955.460032][ T9496] hierarchical_memory_limit 3145728 [ 955.475715][ T9496] hierarchical_memsw_limit 9223372036854771712 [ 955.503472][ T9496] total_cache 0 [ 955.521504][ T9496] total_rss 700416 [ 955.537599][ T9496] total_rss_huge 0 [ 955.555081][ T9496] total_shmem 0 [ 955.562086][ T9496] total_mapped_file 0 [ 955.596870][ T9496] total_dirty 0 [ 955.606944][ T9496] total_writeback 0 [ 955.632656][ T9496] total_workingset_refault_anon 15472 [ 955.645434][ T9496] total_workingset_refault_file 44410 [ 955.677899][ T9496] total_swap 3649536 [ 955.690605][ T9496] total_swapcached 437899264 [ 955.715759][ T9496] total_pgpgin 350814 [ 955.726908][ T9496] total_pgpgout 350637 [ 955.754198][ T9496] total_pgfault 459469 [ 955.776959][ T9496] total_pgmajfault 8543 [ 955.798302][ T9496] total_inactive_anon 24576 [ 955.819781][ T9496] total_active_anon 700416 [ 955.834421][ T9496] total_inactive_file 0 [ 955.855203][ T9496] total_active_file 0 [ 955.880165][ T9496] total_unevictable 0 [ 955.890116][ T9496] anon_cost 18 [ 955.907766][ T9496] file_cost 0 [ 955.929214][ T9496] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14877,pid=9495,uid=0 [ 955.991622][ T9496] Memory cgroup out of memory: Killed process 9496 (syz.3.14877) total-vm:108376kB, anon-rss:1712kB, file-rss:21456kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 957.231768][ T9646] syz.3.14909 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 957.282370][ T9646] CPU: 0 UID: 0 PID: 9646 Comm: syz.3.14909 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 957.282408][ T9646] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 957.282418][ T9646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 957.282428][ T9646] Call Trace: [ 957.282434][ T9646] [ 957.282440][ T9646] dump_stack_lvl+0x100/0x190 [ 957.282469][ T9646] dump_header+0xfb/0x606 [ 957.282487][ T9646] oom_kill_process.cold+0xd/0x330 [ 957.282506][ T9646] out_of_memory+0x340/0x14f0 [ 957.282535][ T9646] ? __pfx_out_of_memory+0x10/0x10 [ 957.282563][ T9646] mem_cgroup_out_of_memory+0xc6/0x130 [ 957.282587][ T9646] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 957.282608][ T9646] ? find_held_lock+0x2b/0x80 [ 957.282628][ T9646] ? do_raw_spin_unlock+0x145/0x1e0 [ 957.282652][ T9646] ? _raw_spin_unlock+0x28/0x50 [ 957.282675][ T9646] try_charge_memcg+0x652/0xc90 [ 957.282697][ T9646] ? __pfx_try_charge_memcg+0x10/0x10 [ 957.282714][ T9646] ? find_held_lock+0x2b/0x80 [ 957.282736][ T9646] ? rcu_read_unlock+0x17/0x60 [ 957.282753][ T9646] ? rcu_read_unlock+0x17/0x60 [ 957.282777][ T9646] charge_memcg+0xa6/0x280 [ 957.282794][ T9646] __mem_cgroup_charge+0x2b/0x1e0 [ 957.282815][ T9646] shmem_alloc_and_add_folio+0x451/0xd40 [ 957.282845][ T9646] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 957.282870][ T9646] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 957.282898][ T9646] shmem_get_folio_gfp+0x6ab/0x1900 [ 957.282924][ T9646] ? find_held_lock+0x2b/0x80 [ 957.282940][ T9646] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 957.282965][ T9646] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 957.282986][ T9646] ? lockdep_hardirqs_on+0x78/0x100 [ 957.283011][ T9646] shmem_fault+0x1f9/0xa20 [ 957.283034][ T9646] ? __lock_acquire+0x4a5/0x2630 [ 957.283053][ T9646] ? __pfx_shmem_fault+0x10/0x10 [ 957.283078][ T9646] ? __up_read+0x2c5/0x700 [ 957.283108][ T9646] ? __pfx_filemap_map_pages+0x10/0x10 [ 957.283131][ T9646] __do_fault+0x10d/0x550 [ 957.283149][ T9646] ? __pfx_filemap_map_pages+0x10/0x10 [ 957.283171][ T9646] do_fault+0x2db/0x1990 [ 957.283193][ T9646] __handle_mm_fault+0x180f/0x2b60 [ 957.283223][ T9646] ? __pfx___handle_mm_fault+0x10/0x10 [ 957.283246][ T9646] ? pte_offset_map_lock+0x174/0x320 [ 957.283263][ T9646] ? find_held_lock+0x2b/0x80 [ 957.283284][ T9646] ? follow_page_pte+0x5b3/0x1400 [ 957.283306][ T9646] handle_mm_fault+0x36d/0xa20 [ 957.283332][ T9646] __get_user_pages+0xf9c/0x34d0 [ 957.283355][ T9646] ? down_read_killable+0x30e/0x4c0 [ 957.283372][ T9646] ? __pfx___get_user_pages+0x10/0x10 [ 957.283396][ T9646] faultin_page_range+0x1f1/0x9e0 [ 957.283419][ T9646] madvise_do_behavior+0x354/0x510 [ 957.283441][ T9646] ? __pfx_madvise_do_behavior+0x10/0x10 [ 957.283471][ T9646] do_madvise+0x195/0x240 [ 957.283489][ T9646] ? __pfx_do_madvise+0x10/0x10 [ 957.283508][ T9646] ? do_futex+0x192/0x350 [ 957.283546][ T9646] __x64_sys_madvise+0xa9/0x110 [ 957.283565][ T9646] ? lockdep_hardirqs_on+0x78/0x100 [ 957.283587][ T9646] do_syscall_64+0x106/0xf80 [ 957.283610][ T9646] ? clear_bhb_loop+0x40/0x90 [ 957.283629][ T9646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.283645][ T9646] RIP: 0033:0x7fe2aed9c799 [ 957.283659][ T9646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 957.283674][ T9646] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 957.283689][ T9646] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 957.283699][ T9646] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 957.283709][ T9646] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 957.283718][ T9646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 957.283732][ T9646] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 957.283753][ T9646] [ 957.283759][ T9646] memory: usage 3072kB, limit 3072kB, failcnt 149730 [ 958.562924][ T9646] memory+swap: usage 6964kB, limit 9007199254740988kB, failcnt 0 [ 958.588780][ T9646] kmem: usage 2444kB, limit 9007199254740988kB, failcnt 0 [ 958.637357][ T9646] Memory cgroup stats for /syz3: [ 958.637473][ T9646] cache 585728 [ 958.678734][ T9646] rss 32768 [ 958.711606][ T9646] rss_huge 0 [ 958.722687][ T9646] shmem 585728 [ 958.746364][ T9646] mapped_file 585728 [ 958.767441][ T9646] dirty 0 [ 958.781147][ T9646] writeback 4096 [ 958.794902][ T9646] workingset_refault_anon 15577 [ 958.809697][ T9646] workingset_refault_file 44410 [ 958.830210][ T9646] swap 3985408 [ 958.842409][ T9646] swapcached 441294848 [ 958.856611][ T9646] pgpgin 351949 [ 958.868133][ T9646] pgpgout 351797 [ 958.881106][ T9646] pgfault 460832 [ 958.893535][ T9646] pgmajfault 8590 [ 958.907615][ T9646] inactive_anon 0 [ 958.917663][ T9646] active_anon 610304 [ 958.931624][ T9646] inactive_file 0 [ 958.944290][ T9646] active_file 0 [ 958.956196][ T9646] unevictable 0 [ 958.968447][ T9646] hierarchical_memory_limit 3145728 [ 958.983635][ T9646] hierarchical_memsw_limit 9223372036854771712 [ 959.007509][ T9646] total_cache 585728 [ 959.017999][ T9646] total_rss 32768 [ 959.030395][ T9646] total_rss_huge 0 [ 959.043553][ T9646] total_shmem 585728 [ 959.056393][ T9646] total_mapped_file 585728 [ 959.071039][ T9646] total_dirty 0 [ 959.082238][ T9646] total_writeback 4096 [ 959.097719][ T9646] total_workingset_refault_anon 15577 [ 959.118162][ T9646] total_workingset_refault_file 44410 [ 959.136263][ T9646] total_swap 3985408 [ 959.149029][ T9646] total_swapcached 441294848 [ 959.166133][ T9646] total_pgpgin 351949 [ 959.180279][ T9646] total_pgpgout 351797 [ 959.210507][ T9646] total_pgfault 460832 [ 959.222301][ T9646] total_pgmajfault 8590 [ 959.226469][ T9646] total_inactive_anon 0 [ 959.262973][ T9646] total_active_anon 610304 [ 959.267430][ T9646] total_inactive_file 0 [ 959.299635][ T9646] total_active_file 0 [ 959.321222][ T9646] total_unevictable 0 [ 959.340454][ T9646] anon_cost 22 [ 959.358652][ T9646] file_cost 0 [ 959.373132][ T9646] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14909,pid=9645,uid=0 [ 959.446044][ T9646] Memory cgroup out of memory: Killed process 9645 (syz.3.14909) total-vm:137308kB, anon-rss:1260kB, file-rss:22428kB, shmem-rss:356kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 959.717660][T16686] block nbd7: Receive control failed (result -32) [ 959.907138][ T9717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14928'. [ 959.943162][ T9717] openvswitch: netlink: IP tunnel dst address not specified [ 960.205293][ T9723] syz.3.14930 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 960.250696][ T9723] CPU: 0 UID: 0 PID: 9723 Comm: syz.3.14930 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 960.250734][ T9723] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 960.250745][ T9723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 960.250755][ T9723] Call Trace: [ 960.250760][ T9723] [ 960.250767][ T9723] dump_stack_lvl+0x100/0x190 [ 960.250797][ T9723] dump_header+0xfb/0x606 [ 960.250815][ T9723] oom_kill_process.cold+0xd/0x330 [ 960.250834][ T9723] out_of_memory+0x340/0x14f0 [ 960.250862][ T9723] ? __pfx_out_of_memory+0x10/0x10 [ 960.250891][ T9723] mem_cgroup_out_of_memory+0xc6/0x130 [ 960.250914][ T9723] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 960.250934][ T9723] ? find_held_lock+0x2b/0x80 [ 960.250954][ T9723] ? do_raw_spin_unlock+0x145/0x1e0 [ 960.250977][ T9723] ? _raw_spin_unlock+0x28/0x50 [ 960.251000][ T9723] try_charge_memcg+0x652/0xc90 [ 960.251022][ T9723] ? __pfx_try_charge_memcg+0x10/0x10 [ 960.251039][ T9723] ? find_held_lock+0x2b/0x80 [ 960.251053][ T9723] ? rcu_read_unlock+0x17/0x60 [ 960.251069][ T9723] ? rcu_read_unlock+0x17/0x60 [ 960.251093][ T9723] charge_memcg+0xa6/0x280 [ 960.251110][ T9723] __mem_cgroup_charge+0x2b/0x1e0 [ 960.251130][ T9723] shmem_alloc_and_add_folio+0x451/0xd40 [ 960.251160][ T9723] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 960.251186][ T9723] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 960.251214][ T9723] shmem_get_folio_gfp+0x6ab/0x1900 [ 960.251241][ T9723] ? find_held_lock+0x2b/0x80 [ 960.251256][ T9723] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 960.251287][ T9723] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 960.251308][ T9723] ? lockdep_hardirqs_on+0x78/0x100 [ 960.251333][ T9723] shmem_fault+0x1f9/0xa20 [ 960.251357][ T9723] ? __lock_acquire+0x4a5/0x2630 [ 960.251376][ T9723] ? __pfx_shmem_fault+0x10/0x10 [ 960.251401][ T9723] ? __up_read+0x2c5/0x700 [ 960.251430][ T9723] ? __pfx_filemap_map_pages+0x10/0x10 [ 960.251453][ T9723] __do_fault+0x10d/0x550 [ 960.251471][ T9723] ? __pfx_filemap_map_pages+0x10/0x10 [ 960.251493][ T9723] do_fault+0x2db/0x1990 [ 960.251514][ T9723] __handle_mm_fault+0x180f/0x2b60 [ 960.251542][ T9723] ? __pfx___handle_mm_fault+0x10/0x10 [ 960.251564][ T9723] ? pte_offset_map_lock+0x174/0x320 [ 960.251581][ T9723] ? find_held_lock+0x2b/0x80 [ 960.251602][ T9723] ? follow_page_pte+0x5b3/0x1400 [ 960.251624][ T9723] handle_mm_fault+0x36d/0xa20 [ 960.251649][ T9723] __get_user_pages+0xf9c/0x34d0 [ 960.251672][ T9723] ? down_read_killable+0x30e/0x4c0 [ 960.251689][ T9723] ? __pfx___get_user_pages+0x10/0x10 [ 960.251713][ T9723] faultin_page_range+0x1f1/0x9e0 [ 960.251737][ T9723] madvise_do_behavior+0x354/0x510 [ 960.251757][ T9723] ? __pfx_madvise_do_behavior+0x10/0x10 [ 960.251788][ T9723] do_madvise+0x195/0x240 [ 960.251806][ T9723] ? __pfx_do_madvise+0x10/0x10 [ 960.251825][ T9723] ? do_futex+0x192/0x350 [ 960.251863][ T9723] __x64_sys_madvise+0xa9/0x110 [ 960.251882][ T9723] ? lockdep_hardirqs_on+0x78/0x100 [ 960.251904][ T9723] do_syscall_64+0x106/0xf80 [ 960.251927][ T9723] ? clear_bhb_loop+0x40/0x90 [ 960.251946][ T9723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 960.251962][ T9723] RIP: 0033:0x7fe2aed9c799 [ 960.251976][ T9723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 960.251991][ T9723] RSP: 002b:00007fe2afd31028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 960.252006][ T9723] RAX: ffffffffffffffda RBX: 00007fe2af015fa0 RCX: 00007fe2aed9c799 [ 960.252017][ T9723] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 960.252026][ T9723] RBP: 00007fe2aee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 960.252036][ T9723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 960.252045][ T9723] R13: 00007fe2af016038 R14: 00007fe2af015fa0 R15: 00007ffd9638c068 [ 960.252065][ T9723] [ 960.252072][ T9723] memory: usage 3072kB, limit 3072kB, failcnt 149901 [ 960.894780][ T9723] memory+swap: usage 3988kB, limit 9007199254740988kB, failcnt 0 [ 960.902631][ T9723] kmem: usage 2412kB, limit 9007199254740988kB, failcnt 0 [ 960.910256][ T9723] Memory cgroup stats for /syz3: [ 960.910371][ T9723] cache 667648 [ 961.053031][ T9723] rss 8192 [ 961.070998][ T9723] rss_huge 0 [ 961.089377][ T9723] shmem 667648 [ 961.109798][ T9723] mapped_file 667648 [ 961.122813][ T9723] dirty 0 [ 961.141182][ T9723] writeback 0 [ 961.157005][ T9723] workingset_refault_anon 15634 [ 961.170542][ T9723] workingset_refault_file 44410 [ 961.195873][ T9723] swap 937984 [ 961.212032][ T9723] swapcached 441540608 [ 961.227925][ T9723] pgpgin 352276 [ 961.262458][ T9723] pgpgout 352111 [ 961.266452][ T9723] pgfault 461359 [ 961.302310][ T9723] pgmajfault 8607 [ 961.305968][ T9723] inactive_anon 0 [ 961.309595][ T9723] active_anon 675840 [ 961.371470][ T9723] inactive_file 0 [ 961.375133][ T9723] active_file 0 [ 961.378586][ T9723] unevictable 0 [ 961.400209][ T9723] hierarchical_memory_limit 3145728 [ 961.428169][ T9723] hierarchical_memsw_limit 9223372036854771712 [ 961.469315][ T9723] total_cache 667648 [ 961.479607][ T9723] total_rss 8192 [ 961.500326][ T9723] total_rss_huge 0 [ 961.504066][ T9723] total_shmem 667648 [ 961.507943][ T9723] total_mapped_file 667648 [ 961.555141][ T9723] total_dirty 0 [ 961.570694][ T9723] total_writeback 0 [ 961.586986][ T9723] total_workingset_refault_anon 15634 [ 961.621988][ T9723] total_workingset_refault_file 44410 [ 961.649600][ T9723] total_swap 937984 [ 961.653450][ T9723] total_swapcached 441540608 [ 961.658109][ T9723] total_pgpgin 352276 [ 961.708363][ T9723] total_pgpgout 352111 [ 961.728573][ T9723] total_pgfault 461359 [ 961.749464][ T9723] total_pgmajfault 8607 [ 961.753636][ T9723] total_inactive_anon 0 [ 961.757769][ T9723] total_active_anon 675840 [ 961.795996][ T9723] total_inactive_file 0 [ 961.828550][ T9723] total_active_file 0 [ 961.832583][ T9723] total_unevictable 0 [ 961.836562][ T9723] anon_cost 26 [ 961.870806][ T9723] file_cost 0 [ 961.874115][ T9723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.14930,pid=9722,uid=0 [ 961.926524][ T9723] Memory cgroup out of memory: Killed process 9722 (syz.3.14930) total-vm:137176kB, anon-rss:1236kB, file-rss:22428kB, shmem-rss:652kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 962.132519][ T9771] netlink: 342 bytes leftover after parsing attributes in process `syz.2.14951'. [ 962.285750][ T9777] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14953'. [ 962.315022][ T9777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 962.359317][ T9777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 962.403285][ T9777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 962.423802][ T9777] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 962.486087][ T9777] Zero length message leads to an empty skb [ 962.673258][ T9790] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14956'. [ 962.725549][ T9790] openvswitch: netlink: IP tunnel dst address not specified [ 962.901273][ T9794] process 'syz.0.14958' launched ':,' with NULL argv: empty string added [ 963.739488][ T9817] netlink: 342 bytes leftover after parsing attributes in process `syz.3.14966'. [ 963.820156][ T9821] netlink: 342 bytes leftover after parsing attributes in process `syz.1.14967'. [ 964.674788][T10012] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 964.688193][T10012] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 964.697120][T10012] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 964.705073][T10012] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 964.712554][T10012] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 965.236225][ T9841] chnl_net:caif_netlink_parms(): no params data found [ 965.549775][ T9841] bridge0: port 1(bridge_slave_0) entered blocking state [ 965.586816][ T9841] bridge0: port 1(bridge_slave_0) entered disabled state [ 965.620795][ T9841] bridge_slave_0: entered allmulticast mode [ 965.654968][ T9841] bridge_slave_0: entered promiscuous mode [ 965.691878][ T9841] bridge0: port 2(bridge_slave_1) entered blocking state [ 965.724353][ T9841] bridge0: port 2(bridge_slave_1) entered disabled state [ 965.763287][ T9841] bridge_slave_1: entered allmulticast mode [ 965.792327][ T9841] bridge_slave_1: entered promiscuous mode [ 965.914539][ T9841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 965.979893][ T9841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 966.116233][ T9841] team0: Port device team_slave_0 added [ 966.155121][ T9841] team0: Port device team_slave_1 added [ 966.199871][T10018] netlink: 326 bytes leftover after parsing attributes in process `syz.1.14987'. [ 966.251525][ T9841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 966.280211][ T9841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 966.370519][ T9841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 966.443186][ T9841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 966.461573][ T9841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 966.574678][ T9841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 966.734240][T10012] Bluetooth: hci3: command tx timeout [ 966.744118][ T9841] hsr_slave_0: entered promiscuous mode [ 966.771278][ T9841] hsr_slave_1: entered promiscuous mode [ 966.792742][ T9841] debugfs: 'hsr0' already exists in 'hsr' [ 966.815206][ T9841] Cannot create hsr debugfs directory [ 967.255220][ T9841] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 967.452034][ T9841] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 967.654126][ T9841] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 967.794055][ T9841] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 968.084820][ T9841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 968.109805][ T9841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 968.122114][ T9841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 968.133263][ T9841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 968.210297][ T9841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.229590][ T9841] 8021q: adding VLAN 0 to HW filter on device team0 [ 968.242142][T10572] bridge0: port 1(bridge_slave_0) entered blocking state [ 968.249286][T10572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 968.262981][T10572] bridge0: port 2(bridge_slave_1) entered blocking state [ 968.270111][T10572] bridge0: port 2(bridge_slave_1) entered forwarding state [ 968.440546][ T9841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 968.478866][ T9841] veth0_vlan: entered promiscuous mode [ 968.490558][ T9841] veth1_vlan: entered promiscuous mode [ 968.519821][ T9841] veth0_macvtap: entered promiscuous mode [ 968.530932][ T9841] veth1_macvtap: entered promiscuous mode [ 968.549121][ T9841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 968.562413][ T9841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 968.577747][T10209] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.593096][T10209] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.647223][T10209] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.672522][T10209] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.700648][T10209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.722504][T10209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.758556][T10017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.768033][T10017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.791208][ T9841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 968.806848][T10012] Bluetooth: hci3: command tx timeout [ 970.871635][T10012] Bluetooth: hci3: command tx timeout [ 971.386293][T10287] zswap: compressor not available [ 971.540883][T10297] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15022'. [ 971.551381][T10298] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 972.073626][T10012] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 972.073653][T10012] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 972.090214][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 972.091245][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 972.099396][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 972.106747][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 972.113783][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 972.120908][T10012] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 972.128040][T10012] Bluetooth: hci3: Malformed LE Event: 0x0d [ 972.548055][T10318] pim6reg: entered allmulticast mode [ 972.921884][T10332] netlink: 342 bytes leftover after parsing attributes in process `syz.2.15035'. [ 972.941011][T10012] Bluetooth: hci3: command tx timeout [ 972.979132][T10333] ======================================================= [ 972.979132][T10333] WARNING: The mand mount option has been deprecated and [ 972.979132][T10333] and is ignored by this kernel. Remove the mand [ 972.979132][T10333] option from the mount to silence this warning. [ 972.979132][T10333] ======================================================= [ 973.031636][T10335] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15036'. [ 973.080166][T10335] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 973.087568][T10335] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 973.124460][T10335] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 973.161861][T10335] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 973.651289][T10357] dyndbg: expected <4096 bytes into control [ 974.015191][T10368] capability: warning: `syz.2.15047' uses 32-bit capabilities (legacy support in use) [ 974.205426][T10372] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15048'. [ 974.240552][T10372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 974.290863][T10372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 974.341811][T10372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 974.363387][T10372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 974.672428][T10386] netlink: 350 bytes leftover after parsing attributes in process `syz.1.15060'. [ 975.147782][T10392] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15053'. [ 975.577425][T10409] FAULT_INJECTION: forcing a failure. [ 975.577425][T10409] name failslab, interval 1, probability 0, space 0, times 0 [ 975.627741][T10409] CPU: 0 UID: 0 PID: 10409 Comm: syz.3.15059 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 975.627779][T10409] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 975.627790][T10409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 975.627799][T10409] Call Trace: [ 975.627805][T10409] [ 975.627811][T10409] dump_stack_lvl+0x100/0x190 [ 975.627841][T10409] should_fail_ex.cold+0x5/0xa [ 975.627860][T10409] ? lsm_blob_alloc+0x68/0x90 [ 975.627882][T10409] should_failslab+0xc2/0x120 [ 975.627899][T10409] __kmalloc_noprof+0xe0/0x850 [ 975.627922][T10409] ? trace_kmem_cache_alloc+0xf3/0x120 [ 975.627942][T10409] lsm_blob_alloc+0x68/0x90 [ 975.627964][T10409] security_prepare_creds+0x2d/0x290 [ 975.627985][T10409] prepare_creds+0x5d6/0x950 [ 975.628009][T10409] __do_sys_capset+0x270/0x460 [ 975.628026][T10409] ? __pfx___do_sys_capset+0x10/0x10 [ 975.628043][T10409] ? __x64_sys_futex+0x358/0x4d0 [ 975.628064][T10409] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 975.628082][T10409] ? xfd_validate_state+0x129/0x190 [ 975.628111][T10409] do_syscall_64+0x106/0xf80 [ 975.628134][T10409] ? clear_bhb_loop+0x40/0x90 [ 975.628152][T10409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 975.628168][T10409] RIP: 0033:0x7fe6e439c799 [ 975.628183][T10409] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 975.628197][T10409] RSP: 002b:00007fe6e5188028 EFLAGS: 00000246 ORIG_RAX: 000000000000007e [ 975.628212][T10409] RAX: ffffffffffffffda RBX: 00007fe6e4615fa0 RCX: 00007fe6e439c799 [ 975.628222][T10409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 975.628231][T10409] RBP: 00007fe6e4432c99 R08: 0000000000000000 R09: 0000000000000000 [ 975.628240][T10409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 975.628248][T10409] R13: 00007fe6e4616038 R14: 00007fe6e4615fa0 R15: 00007ffeaf5753e8 [ 975.628268][T10409] [ 976.297658][T10415] pim6reg: entered allmulticast mode [ 976.812994][T10426] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15065'. [ 978.027651][T10450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15072'. [ 978.234018][T10458] netlink: 342 bytes leftover after parsing attributes in process `syz.3.15074'. [ 978.252094][T10452] zswap: compressor not available [ 979.487981][T10475] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15080'. [ 979.535269][T10475] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 979.558898][T10475] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 979.589112][T10475] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 979.613540][T10475] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 981.439606][T10012] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 981.483306][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15098'. [ 981.619420][T10535] netlink: 342 bytes leftover after parsing attributes in process `syz.2.15100'. [ 982.124233][T10549] veth1_to_batadv: entered promiscuous mode [ 982.152367][T10548] veth1_to_batadv: left promiscuous mode [ 983.168555][T10565] netlink: 342 bytes leftover after parsing attributes in process `syz.1.15111'. [ 983.448275][T10012] Bluetooth: hci0: command 0x0c1a tx timeout [ 983.666526][T10581] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 983.673295][T10581] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 983.712419][T10584] netlink: 342 bytes leftover after parsing attributes in process `syz.0.15120'. [ 983.732451][ T30] audit: type=1804 audit(2147483787.607:55): pid=10579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.15117" name="/newroot/1616/file0" dev="tmpfs" ino=8213 res=1 errno=0 [ 983.891928][T10586] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15121'. [ 984.018386][T10589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15130'. [ 984.671091][T10614] netlink: 326 bytes leftover after parsing attributes in process `syz.1.15132'. [ 988.480130][T10682] veth1_to_batadv: entered promiscuous mode [ 988.526649][T10679] veth1_to_batadv: left promiscuous mode [ 988.703111][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 988.709760][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 989.258505][ T30] audit: type=1804 audit(2147483793.156:56): pid=10710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.15158" name="/newroot/39/file0" dev="tmpfs" ino=218 res=1 errno=0 [ 990.880508][T10765] netlink: 'syz.2.15173': attribute type 1 has an invalid length. [ 990.938929][T10765] netlink: 322 bytes leftover after parsing attributes in process `syz.2.15173'. [ 991.006752][T10767] netlink: 'syz.2.15173': attribute type 1 has an invalid length. [ 991.066753][T10767] netlink: 322 bytes leftover after parsing attributes in process `syz.2.15173'. [ 991.653369][ T30] audit: type=1804 audit(2147483795.568:57): pid=10777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.15177" name="file0" dev="tmpfs" ino=20153 res=1 errno=0 [ 993.107727][T10811] netlink: 74 bytes leftover after parsing attributes in process `syz.0.15190'. [ 993.361537][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15194'. [ 993.413754][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15194'. [ 993.762459][ T30] audit: type=1804 audit(2147483797.689:58): pid=10828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.15196" name="file0" dev="tmpfs" ino=20343 res=1 errno=0 [ 1049.951666][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1098.258916][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1098.265900][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P10832/1:b..l P9841/1:b..l P10831/1:b..l P10827/1:b..l [ 1098.278126][ C0] rcu: (detected by 0, t=10502 jiffies, g=236961, q=707 ncpus=1) [ 1098.285917][ C0] task:syz.1.15199 state:R running task stack:27320 pid:10827 tgid:10826 ppid:6167 task_flags:0x40054c flags:0x00080000 [ 1098.300644][ C0] Call Trace: [ 1098.303921][ C0] [ 1098.306850][ C0] __schedule+0xfee/0x6120 [ 1098.311267][ C0] ? arch_stack_walk+0x88/0xf0 [ 1098.316025][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1098.320997][ C0] ? stack_trace_save+0x8e/0xc0 [ 1098.325838][ C0] ? __pfx___schedule+0x10/0x10 [ 1098.330697][ C0] ? mark_held_locks+0x40/0x70 [ 1098.335458][ C0] preempt_schedule_irq+0x50/0x90 [ 1098.340485][ C0] irqentry_exit+0x17b/0x670 [ 1098.345066][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1098.351031][ C0] RIP: 0010:lock_release+0x19e/0x320 [ 1098.356312][ C0] Code: ff 65 0f c1 05 8b 6e 29 12 83 f8 01 0f 85 3d 01 00 00 9c 58 f6 c4 02 0f 85 28 01 00 00 41 f7 c6 00 02 00 00 0f 85 de 00 00 00 <48> 8b 44 24 10 65 48 2b 05 dd 26 29 12 0f 85 63 01 00 00 48 83 c4 [ 1098.375910][ C0] RSP: 0018:ffffc900037d7128 EFLAGS: 00000206 [ 1098.381964][ C0] RAX: 0000000000000046 RBX: ffffffff8e7e77a0 RCX: ffffc900037d7134 [ 1098.389915][ C0] RDX: 0000000000000001 RSI: ffffffff8de5b10c RDI: ffffffff8c1b1220 [ 1098.397887][ C0] RBP: ffffffff81b7c2fe R08: 0000000000000001 R09: 0000000000000007 [ 1098.405842][ C0] R10: 0000000000000200 R11: 000000000000c82e R12: ffff888030578000 [ 1098.413796][ C0] R13: ffffc900037d71e0 R14: 0000000000000202 R15: 0000000000000002 [ 1098.421754][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1098.426949][ C0] unwind_next_frame+0x3c3/0x1ea0 [ 1098.431960][ C0] ? do_exit+0x819/0x2b60 [ 1098.436277][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1098.442417][ C0] arch_stack_walk+0x94/0xf0 [ 1098.446992][ C0] ? do_group_exit+0xd5/0x2a0 [ 1098.451683][ C0] stack_trace_save+0x8e/0xc0 [ 1098.456345][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1098.461715][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1098.466638][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1098.472433][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 1098.477620][ C0] save_stack+0x162/0x1e0 [ 1098.481962][ C0] ? __pfx_save_stack+0x10/0x10 [ 1098.486815][ C0] ? free_unref_folios+0xaea/0x1790 [ 1098.492015][ C0] ? folios_put_refs+0x53c/0x840 [ 1098.496949][ C0] ? free_pages_and_swap_cache+0x242/0x480 [ 1098.502747][ C0] ? __tlb_batch_free_encoded_pages+0xe9/0x280 [ 1098.508893][ C0] ? tlb_finish_mmu+0x1b0/0x810 [ 1098.513903][ C0] ? exit_mmap+0x454/0xa30 [ 1098.518298][ C0] ? __mmput+0x12a/0x410 [ 1098.522529][ C0] ? mmput+0x67/0x80 [ 1098.526404][ C0] ? do_exit+0x819/0x2b60 [ 1098.530724][ C0] ? page_ext_put+0x3e/0xd0 [ 1098.535214][ C0] __reset_page_owner+0x84/0x190 [ 1098.540136][ C0] free_unref_folios+0xaea/0x1790 [ 1098.545154][ C0] ? mark_held_locks+0x40/0x70 [ 1098.549908][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1098.555705][ C0] folios_put_refs+0x53c/0x840 [ 1098.560464][ C0] ? __pfx_folios_put_refs+0x10/0x10 [ 1098.565745][ C0] free_pages_and_swap_cache+0x242/0x480 [ 1098.571377][ C0] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 1098.577542][ C0] ? __pfx___might_resched+0x10/0x10 [ 1098.582821][ C0] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 1098.588792][ C0] tlb_finish_mmu+0x1b0/0x810 [ 1098.593456][ C0] exit_mmap+0x454/0xa30 [ 1098.597703][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 1098.602453][ C0] ? trace_contention_end+0x140/0x180 [ 1098.607836][ C0] ? uprobe_clear_state+0x5f/0x360 [ 1098.612947][ C0] ? uprobe_clear_state+0x5f/0x360 [ 1098.618050][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1098.622984][ C0] ? arch_uprobe_clear_state+0x107/0x150 [ 1098.628609][ C0] __mmput+0x12a/0x410 [ 1098.632663][ C0] mmput+0x67/0x80 [ 1098.636368][ C0] do_exit+0x819/0x2b60 [ 1098.640533][ C0] ? __pfx_do_exit+0x10/0x10 [ 1098.645110][ C0] ? do_raw_spin_lock+0x128/0x260 [ 1098.650123][ C0] ? find_held_lock+0x2b/0x80 [ 1098.654782][ C0] ? get_signal+0x7e0/0x21e0 [ 1098.659360][ C0] do_group_exit+0xd5/0x2a0 [ 1098.663850][ C0] get_signal+0x1ec7/0x21e0 [ 1098.668342][ C0] ? __pfx_get_signal+0x10/0x10 [ 1098.673174][ C0] ? do_futex+0x192/0x350 [ 1098.677519][ C0] arch_do_signal_or_restart+0x91/0x770 [ 1098.683053][ C0] ? find_held_lock+0x2b/0x80 [ 1098.687711][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1098.694032][ C0] ? __pfx___x64_sys_futex+0x10/0x10 [ 1098.699308][ C0] exit_to_user_mode_loop+0x86/0x4a0 [ 1098.704580][ C0] do_syscall_64+0x668/0xf80 [ 1098.709158][ C0] ? clear_bhb_loop+0x40/0x90 [ 1098.713822][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.719700][ C0] RIP: 0033:0x7f77bef9c799 [ 1098.724102][ C0] RSP: 002b:00007f77bfeb60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1098.732497][ C0] RAX: fffffffffffffe00 RBX: 00007f77bf215fa8 RCX: 00007f77bef9c799 [ 1098.740538][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f77bf215fa8 [ 1098.748489][ C0] RBP: 00007f77bf215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1098.756450][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.764522][ C0] R13: 00007f77bf216038 R14: 00007ffe706949d0 R15: 00007ffe70694ab8 [ 1098.772493][ C0] [ 1098.775497][ C0] task:syz.2.15200 state:R running task stack:24080 pid:10831 tgid:10831 ppid:10830 task_flags:0x400640 flags:0x00080000 [ 1098.788965][ C0] Call Trace: [ 1098.792225][ C0] [ 1098.795160][ C0] __schedule+0xfee/0x6120 [ 1098.799574][ C0] ? stack_depot_save_flags+0x27/0x9d0 [ 1098.805034][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1098.809963][ C0] ? __pfx___schedule+0x10/0x10 [ 1098.814803][ C0] ? mark_held_locks+0x40/0x70 [ 1098.819551][ C0] preempt_schedule_irq+0x50/0x90 [ 1098.824564][ C0] irqentry_exit+0x17b/0x670 [ 1098.829146][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1098.835111][ C0] RIP: 0010:write_comp_data+0x18/0x90 [ 1098.840475][ C0] Code: 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 8b 05 79 65 05 12 49 89 f8 49 89 f1 49 89 d2 65 48 8b 3d 50 65 05 12 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 e9 00 e1 [ 1098.860073][ C0] RSP: 0018:ffffc900035c63f8 EFLAGS: 00000246 [ 1098.866138][ C0] RAX: 0000000080000000 RBX: 0000000000000000 RCX: ffffffff8280c627 [ 1098.874091][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888031111e80 [ 1098.882044][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1098.889994][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888020095e20 [ 1098.897945][ C0] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff888020095e6c [ 1098.905904][ C0] ? __page_table_check_zero+0x1e7/0x410 [ 1098.911529][ C0] __page_table_check_zero+0x1e7/0x410 [ 1098.917094][ C0] post_alloc_hook+0x140/0x170 [ 1098.921861][ C0] get_page_from_freelist+0x111d/0x3140 [ 1098.927417][ C0] ? __pfx___might_resched+0x10/0x10 [ 1098.932690][ C0] ? prepare_alloc_pages+0x16d/0x5f0 [ 1098.937986][ C0] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1098.943883][ C0] ? find_held_lock+0x2b/0x80 [ 1098.948550][ C0] ? __page_table_check_zero+0x333/0x410 [ 1098.954166][ C0] ? __page_table_check_zero+0x333/0x410 [ 1098.959785][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1098.966104][ C0] ? post_alloc_hook+0x140/0x170 [ 1098.971039][ C0] ? __pfx___might_resched+0x10/0x10 [ 1098.976312][ C0] ? prepare_alloc_pages+0x16d/0x5f0 [ 1098.981584][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1098.987464][ C0] ? policy_nodemask+0xed/0x4f0 [ 1098.992305][ C0] alloc_pages_mpol+0x1fb/0x550 [ 1098.997164][ C0] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1099.002783][ C0] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1099.008859][ C0] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1099.014762][ C0] folio_alloc_mpol_noprof+0x36/0x340 [ 1099.020160][ C0] shmem_alloc_folio+0x135/0x160 [ 1099.025327][ C0] shmem_alloc_and_add_folio+0x371/0xd40 [ 1099.030959][ C0] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1099.037105][ C0] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1099.043080][ C0] shmem_get_folio_gfp+0x6ab/0x1900 [ 1099.048287][ C0] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1099.053914][ C0] ? filemap_map_pages+0xe69/0x2020 [ 1099.059105][ C0] shmem_fault+0x1f9/0xa20 [ 1099.063517][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.068540][ C0] ? __pfx_shmem_fault+0x10/0x10 [ 1099.073506][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 1099.078975][ C0] __do_fault+0x10d/0x550 [ 1099.083294][ C0] do_fault+0xabb/0x1990 [ 1099.087542][ C0] __handle_mm_fault+0x180f/0x2b60 [ 1099.092662][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 1099.098113][ C0] ? pte_offset_map_lock+0x174/0x320 [ 1099.103385][ C0] ? find_held_lock+0x2b/0x80 [ 1099.108055][ C0] ? follow_page_pte+0x5b3/0x1400 [ 1099.113076][ C0] handle_mm_fault+0x36d/0xa20 [ 1099.117844][ C0] __get_user_pages+0xf9c/0x34d0 [ 1099.122774][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 1099.128136][ C0] get_dump_page+0x27e/0x3d0 [ 1099.132720][ C0] ? __pfx_get_dump_page+0x10/0x10 [ 1099.137816][ C0] ? dump_user_range+0x73b/0xb50 [ 1099.142752][ C0] dump_user_range+0x18d/0xb50 [ 1099.147592][ C0] ? __pfx_dump_user_range+0x10/0x10 [ 1099.152868][ C0] ? __pfx_writenote+0x10/0x10 [ 1099.157650][ C0] elf_core_dump+0x2d5f/0x3d10 [ 1099.162409][ C0] ? __pfx_elf_core_dump+0x10/0x10 [ 1099.167507][ C0] ? kasan_save_stack+0x3f/0x50 [ 1099.172339][ C0] ? kasan_save_stack+0x30/0x50 [ 1099.177171][ C0] ? __kasan_kmalloc+0xaa/0xb0 [ 1099.181924][ C0] ? __kvmalloc_node_noprof+0x360/0xa00 [ 1099.187473][ C0] ? vfs_coredump+0x2105/0x5570 [ 1099.192354][ C0] ? asm_exc_page_fault+0x26/0x30 [ 1099.197382][ C0] ? 0xffffffffff600000 [ 1099.201577][ C0] ? vfs_coredump+0x27bc/0x5570 [ 1099.206429][ C0] vfs_coredump+0x27bc/0x5570 [ 1099.211102][ C0] ? __pfx_vfs_coredump+0x10/0x10 [ 1099.216112][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.221063][ C0] ? lock_acquire+0x1cf/0x380 [ 1099.225732][ C0] ? is_bpf_text_address+0x8a/0x1a0 [ 1099.230932][ C0] ? bpf_ksym_find+0x124/0x1c0 [ 1099.235683][ C0] ? __kernel_text_address+0xd/0x30 [ 1099.240887][ C0] ? unwind_get_return_address+0x59/0xa0 [ 1099.246512][ C0] ? arch_stack_walk+0xa6/0xf0 [ 1099.251266][ C0] ? __sigqueue_free+0xbe/0x2a0 [ 1099.256108][ C0] ? stack_trace_save+0x8e/0xc0 [ 1099.260943][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1099.266295][ C0] ? __send_signal_locked+0x155/0x12d0 [ 1099.271743][ C0] ? stack_depot_save_flags+0x27/0x9d0 [ 1099.277212][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.282170][ C0] ? proc_coredump_connector+0x2d3/0x4f0 [ 1099.287821][ C0] ? __pfx_proc_coredump_connector+0x10/0x10 [ 1099.293802][ C0] ? rcu_is_watching+0x12/0xc0 [ 1099.298649][ C0] get_signal+0x1f2a/0x21e0 [ 1099.303158][ C0] ? __pfx_get_signal+0x10/0x10 [ 1099.307993][ C0] ? bad_area_access_error+0xab/0x1d0 [ 1099.313369][ C0] ? fixup_vdso_exception+0x2d1/0x370 [ 1099.318733][ C0] arch_do_signal_or_restart+0x91/0x770 [ 1099.324354][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1099.330506][ C0] ? do_user_addr_fault+0x8d6/0x12f0 [ 1099.335777][ C0] irqentry_exit+0x1f8/0x670 [ 1099.340356][ C0] asm_exc_page_fault+0x26/0x30 [ 1099.345198][ C0] RIP: 0033:0x0 [ 1099.348650][ C0] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 1099.354818][ C0] RAX: 0000000000000000 RBX: 00007f8438e15fa0 RCX: 00007f8438b9c799 [ 1099.362799][ C0] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 1099.370754][ C0] RBP: 00007f8438c32c99 R08: 0000000000000002 R09: 0000000000000000 [ 1099.378714][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1099.386682][ C0] R13: 00007f8438e16038 R14: 00007f8438e15fa0 R15: 00007fffd7fb9578 [ 1099.394646][ C0] [ 1099.397670][ C0] task:syz-executor state:R running task stack:24216 pid:9841 tgid:9841 ppid:9830 task_flags:0x400140 flags:0x00080000 [ 1099.411148][ C0] Call Trace: [ 1099.414428][ C0] [ 1099.417681][ C0] __schedule+0xfee/0x6120 [ 1099.422125][ C0] ? find_held_lock+0x2b/0x80 [ 1099.426792][ C0] ? page_table_check_set+0x49a/0xa10 [ 1099.432151][ C0] ? page_table_check_set+0x49a/0xa10 [ 1099.437512][ C0] ? __pfx___schedule+0x10/0x10 [ 1099.442351][ C0] ? find_held_lock+0x2b/0x80 [ 1099.447024][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 1099.452388][ C0] preempt_schedule_common+0x42/0xc0 [ 1099.457681][ C0] preempt_schedule_thunk+0x16/0x30 [ 1099.462870][ C0] _raw_spin_unlock+0x3e/0x50 [ 1099.467535][ C0] copy_page_range+0x1e72/0x6570 [ 1099.472479][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 1099.477759][ C0] ? __pfx___might_resched+0x10/0x10 [ 1099.483045][ C0] ? up_write+0x290/0x4f0 [ 1099.487368][ C0] dup_mmap+0xd25/0x2180 [ 1099.491606][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 1099.496268][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1099.502067][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.506994][ C0] ? find_held_lock+0x2b/0x80 [ 1099.511653][ C0] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 1099.517619][ C0] copy_process+0x7523/0x7a40 [ 1099.522299][ C0] ? __pfx_copy_process+0x10/0x10 [ 1099.527312][ C0] ? do_raw_spin_lock+0x128/0x260 [ 1099.532334][ C0] kernel_clone+0xfc/0x9a0 [ 1099.536736][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 1099.541743][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.546673][ C0] ? find_held_lock+0x2b/0x80 [ 1099.551355][ C0] ? __might_fault+0xc5/0x140 [ 1099.556043][ C0] __do_sys_clone+0xd9/0x120 [ 1099.560625][ C0] ? __pfx___do_sys_clone+0x10/0x10 [ 1099.565827][ C0] do_syscall_64+0x106/0xf80 [ 1099.570424][ C0] ? clear_bhb_loop+0x40/0x90 [ 1099.575109][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.580994][ C0] RIP: 0033:0x7fe6e43c5212 [ 1099.585393][ C0] RSP: 002b:00007ffeaf575600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1099.593788][ C0] RAX: ffffffffffffffda RBX: 00007ffeaf575600 RCX: 00007fe6e43c5212 [ 1099.601747][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1099.609702][ C0] RBP: 00007ffeaf57578c R08: 0000000000000000 R09: 0000000000000001 [ 1099.617653][ C0] R10: 000055556b0e17d0 R11: 0000000000000246 R12: 0000000000000001 [ 1099.625626][ C0] R13: 00000000000927c0 R14: 00000000000f3ac5 R15: 00007ffeaf5757e0 [ 1099.633590][ C0] [ 1099.636606][ C0] task:syz.0.15196 state:R running task stack:26784 pid:10832 tgid:10822 ppid:6164 task_flags:0x400140 flags:0x00080000 [ 1099.650162][ C0] Call Trace: [ 1099.653424][ C0] [ 1099.656339][ C0] __schedule+0xfee/0x6120 [ 1099.660761][ C0] ? __pfx___schedule+0x10/0x10 [ 1099.665603][ C0] ? mark_held_locks+0x40/0x70 [ 1099.670373][ C0] preempt_schedule_irq+0x50/0x90 [ 1099.675387][ C0] irqentry_exit+0x17b/0x670 [ 1099.679972][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1099.685944][ C0] RIP: 0010:lock_acquire+0x5e/0x380 [ 1099.691131][ C0] Code: 05 fb 2d 29 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 c6 69 f5 0e 0f 82 c2 02 00 00 8b 35 8e 9d f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 9d 2d 29 12 0f 85 02 03 00 00 48 83 c4 [ 1099.710739][ C0] RSP: 0018:ffffc900034d6e88 EFLAGS: 00000206 [ 1099.716794][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 [ 1099.724770][ C0] RDX: 0000000000000000 RSI: ffffffff8de5b10c RDI: ffffffff8c1b1220 [ 1099.732719][ C0] RBP: ffffffff8e7e77a0 R08: 000000005bb03f24 R09: 0000000000000007 [ 1099.740669][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 1099.748620][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1099.756587][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1099.761772][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1099.766956][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1099.773100][ C0] unwind_next_frame+0xd1/0x1ea0 [ 1099.778107][ C0] ? unwind_next_frame+0xbd/0x1ea0 [ 1099.783215][ C0] ? vm_mmap_pgoff+0x37f/0x470 [ 1099.787963][ C0] ? __kernel_text_address+0xd/0x30 [ 1099.793161][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1099.799295][ C0] arch_stack_walk+0x94/0xf0 [ 1099.803875][ C0] ? vm_mmap_pgoff+0x37f/0x470 [ 1099.808623][ C0] stack_trace_save+0x8e/0xc0 [ 1099.813400][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1099.818761][ C0] save_stack+0x162/0x1e0 [ 1099.823075][ C0] ? __pfx_save_stack+0x10/0x10 [ 1099.827934][ C0] ? post_alloc_hook+0x153/0x170 [ 1099.832870][ C0] ? get_page_from_freelist+0x111d/0x3140 [ 1099.838579][ C0] ? __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1099.844637][ C0] ? alloc_pages_mpol+0x1fb/0x550 [ 1099.849654][ C0] ? folio_alloc_mpol_noprof+0x36/0x340 [ 1099.855205][ C0] ? vma_alloc_folio_noprof+0xed/0x1d0 [ 1099.860652][ C0] ? do_anonymous_page+0xb3a/0x1fb0 [ 1099.865839][ C0] ? __handle_mm_fault+0x1d42/0x2b60 [ 1099.871129][ C0] ? handle_mm_fault+0x36d/0xa20 [ 1099.876052][ C0] ? __get_user_pages+0xf9c/0x34d0 [ 1099.881145][ C0] ? populate_vma_page_range+0x267/0x3f0 [ 1099.886763][ C0] ? __mm_populate+0x107/0x3a0 [ 1099.891532][ C0] ? vm_mmap_pgoff+0x37f/0x470 [ 1099.896282][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1099.901211][ C0] __set_page_owner+0x8c/0x540 [ 1099.905957][ C0] ? __pfx___set_page_owner+0x10/0x10 [ 1099.911309][ C0] ? bad_range+0x261/0x400 [ 1099.915708][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 1099.920896][ C0] post_alloc_hook+0x153/0x170 [ 1099.925649][ C0] get_page_from_freelist+0x111d/0x3140 [ 1099.931189][ C0] ? __pfx___might_resched+0x10/0x10 [ 1099.936458][ C0] ? prepare_alloc_pages+0x16d/0x5f0 [ 1099.941733][ C0] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1099.947618][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1099.952969][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1099.958333][ C0] ? stack_depot_save_flags+0x27/0x9d0 [ 1099.963781][ C0] ? kasan_save_stack+0x3f/0x50 [ 1099.968619][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1099.974941][ C0] ? __pfx_css_rstat_updated+0x10/0x10 [ 1099.980388][ C0] ? lock_acquire+0x1cf/0x380 [ 1099.985054][ C0] ? find_held_lock+0x2b/0x80 [ 1099.989722][ C0] ? page_table_check_set+0x49a/0xa10 [ 1099.995078][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1100.000955][ C0] ? policy_nodemask+0xed/0x4f0 [ 1100.005808][ C0] alloc_pages_mpol+0x1fb/0x550 [ 1100.010645][ C0] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1100.016008][ C0] folio_alloc_mpol_noprof+0x36/0x340 [ 1100.021366][ C0] vma_alloc_folio_noprof+0xed/0x1d0 [ 1100.026638][ C0] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1100.032521][ C0] do_anonymous_page+0xb3a/0x1fb0 [ 1100.037541][ C0] __handle_mm_fault+0x1d42/0x2b60 [ 1100.042656][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 1100.048104][ C0] ? pte_offset_map_lock+0x174/0x320 [ 1100.053372][ C0] ? find_held_lock+0x2b/0x80 [ 1100.058037][ C0] ? follow_page_pte+0x5b3/0x1400 [ 1100.063049][ C0] handle_mm_fault+0x36d/0xa20 [ 1100.067801][ C0] __get_user_pages+0xf9c/0x34d0 [ 1100.072728][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 1100.078086][ C0] populate_vma_page_range+0x267/0x3f0 [ 1100.083531][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1100.089582][ C0] ? __pfx_find_vma_intersection+0x10/0x10 [ 1100.095372][ C0] ? do_mmap+0x93f/0x12f0 [ 1100.099683][ C0] __mm_populate+0x107/0x3a0 [ 1100.104259][ C0] ? __pfx___mm_populate+0x10/0x10 [ 1100.109356][ C0] ? up_write+0x290/0x4f0 [ 1100.113677][ C0] vm_mmap_pgoff+0x37f/0x470 [ 1100.118258][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1100.123379][ C0] ksys_mmap_pgoff+0xe1/0x650 [ 1100.128044][ C0] ? kcov_ioctl+0x16a/0x720 [ 1100.132531][ C0] ? kfree+0x2ec/0x6b0 [ 1100.136691][ C0] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1100.141973][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1100.147772][ C0] __x64_sys_mmap+0x125/0x190 [ 1100.152440][ C0] do_syscall_64+0x106/0xf80 [ 1100.157109][ C0] ? clear_bhb_loop+0x40/0x90 [ 1100.161774][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.167653][ C0] RIP: 0033:0x7fac39d9c799 [ 1100.172069][ C0] RSP: 002b:00007fac3ac7a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1100.180465][ C0] RAX: ffffffffffffffda RBX: 00007fac3a016180 RCX: 00007fac39d9c799 [ 1100.188451][ C0] RDX: ffffffffffeffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 1100.196407][ C0] RBP: 00007fac39e32c99 R08: 0000000000000c76 R09: 0000000000008000 [ 1100.204463][ C0] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1100.212437][ C0] R13: 00007fac3a016218 R14: 00007fac3a016180 R15: 00007ffd00ba6ad8 [ 1100.220405][ C0] [ 1100.223547][ C0] rcu: rcu_preempt kthread starved for 412 jiffies! g236961 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1100.234637][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1100.244585][ C0] rcu: RCU grace-period kthread stack dump: [ 1100.250448][ C0] task:rcu_preempt state:R running task stack:27832 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 1100.263966][ C0] Call Trace: [ 1100.267229][ C0] [ 1100.270151][ C0] __schedule+0xfee/0x6120 [ 1100.274560][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1100.279495][ C0] ? __pfx___schedule+0x10/0x10 [ 1100.284329][ C0] ? find_held_lock+0x2b/0x80 [ 1100.289001][ C0] ? schedule+0x2bf/0x390 [ 1100.293322][ C0] schedule+0xdd/0x390 [ 1100.297379][ C0] schedule_timeout+0x127/0x280 [ 1100.302216][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1100.307575][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1100.312864][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1100.318657][ C0] ? prepare_to_swait_event+0xdf/0x4a0 [ 1100.324103][ C0] rcu_gp_fqs_loop+0x1a9/0x900 [ 1100.328855][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1100.334126][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 1100.339072][ C0] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 1100.344271][ C0] ? rcu_is_watching+0x12/0xc0 [ 1100.349055][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1100.354955][ C0] rcu_gp_kthread+0x179/0x230 [ 1100.359640][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1100.364840][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1100.370645][ C0] ? __kthread_parkme+0x18c/0x230 [ 1100.375685][ C0] ? kthread+0x13a/0x450 [ 1100.379930][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1100.385115][ C0] kthread+0x370/0x450 [ 1100.389175][ C0] ? __pfx_kthread+0x10/0x10 [ 1100.393754][ C0] ret_from_fork+0x754/0xd80 [ 1100.398334][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1100.403449][ C0] ? __switch_to+0x7b4/0x1120 [ 1100.408112][ C0] ? __pfx_kthread+0x10/0x10 [ 1100.412690][ C0] ret_from_fork_asm+0x1a/0x30 [ 1100.417449][ C0] [ 1100.420518][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1100.426840][ C0] CPU: 0 UID: 0 PID: 3412 Comm: kworker/R-bat_e Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1100.438118][ C0] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1100.450344][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1100.460412][ C0] Workqueue: bat_events batadv_dat_purge [ 1100.466134][ C0] RIP: 0010:lock_acquire+0x5e/0x380 [ 1100.471339][ C0] Code: 05 fb 2d 29 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 c6 69 f5 0e 0f 82 c2 02 00 00 8b 35 8e 9d f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 9d 2d 29 12 0f 85 02 03 00 00 48 83 c4 [ 1100.490946][ C0] RSP: 0018:ffffc90000006a40 EFLAGS: 00000206 [ 1100.497012][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000005 [ 1100.504979][ C0] RDX: 0000000000000000 RSI: ffffffff8de5b10c RDI: ffffffff8c1b1220 [ 1100.512943][ C0] RBP: ffffffff8e7e77a0 R08: 000000005970cd9e R09: 0000000000000007 [ 1100.520898][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 1100.528868][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1100.536821][ C0] FS: 0000000000000000(0000) GS:ffff888124346000(0000) knlGS:0000000000000000 [ 1100.545735][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1100.552300][ C0] CR2: 00007f70e7192155 CR3: 0000000036534000 CR4: 00000000003526f0 [ 1100.560255][ C0] Call Trace: [ 1100.563519][ C0] [ 1100.566345][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1100.571630][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1100.576812][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1100.582955][ C0] unwind_next_frame+0xd1/0x1ea0 [ 1100.588049][ C0] ? unwind_next_frame+0xbd/0x1ea0 [ 1100.593142][ C0] ? br_handle_frame+0xcdd/0x1520 [ 1100.598226][ C0] ? rcu_is_watching+0x12/0xc0 [ 1100.602981][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1100.609121][ C0] arch_stack_walk+0x94/0xf0 [ 1100.613696][ C0] ? br_handle_frame+0xcdd/0x1520 [ 1100.618707][ C0] ? __skb_ext_put+0x102/0x2f0 [ 1100.623461][ C0] stack_trace_save+0x8e/0xc0 [ 1100.628121][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1100.633476][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1100.638398][ C0] ? __local_bh_enable_ip+0x9e/0x120 [ 1100.643674][ C0] kasan_save_stack+0x30/0x50 [ 1100.648332][ C0] ? kasan_save_stack+0x30/0x50 [ 1100.653162][ C0] ? kasan_save_track+0x14/0x30 [ 1100.657990][ C0] ? kasan_save_free_info+0x3b/0x70 [ 1100.663171][ C0] ? __kasan_slab_free+0x5f/0x80 [ 1100.668089][ C0] ? kmem_cache_free+0x124/0x6a0 [ 1100.673011][ C0] ? __skb_ext_put+0x102/0x2f0 [ 1100.677758][ C0] ? skb_release_head_state+0x2c8/0x400 [ 1100.683289][ C0] ? sk_skb_reason_drop+0xc4/0x1b0 [ 1100.688387][ C0] ? ip6_mc_input+0x832/0xf50 [ 1100.693055][ C0] ? ip6_rcv_finish+0x294/0x300 [ 1100.697902][ C0] ? ip_sabotage_in+0x21e/0x290 [ 1100.702837][ C0] ? nf_hook_slow+0xbf/0x220 [ 1100.707460][ C0] ? nf_hook.constprop.0+0x2a6/0x750 [ 1100.712736][ C0] ? ipv6_rcv+0xa4/0x3d0 [ 1100.716960][ C0] ? __netif_receive_skb_one_core+0x12d/0x1e0 [ 1100.723012][ C0] ? __netif_receive_skb+0x1f/0x120 [ 1100.728192][ C0] ? netif_receive_skb+0x139/0x820 [ 1100.733288][ C0] ? br_pass_frame_up+0x346/0x490 [ 1100.738299][ C0] ? br_handle_frame_finish+0xa74/0x1f60 [ 1100.743919][ C0] ? br_nf_hook_thresh+0x30d/0x420 [ 1100.749022][ C0] ? br_nf_pre_routing_finish_ipv6+0x769/0xfb0 [ 1100.755161][ C0] ? br_nf_pre_routing_ipv6+0x39c/0x8b0 [ 1100.760693][ C0] ? br_nf_pre_routing+0x90d/0x1550 [ 1100.765879][ C0] ? br_handle_frame+0xcdd/0x1520 [ 1100.770910][ C0] kasan_save_track+0x14/0x30 [ 1100.775570][ C0] kasan_save_free_info+0x3b/0x70 [ 1100.780579][ C0] __kasan_slab_free+0x5f/0x80 [ 1100.785327][ C0] kmem_cache_free+0x124/0x6a0 [ 1100.790083][ C0] __skb_ext_put+0x102/0x2f0 [ 1100.794714][ C0] ? ipv6_chk_mcast_addr+0x2b0/0x9a0 [ 1100.800028][ C0] skb_release_head_state+0x2c8/0x400 [ 1100.805412][ C0] sk_skb_reason_drop+0xc4/0x1b0 [ 1100.810349][ C0] ip6_mc_input+0x832/0xf50 [ 1100.814844][ C0] ? __pfx_ip6_mc_input+0x10/0x10 [ 1100.819868][ C0] ? __netif_receive_skb_core.constprop.0+0xd4d/0x3550 [ 1100.826730][ C0] ? __pfx_ip6_mc_input+0x10/0x10 [ 1100.831757][ C0] ip6_rcv_finish+0x294/0x300 [ 1100.836419][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 1100.841689][ C0] ip_sabotage_in+0x21e/0x290 [ 1100.846350][ C0] nf_hook_slow+0xbf/0x220 [ 1100.850758][ C0] nf_hook.constprop.0+0x2a6/0x750 [ 1100.855853][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 1100.861037][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 1100.866660][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 1100.871847][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 1100.876523][ C0] ipv6_rcv+0xa4/0x3d0 [ 1100.880605][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 1100.885264][ C0] __netif_receive_skb_one_core+0x12d/0x1e0 [ 1100.891147][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 1100.897567][ C0] ? get_rps_cpu+0x62f/0x1670 [ 1100.902233][ C0] __netif_receive_skb+0x1f/0x120 [ 1100.907243][ C0] netif_receive_skb+0x139/0x820 [ 1100.912165][ C0] ? br_multicast_count+0x8d/0xbc0 [ 1100.917458][ C0] ? __pfx_netif_receive_skb+0x10/0x10 [ 1100.922911][ C0] ? br_netif_receive_skb+0xff/0x1f0 [ 1100.928204][ C0] br_pass_frame_up+0x346/0x490 [ 1100.933059][ C0] br_handle_frame_finish+0xa74/0x1f60 [ 1100.938512][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 1100.944436][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1100.949383][ C0] ? __pfx_ip6t_do_table+0x10/0x10 [ 1100.954499][ C0] ? nf_hook_slow+0x167/0x220 [ 1100.959170][ C0] br_nf_hook_thresh+0x30d/0x420 [ 1100.964104][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 1100.969987][ C0] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 1100.975434][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 1100.981331][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1100.987207][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1100.993080][ C0] br_nf_pre_routing_finish_ipv6+0x769/0xfb0 [ 1100.999047][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 1101.004930][ C0] br_nf_pre_routing_ipv6+0x39c/0x8b0 [ 1101.010290][ C0] ? __pfx_br_nf_pre_routing_ipv6+0x10/0x10 [ 1101.016167][ C0] ? lock_acquire+0x1cf/0x380 [ 1101.020832][ C0] ? __pfx_br_nf_pre_routing_finish_ipv6+0x10/0x10 [ 1101.027317][ C0] ? net_generic+0xea/0x2a0 [ 1101.031806][ C0] br_nf_pre_routing+0x90d/0x1550 [ 1101.036821][ C0] br_handle_frame+0xcdd/0x1520 [ 1101.041661][ C0] ? __pfx_br_handle_frame+0x10/0x10 [ 1101.046934][ C0] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 1101.052836][ C0] ? __pfx_br_handle_frame+0x10/0x10 [ 1101.058118][ C0] __netif_receive_skb_core.constprop.0+0x6c5/0x3550 [ 1101.064781][ C0] ? mark_held_locks+0x40/0x70 [ 1101.069534][ C0] ? kmem_cache_free+0x124/0x6a0 [ 1101.074457][ C0] ? skb_release_data+0x7a0/0x9d0 [ 1101.079467][ C0] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 1101.086560][ C0] ? kfree_skbmem+0x19f/0x210 [ 1101.091215][ C0] ? sk_skb_reason_drop+0x114/0x1b0 [ 1101.096399][ C0] ? ip6_mc_input+0x51a/0xf50 [ 1101.101059][ C0] ? __pfx_ip6_mc_input+0x10/0x10 [ 1101.106070][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1101.110997][ C0] ? process_backlog+0x32a/0x1580 [ 1101.116002][ C0] __netif_receive_skb_one_core+0xb0/0x1e0 [ 1101.121792][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 1101.128189][ C0] ? lock_acquire+0x1cf/0x380 [ 1101.132850][ C0] ? process_backlog+0x32a/0x1580 [ 1101.137860][ C0] ? process_backlog+0x32a/0x1580 [ 1101.142869][ C0] __netif_receive_skb+0x1f/0x120 [ 1101.147879][ C0] process_backlog+0x37a/0x1580 [ 1101.152721][ C0] __napi_poll.constprop.0+0xaf/0x450 [ 1101.158079][ C0] net_rx_action+0xa40/0xf20 [ 1101.162670][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1101.167769][ C0] ? mark_held_locks+0x40/0x70 [ 1101.172522][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 1101.177709][ C0] ? tmigr_handle_remote+0x132/0x380 [ 1101.182982][ C0] ? run_timer_base+0x121/0x190 [ 1101.187813][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 1101.192995][ C0] handle_softirqs+0x1eb/0x9e0 [ 1101.197751][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1101.203018][ C0] ? __batadv_dat_purge.part.0+0x294/0x3c0 [ 1101.208836][ C0] ? __pfx_batadv_dat_to_purge+0x10/0x10 [ 1101.214449][ C0] do_softirq+0xac/0xe0 [ 1101.218586][ C0] [ 1101.221499][ C0] [ 1101.224414][ C0] __local_bh_enable_ip+0xf8/0x120 [ 1101.229533][ C0] __batadv_dat_purge.part.0+0x294/0x3c0 [ 1101.235153][ C0] batadv_dat_purge+0x4b/0xa0 [ 1101.239813][ C0] process_one_work+0xa23/0x19a0 [ 1101.244746][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1101.250125][ C0] ? __pfx_batadv_dat_purge+0x10/0x10 [ 1101.255499][ C0] rescuer_thread+0x905/0x14a0 [ 1101.260273][ C0] ? rescuer_thread+0x240/0x14a0 [ 1101.265206][ C0] ? rescuer_thread+0x118/0x14a0 [ 1101.270137][ C0] ? __pfx_rescuer_thread+0x10/0x10 [ 1101.275326][ C0] ? __kthread_parkme+0x18c/0x230 [ 1101.280335][ C0] ? kthread+0x13a/0x450 [ 1101.284560][ C0] ? __pfx_rescuer_thread+0x10/0x10 [ 1101.289754][ C0] kthread+0x370/0x450 [ 1101.293810][ C0] ? __pfx_kthread+0x10/0x10 [ 1101.298387][ C0] ret_from_fork+0x754/0xd80 [ 1101.302974][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1101.308097][ C0] ? __switch_to+0x7b4/0x1120 [ 1101.312779][ C0] ? __pfx_kthread+0x10/0x10 [ 1101.317357][ C0] ret_from_fork_asm+0x1a/0x30 [ 1101.322158][ C0] [ 1101.373740][T16686] Bluetooth: hci3: command 0x0406 tx timeout [ 1101.508755][ T1301] ieee802154 phy1 wpan1: encryption failed: -22