last executing test programs: 1m48.980052907s ago: executing program 3 (id=759): mmap$auto(0x0, 0x8, 0x1000000004, 0x8b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x7) r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f) fallocate$auto(r0, 0x0, 0x7, 0xb) 1m48.756475049s ago: executing program 3 (id=762): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) 1m48.314823244s ago: executing program 3 (id=767): socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x8, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 1m48.009377815s ago: executing program 3 (id=770): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8402, 0x0) write$auto_tracing_cpumask_fops_trace(r1, &(0x7f0000000080), 0x0) ptrace$auto(0x10, r0, 0x4, 0x7ff) ptrace$auto_PTRACE_POKEUSR(0x6, r0, 0x358, 0x9e) 1m47.717301171s ago: executing program 3 (id=777): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) tkill$auto(0x1, 0x7) 1m46.789010731s ago: executing program 3 (id=785): socket(0x28, 0x1, 0x0) socket(0x28, 0x1, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf9779d790fb28"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 1m46.452148205s ago: executing program 32 (id=785): socket(0x28, 0x1, 0x0) socket(0x28, 0x1, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf9779d790fb28"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 13.039740423s ago: executing program 1 (id=1786): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) 12.831576142s ago: executing program 1 (id=1790): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) tgkill$auto(0x1, 0x1, 0x5) 11.901931252s ago: executing program 1 (id=1795): r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100cda4429629bd7100f9db5f250200000000", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8) 11.642968258s ago: executing program 1 (id=1800): sigaltstack$auto(&(0x7f0000000040)={0x0, 0x80000000, 0x7fffffffffffffff}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = getpid() r1 = gettid() rt_tgsigqueueinfo$auto(r0, r1, 0x21, 0x0) 11.080965721s ago: executing program 1 (id=1810): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) tkill$auto(0x1, 0x7) 10.013999243s ago: executing program 1 (id=1812): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60642, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) 9.373585893s ago: executing program 33 (id=1812): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60642, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) 2.425266765s ago: executing program 0 (id=1859): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="02002abd7000ffdbdf2502000000040002001c00048005bc48242d10b34cfb6a801306b44fd2162bb3596680cddf080007000010000008000100"], 0x44}, 0x1, 0x0, 0x0, 0x4004004}, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='T'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.21842294s ago: executing program 0 (id=1854): r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000880)={0x14, r0, 0x301, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) read$auto(0x3, 0x0, 0x80) 2.052935896s ago: executing program 2 (id=1855): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CQM(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_CQM={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x40800) 1.777766182s ago: executing program 5 (id=1857): mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x161342, 0x13d) read$auto(0x3, 0x0, 0x7fffffff) write$auto(r0, &(0x7f0000000000)='(,\'\\\x00', 0x8001) 1.744932551s ago: executing program 4 (id=1858): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r0 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0xbf) ppoll$auto(&(0x7f0000000180)={r0, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) close_range$auto(r0, 0x8, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) 1.731076968s ago: executing program 2 (id=1860): socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket(0x15, 0x5, 0x0) getsockopt$auto(r0, 0x114, 0x5, 0xfffffffffffffffc, 0x0) 1.691992458s ago: executing program 0 (id=1861): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) setreuid$auto(0x4, 0x8) ioctl$auto(0x1, 0x894c, 0x8) 1.512285255s ago: executing program 2 (id=1862): mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000006640), 0x2, 0x0) readv$auto(r0, &(0x7f0000000040)={0x0, 0x36a}, 0x6) 1.497559109s ago: executing program 5 (id=1863): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010527bd7000fbdbdf2502"], 0x34}, 0x1, 0x0, 0x0, 0x4068811}, 0x80) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x11b, 0xf}, 0xc, 0x0, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1.483992667s ago: executing program 0 (id=1864): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 1.476324451s ago: executing program 4 (id=1865): setuid$auto(0xe) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x9) bind$auto(0x3, &(0x7f0000000000)=@nl=@kern={0x10, 0x0, 0x0, 0x200}, 0x68) 1.279854585s ago: executing program 5 (id=1866): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0xc}, 0x7) 1.274264085s ago: executing program 4 (id=1867): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mprotect$auto(0x42f, 0x8, 0xb217) pwrite64$auto(0xc8, 0x0, 0x6, 0x7a) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlockall$auto(0x800000000000005) 1.128510315s ago: executing program 2 (id=1868): openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) mmap$auto(0x0, 0x202000a, 0x3, 0x40000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose11/tx_queue_len\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0x7fffffff) 791.088917ms ago: executing program 2 (id=1869): mmap$auto(0x0, 0x2000b, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x1) 708.388273ms ago: executing program 5 (id=1870): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) writev$auto(0x8, &(0x7f0000000040)={&(0x7f0000000000), 0x2000000000001}, 0xabc) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) 612.58399ms ago: executing program 0 (id=1871): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd33, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x24}}, 0x24048094) 475.469945ms ago: executing program 2 (id=1872): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fcntl$auto_F_SETLK(r0, 0x6, 0x0) 465.986559ms ago: executing program 5 (id=1873): r0 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x8941, 0x4) 465.272718ms ago: executing program 4 (id=1874): mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) semctl$auto(0x80001ff, 0x804, 0x3, 0x4) setsockopt$auto(0x3, 0x29, 0x40, 0x0, 0x10001) 400.806406ms ago: executing program 0 (id=1875): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) getpeername$auto(r0, 0x0, 0x0) 202.702087ms ago: executing program 5 (id=1876): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, 0x0, 0xe) 202.437701ms ago: executing program 4 (id=1877): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) truncate$auto(&(0x7f00000000c0)='./file0\x00', 0x0) 0s ago: executing program 4 (id=1878): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x4, 0x0, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts. [ 90.789078][ T5834] cgroup: Unknown subsys name 'net' [ 90.903250][ T5834] cgroup: Unknown subsys name 'cpuset' [ 90.912856][ T5834] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.880619][ T5834] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.140938][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.149293][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.168277][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.179022][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.186830][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.187705][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.203255][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.209455][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.244934][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.268998][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.289567][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.298435][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.306014][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.309532][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.320362][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.328569][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.338214][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.348924][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.350164][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.356976][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.764427][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 95.950668][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.958562][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.965951][ T5844] bridge_slave_0: entered allmulticast mode [ 95.975665][ T5844] bridge_slave_0: entered promiscuous mode [ 95.988647][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.995812][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.003497][ T5844] bridge_slave_1: entered allmulticast mode [ 96.011119][ T5844] bridge_slave_1: entered promiscuous mode [ 96.119449][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 96.135385][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.179588][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.253920][ T5844] team0: Port device team_slave_0 added [ 96.268633][ T5844] team0: Port device team_slave_1 added [ 96.288591][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 96.352464][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 96.365422][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.373011][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.399482][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.435164][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.443091][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.469451][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.567605][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.575027][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.583357][ T5847] bridge_slave_0: entered allmulticast mode [ 96.591131][ T5847] bridge_slave_0: entered promiscuous mode [ 96.620816][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.628186][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.635590][ T5847] bridge_slave_1: entered allmulticast mode [ 96.643320][ T5847] bridge_slave_1: entered promiscuous mode [ 96.755664][ T5844] hsr_slave_0: entered promiscuous mode [ 96.762937][ T5844] hsr_slave_1: entered promiscuous mode [ 96.806092][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.820845][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.830990][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.838870][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.846090][ T5845] bridge_slave_0: entered allmulticast mode [ 96.854372][ T5845] bridge_slave_0: entered promiscuous mode [ 96.862236][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.869581][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.876780][ T5846] bridge_slave_0: entered allmulticast mode [ 96.885503][ T5846] bridge_slave_0: entered promiscuous mode [ 96.925211][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.932500][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.940243][ T5845] bridge_slave_1: entered allmulticast mode [ 96.947609][ T5845] bridge_slave_1: entered promiscuous mode [ 96.956136][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.963762][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.971100][ T5846] bridge_slave_1: entered allmulticast mode [ 96.980547][ T5846] bridge_slave_1: entered promiscuous mode [ 97.005651][ T5847] team0: Port device team_slave_0 added [ 97.043276][ T851] cfg80211: failed to load regulatory.db [ 97.073304][ T5847] team0: Port device team_slave_1 added [ 97.114284][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.126949][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.139982][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.198445][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.215140][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.222311][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.248817][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.278904][ T5856] Bluetooth: hci0: command tx timeout [ 97.299955][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.306958][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.333364][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.347695][ T5845] team0: Port device team_slave_0 added [ 97.358919][ T5845] team0: Port device team_slave_1 added [ 97.424041][ T5846] team0: Port device team_slave_0 added [ 97.439165][ T5153] Bluetooth: hci2: command tx timeout [ 97.443379][ T5862] Bluetooth: hci1: command tx timeout [ 97.446416][ T5856] Bluetooth: hci3: command tx timeout [ 97.471797][ T5846] team0: Port device team_slave_1 added [ 97.479484][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.486497][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.513317][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.561580][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.568662][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.595271][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.661140][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.668670][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.694939][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.721020][ T5847] hsr_slave_0: entered promiscuous mode [ 97.727465][ T5847] hsr_slave_1: entered promiscuous mode [ 97.734122][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.742556][ T5847] Cannot create hsr debugfs directory [ 97.768922][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.775899][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.802072][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.888625][ T5845] hsr_slave_0: entered promiscuous mode [ 97.895106][ T5845] hsr_slave_1: entered promiscuous mode [ 97.901679][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.909350][ T5845] Cannot create hsr debugfs directory [ 98.037228][ T5846] hsr_slave_0: entered promiscuous mode [ 98.043788][ T5846] hsr_slave_1: entered promiscuous mode [ 98.051591][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.059379][ T5846] Cannot create hsr debugfs directory [ 98.225315][ T5844] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.240646][ T5844] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.287504][ T5844] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.299174][ T5844] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.505374][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.523938][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.535777][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.547864][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.661512][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.677346][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.699474][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.736215][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.827472][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.852413][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.875598][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.907439][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.919333][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.940775][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.989884][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.997336][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.043468][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.057564][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.064805][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.107729][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.136368][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.144184][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.186621][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.193808][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.254468][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.345157][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.358336][ T5856] Bluetooth: hci0: command tx timeout [ 99.383796][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.391031][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.439832][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.447046][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.473015][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.519345][ T5856] Bluetooth: hci3: command tx timeout [ 99.519656][ T5862] Bluetooth: hci2: command tx timeout [ 99.524792][ T5856] Bluetooth: hci1: command tx timeout [ 99.625355][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.671858][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.679095][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.734378][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.741635][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.886622][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.957629][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.084990][ T5847] veth0_vlan: entered promiscuous mode [ 100.107471][ T5844] veth0_vlan: entered promiscuous mode [ 100.147469][ T5847] veth1_vlan: entered promiscuous mode [ 100.165215][ T5844] veth1_vlan: entered promiscuous mode [ 100.224179][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.271866][ T5847] veth0_macvtap: entered promiscuous mode [ 100.289117][ T5847] veth1_macvtap: entered promiscuous mode [ 100.342609][ T5844] veth0_macvtap: entered promiscuous mode [ 100.357348][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.374769][ T5844] veth1_macvtap: entered promiscuous mode [ 100.411327][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.432480][ T5845] veth0_vlan: entered promiscuous mode [ 100.450871][ T5845] veth1_vlan: entered promiscuous mode [ 100.460750][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.474727][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.484209][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.496888][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.505779][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.518195][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.529334][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.542011][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.554194][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.565275][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.578011][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.600372][ T5844] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.609833][ T5844] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.619071][ T5844] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.627823][ T5844] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.706101][ T5845] veth0_macvtap: entered promiscuous mode [ 100.731382][ T5845] veth1_macvtap: entered promiscuous mode [ 100.829462][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.837466][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.855815][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.870161][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.880847][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.891437][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.903339][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.937141][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.948147][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.958486][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.969271][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.981820][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.022660][ T5845] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.032108][ T5845] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.042887][ T5845] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.052038][ T5845] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.066655][ T5846] veth0_vlan: entered promiscuous mode [ 101.073812][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.090769][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.144841][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.159979][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.161615][ T5846] veth1_vlan: entered promiscuous mode [ 101.183715][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.192348][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.372573][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.393399][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.402295][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.418927][ T5846] veth0_macvtap: entered promiscuous mode [ 101.442732][ T5856] Bluetooth: hci0: command tx timeout [ 101.447976][ T5846] veth1_macvtap: entered promiscuous mode [ 101.476163][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.495185][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.511252][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.526249][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.537350][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.567993][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.598301][ T5856] Bluetooth: hci2: command tx timeout [ 101.603794][ T5856] Bluetooth: hci3: command tx timeout [ 101.610565][ T5153] Bluetooth: hci1: command tx timeout [ 101.618214][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.646365][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.659963][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.681668][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.708016][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.728376][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.748039][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.777631][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.799831][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.812058][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.862641][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.902064][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.911869][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.921028][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.259651][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.301538][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.426865][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.451633][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.546155][ T30] audit: type=1804 audit(1745117470.862:2): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.7" name=2F6E6577726F6F742F322F08 dev="tmpfs" ino=28 res=1 errno=0 [ 102.916091][ T5935] netlink: 'syz.2.3': attribute type 8 has an invalid length. [ 103.160897][ T5941] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.520490][ T5856] Bluetooth: hci0: command tx timeout [ 103.678803][ T5856] Bluetooth: hci2: command tx timeout [ 103.679708][ T5862] Bluetooth: hci1: command tx timeout [ 103.690190][ T5153] Bluetooth: hci3: command tx timeout [ 104.224687][ T5966] mmap: syz.2.23 (5966) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 105.172017][ T5993] netlink: 'syz.2.34': attribute type 9 has an invalid length. [ 105.208231][ T5993] netlink: 330 bytes leftover after parsing attributes in process `syz.2.34'. [ 105.241819][ T5993] Zero length message leads to an empty skb [ 110.783988][ T6120] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.219746][ T6133] netlink: 28 bytes leftover after parsing attributes in process `syz.3.80'. [ 111.236403][ T6133] veth1_macvtap: left promiscuous mode [ 111.254962][ T6133] macsec0: entered allmulticast mode [ 115.031147][ T6220] netlink: 28 bytes leftover after parsing attributes in process `syz.0.117'. [ 118.891545][ T6340] sctp: [Deprecated]: syz.3.167 (pid 6340) Use of int in maxseg socket option. [ 118.891545][ T6340] Use struct sctp_assoc_value instead [ 119.130453][ T6347] lo: entered allmulticast mode [ 119.146034][ T6346] lo: left allmulticast mode [ 119.360994][ T5153] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 119.655424][ T6365] syz.0.178 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 120.692467][ T6387] bond0: Unable to set up delay as MII monitoring is disabled [ 121.168547][ T6404] netlink: 342 bytes leftover after parsing attributes in process `syz.2.194'. [ 121.479719][ T6414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.197'. [ 121.498768][ T6414] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 121.509426][ T6414] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 121.543216][ T6416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.197'. [ 122.212388][ T6431] netlink: 19 bytes leftover after parsing attributes in process `syz.3.205'. [ 122.881939][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.215'. [ 123.028353][ T6455] netlink: 'syz.3.217': attribute type 1 has an invalid length. [ 123.036065][ T6455] netlink: 206 bytes leftover after parsing attributes in process `syz.3.217'. [ 123.324792][ T6465] netlink: 19 bytes leftover after parsing attributes in process `syz.0.221'. [ 125.326567][ T6511] process 'syz.0.242' launched '/dev/fd/3' with NULL argv: empty string added [ 125.513058][ T30] audit: type=1800 audit(4294967302.050:3): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.248" name="discovery_nqn" dev="configfs" ino=8567 res=0 errno=0 [ 126.633357][ T6547] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 127.302931][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.3.265'. [ 127.428928][ T6562] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 130.054449][ T6647] netlink: 28 bytes leftover after parsing attributes in process `syz.3.299'. [ 130.064912][ T6647] ipvlan1: entered allmulticast mode [ 130.098808][ T6647] veth0_vlan: entered allmulticast mode [ 130.949001][ T6675] netlink: 342 bytes leftover after parsing attributes in process `syz.3.311'. [ 132.475673][ T6714] capability: warning: `syz.2.326' uses 32-bit capabilities (legacy support in use) [ 134.413768][ T6776] sock: sock_set_timeout: `syz.3.353' (pid 6776) tries to set negative timeout [ 134.846864][ T6794] netlink: 'syz.3.362': attribute type 3 has an invalid length. [ 136.943361][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'. [ 137.720416][ T6881] kafs: addr_prefs: Invalid Command [ 138.005815][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.012691][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.555190][ T6902] zram0: detected capacity change from 0 to 8 [ 138.724501][ T6906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.410'. [ 138.768382][ T6906] macsec0: entered promiscuous mode [ 138.781911][ T6906] macsec0: entered allmulticast mode [ 138.797535][ T6906] veth1_macvtap: entered allmulticast mode [ 141.803455][ T6969] zswap: compressor not available [ 141.835852][ T6971] Setting dangerous option i915.mitigations - tainting kernel [ 143.287000][ T7012] delete_channel: no stack [ 147.485192][ T7108] PM: Enabling pm_trace changes system date and time during resume. [ 147.485192][ T7108] PM: Correct system time has to be restored manually after resume. [ 148.821723][ T7131] Device name cannot be null; rc = [-22] [ 149.938952][ T7156] nbd: socks must be embedded in a SOCK_ITEM attr [ 149.949794][ T7156] block nbd1: shutting down sockets [ 154.182863][ T7241] netlink: 'syz.2.546': attribute type 9 has an invalid length. [ 154.205257][ T7241] netlink: 330 bytes leftover after parsing attributes in process `syz.2.546'. [ 154.381409][ T7245] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 156.787987][ T7337] nbd1: detected capacity change from 0 to 68719476736 [ 156.814504][ T6034] block nbd1: Send control failed (result -22) [ 156.848173][ T6034] block nbd1: Request send failed, requeueing [ 156.884017][ T5862] block nbd1: Receive control failed (result -32) [ 156.886672][ T25] block nbd1: Dead connection, failed to find a fallback [ 156.903181][ T25] block nbd1: shutting down sockets [ 156.909080][ T25] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.918908][ T25] Buffer I/O error on dev nbd1, logical block 0, async page read [ 156.927007][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.940858][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 156.950235][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.959602][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 156.967563][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.980889][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 156.988925][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.005551][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.014314][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.023768][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.031861][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.041256][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.049292][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.058715][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.066618][ T6034] ldm_validate_partition_table(): Disk read failed. [ 157.073612][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.098792][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.107850][ T6034] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 157.128001][ T6034] Buffer I/O error on dev nbd1, logical block 0, async page read [ 157.136247][ T6034] Dev nbd1: unable to read RDB block 0 [ 157.158836][ T6034] nbd1: unable to read partition table [ 157.226469][ T6034] ldm_validate_partition_table(): Disk read failed. [ 157.245520][ T6034] Dev nbd1: unable to read RDB block 0 [ 157.282947][ T6034] nbd1: unable to read partition table [ 158.084348][ T7383] netlink: 'syz.3.602': attribute type 2 has an invalid length. [ 159.342077][ T7422] batman_adv: Routing algorithm '60000' is not supported [ 160.297417][ T7454] netlink: 338 bytes leftover after parsing attributes in process `syz.1.633'. [ 162.237047][ T7510] ptrace attach of "./syz-executor exec"[5844] was attempted by ""[7510] [ 162.917572][ T7526] lo: entered promiscuous mode [ 162.941567][ T7525] lo: left promiscuous mode [ 163.017782][ T7530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 163.483005][ T7551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.675'. [ 163.506227][ T7551] team_slave_0: entered allmulticast mode [ 165.393718][ T7615] netlink: 346 bytes leftover after parsing attributes in process `syz.2.703'. [ 168.008188][ T7643] kexec: Could not allocate control_code_buffer [ 169.143011][ T7722] syz.0.746 uses obsolete (PF_INET,SOCK_PACKET) [ 171.340345][ T7785] netlink: 186 bytes leftover after parsing attributes in process `syz.0.772'. [ 173.275154][ T7838] tipc: Started in network mode [ 173.283066][ T7838] tipc: Node identity ee00, cluster identity 4711 [ 173.290992][ T7838] tipc: Node number set to 60928 [ 173.393062][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 173.402755][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 173.410747][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 173.428725][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 173.439310][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 173.830428][ T7841] chnl_net:caif_netlink_parms(): no params data found [ 174.070735][ T7841] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.080687][ T7841] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.096862][ T7841] bridge_slave_0: entered allmulticast mode [ 174.108344][ T7841] bridge_slave_0: entered promiscuous mode [ 174.119591][ T7841] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.126850][ T7841] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.137225][ T7841] bridge_slave_1: entered allmulticast mode [ 174.146091][ T7841] bridge_slave_1: entered promiscuous mode [ 174.244486][ T7841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.280591][ T7841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.374399][ T7841] team0: Port device team_slave_0 added [ 174.390677][ T7841] team0: Port device team_slave_1 added [ 174.466952][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.475587][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.507184][ T7841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.542229][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.558072][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.613581][ T7841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.666981][ T7868] GUP no longer grows the stack in syz.0.803 (7868): 14000-401000 (4000) [ 174.682941][ T7868] CPU: 0 UID: 0 PID: 7868 Comm: syz.0.803 Tainted: G U 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 174.682993][ T7868] Tainted: [U]=USER [ 174.683004][ T7868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 174.683027][ T7868] Call Trace: [ 174.683038][ T7868] [ 174.683055][ T7868] dump_stack_lvl+0x16c/0x1f0 [ 174.683122][ T7868] gup_vma_lookup+0x1d2/0x220 [ 174.683174][ T7868] __get_user_pages+0x234/0x36f0 [ 174.683216][ T7868] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 174.683259][ T7868] ? look_up_lock_class+0x59/0x150 [ 174.683305][ T7868] ? __pfx___get_user_pages+0x10/0x10 [ 174.683336][ T7868] ? process_vm_rw+0x216/0x2c0 [ 174.683374][ T7868] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 174.683416][ T7868] ? do_syscall_64+0xcd/0x230 [ 174.683476][ T7868] __gup_longterm_locked+0x20d/0x1850 [ 174.683521][ T7868] ? __pfx___gup_longterm_locked+0x10/0x10 [ 174.683575][ T7868] pin_user_pages_remote+0xed/0x140 [ 174.683610][ T7868] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 174.683641][ T7868] ? mm_access+0x22d/0x2e0 [ 174.683700][ T7868] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 174.683753][ T7868] ? futex_wait_queue+0x14c/0x220 [ 174.683795][ T7868] ? futex_unqueue+0xba/0x140 [ 174.683838][ T7868] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 174.683888][ T7868] ? iovec_from_user+0xbb/0x140 [ 174.683958][ T7868] ? iovec_from_user+0xbb/0x140 [ 174.684007][ T7868] process_vm_rw+0x216/0x2c0 [ 174.684054][ T7868] ? __pfx_process_vm_rw+0x10/0x10 [ 174.684110][ T7868] ? up_write+0x1b2/0x520 [ 174.684197][ T7868] ? xfd_validate_state+0x5d/0x180 [ 174.684241][ T7868] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 174.684286][ T7868] ? do_syscall_64+0x91/0x230 [ 174.684333][ T7868] ? lockdep_hardirqs_on+0x7c/0x110 [ 174.684379][ T7868] do_syscall_64+0xcd/0x230 [ 174.684431][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.684463][ T7868] RIP: 0033:0x7febbd58e169 [ 174.684501][ T7868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.684533][ T7868] RSP: 002b:00007febbe460038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 174.684568][ T7868] RAX: ffffffffffffffda RBX: 00007febbd7b5fa0 RCX: 00007febbd58e169 [ 174.684590][ T7868] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 00000000000001b9 [ 174.684610][ T7868] RBP: 00007febbd610a68 R08: 0000000000000003 R09: 0000000000000000 [ 174.684629][ T7868] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 174.684648][ T7868] R13: 0000000000000000 R14: 00007febbd7b5fa0 R15: 00007fffae7497a8 [ 174.684690][ T7868] [ 175.109690][ T7841] hsr_slave_0: entered promiscuous mode [ 175.116555][ T7841] hsr_slave_1: entered promiscuous mode [ 175.123662][ T7841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 175.131589][ T7841] Cannot create hsr debugfs directory [ 175.527805][ T5856] Bluetooth: hci2: command tx timeout [ 175.628649][ T7841] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 175.658471][ T7841] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 175.672652][ T7841] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 175.703338][ T7841] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 175.977794][ T7841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.064811][ T7841] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.130373][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.137582][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.200163][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.207390][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.269253][ T7908] nbd: socks must be embedded in a SOCK_ITEM attr [ 176.295277][ T7908] block nbd3: shutting down sockets [ 176.304912][ T7841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.784801][ T7841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.487169][ T7841] veth0_vlan: entered promiscuous mode [ 177.544262][ T7841] veth1_vlan: entered promiscuous mode [ 177.598158][ T5856] Bluetooth: hci2: command tx timeout [ 177.640378][ T7841] veth0_macvtap: entered promiscuous mode [ 177.652655][ T7841] veth1_macvtap: entered promiscuous mode [ 177.676757][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.707173][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.737083][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.768393][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.787933][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.817933][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.834742][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.863943][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.877288][ T7841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.916396][ T30] audit: type=1804 audit(4294967354.470:4): pid=7956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.837" name="/newroot/198/file0" dev="tmpfs" ino=1018 res=1 errno=0 [ 177.954223][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.998045][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.008746][ T30] audit: type=1800 audit(4294967354.470:5): pid=7956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.837" name="file0" dev="tmpfs" ino=1018 res=0 errno=0 [ 178.029762][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.059920][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.073590][ T30] audit: type=1800 audit(4294967354.470:6): pid=7956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.837" name="file0" dev="tmpfs" ino=1018 res=0 errno=0 [ 178.094748][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.105969][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.128058][ T7841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.145771][ T7841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.178740][ T7841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.228156][ T7841] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.236953][ T7841] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.266940][ T7841] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.287932][ T7841] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.505321][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.525521][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.624623][ T3021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.644044][ T3021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.289698][ T30] audit: type=1800 audit(4294967355.850:7): pid=7995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.854" name="lu_gp_id" dev="configfs" ino=14603 res=0 errno=0 [ 179.322553][ T7995] ALUA LU Group already has a valid ID, ignoring request [ 179.614767][ T8003] netlink: 28 bytes leftover after parsing attributes in process `syz.2.857'. [ 179.647604][ T8003] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 179.678186][ T5856] Bluetooth: hci2: command tx timeout [ 180.944069][ T8048] IPVS: length: 24 != 25769803800 [ 181.372068][ T8062] netlink: 'syz.2.884': attribute type 9 has an invalid length. [ 181.761688][ T5856] Bluetooth: hci2: command tx timeout [ 182.548711][ T8096] FAULT_INJECTION: forcing a failure. [ 182.548711][ T8096] name failslab, interval 1, probability 0, space 0, times 1 [ 182.579897][ T8096] CPU: 1 UID: 0 PID: 8096 Comm: syz.0.898 Tainted: G U 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 182.579955][ T8096] Tainted: [U]=USER [ 182.579966][ T8096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.579990][ T8096] Call Trace: [ 182.580000][ T8096] [ 182.580015][ T8096] dump_stack_lvl+0x16c/0x1f0 [ 182.580070][ T8096] should_fail_ex+0x512/0x640 [ 182.580108][ T8096] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 182.580159][ T8096] should_failslab+0xc2/0x120 [ 182.580202][ T8096] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 182.580243][ T8096] ? copy_process+0x4bd/0x91a0 [ 182.580295][ T8096] copy_process+0x4bd/0x91a0 [ 182.580337][ T8096] ? find_held_lock+0x2b/0x80 [ 182.580372][ T8096] ? schedule+0x2d7/0x3a0 [ 182.580415][ T8096] ? futex_wait_queue+0x24/0x220 [ 182.580460][ T8096] ? schedule+0xf1/0x3a0 [ 182.580501][ T8096] ? futex_wait_queue+0x14c/0x220 [ 182.580553][ T8096] ? __pfx_copy_process+0x10/0x10 [ 182.580595][ T8096] ? __pfx___futex_wait+0x10/0x10 [ 182.580639][ T8096] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 182.580689][ T8096] ? __pfx_futex_wake_mark+0x10/0x10 [ 182.580756][ T8096] kernel_clone+0xfc/0x960 [ 182.580804][ T8096] ? __pfx_kernel_clone+0x10/0x10 [ 182.580871][ T8096] __do_sys_clone+0xce/0x120 [ 182.580916][ T8096] ? __pfx___do_sys_clone+0x10/0x10 [ 182.580982][ T8096] ? rcu_is_watching+0x12/0xc0 [ 182.581026][ T8096] do_syscall_64+0xcd/0x230 [ 182.581077][ T8096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.581109][ T8096] RIP: 0033:0x7febbd58e169 [ 182.581141][ T8096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.581173][ T8096] RSP: 002b:00007febbe45ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 182.581204][ T8096] RAX: ffffffffffffffda RBX: 00007febbd7b5fa0 RCX: 00007febbd58e169 [ 182.581225][ T8096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 182.581243][ T8096] RBP: 00007febbd610a68 R08: 0000000000000000 R09: 0000000000000000 [ 182.581262][ T8096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.581281][ T8096] R13: 0000000000000000 R14: 00007febbd7b5fa0 R15: 00007fffae7497a8 [ 182.581321][ T8096] [ 184.698453][ T8136] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 185.584084][ T8165] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 186.633763][ T5856] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 188.859051][ T8258] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 188.859051][ T8258] program syz.4.966 not setting count and/or reply_len properly [ 190.155368][ T8297] tipc: Trying to set illegal importance in message [ 192.428141][ T5856] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 192.428183][ T5856] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 192.443928][ T5856] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 192.443982][ T5856] Bluetooth: hci3: Unknown advertising packet type: 0x74 [ 192.451492][ T5856] Bluetooth: hci3: adv larger than maximum supported [ 192.458649][ T5856] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 192.465378][ T5856] Bluetooth: hci3: adv larger than maximum supported [ 192.472682][ T5856] Bluetooth: hci3: adv larger than maximum supported [ 192.479709][ T5856] Bluetooth: hci3: Malformed LE Event: 0x0d [ 193.969456][ T5856] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 193.969501][ T5856] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 193.986544][ T5856] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 193.986606][ T5856] Bluetooth: hci2: Unknown advertising packet type: 0x74 [ 193.994222][ T5856] Bluetooth: hci2: adv larger than maximum supported [ 194.002190][ T5856] Bluetooth: hci2: Unknown advertising packet type: 0x20 [ 194.009740][ T5856] Bluetooth: hci2: Malformed LE Event: 0x0d [ 195.981009][ T5856] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 195.981055][ T5856] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 195.998252][ T5856] Bluetooth: hci1: Malformed LE Event: 0x0d [ 196.286771][ T8461] Invalid ELF header magic: != ELF [ 196.832753][ T8472] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.992530][ T8472] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.136522][ T8472] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.286034][ T8472] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.448667][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.455185][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.008038][ T8593] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1092'. [ 202.038605][ T8593] veth1_macvtap: left promiscuous mode [ 202.044170][ T8593] macsec0: entered allmulticast mode [ 206.815559][ T8681] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1129'. [ 210.736039][ T8797] sctp: [Deprecated]: syz.4.1182 (pid 8797) Use of int in maxseg socket option. [ 210.736039][ T8797] Use struct sctp_assoc_value instead [ 210.886227][ T8806] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 210.939837][ T8809] lo: entered allmulticast mode [ 210.945885][ T8808] lo: left allmulticast mode [ 211.089229][ T5856] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 212.053365][ T8842] bond0: Unable to set up delay as MII monitoring is disabled [ 212.623806][ T8863] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1205'. [ 213.437200][ T8884] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1216'. [ 213.475915][ T8887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1217'. [ 213.493193][ T8887] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 213.531909][ T8887] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 213.544956][ T8892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1217'. [ 214.055844][ T8910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1228'. [ 214.102475][ T8912] netlink: 'syz.2.1229': attribute type 1 has an invalid length. [ 214.118673][ T8912] netlink: 206 bytes leftover after parsing attributes in process `syz.2.1229'. [ 214.488675][ T8920] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1233'. [ 216.438170][ T30] audit: type=1800 audit(4294967301.120:8): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1259" name="discovery_nqn" dev="configfs" ino=17575 res=0 errno=0 [ 217.598583][ T9006] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 217.929972][ T9017] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1276'. [ 218.608034][ T9039] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 220.007753][ T9084] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1312'. [ 220.040210][ T9084] ipvlan1: entered allmulticast mode [ 220.068005][ T9084] veth0_vlan: entered allmulticast mode [ 221.039150][ T9118] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1321'. [ 222.001039][ T5854] Bluetooth: hci0: command 0x0406 tx timeout [ 222.001083][ T5849] Bluetooth: hci1: command 0x0406 tx timeout [ 222.007787][ T55] Bluetooth: hci3: command 0x0406 tx timeout [ 225.241851][ T9232] netlink: 'syz.0.1375': attribute type 3 has an invalid length. [ 225.406175][ T9236] sock: sock_set_timeout: `syz.1.1368' (pid 9236) tries to set negative timeout [ 228.134624][ T9307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1401'. [ 229.854249][ T9353] zram: Cannot change disksize for initialized device [ 230.072449][ T9358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1422'. [ 230.113240][ T9358] macsec0: entered promiscuous mode [ 230.123459][ T9358] macsec0: entered allmulticast mode [ 230.148141][ T9358] veth1_macvtap: entered allmulticast mode [ 233.485023][ T9426] zswap: compressor not available [ 233.548168][ T9428] Setting dangerous option i915.mitigations - tainting kernel [ 235.022946][ T9462] delete_channel: no stack [ 239.037063][ T9551] PM: Enabling pm_trace changes system date and time during resume. [ 239.037063][ T9551] PM: Correct system time has to be restored manually after resume. [ 240.451796][ T9581] Device name cannot be null; rc = [-22] [ 241.669769][ T9600] nbd: socks must be embedded in a SOCK_ITEM attr [ 241.681750][ T9600] block nbd4: shutting down sockets [ 244.525882][ T9670] netlink: 'syz.0.1559': attribute type 9 has an invalid length. [ 244.553171][ T9670] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1559'. [ 249.098104][ T9780] nbd4: detected capacity change from 0 to 68719476736 [ 249.114324][ T5848] block nbd4: Send control failed (result -22) [ 249.128167][ T5848] block nbd4: Request send failed, requeueing [ 249.147021][ T25] block nbd4: Dead connection, failed to find a fallback [ 249.154587][ T25] block nbd4: shutting down sockets [ 249.161449][ T25] blk_print_req_error: 24 callbacks suppressed [ 249.161471][ T25] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.177696][ T25] buffer_io_error: 23 callbacks suppressed [ 249.177717][ T25] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.192817][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.214380][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.223918][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.233819][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.244458][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.253844][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.264809][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.274588][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.283043][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.292923][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.301192][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.310709][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.318949][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.328479][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.336393][ T5848] ldm_validate_partition_table(): Disk read failed. [ 249.346742][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.356417][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.396920][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 249.442502][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 249.469271][ T5848] Dev nbd4: unable to read RDB block 0 [ 249.487093][ T5848] nbd4: unable to read partition table [ 249.513294][ T5848] ldm_validate_partition_table(): Disk read failed. [ 249.527635][ T5848] Dev nbd4: unable to read RDB block 0 [ 249.535319][ T5848] nbd4: unable to read partition table [ 250.518159][ T9823] netlink: 'syz.0.1612': attribute type 2 has an invalid length. [ 252.335293][ T9876] batman_adv: Routing algorithm '60000' is not supported [ 252.465700][ T9878] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1643'. [ 254.957623][ T9956] ptrace attach of "./syz-executor exec"[5845] was attempted by ""[9956] [ 255.968051][ T9977] lo: entered promiscuous mode [ 255.974171][ T9976] lo: left promiscuous mode [ 256.758741][T10003] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1686'. [ 256.826519][T10003] team_slave_0: entered allmulticast mode [ 259.770633][T10081] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1714'. [ 260.882372][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.891558][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 263.204296][T10143] kexec: Could not allocate control_code_buffer [ 267.380419][T10285] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1796'. [ 268.210746][T10303] tipc: Started in network mode [ 268.215889][T10303] tipc: Node identity ee00, cluster identity 4711 [ 268.240206][T10303] tipc: Node number set to 60928 [ 270.448563][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 270.458134][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 270.467359][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 270.477348][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 270.486453][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 270.805928][T10351] chnl_net:caif_netlink_parms(): no params data found [ 270.902184][T10351] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.909512][T10351] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.916747][T10351] bridge_slave_0: entered allmulticast mode [ 270.924976][T10351] bridge_slave_0: entered promiscuous mode [ 270.935086][T10351] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.942536][T10351] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.950379][T10351] bridge_slave_1: entered allmulticast mode [ 270.957802][T10351] bridge_slave_1: entered promiscuous mode [ 270.996591][T10351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.010811][T10351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.056023][T10351] team0: Port device team_slave_0 added [ 271.064622][T10351] team0: Port device team_slave_1 added [ 271.099497][T10351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.106486][T10351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.133795][T10351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.146783][T10351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.156703][T10351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.185503][T10351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 271.240848][T10351] hsr_slave_0: entered promiscuous mode [ 271.247316][T10351] hsr_slave_1: entered promiscuous mode [ 271.255532][T10351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.263265][T10351] Cannot create hsr debugfs directory [ 271.448233][T10351] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 271.462160][T10351] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 271.472723][T10351] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 271.485346][T10351] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 271.522611][T10351] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.529978][T10351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.538653][T10351] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.545928][T10351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.623543][T10351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.643632][ T194] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.653838][ T194] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.676560][T10351] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.701157][ T194] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.708359][ T194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.717545][ T194] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.724772][ T194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.955273][T10351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.203289][T10351] veth0_vlan: entered promiscuous mode [ 272.216696][T10351] veth1_vlan: entered promiscuous mode [ 272.255083][T10351] veth0_macvtap: entered promiscuous mode [ 272.265048][T10351] veth1_macvtap: entered promiscuous mode [ 272.288788][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.300403][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.310990][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.322862][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.332931][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.344479][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.354649][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.365180][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.375189][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.386108][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.398804][T10351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 272.418361][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.429186][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.439927][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.451087][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.461071][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.471540][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.484376][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.496056][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.506184][T10351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.516855][T10351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.529795][T10351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 272.545684][T10351] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.554586][T10351] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.564842][ T55] Bluetooth: hci4: command tx timeout [ 272.571274][T10351] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.580868][T10351] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.676352][ T194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.694633][ T194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.727298][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.735873][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.400078][T10395] tipc: Started in network mode [ 273.428163][T10395] tipc: Node identity ee00, cluster identity 4711 [ 273.467558][T10395] tipc: Node number set to 60928 [ 274.618984][T10425] nbd: socks must be embedded in a SOCK_ITEM attr [ 274.638943][ T55] Bluetooth: hci4: command tx timeout [ 274.648545][T10425] block nbd6: shutting down sockets [ 275.870961][ T30] audit: type=1804 audit(4294967360.530:9): pid=10455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1846" name="/newroot/10/file0" dev="tmpfs" ino=68 res=1 errno=0 [ 276.005845][ T30] audit: type=1800 audit(4294967360.530:10): pid=10455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1846" name="file0" dev="tmpfs" ino=68 res=0 errno=0 [ 276.112694][ T30] audit: type=1800 audit(4294967360.550:11): pid=10455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1846" name="file0" dev="tmpfs" ino=68 res=0 errno=0 [ 276.721411][ T55] Bluetooth: hci4: command tx timeout [ 278.798114][ T55] Bluetooth: hci4: command tx timeout [ 279.248175][T10529] ================================================================== [ 279.256307][T10529] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 279.264265][T10529] Read of size 8 at addr ffff888069a8b000 by task syz.5.1876/10529 [ 279.272199][T10529] [ 279.274558][T10529] CPU: 1 UID: 0 PID: 10529 Comm: syz.5.1876 Tainted: G U 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 279.274602][T10529] Tainted: [U]=USER [ 279.274612][T10529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 279.274629][T10529] Call Trace: [ 279.274640][T10529] [ 279.274650][T10529] dump_stack_lvl+0x116/0x1f0 [ 279.274695][T10529] print_report+0xc3/0x670 [ 279.274729][T10529] ? __virt_addr_valid+0x5e/0x590 [ 279.274768][T10529] ? __phys_addr+0xc6/0x150 [ 279.274805][T10529] ? force_devcd_write+0x312/0x340 [ 279.274832][T10529] kasan_report+0xe0/0x110 [ 279.274866][T10529] ? force_devcd_write+0x312/0x340 [ 279.274903][T10529] force_devcd_write+0x312/0x340 [ 279.274930][T10529] ? __pfx_force_devcd_write+0x10/0x10 [ 279.274958][T10529] ? __debugfs_file_get+0x1fe/0x840 [ 279.274991][T10529] ? __pfx___debugfs_file_get+0x10/0x10 [ 279.275028][T10529] full_proxy_write+0x13c/0x200 [ 279.275061][T10529] vfs_write+0x25c/0x1180 [ 279.275088][T10529] ? __pfx_full_proxy_write+0x10/0x10 [ 279.275121][T10529] ? __pfx___mutex_lock+0x10/0x10 [ 279.275161][T10529] ? __pfx_vfs_write+0x10/0x10 [ 279.275193][T10529] ? __fget_files+0x20e/0x3c0 [ 279.275223][T10529] ksys_write+0x12a/0x240 [ 279.275250][T10529] ? __pfx_ksys_write+0x10/0x10 [ 279.275277][T10529] ? rcu_is_watching+0x12/0xc0 [ 279.275309][T10529] do_syscall_64+0xcd/0x230 [ 279.275349][T10529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.275377][T10529] RIP: 0033:0x7efc3ff8e169 [ 279.275398][T10529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.275425][T10529] RSP: 002b:00007efc3ddd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 279.275450][T10529] RAX: ffffffffffffffda RBX: 00007efc401b6080 RCX: 00007efc3ff8e169 [ 279.275468][T10529] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 279.275484][T10529] RBP: 00007efc40010a68 R08: 0000000000000000 R09: 0000000000000000 [ 279.275500][T10529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.275517][T10529] R13: 0000000000000000 R14: 00007efc401b6080 R15: 00007ffca5a04f68 [ 279.275542][T10529] [ 279.275551][T10529] [ 279.495268][T10529] Allocated by task 5844: [ 279.499616][T10529] kasan_save_stack+0x33/0x60 [ 279.504337][T10529] kasan_save_track+0x14/0x30 [ 279.509044][T10529] __kasan_kmalloc+0xaa/0xb0 [ 279.513923][T10529] vhci_open+0x4c/0x430 [ 279.518102][T10529] misc_open+0x35a/0x420 [ 279.522371][T10529] chrdev_open+0x231/0x6a0 [ 279.526806][T10529] do_dentry_open+0x741/0x1c10 [ 279.531690][T10529] vfs_open+0x82/0x3f0 [ 279.535788][T10529] path_openat+0x1e5e/0x2d40 [ 279.540394][T10529] do_filp_open+0x20b/0x470 [ 279.544914][T10529] do_sys_openat2+0x11b/0x1d0 [ 279.549622][T10529] __x64_sys_openat+0x174/0x210 [ 279.554505][T10529] do_syscall_64+0xcd/0x230 [ 279.559227][T10529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.565138][T10529] [ 279.567478][T10529] Freed by task 10298: [ 279.571561][T10529] kasan_save_stack+0x33/0x60 [ 279.576270][T10529] kasan_save_track+0x14/0x30 [ 279.581007][T10529] kasan_save_free_info+0x3b/0x60 [ 279.586069][T10529] __kasan_slab_free+0x51/0x70 [ 279.590866][T10529] kfree+0x2b6/0x4d0 [ 279.594781][T10529] vhci_release+0xbb/0xf0 [ 279.599129][T10529] __fput+0x3ff/0xb70 [ 279.603142][T10529] task_work_run+0x14d/0x240 [ 279.607747][T10529] do_exit+0xafb/0x2c30 [ 279.611948][T10529] do_group_exit+0xd3/0x2a0 [ 279.616491][T10529] __x64_sys_exit_group+0x3e/0x50 [ 279.621551][T10529] x64_sys_call+0x1530/0x1730 [ 279.626264][T10529] do_syscall_64+0xcd/0x230 [ 279.630800][T10529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.636714][T10529] [ 279.639098][T10529] The buggy address belongs to the object at ffff888069a8b000 [ 279.639098][T10529] which belongs to the cache kmalloc-1k of size 1024 [ 279.653177][T10529] The buggy address is located 0 bytes inside of [ 279.653177][T10529] freed 1024-byte region [ffff888069a8b000, ffff888069a8b400) [ 279.666925][T10529] [ 279.669274][T10529] The buggy address belongs to the physical page: [ 279.675702][T10529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69a88 [ 279.684479][T10529] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 279.692996][T10529] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 279.700557][T10529] page_type: f5(slab) [ 279.704570][T10529] raw: 00fff00000000040 ffff88801b441dc0 ffffea00016a1c00 dead000000000002 [ 279.713200][T10529] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 279.721806][T10529] head: 00fff00000000040 ffff88801b441dc0 ffffea00016a1c00 dead000000000002 [ 279.730500][T10529] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 279.739190][T10529] head: 00fff00000000003 ffffea0001a6a201 00000000ffffffff 00000000ffffffff [ 279.747889][T10529] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 279.756575][T10529] page dumped because: kasan: bad access detected [ 279.763027][T10529] page_owner tracks the page as allocated [ 279.768772][T10529] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5210, tgid 5210 (rcS), ts 38857002975, free_ts 34949099477 [ 279.788609][T10529] post_alloc_hook+0x181/0x1b0 [ 279.793406][T10529] get_page_from_freelist+0x135c/0x3920 [ 279.798987][T10529] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 279.804908][T10529] alloc_pages_mpol+0x1fb/0x550 [ 279.809794][T10529] new_slab+0x244/0x340 [ 279.813976][T10529] ___slab_alloc+0xd9c/0x1940 [ 279.818679][T10529] __slab_alloc.constprop.0+0x56/0xb0 [ 279.824085][T10529] __kmalloc_noprof+0x2f2/0x510 [ 279.828966][T10529] tomoyo_init_log+0x1385/0x2140 [ 279.833938][T10529] tomoyo_supervisor+0x302/0x13b0 [ 279.838989][T10529] tomoyo_env_perm+0x191/0x200 [ 279.843850][T10529] tomoyo_find_next_domain+0xec2/0x20b0 [ 279.849425][T10529] tomoyo_bprm_check_security+0x12e/0x1d0 [ 279.855165][T10529] security_bprm_check+0x1b9/0x1e0 [ 279.860299][T10529] bprm_execve+0x810/0x1650 [ 279.864821][T10529] do_execveat_common.isra.0+0x4a5/0x610 [ 279.870580][T10529] page last free pid 1 tgid 1 stack trace: [ 279.876412][T10529] __free_frozen_pages+0x69d/0xff0 [ 279.881542][T10529] free_contig_range+0x135/0x3f0 [ 279.886497][T10529] destroy_args+0x66f/0x830 [ 279.891027][T10529] debug_vm_pgtable+0x130e/0x2d50 [ 279.896165][T10529] do_one_initcall+0x120/0x6e0 [ 279.900967][T10529] kernel_init_freeable+0x5c2/0x900 [ 279.906194][T10529] kernel_init+0x1c/0x2b0 [ 279.910542][T10529] ret_from_fork+0x45/0x80 [ 279.914975][T10529] ret_from_fork_asm+0x1a/0x30 [ 279.919776][T10529] [ 279.922116][T10529] Memory state around the buggy address: [ 279.927755][T10529] ffff888069a8af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.935850][T10529] ffff888069a8af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 279.943938][T10529] >ffff888069a8b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 279.952026][T10529] ^ [ 279.956112][T10529] ffff888069a8b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 279.964203][T10529] ffff888069a8b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 279.972328][T10529] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 280.108213][T10529] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 280.115493][T10529] CPU: 0 UID: 0 PID: 10529 Comm: syz.5.1876 Tainted: G U 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 280.129188][T10529] Tainted: [U]=USER [ 280.133031][T10529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 280.143141][T10529] Call Trace: [ 280.146462][T10529] [ 280.149429][T10529] dump_stack_lvl+0x3d/0x1f0 [ 280.154116][T10529] panic+0x71c/0x800 [ 280.158078][T10529] ? __pfx_panic+0x10/0x10 [ 280.162733][T10529] ? mark_held_locks+0x49/0x80 [ 280.167561][T10529] ? preempt_schedule_thunk+0x16/0x30 [ 280.173090][T10529] ? force_devcd_write+0x312/0x340 [ 280.178265][T10529] ? preempt_schedule_common+0x44/0xc0 [ 280.183794][T10529] ? force_devcd_write+0x312/0x340 [ 280.188959][T10529] check_panic_on_warn+0xab/0xb0 [ 280.194231][T10529] end_report+0x107/0x170 [ 280.198616][T10529] kasan_report+0xee/0x110 [ 280.203101][T10529] ? force_devcd_write+0x312/0x340 [ 280.208276][T10529] force_devcd_write+0x312/0x340 [ 280.213277][T10529] ? __pfx_force_devcd_write+0x10/0x10 [ 280.218798][T10529] ? __debugfs_file_get+0x1fe/0x840 [ 280.224058][T10529] ? __pfx___debugfs_file_get+0x10/0x10 [ 280.229682][T10529] full_proxy_write+0x13c/0x200 [ 280.234603][T10529] vfs_write+0x25c/0x1180 [ 280.238995][T10529] ? __pfx_full_proxy_write+0x10/0x10 [ 280.244433][T10529] ? __pfx___mutex_lock+0x10/0x10 [ 280.249537][T10529] ? __pfx_vfs_write+0x10/0x10 [ 280.254370][T10529] ? __fget_files+0x20e/0x3c0 [ 280.259099][T10529] ksys_write+0x12a/0x240 [ 280.263488][T10529] ? __pfx_ksys_write+0x10/0x10 [ 280.268389][T10529] ? rcu_is_watching+0x12/0xc0 [ 280.273204][T10529] do_syscall_64+0xcd/0x230 [ 280.277766][T10529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.283710][T10529] RIP: 0033:0x7efc3ff8e169 [ 280.288165][T10529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.307839][T10529] RSP: 002b:00007efc3ddd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 280.316309][T10529] RAX: ffffffffffffffda RBX: 00007efc401b6080 RCX: 00007efc3ff8e169 [ 280.324328][T10529] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 280.332371][T10529] RBP: 00007efc40010a68 R08: 0000000000000000 R09: 0000000000000000 [ 280.340380][T10529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.348478][T10529] R13: 0000000000000000 R14: 00007efc401b6080 R15: 00007ffca5a04f68 [ 280.356504][T10529] [ 280.360381][T10529] Kernel Offset: disabled [ 280.364717][T10529] Rebooting in 86400 seconds..