last executing test programs: 10m58.226663924s ago: executing program 0 (id=1622): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x80805, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x6) getsockopt$auto(r0, 0x0, 0x4, 0x0, 0x0) 10m57.955893476s ago: executing program 0 (id=1624): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x1, 0x0) setreuid$auto(0x3, 0x7) epoll_ctl$auto(r0, 0x1cb6, 0x3, &(0x7f0000000500)={0xffffff92}) 10m57.792389159s ago: executing program 0 (id=1627): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) wait4$auto(0xffffffff, 0xfffffffffffffffc, 0xb, 0x0) 10m56.858785291s ago: executing program 0 (id=1632): r0 = gettid() mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0x8}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x6, 0x0) 10m56.630813754s ago: executing program 0 (id=1635): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 10m55.523689702s ago: executing program 0 (id=1644): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xa) fcntl$auto(0xff80000000000000, 0x409, 0x3f) 10m55.093444856s ago: executing program 32 (id=1644): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xa) fcntl$auto(0xff80000000000000, 0x409, 0x3f) 7m56.75089906s ago: executing program 3 (id=3370): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x80047456, 0x0) 7m56.594043085s ago: executing program 3 (id=3374): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x3ff, 0x0) mmap$auto(0x0, 0x8, 0x329, 0x10011, 0x2, 0x8000) clone$auto(0x4, 0x400, 0xfffffffffffffffe, 0xfffffffffffffffc, 0xd1) 7m56.037677352s ago: executing program 3 (id=3381): mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mknod$auto(&(0x7f0000000000)='*-\x00', 0x5, 0x8) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchmodat2$auto(r0, &(0x7f0000000340)='*-\x00', 0xd800, 0x100) 7m55.631466765s ago: executing program 3 (id=3386): io_submit$auto(0x8001, 0x400, &(0x7f0000000040)=&(0x7f0000000000)={0x6, 0x1, 0x2, 0x5, 0x1, 0x7, 0x7, 0x3, 0x7, 0x0, 0xd}) r0 = socket(0x10, 0x2, 0x15) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x60000004}, 0xc800) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) sendmsg$auto_CTRL_CMD_GETFAMILY(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24006001}, 0x20048000) 7m55.219644114s ago: executing program 3 (id=3390): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) tkill$auto(0x1, 0x7) 7m53.504733533s ago: executing program 3 (id=3397): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x82840, 0x0) read$auto(r0, 0x0, 0x39b8) ioctl$auto(0x3, 0x40104d00, 0x5) 7m53.337554931s ago: executing program 33 (id=3397): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x82840, 0x0) read$auto(r0, 0x0, 0x39b8) ioctl$auto(0x3, 0x40104d00, 0x5) 44.513279761s ago: executing program 5 (id=7139): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) 43.537111638s ago: executing program 5 (id=7146): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0xa8602, 0x0) read$auto(0x3, 0x0, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = openat$auto_fops_init_pkru_pkeys(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$auto_fops_init_pkru_pkeys(r0, 0x0, 0x2b) 43.356796752s ago: executing program 5 (id=7148): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd700001dcdf2503000000040006000c0001"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 43.242247988s ago: executing program 5 (id=7151): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 42.677086416s ago: executing program 5 (id=7155): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0xfdef) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) read$auto(0x3, 0x0, 0x1f40) 42.17531838s ago: executing program 5 (id=7158): mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x59, 0x0) open(0x0, 0x64842, 0x0) io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x28, 0x2, 0x0, 0x0) io_uring_register$auto(0x2, 0x14, 0x0, 0x3) 41.917119974s ago: executing program 34 (id=7158): mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x59, 0x0) open(0x0, 0x64842, 0x0) io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x28, 0x2, 0x0, 0x0) io_uring_register$auto(0x2, 0x14, 0x0, 0x3) 1.838292882s ago: executing program 2 (id=7525): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x69) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 1.833003362s ago: executing program 1 (id=7526): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket(0xf, 0x3, 0x2) socket(0x2, 0xa, 0xe57a) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x6, 0x8000000000000006, 0x13, 0x0, 0x7ffffc) 1.709632007s ago: executing program 1 (id=7528): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x8) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6tnl0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000000c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0x91) 1.602610506s ago: executing program 1 (id=7530): socket(0xa, 0x2, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) exit$auto(0x7) unshare$auto(0x40000080) io_uring_setup$auto(0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x34, r0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_RSS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x50) 1.433675589s ago: executing program 6 (id=7533): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sysfs$auto(0x2, 0x100000000000007, 0x0) r0 = socket(0x11, 0x2, 0x300) setsockopt$auto(r0, 0x107, 0x8, 0x0, 0x6) read$auto(0x3, 0x0, 0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) 1.209831416s ago: executing program 6 (id=7536): mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x940, 0x1ffe0, 0x8003, 0x6, 0x6, 0x7, 0x5, 0x2, 0x9, 0x6, 0x9, 0x2, 0x3, 0x2, 0x7}, 0x1fe, 0x7) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="04150000", @ANYRES16=0x0, @ANYBLOB="000826bd7000fcdbdf25030000003e000400b70a00002c4207000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000000018fd0600050400000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x20008044) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.084770472s ago: executing program 6 (id=7538): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006000600070000000a000100aa"], 0x6c}}, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044040}, 0x24008890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.01929111s ago: executing program 4 (id=7539): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x8) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6tnl0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000000c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0x91) 955.608533ms ago: executing program 6 (id=7540): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) connect$auto(0x3, &(0x7f0000000140), 0x55) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, 0x0, 0x400c080) close_range$auto(0x2, 0x8, 0x0) 890.764579ms ago: executing program 2 (id=7541): close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x2020009, 0x1003, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc880}, 0x2800c840) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) 879.334398ms ago: executing program 4 (id=7542): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x22, 0x2, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, 0x0, 0xe1) setsockopt$auto(0x3, 0x0, 0x32, 0x0, 0x4) 776.324974ms ago: executing program 2 (id=7543): mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x1, 0x0) 695.081026ms ago: executing program 6 (id=7544): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0xd, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r0, 0x40086602, 0x0) lstat$auto(0x0, 0x0) 646.597521ms ago: executing program 1 (id=7545): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 527.008082ms ago: executing program 2 (id=7546): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) open(0x0, 0xa240, 0x15e) open(0x0, 0x161342, 0x100) mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) 519.110177ms ago: executing program 4 (id=7547): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x0) recvmmsg$auto(r0, 0x0, 0x10a, 0x8, 0x0) 423.332509ms ago: executing program 4 (id=7548): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x804) ioperm$auto(0x7, 0x6, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x101002, 0x0) ioperm$auto(0x8, 0x0, 0x4ab) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x2f, 0x4, 0x2000063, 0x0, 0x0, 0x0, 0x1000, 0x7, 0x2005, 0x40000402, 0x4009, 0x9, 0xffffffff80000000, 0x9, 0x3, 0x200000100103}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 419.194253ms ago: executing program 6 (id=7549): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 280.369809ms ago: executing program 2 (id=7550): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) arch_prctl$auto(0x1022, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket(0xf, 0x3, 0x2) socket(0x2, 0xa, 0xe57a) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x6, 0x8000000000000006, 0x6, 0x0, 0x7ffffc) 277.877948ms ago: executing program 4 (id=7551): socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40050) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x2, 0x9}, 0x9}, 0x2, 0x0) 172.11291ms ago: executing program 1 (id=7552): bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x15, 0x8, 0xffffffffffffffff, @relative_id=0x3, 0x841b5c1ff}, 0x92) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a0080"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 130.112311ms ago: executing program 2 (id=7553): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) setns(0xffffffffffffffff, 0x20000000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) 15.626094ms ago: executing program 1 (id=7554): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x31cd3c7c, 0xb1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shutdown$auto(0x200000003, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 0s ago: executing program 4 (id=7555): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x301, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0x4068aea3, 0x0) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        syzkaller syzkaller login: [ 290.090432][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 290.099273][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.379061][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 291.386793][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.852768][T10658] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1864'. [ 292.932228][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 292.945359][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 293.023385][T10686] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1875'. [ 293.046882][T10686] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.058727][T10686] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.112250][T10686] bridge0: entered allmulticast mode [ 293.803705][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 293.811934][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 295.416840][T10749] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1903'. [ 295.642379][T10758] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1905'. [ 296.523151][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1915'. [ 296.545670][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1915'. [ 298.986926][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 299.350782][T10826] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1932'. [ 299.481115][T10826] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.490269][T10826] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.507664][T10826] bridge0: entered allmulticast mode [ 300.006104][T10832] Process accounting resumed [ 303.166733][T10920] sg_write: process 1128 (syz.3.1961) changed security contexts after opening file descriptor, this is not allowed. [ 304.000756][T10941] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1967'. [ 304.687518][T10951] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1973'. [ 305.792065][T10969] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1979'. [ 305.968041][T10971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1981'. [ 306.057621][T10971] ipvlan0: entered allmulticast mode [ 306.064057][T10971] veth0_vlan: entered allmulticast mode [ 307.627564][T10996] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1991'. [ 307.676839][T10996] macvlan1: entered allmulticast mode [ 307.683373][T10996] veth1_vlan: entered allmulticast mode [ 308.119932][T10991] IPVS: length: 11322 != 8 [ 308.687954][T11018] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2000'. [ 310.982018][T11051] bridge0: port 4(veth1_to_hsr) entered blocking state [ 311.014470][T11051] bridge0: port 4(veth1_to_hsr) entered disabled state [ 311.036875][T11051] veth1_to_hsr: entered allmulticast mode [ 311.052657][T11051] veth1_to_hsr: entered promiscuous mode [ 311.063343][T11051] bridge0: port 4(veth1_to_hsr) entered blocking state [ 311.071843][T11051] bridge0: port 4(veth1_to_hsr) entered forwarding state [ 311.087822][T11053] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2013'. [ 313.152207][T11084] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2027'. [ 313.458858][T11092] delete_channel: no stack [ 314.257173][T11109] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2038'. [ 314.296644][T11109] ip_vti0: entered promiscuous mode [ 317.236958][T11175] netlink: 'syz.4.2066': attribute type 1 has an invalid length. [ 322.500319][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.508127][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.742869][T11312] nfsd: Unknown parameter 'IPVS' [ 325.738590][T11355] nbd: socks must be embedded in a SOCK_ITEM attr [ 325.758173][T11355] block nbd0: shutting down sockets [ 328.346054][T11425] TCP: TCP_TX_DELAY enabled [ 329.037766][T11456] Process accounting resumed [ 330.111075][T11475] Process accounting paused [ 330.757411][T11498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2195'. [ 332.223794][T11530] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2204'. [ 332.260253][T11530] : renamed from team0 [ 333.376011][T11551] lo: entered allmulticast mode [ 333.399015][T11550] lo: left allmulticast mode [ 333.400422][T11554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2216'. [ 335.342375][T11601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2235'. [ 335.391637][T11601] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 335.501373][T11604] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2236'. [ 336.097710][T11622] netlink: 'syz.4.2240': attribute type 6 has an invalid length. [ 336.160715][T11622] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2240'. [ 336.913976][T11640] Process accounting resumed [ 339.911373][T11699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2275'. [ 339.939742][T11699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2275'. [ 340.277260][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2279'. [ 340.436787][T11712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2279'. [ 344.314504][T11810] : entered promiscuous mode [ 345.262503][T11847] kAFS: Invalid Command on /proc/fs/afs/cells file [ 345.698078][T11861] netlink: 'syz.4.2343': attribute type 9 has an invalid length. [ 345.737263][T11861] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2343'. [ 346.308274][T11885] netlink: 'syz.2.2354': attribute type 19 has an invalid length. [ 346.318336][T11885] netlink: 310 bytes leftover after parsing attributes in process `syz.2.2354'. [ 346.483053][T11893] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2358'. [ 347.222527][T11921] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2370'. [ 347.416956][T11919] binder: 11918:11919 ioctl c0306201 0 returned -14 [ 348.736202][T11974] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2396'. [ 348.814010][T11978] netlink: 'syz.3.2397': attribute type 2 has an invalid length. [ 348.849564][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2397'. [ 349.052711][T11982] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 349.413144][T11993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2404'. [ 349.448560][T11993] veth0_macvtap: left promiscuous mode [ 349.474049][T11993] macvtap0: entered allmulticast mode [ 349.724399][T12000] kAFS: Invalid Command on /proc/fs/afs/cells file [ 349.868734][T12008] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2410'. [ 349.916900][T12008] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2410'. [ 351.382534][ T5839] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 351.952980][T12079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2440'. [ 352.994467][T12111] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2454'. [ 353.581144][T12133] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2463'. [ 355.159744][T12185] netlink: 'syz.4.2485': attribute type 7 has an invalid length. [ 356.248265][T12211] synth uevent: /module/vxlan: unknown uevent action string [ 357.745510][T12230] Process accounting resumed [ 358.097198][T12235] nbd0: detected capacity change from 0 to 68719476736 [ 358.163850][ T5847] block nbd0: Send control failed (result -22) [ 358.196937][ T5847] block nbd0: Request send failed, requeueing [ 358.237615][ T5839] block nbd0: Receive control failed (result -32) [ 358.379260][ T41] block nbd0: Dead connection, failed to find a fallback [ 358.388271][ T41] block nbd0: shutting down sockets [ 358.395180][ T41] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.407125][ T41] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.419453][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.431187][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.443045][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.454222][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.464407][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.475479][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.485140][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.496158][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.505940][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.517184][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.527818][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.539138][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.541633][T12246] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2512'. [ 358.548782][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.571020][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.580843][ T5847] ldm_validate_partition_table(): Disk read failed. [ 358.591196][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.603497][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.615114][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 358.626629][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 358.637005][ T5847] Dev nbd0: unable to read RDB block 0 [ 358.644666][ T5847] nbd0: unable to read partition table [ 358.658196][ T5847] ldm_validate_partition_table(): Disk read failed. [ 358.673260][ T5847] Dev nbd0: unable to read RDB block 0 [ 358.680911][ T5847] nbd0: unable to read partition table [ 359.231210][T12260] Process accounting paused [ 360.135543][T12275] Process accounting resumed [ 360.885390][T12299] sd 0:0:1:0: PR command failed: 1026 [ 360.928887][T12299] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 360.977687][T12299] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 362.588619][T12341] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2553'. [ 369.631250][T12436] warning: `syz.2.2592' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 369.964430][T12443] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2595'. [ 371.428359][T12479] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2611'. [ 374.760850][ T5839] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 375.777918][T12617] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2667'. [ 383.947069][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.954699][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.064723][T12809] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2744'. [ 386.023774][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 386.530253][ T5842] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 386.535524][T12851] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2762'. [ 386.779209][T12856] IPVS: length: 11322 != 24 [ 388.144076][T12879] Process accounting paused [ 388.739145][T12919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2793'. [ 389.092974][T12930] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2797'. [ 389.370417][T12937] Process accounting resumed [ 390.188798][T12949] Process accounting paused [ 392.021724][T12985] i2c i2c-0: delete_device: Can't parse I2C address [ 392.965798][T13011] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2828'. [ 393.073998][T13015] ICMPv6: process `syz.3.2831' is using deprecated sysctl (syscall) net.ipv6.neigh.virt_wifi0.retrans_time - use net.ipv6.neigh.virt_wifi0.retrans_time_ms instead [ 394.950692][T13083] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2860'. [ 395.509279][T13099] ICMPv6: process `syz.4.2866' is using deprecated sysctl (syscall) net.ipv6.neigh.virt_wifi0.retrans_time - use net.ipv6.neigh.virt_wifi0.retrans_time_ms instead [ 395.971900][T13115] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2873'. [ 397.547953][T13166] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2896'. [ 397.779662][T13175] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2898'. [ 397.901121][T13177] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2900'. [ 399.276793][T13199] netlink: 'syz.2.2910': attribute type 11 has an invalid length. [ 399.307067][T13199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2910'. [ 399.524847][T13203] netlink: 'syz.2.2912': attribute type 11 has an invalid length. [ 400.619997][T13224] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2921'. [ 401.886757][T13250] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2933'. [ 402.965350][T13280] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2943'. [ 403.012878][T13280] ksmbd: Unknown IPC event: 0, ignore. [ 403.162880][T13288] sctp: [Deprecated]: syz.1.2946 (pid 13288) Use of struct sctp_assoc_value in delayed_ack socket option. [ 403.162880][T13288] Use struct sctp_sack_info instead [ 404.114689][T13303] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2952'. [ 404.578827][T13313] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2957'. [ 405.627637][T13342] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2970'. [ 407.236883][T13376] netlink: 'syz.1.2984': attribute type 21 has an invalid length. [ 407.246357][T13376] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2984'. [ 407.567571][T13380] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 407.627020][T13380] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 408.726846][T13405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2997'. [ 408.761957][T13405] macsec0: entered allmulticast mode [ 408.782353][T13405] veth1_macvtap: entered allmulticast mode [ 412.295603][T13481] CIFS: VFS: Invalid SecurityFlags: 0 [ 412.295603][T13481] `syz.4.3036'. [ 413.402101][T13493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3036'. [ 413.890427][T13514] workqueue: max_active 111185920 requested for scsi_tmf_0 is out of range, clamping between 1 and 2048 [ 414.120576][T13524] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3048'. [ 418.269588][T13655] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3101'. [ 418.296705][T13656] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3102'. [ 418.395933][T13638] Process accounting resumed [ 419.266192][T13682] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3112'. [ 420.158512][T13704] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3120'. [ 420.168782][T13690] Process accounting paused [ 420.294519][T13703] Process accounting resumed [ 420.458047][T13715] netlink: 178 bytes leftover after parsing attributes in process `syz.3.3127'. [ 421.351452][T13746] FAULT_INJECTION: forcing a failure. [ 421.351452][T13746] name fail_futex, interval 1, probability 0, space 0, times 1 [ 421.367853][T13746] CPU: 0 UID: 0 PID: 13746 Comm: syz.2.3141 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 421.380834][T13746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 421.392959][T13746] Call Trace: [ 421.396932][T13746] [ 421.400486][T13746] dump_stack_lvl+0x16c/0x1f0 [ 421.406169][T13746] should_fail_ex+0x497/0x5b0 [ 421.411860][T13746] should_fail_futex+0x4c/0x60 [ 421.417652][T13746] __x64_sys_futex+0x260/0x4c0 [ 421.418127][T13745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3137'. [ 421.423419][T13746] ? __pfx___x64_sys_futex+0x10/0x10 [ 421.440399][T13746] ? rcu_is_watching+0x12/0xc0 [ 421.446163][T13746] do_syscall_64+0xcd/0x250 [ 421.451601][T13746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.458696][T13746] RIP: 0033:0x7f7dca785d29 [ 421.464033][T13746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.487585][T13746] RSP: 002b:00007fff15bc4828 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 421.497718][T13746] RAX: ffffffffffffffda RBX: 00007fff15bc4950 RCX: 00007f7dca785d29 [ 421.507302][T13746] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7dca975fac [ 421.516878][T13746] RBP: 00007f7dca975fac R08: 00007f7dcb678000 R09: 00007fff15bc4b1f [ 421.526454][T13746] R10: 00007fff15bc4930 R11: 0000000000000246 R12: 0000000000066df5 [ 421.536054][T13746] R13: 00007fff15bc4930 R14: 0000000000000032 R15: 0000000000066dc3 [ 421.545675][T13746] [ 421.900341][T13759] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3145'. [ 421.984718][T13761] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3146'. [ 422.936690][T13785] netlink: 'syz.4.3157': attribute type 1 has an invalid length. [ 423.147675][T13791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3159'. [ 423.929072][ T29] audit: type=1326 audit(8277292184.140:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.3.3169" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7effd9f85d29 code=0x0 [ 424.942660][T13840] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3177'. [ 425.006783][T13840] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3177'. [ 427.233656][T13891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3201'. [ 427.669870][T13903] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3205'. [ 428.924462][T13940] kAFS: bad VL server IP address [ 429.092687][T13945] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3221'. [ 429.259232][T13948] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 429.560384][T13957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3225'. [ 431.139354][T14007] nvme_fcloop: unknown parameter or missing value '/d' [ 431.289558][T14013] kAFS: bad VL server IP address [ 432.396834][T14052] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3268'. [ 432.530114][T14056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3269'. [ 432.553737][T14056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3269'. [ 432.895167][T14069] misc userio: The device must be registered before sending interrupts [ 434.944568][T14140] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3305'. [ 435.630700][T14164] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3315'. [ 435.783428][T14170] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3317'. [ 435.906772][T14172] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 435.943289][T14172] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 435.985491][T14172] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.999089][T14172] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 436.015474][T14172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 436.023540][T14172] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 436.987232][T14210] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3334'. [ 438.016660][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 438.024191][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 438.032304][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 438.055496][T14245] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3348'. [ 438.096685][T14244] Bluetooth: hci1: command 0x0406 tx timeout [ 438.270745][T14249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3350'. [ 438.303807][T14252] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3352'. [ 438.880663][T14268] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3358'. [ 439.030553][T14268] vxcan1: entered promiscuous mode [ 440.102704][T14244] Bluetooth: hci0: command 0x0406 tx timeout [ 440.176746][T14244] Bluetooth: hci1: command 0x0406 tx timeout [ 440.813714][T14329] netlink: 'syz.3.3386': attribute type 1 has an invalid length. [ 440.881833][T14329] netlink: 'syz.3.3386': attribute type 1 has an invalid length. [ 441.980001][ T9379] bridge0: port 3(syz_tun) entered disabled state [ 442.192508][ T9379] syz_tun (unregistering): left allmulticast mode [ 442.211088][ T9379] syz_tun (unregistering): left promiscuous mode [ 442.222371][ T9379] bridge0: port 3(syz_tun) entered disabled state [ 442.575421][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.832582][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.259059][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.308595][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 443.323809][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 443.337100][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 443.353105][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 443.365908][ T5842] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 443.376628][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 443.491486][T14368] erspan0: entered allmulticast mode [ 443.548610][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.843525][T14363] chnl_net:caif_netlink_parms(): no params data found [ 443.983390][ T12] veth1_to_hsr: left allmulticast mode [ 443.992740][ T12] veth1_to_hsr: left promiscuous mode [ 444.015694][ T12] bridge0: port 4(veth1_to_hsr) entered disabled state [ 444.056214][ T12] bridge_slave_1: left allmulticast mode [ 444.100628][ T12] bridge_slave_1: left promiscuous mode [ 444.119163][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.167356][ T12] bridge_slave_0: left allmulticast mode [ 444.174243][ T12] bridge_slave_0: left promiscuous mode [ 444.199520][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.173131][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 445.193780][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 445.212337][ T12] bond0 (unregistering): Released all slaves [ 445.236416][T14380] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3405'. [ 445.321062][T14389] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 445.381319][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.389806][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.400448][T14389] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 445.409798][T14389] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 445.423924][T14389] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 445.431467][T14389] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 445.497943][T14389] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 445.628343][T14395] netlink: 350 bytes leftover after parsing attributes in process `syz.4.3409'. [ 445.757428][T14363] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.783256][T14363] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.801030][T14363] bridge_slave_0: entered allmulticast mode [ 445.813484][T14363] bridge_slave_0: entered promiscuous mode [ 445.924474][T14363] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.948481][T14363] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.970352][T14363] bridge_slave_1: entered allmulticast mode [ 445.987925][T14363] bridge_slave_1: entered promiscuous mode [ 446.108443][T14363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 446.183666][ T12] hsr_slave_0: left promiscuous mode [ 446.201766][ T12] hsr_slave_1: left promiscuous mode [ 446.266759][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 446.286634][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 446.304831][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 446.316540][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 446.369011][ T12] veth1_macvtap: left promiscuous mode [ 446.375707][ T12] veth0_macvtap: left promiscuous mode [ 446.386775][ T12] veth1_vlan: left promiscuous mode [ 446.393376][ T12] veth0_vlan: left promiscuous mode [ 447.377907][T14244] Bluetooth: hci2: command 0x0c1a tx timeout [ 447.457540][T14244] Bluetooth: hci3: command 0x041b tx timeout [ 447.457573][ T5842] Bluetooth: hci1: command 0x0406 tx timeout [ 447.457632][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 447.833133][ T12] team0 (unregistering): Port device team_slave_1 removed [ 447.945919][ T12] team0 (unregistering): Port device team_slave_0 removed [ 449.002270][T14363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.128981][T14363] team0: Port device team_slave_0 added [ 449.165044][T14363] team0: Port device team_slave_1 added [ 449.277899][T14363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.279403][T14428] Process accounting paused [ 449.286253][T14363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.286291][T14363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.328242][T14363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.359529][T14363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.405183][T14363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.544868][ T5842] Bluetooth: hci3: command 0x041b tx timeout [ 449.680264][T14363] hsr_slave_0: entered promiscuous mode [ 449.707910][T14363] hsr_slave_1: entered promiscuous mode [ 449.730382][T14363] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 449.756425][T14363] Cannot create hsr debugfs directory [ 450.520003][T14363] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 450.565078][T14363] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 450.640203][T14363] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 450.674428][T14363] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 450.875418][T14363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.204184][T14363] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.318110][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.326823][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.367059][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.376131][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.411781][T14476] Process accounting paused [ 451.621659][ T5842] Bluetooth: hci3: command 0x041b tx timeout [ 451.734560][T14363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 452.131593][T14363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 452.762328][T14551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3451'. [ 453.113364][T14363] veth0_vlan: entered promiscuous mode [ 453.163304][T14363] veth1_vlan: entered promiscuous mode [ 453.272084][T14363] veth0_macvtap: entered promiscuous mode [ 453.301792][T14363] veth1_macvtap: entered promiscuous mode [ 453.319677][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.332456][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.344697][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.357741][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.361476][T14571] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3457'. [ 453.369819][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.393475][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.406786][T14363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.418712][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.431456][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.443444][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.456349][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.468406][T14363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.481038][T14363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.494098][T14363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 453.512115][T14363] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.522990][T14363] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.533887][T14363] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.544790][T14363] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.675717][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.701656][ T5839] Bluetooth: hci3: command 0x041b tx timeout [ 453.716176][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.859691][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.893256][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.664322][T14600] kafs: addr_prefs: Invalid Command [ 455.777822][ T5839] Bluetooth: hci3: command 0x041b tx timeout [ 457.857355][T14655] Bluetooth: hci3: command 0x041b tx timeout [ 459.222412][T14740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3493'. [ 460.527180][T14772] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 460.534970][T14772] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 460.584774][T14772] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 460.625408][T14772] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.971023][T14788] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3507'. [ 461.631705][T14799] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3509'. [ 462.576806][T14655] Bluetooth: hci0: command 0x0406 tx timeout [ 462.584287][T14655] Bluetooth: hci2: command 0x0c1a tx timeout [ 462.657186][T14655] Bluetooth: hci3: command 0x041b tx timeout [ 462.667436][T14244] Bluetooth: hci1: command 0x0406 tx timeout [ 463.798581][T14834] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3521'. [ 465.981823][T14873] netlink: 'syz.1.3535': attribute type 28 has an invalid length. [ 466.016966][T14873] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3535'. [ 466.387348][T14882] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3537'. [ 467.315375][T14913] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3544'. [ 470.203203][T14968] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3566'. [ 470.224673][T14969] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3565'. [ 470.311740][T14969] vcan0: entered promiscuous mode [ 472.262667][T15033] netlink: 130 bytes leftover after parsing attributes in process `syz.5.3581'. [ 474.811840][T15131] netlink: 'syz.5.3609': attribute type 1 has an invalid length. [ 475.082514][T15136] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3610'. [ 475.837132][T15168] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3617'. [ 477.297147][T15227] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3637'. [ 477.350228][T15227] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3637'. [ 479.648811][T15202] Process accounting resumed [ 480.068547][ C1] sd 0:0:1:0: [sda] tag#3790 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 480.081252][ C1] sd 0:0:1:0: [sda] tag#3790 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 480.761697][T15325] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3671'. [ 480.843061][T15329] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3672'. [ 480.997991][T15332] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3674'. [ 481.572955][T15345] Process accounting resumed [ 481.723067][T15352] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3682'. [ 482.416931][T15370] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3689'. [ 482.459705][T15370] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3689'. [ 482.783238][T15386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3696'. [ 483.328469][T15404] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3705'. [ 483.748645][T15414] devpts: called with bogus options [ 483.855326][T15418] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3710'. [ 485.531539][T15470] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3734'. [ 486.524110][T15491] nvme_fcloop: unknown parameter or missing value '/' [ 487.625913][T15535] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3762'. [ 487.665794][T15539] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3760'. [ 488.125553][T15555] ALSA: mixer_oss: invalid OSS volume '' [ 488.319063][T15560] ptrace attach of "./syz-executor exec"[9884] was attempted by ""[15560] [ 488.391715][T15564] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3773'. [ 488.603518][T15574] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3777'. [ 488.635868][T15576] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3778'. [ 488.666569][T15576] IPv6: NLM_F_CREATE should be specified when creating new route [ 488.781183][T15582] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3781'. [ 489.322342][T15606] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3791'. [ 489.570944][T15614] Invalid ELF header magic: != ELF [ 489.627978][T15608] batman_adv: Routing algorithm '' is not supported [ 489.682713][T15615] Invalid ELF header magic: != ELF [ 490.773086][T15651] netlink: 'syz.2.3809': attribute type 1 has an invalid length. [ 490.834939][T15652] netlink: 'syz.2.3809': attribute type 1 has an invalid length. [ 490.866620][T15651] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3809'. [ 490.902671][T15652] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3809'. [ 491.530504][T15666] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3815'. [ 493.044330][T15723] __nla_validate_parse: 2 callbacks suppressed [ 493.044355][T15723] netlink: 306 bytes leftover after parsing attributes in process `syz.4.3839'. [ 493.530715][T15742] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3849'. [ 494.644943][T15776] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3863'. [ 494.783378][T15776] bridge_slave_1 (unregistering): left allmulticast mode [ 494.792637][T15776] bridge_slave_1 (unregistering): left promiscuous mode [ 494.807642][T15776] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.822339][T15782] sctp: [Deprecated]: syz.2.3864 (pid 15782) Use of struct sctp_assoc_value in delayed_ack socket option. [ 494.822339][T15782] Use struct sctp_sack_info instead [ 494.857972][T15767] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3860'. [ 495.144932][T15790] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3869'. [ 495.179298][T15790] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3869'. [ 495.498735][T15796] sctp: [Deprecated]: syz.4.3872 (pid 15796) Use of struct sctp_assoc_value in delayed_ack socket option. [ 495.498735][T15796] Use struct sctp_sack_info instead [ 495.731577][T15807] netlink: 'syz.4.3876': attribute type 3 has an invalid length. [ 496.706800][T15834] netlink: 346 bytes leftover after parsing attributes in process `syz.2.3887'. [ 497.503507][T15854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3893'. [ 498.886558][T15911] Process accounting resumed [ 499.645678][T15933] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 499.668418][T15933] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 499.669405][T15931] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3926'. [ 500.074623][T15944] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3931'. [ 500.111352][T15944] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.238910][T15944] bridge_slave_1 (unregistering): left allmulticast mode [ 500.258821][T15944] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.984137][T15969] netlink: 'syz.1.3942': attribute type 3 has an invalid length. [ 501.151225][T15976] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3955'. [ 501.219765][T15978] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3947'. [ 501.242423][T15978] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.303913][T15978] bridge_slave_1 (unregistering): left allmulticast mode [ 501.312664][T15978] bridge_slave_1 (unregistering): left promiscuous mode [ 501.322688][T15978] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.930461][T15998] netlink: 'syz.1.3953': attribute type 3 has an invalid length. [ 502.114061][T16003] lo: entered promiscuous mode [ 502.162859][T15999] lo: left promiscuous mode [ 502.693248][T16015] netlink: 346 bytes leftover after parsing attributes in process `syz.4.3963'. [ 502.861390][T16028] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3968'. [ 502.921036][T16029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3967'. [ 503.368094][T16038] lo: entered allmulticast mode [ 503.482765][T16040] lo: left allmulticast mode [ 503.909041][T16047] netlink: 'syz.1.3974': attribute type 21 has an invalid length. [ 503.925716][T16047] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3974'. [ 504.097982][T16053] netlink: 'syz.4.3977': attribute type 16 has an invalid length. [ 504.109741][T16053] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3977'. [ 506.232769][T16099] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3996'. [ 506.781219][T16131] sctp: [Deprecated]: syz.5.4007 (pid 16131) Use of int in maxseg socket option. [ 506.781219][T16131] Use struct sctp_assoc_value instead [ 506.820241][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.828334][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.046715][T16178] Process accounting resumed [ 509.826881][T16172] Process accounting paused [ 510.099720][T16199] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4033'. [ 511.649215][T16235] Process accounting paused [ 512.816773][T16269] lo: entered allmulticast mode [ 512.906912][T16273] lo: left allmulticast mode [ 514.164513][T16292] netlink: 346 bytes leftover after parsing attributes in process `syz.4.4068'. [ 514.969873][T16295] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4067'. [ 515.287194][T16295] hsr_slave_1 (unregistering): left promiscuous mode [ 515.589206][T16321] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4078'. [ 518.276251][T16356] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4101'. [ 518.357133][T16356] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4101'. [ 519.605450][T16388] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4105'. [ 519.878123][T16393] Invalid ELF header magic: != ELF [ 520.185802][T16401] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4111'. [ 521.891783][T16433] netlink: 74 bytes leftover after parsing attributes in process `syz.1.4123'. [ 522.183197][T16449] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4129'. [ 524.921252][T16521] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4159'. [ 526.142233][T16552] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4169'. [ 526.872699][T16563] netlink: 'syz.2.4173': attribute type 4 has an invalid length. [ 526.922877][T16563] netlink: 'syz.2.4173': attribute type 4 has an invalid length. [ 527.217078][T16572] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4178'. [ 527.289310][T16575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4176'. [ 527.453901][T16578] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4176'. [ 528.257080][T16598] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4187'. [ 531.493584][T16625] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4195'. [ 533.707711][T16684] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 534.406137][T16695] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4223'. [ 535.985168][T16737] binder: 16736:16737 ioctl c0306201 9 returned -14 [ 537.801317][T16785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4258'. [ 537.851775][T16785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4258'. [ 539.164658][T16827] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4274'. [ 539.886107][T16843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4281'. [ 540.012669][T16845] Process accounting resumed [ 540.118202][T16853] netlink: 172 bytes leftover after parsing attributes in process `syz.5.4285'. [ 540.143573][T16853] netlink: 172 bytes leftover after parsing attributes in process `syz.5.4285'. [ 541.964614][T16890] Process accounting resumed [ 542.599214][T16921] netlink: 'syz.1.4313': attribute type 16 has an invalid length. [ 542.612748][T16921] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4313'. [ 542.975427][T16928] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4316'. [ 544.641307][T16978] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4335'. [ 544.785442][T16978] hsr_slave_1 (unregistering): left promiscuous mode [ 544.925140][T16982] tc_dump_action: action bad kind [ 545.524308][T17007] netlink: 'syz.2.4346': attribute type 29 has an invalid length. [ 545.539813][T17007] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4346'. [ 547.304200][T17037] netlink: 'syz.1.4358': attribute type 22 has an invalid length. [ 547.330569][T17037] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4358'. [ 548.246062][T17063] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4367'. [ 550.905230][T17117] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4388'. [ 552.763768][T17153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4411'. [ 552.802457][T17155] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4403'. [ 552.945316][T17155] hsr_slave_1 (unregistering): left promiscuous mode [ 554.036588][T17191] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4419'. [ 554.208024][T17191] hsr_slave_1 (unregistering): left promiscuous mode [ 555.361063][T17226] netlink: 'syz.5.4433': attribute type 2 has an invalid length. [ 555.435709][T17226] netlink: 'syz.5.4433': attribute type 2 has an invalid length. [ 557.840745][T17274] netlink: 'syz.4.4455': attribute type 27 has an invalid length. [ 557.876664][T17274] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4455'. [ 558.708684][T17296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4465'. [ 559.113322][T17305] netlink: 'syz.5.4468': attribute type 11 has an invalid length. [ 560.552225][T17336] netlink: 74 bytes leftover after parsing attributes in process `syz.2.4482'.  564.07233017410 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4508'.  564.45591117419 +%2.%, 2%!$ ./4 3500/24%$ &/2 &),% /#)-"= (0)$: 17419 #/--: 39:.2.4513)  564.494458 29 !5$)4: 490%=1800 !5$)4(4294967354.950:8): 0)$=17419 5)$=0 !5)$=4294967295 3%3=4294967295 35"*=5.#/.&).%$ /0=#/,,%#4$!4! #!53%=&!),%$ #/--="39:.2.4513" .!-%=2329252257 $%6="-15%5%" )./=48545 2%3=0 %22./=0  564.53712317420 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4512'.  565.49070917437 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4521'.  566.19484317455 .%4,).+: '39:.2.4527': !442)"54% 490% 3 (!3 !. ).6!,)$ ,%.'4(.  566.21170417455 .%4,).+: 16 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.2.4527'.  567.41186717487 : 2$3").$ #/5,$ ./4 &).$ ! 42!.30/24 &/2 86!4:131":%300:1000::, ,/!$ 2$34#0 /2 2$32$-!?  567.59895917491 .%4,).+: 334 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4544'.  568.264789 1297 )%%%802154 0(90 70!.0: %.#2904)/. &!),%$: -22  568.270009 1297 )%%%802154 0(91 70!.1: %.#2904)/. &!),%$: -22  570.11516217526 .%4,).+: 338 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.2.4560'.  571.17792817546 53" 53"6: #(%#+#42,2%#)0: 02/#%33 17546 (39:.2.4567) 2%15%34).' %0 01 "54 .%%$3 81  571.19790517546 53" 53"6: 53"&3: 02/#%33 17546 (39:.2.4567) $)$ ./4 #,!)- ).4%2&!#% 0 "%&/2% 53%  571.99939817563 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.1.4575'.  573.41661417592 .%4,).+: 334 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.1.4588'.  574.90900017623 )2# )2#-0: .6!,)$ ",/#+ 72)4% 3):% 128  575.54904117629 .%4,).+: 338 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4601'.  576.24859317653 .%4,).+: 334 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4612'.  577.14562917681 .%4,).+: 342 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.5.4624'.  577.19475817682 )-!: 0/,)#9 50$!4% &!),%$  577.205363 29 !5$)4: 490%=1802 !5$)4(4294967367.670:9): 0)$=17682 5)$=0 !5)$=4294967295 3%3=4294967295 35"*=5.#/.&).%$ /0=0/,)#950$!4% #!53%=&!),%$ #/--="39:.2.4626" 2%3=0 %22./=0  577.39130917690 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4629'.  577.43466117696 .%4,).+: 342 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.2.4630'.  577.46807717690 .%4,).+: 4 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4629'.  578.51614217727 6(#)(#$: $%&!5,4 (5" #/.42/, 2%1: 0000 60000 )0000 ,0  578.85201917741 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.1.4649'.  579.07159917746 /0%.637)4#(: .%4,).+: )4(%2 4(%2.%4 (%!$%2 /2 4(%290% )3 2%15)2%$.  579.36573617756 &: %.4%2%$ 02/-)3#5/53 -/$%  579.39206817756 .%4,).+: 12 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.2.4657'.  579.39957417756 &: ,%&4 02/-)3#5/53 -/$%  580.39555017769 /0%.637)4#(: .%4,).+:  45..%, $34 !$$2%33 ./4 30%#)&)%$  580.40497717769 /0%.637)4#(: .%4,).+:  45..%, $34 !$$2%33 ./4 30%#)&)%$  581.49675917792 .%4,).+: '39:.4.4672': !442)"54% 490% 10 (!3 !. ).6!,)$ ,%.'4(.  581.50313317792 .%4,).+: 326 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.4.4672'.  582.37226417802 .%4,).+: 326 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.5.4677'.  584.80815017845 .%4,).+: 326 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33 39:.2.4690'. syzkaller syzkaller login: [ 585.880618][T17880] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4706'. [ 586.061902][T17886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4709'. [ 586.184134][T17886] bond0: (slave bond_slave_0): Releasing backup interface [ 586.186647][T17891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4711'. [ 586.290034][T17891] veth0_macvtap: left promiscuous mode [ 586.392937][T17893] netlink: 'syz.4.4712': attribute type 1 has an invalid length. [ 586.497911][T17895] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4713'. [ 586.616976][T17899] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4715'. [ 587.058238][T17911] delete_channel: no stack [ 588.137847][T17934] netlink: 'syz.1.4727': attribute type 19 has an invalid length. [ 588.146630][T17934] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4727'. [ 588.643799][T17953] netlink: 'syz.1.4735': attribute type 1 has an invalid length. [ 592.366171][T18032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4767'. [ 592.548350][T18039] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4769'. [ 593.141521][T18053] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4773'. [ 593.229512][T18053] bond0: (slave bond_slave_0): Releasing backup interface [ 594.086983][T18075] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4784'. [ 595.098195][T18095] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4791'. [ 596.969231][T18138] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 596.975537][T18138] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 596.996918][T18138] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 597.003272][T18138] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 597.459417][T18157] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4817'. [ 597.506790][T18159] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4818'. [ 598.419056][T18191] devtmpfs: Unknown parameter '#' [ 598.659246][T18199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4837'. [ 598.779972][T18203] netlink: 350 bytes leftover after parsing attributes in process `syz.2.4838'. [ 598.978820][T14655] Bluetooth: hci0: command 0x0406 tx timeout [ 598.985525][T14244] Bluetooth: hci2: command 0x0c1a tx timeout [ 599.056641][T14244] Bluetooth: hci3: command 0x041b tx timeout [ 599.063767][T14655] Bluetooth: hci1: command 0x0406 tx timeout [ 600.314758][T18247] netlink: 130 bytes leftover after parsing attributes in process `syz.5.4855'. [ 601.094064][T18255] netlink: 'syz.5.4858': attribute type 4 has an invalid length. [ 601.126524][T18255] netlink: 110 bytes leftover after parsing attributes in process `syz.5.4858'. [ 602.573175][T18295] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4872'. [ 603.859566][T18331] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4887'. [ 604.391724][T18344] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4891'. [ 604.850938][T18356] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4895'. [ 605.348346][T18369] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4901'. [ 606.254178][T18403] netlink: 'syz.5.4915': attribute type 2 has an invalid length. [ 606.777105][T18414] netlink: 74 bytes leftover after parsing attributes in process `syz.5.4919'. [ 609.446876][T18475] sctp: [Deprecated]: syz.1.4944 (pid 18475) Use of int in maxseg socket option. [ 609.446876][T18475] Use struct sctp_assoc_value instead [ 609.892839][T18493] netlink: 'syz.2.4951': attribute type 9 has an invalid length. [ 610.966903][T18515] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4960'. [ 610.989688][T18515] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4960'. [ 611.322506][T18524] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4964'. [ 612.571492][T18555] openvswitch: netlink: Unknown nsh attribute 0 [ 612.978565][T18566] netlink: 74 bytes leftover after parsing attributes in process `syz.4.4979'. [ 613.963451][T18590] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4988'. [ 616.660747][T18650] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5005'. [ 618.247308][T18689] netlink: 350 bytes leftover after parsing attributes in process `syz.4.5016'. [ 620.768152][T18739] openvswitch: netlink: VXLAN extension 13870 out of range max 1 [ 622.889563][T18769] netlink: 322 bytes leftover after parsing attributes in process `syz.2.5046'. [ 623.184631][T18778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5050'. [ 623.702236][T18790] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5055'. [ 623.739133][T18793] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 623.848307][T18791] HfR: entered promiscuous mode [ 624.181873][T18809] netlink: 'syz.2.5061': attribute type 27 has an invalid length. [ 624.210770][T18809] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5061'. [ 625.125011][T18838] netlink: 74 bytes leftover after parsing attributes in process `syz.4.5068'. [ 626.827027][T18895] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5084'. [ 629.573564][T18998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5114'. [ 629.598059][T18998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5114'. [ 629.703925][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.709738][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.186180][T19039] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5130'. [ 631.277572][T19041] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5131'. [ 632.642141][T19075] netlink: 'syz.5.5143': attribute type 16 has an invalid length. [ 632.649563][T19075] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5143'. [ 633.424270][T19095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5148'. [ 633.435271][T19095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5148'. [ 633.698091][T19099] ima: policy update failed [ 633.705947][ T29] audit: type=1802 audit(4294967424.170:10): pid=19099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.5149" res=0 errno=0 [ 633.912425][T19111] netlink: 'syz.2.5152': attribute type 33 has an invalid length. [ 633.920684][T19111] netlink: 322 bytes leftover after parsing attributes in process `syz.2.5152'. [ 633.930427][T19111] netlink: 'syz.2.5152': attribute type 33 has an invalid length. [ 633.938665][T19111] netlink: 322 bytes leftover after parsing attributes in process `syz.2.5152'. [ 634.144059][T19113] netlink: 306 bytes leftover after parsing attributes in process `syz.4.5153'. [ 635.704854][T19162] __nla_validate_parse: 2 callbacks suppressed [ 635.704879][T19162] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5166'. [ 635.739275][T19162] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5166'. [ 637.097093][T19194] RDS: rds_bind could not find a transport for fe80::3030:3030:3a30:302f, load rds_tcp or rds_rdma? [ 638.894776][T19246] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5200'. [ 639.166785][T19255] netlink: 338 bytes leftover after parsing attributes in process `syz.4.5204'. [ 639.429672][T19261] netlink: 130 bytes leftover after parsing attributes in process `syz.5.5207'. [ 640.541791][T19279] netlink: 'syz.5.5215': attribute type 4 has an invalid length. [ 640.579630][T19279] netlink: 'syz.5.5215': attribute type 4 has an invalid length. [ 644.114468][T19358] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5244'. [ 644.276000][T14244] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 645.863374][T19402] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5256'. [ 646.617938][T19411] netlink: 'syz.4.5260': attribute type 4 has an invalid length. [ 646.625767][T19411] netlink: 314 bytes leftover after parsing attributes in process `syz.4.5260'. [ 647.323891][T19421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5266'. [ 647.816590][T19431] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5268'. [ 653.013859][T19516] delete_channel: no stack [ 655.420113][T19565] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5318'. [ 655.690474][T19575] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5323'. [ 655.884541][T19581] netlink: 'syz.2.5326': attribute type 14 has an invalid length. [ 655.906539][T19581] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5326'. [ 657.050090][T19618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5339'. [ 657.693804][T19637] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5347'. [ 658.735605][T19664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5358'. [ 658.799736][T19662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5357'. [ 659.147024][T19666] netlink: 'syz.2.5359': attribute type 33 has an invalid length. [ 659.168667][T19666] netlink: 322 bytes leftover after parsing attributes in process `syz.2.5359'. [ 659.477591][T19679] netlink: 'syz.4.5364': attribute type 4 has an invalid length. [ 661.795261][T19734] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5385'. [ 662.062954][T19741] netlink: 'syz.1.5387': attribute type 1 has an invalid length. [ 662.074343][T19741] netlink: 318 bytes leftover after parsing attributes in process `syz.1.5387'. [ 662.274414][T19746] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5390'. [ 662.522384][T19755] netlink: 'syz.1.5394': attribute type 1 has an invalid length. [ 662.531569][T19755] netlink: 230 bytes leftover after parsing attributes in process `syz.1.5394'. [ 662.721573][T19759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5396'. [ 664.891037][T19805] lo: entered allmulticast mode [ 665.029020][T19807] lo: left allmulticast mode [ 667.406964][T19889] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 667.850842][T19901] sctp: [Deprecated]: syz.1.5440 (pid 19901) Use of int in max_burst socket option. [ 667.850842][T19901] Use struct sctp_assoc_value instead [ 668.138660][T19916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5445'. [ 668.157815][T19916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5445'. [ 669.645130][T19955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5461'. [ 671.602046][T19999] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5476'. [ 673.549205][T20029] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5490'. [ 677.953956][T20165] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 680.012685][T20204] lo: entered allmulticast mode [ 680.084594][T20205] lo: left allmulticast mode [ 682.614198][T20248] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5561'. [ 682.728129][T20250] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5563'. [ 683.130361][T20263] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5568'. [ 684.996281][T20317] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5578'. [ 685.690423][T20327] netlink: 'syz.4.5582': attribute type 29 has an invalid length. [ 685.709613][T20327] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5582'. [ 685.764148][T20325] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5581'. [ 686.571364][T20345] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5595'. [ 688.183945][T20383] netlink: 'syz.5.5603': attribute type 28 has an invalid length. [ 688.216434][T20383] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5603'. [ 690.200324][T20427] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5620'. [ 690.244474][T20429] Process accounting resumed [ 691.163931][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.176199][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.061220][T20528] netlink: 'syz.5.5656': attribute type 27 has an invalid length. [ 694.081847][T20528] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5656'. [ 694.328135][T20536] netlink: 'syz.4.5660': attribute type 21 has an invalid length. [ 694.336507][T20536] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5660'. [ 694.755901][T20547] netlink: 'syz.2.5664': attribute type 1 has an invalid length. [ 694.764200][T20547] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5664'. [ 695.720585][T20559] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5676'. [ 695.946301][T20564] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5669'. [ 697.522049][T20575] netlink: 'syz.1.5673': attribute type 1 has an invalid length. [ 697.530292][T20575] netlink: 306 bytes leftover after parsing attributes in process `syz.1.5673'. [ 698.013056][T20589] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5678'. [ 702.289939][T20667] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5709'. [ 703.998385][T20697] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5719'. [ 704.019995][T20695] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5720'. [ 704.114708][T20701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5722'. [ 704.912260][T20716] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5727'. [ 705.053865][T20718] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5729'. [ 706.022338][T20740] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5737'. [ 706.099255][T20742] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5738'. [ 706.109839][T20742] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5738'. [ 706.277470][T20746] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5739'. [ 706.883657][T20763] ovs_: entered promiscuous mode [ 707.756011][T20780] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5754'. [ 708.168988][T20787] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5756'. [ 708.408813][T20793] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5759'. [ 709.405747][T20820] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5769'. [ 709.666988][T20824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5771'. [ 709.718746][T20826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5770'. [ 709.727872][T20824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5771'. [ 709.776094][T20829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5770'. [ 710.644953][T20851] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5781'. [ 711.426977][T20864] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5786'. [ 711.672426][T20875] mkiss: ax0: crc mode is auto. [ 712.094477][T20888] netlink: 'syz.5.5790': attribute type 4 has an invalid length. [ 713.439740][T20931] __nla_validate_parse: 1 callbacks suppressed [ 713.439770][T20931] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5804'. [ 715.566098][T20988] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 716.219853][T21002] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5831'. [ 717.399076][T21034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5846'. [ 719.077725][T21069] netlink: 266 bytes leftover after parsing attributes in process `syz.5.5858'. [ 719.374968][T21075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5859'. [ 719.888160][T21087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5866'. [ 720.071054][T21095] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5869'. [ 720.081240][T21096] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5868'. [ 721.862907][T21135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5884'. [ 721.901234][T21135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5884'. [ 722.147623][T21139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5886'. [ 724.277153][T21198] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5899'. [ 725.313668][T21223] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5906'. [ 726.244811][T21232] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5910'. [ 726.258145][T21235] netlink: 'syz.1.5909': attribute type 27 has an invalid length. [ 726.266048][T21235] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5909'. [ 726.286527][T21232] IPv6: NLM_F_CREATE should be specified when creating new route [ 727.037421][T21252] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5917'. [ 727.073217][T21252] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.096735][T21252] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 727.132712][T21252] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 727.147385][T21252] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 727.407723][T21261] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5922'. [ 727.435334][T21261] vcan0: entered promiscuous mode [ 727.725827][T21272] [U] [ 727.729027][T21272] [U] [ 727.731814][T21272] [U] [ 727.734593][T21272] [U] [ 727.813113][T21272] [U] [ 727.815930][T21272] [U] [ 727.818703][T21272] [U] [ 727.821460][T21272] [U] [ 727.883233][T21275] [U] [ 730.233843][T21316] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5943'. [ 730.969196][T21336] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5951'. [ 731.278929][T21339] netlink: 'syz.2.5952': attribute type 4 has an invalid length. [ 731.437117][T21345] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5955'. [ 731.662580][ T29] audit: type=1326 audit(4294967531.129:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21350 comm="syz.1.5957" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2bc585d29 code=0x0 [ 731.873546][T21357] netlink: 7 bytes leftover after parsing attributes in process `syz.5.5960'. [ 731.894046][T21357] netlink: 7 bytes leftover after parsing attributes in process `syz.5.5960'. [ 732.272818][T14244] Bluetooth: hci2: Malformed Event: 0x2f [ 732.391633][T21362] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5962'. [ 732.420869][T21362] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5962'. [ 732.573760][T21366] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5964'. [ 732.585652][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 732.595553][T21366] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 732.612777][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 732.623856][T21366] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 732.882443][T21377] delete_channel: no stack [ 733.003507][T21382] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5970'. [ 733.876392][T21408] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5980'. [ 733.896997][T21408] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 733.912963][T21408] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 733.940319][T21408] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 733.958562][T21408] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 735.240561][T21439] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5994'. [ 735.266677][T21439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 735.274182][T21439] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 735.321040][T21439] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 735.328830][T21439] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 736.645971][T21477] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6009'. [ 737.164982][T21491] mkiss: ax0: crc mode is auto. [ 737.805669][T21506] sctp: [Deprecated]: syz.4.6018 (pid 21506) Use of struct sctp_assoc_value in delayed_ack socket option. [ 737.805669][T21506] Use struct sctp_sack_info instead [ 738.837339][T21523] netlink: 'syz.2.6025': attribute type 1 has an invalid length. [ 740.552591][T21566] netlink: 322 bytes leftover after parsing attributes in process `syz.1.6041'. [ 742.054693][T21609] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6053'. [ 743.329188][T21649] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6064'. [ 744.407503][T21671] netlink: 338 bytes leftover after parsing attributes in process `syz.2.6072'. [ 744.419110][T21671] netlink: 338 bytes leftover after parsing attributes in process `syz.2.6072'. [ 744.743955][T21676] netlink: 'syz.1.6074': attribute type 4 has an invalid length. [ 745.189840][T21686] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6078'. [ 745.712415][T21697] netlink: 'syz.1.6082': attribute type 28 has an invalid length. [ 745.726423][T21697] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6082'. [ 746.022293][T21711] netlink: 'syz.1.6086': attribute type 3 has an invalid length. [ 746.040016][T21711] netlink: 332 bytes leftover after parsing attributes in process `syz.1.6086'. [ 746.069144][T21711] netlink: 'syz.1.6086': attribute type 3 has an invalid length. [ 746.093391][T21711] netlink: 332 bytes leftover after parsing attributes in process `syz.1.6086'. [ 748.114827][T21761] UHID_CREATE from different security context by process 1538 (syz.5.6105), this is not allowed. [ 748.766122][T21791] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6123'. [ 748.813306][T21793] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6116'. [ 749.017088][T21800] netlink: 326 bytes leftover after parsing attributes in process `syz.1.6119'. [ 750.408838][T21837] netlink: 322 bytes leftover after parsing attributes in process `syz.1.6134'. [ 750.647699][T21845] netlink: 334 bytes leftover after parsing attributes in process `syz.4.6137'. [ 750.992983][T21857] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6142'. [ 752.465055][T21893] mkiss: ax0: crc mode is auto. [ 752.579059][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.585505][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 755.485826][T21972] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6181'. [ 756.418982][T22006] netlink: 290 bytes leftover after parsing attributes in process `syz.2.6198'. [ 756.583665][T22013] netlink: 138 bytes leftover after parsing attributes in process `syz.2.6199'. [ 756.713186][T22016] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6201'. [ 758.218538][T22051] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6212'. [ 758.627282][T22058] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6215'. [ 758.715121][T22060] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6216'. [ 758.858535][T22064] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6218'. [ 759.969059][ T29] audit: type=1800 audit(4294967568.432:12): pid=22093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6225" name="dbroot" dev="configfs" ino=63151 res=0 errno=0 [ 760.203401][T22088] db_root: cannot open:  [ 761.238122][T22109] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6232'. [ 761.467106][T22120] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6244'. [ 761.491124][T22120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6244'. [ 761.678386][T22127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 762.646962][T22149] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6249'. [ 762.730436][T22149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6249'. [ 763.980495][T22187] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6262'. [ 764.453655][T22194] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6263'. [ 764.501935][T22194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6263'. [ 764.792493][T22203] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6266'. [ 765.030917][T22211] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6270'. [ 765.169719][T22207] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 765.184691][T22207] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 766.712048][T22250] mkiss: ax0: crc mode is auto. [ 767.831065][T22277] mkiss: ax0: crc mode is auto. [ 768.197819][T22289] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6303'. [ 768.215592][T22289] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 768.223658][T22289] IPv6: NLM_F_CREATE should be set when creating new route [ 768.231021][T22289] IPv6: NLM_F_CREATE should be set when creating new route [ 768.416236][T22296] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6304'. [ 769.403445][T22310] netlink: 146 bytes leftover after parsing attributes in process `syz.5.6310'. [ 769.627928][T22319] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6312'. [ 769.687368][T22314] mkiss: ax0: crc mode is auto. [ 769.838794][T22321] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6313'. [ 770.083688][T22328] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6316'. [ 770.386950][T22332] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6317'. [ 772.185227][T22366] netlink: 334 bytes leftover after parsing attributes in process `syz.4.6329'. [ 773.760620][T22402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6341'. [ 773.777384][T22402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6341'. [ 774.592835][T22424] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6350'. [ 774.734290][T22426] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6351'. [ 775.254184][T22439] netlink: 74 bytes leftover after parsing attributes in process `syz.1.6357'. [ 775.647846][T22447] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6361'. [ 775.657374][T22447] lo: entered promiscuous mode [ 775.662213][T22447] lo: entered allmulticast mode [ 776.274773][T22471] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6370'. [ 776.823044][T22486] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6376'. [ 776.897373][T22491] netlink: 314 bytes leftover after parsing attributes in process `syz.1.6379'. [ 777.636052][T22516] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6387'. [ 779.545743][T22568] __nla_validate_parse: 4 callbacks suppressed [ 779.545770][T22568] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6406'. [ 779.913172][T22579] mkiss: ax0: crc mode is auto. [ 780.093567][T22581] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6411'. [ 780.215097][T22583] netlink: 2 bytes leftover after parsing attributes in process `syz.5.6412'. [ 780.553542][T22589] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6414'. [ 780.563241][T22589] lo: entered promiscuous mode [ 780.569924][T22589] lo: entered allmulticast mode [ 781.715358][T22613] netlink: 74 bytes leftover after parsing attributes in process `syz.2.6423'. [ 781.896719][T22618] netlink: 'syz.2.6426': attribute type 1 has an invalid length. [ 781.947199][T22619] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6424'. [ 783.381659][T22639] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6433'. [ 783.556797][T22647] netlink: 'syz.1.6430': attribute type 4 has an invalid length. [ 783.567221][T22642] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 783.576175][T22642] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 783.592878][T22642] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 783.602268][T22647] netlink: 314 bytes leftover after parsing attributes in process `syz.1.6430'. [ 783.620834][T22642] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 784.129280][T22668] netlink: 'syz.5.6443': attribute type 39 has an invalid length. [ 784.138017][T22668] netlink: 'syz.5.6443': attribute type 40 has an invalid length. [ 784.145882][T22668] netlink: 'syz.5.6443': attribute type 41 has an invalid length. [ 784.154212][T22668] netlink: 'syz.5.6443': attribute type 44 has an invalid length. [ 784.162449][T22668] netlink: 'syz.5.6443': attribute type 46 has an invalid length. [ 784.170521][T22668] netlink: 'syz.5.6443': attribute type 47 has an invalid length. [ 784.178674][T22668] netlink: 'syz.5.6443': attribute type 48 has an invalid length. [ 784.186861][T22668] netlink: 'syz.5.6443': attribute type 49 has an invalid length. [ 784.195063][T22668] netlink: 6 bytes leftover after parsing attributes in process `syz.5.6443'. [ 784.314870][T22675] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6445'. [ 784.854703][T22690] __nla_validate_parse: 1 callbacks suppressed [ 784.854731][T22690] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6453'. [ 785.307825][T22704] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6458'. [ 785.319344][T22704] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6458'. [ 785.423243][T22707] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6459'. [ 785.441944][T22707] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6459'. [ 785.467807][T22707] netlink: 166 bytes leftover after parsing attributes in process `syz.1.6459'. [ 785.535142][T22710] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6461'. [ 785.619479][T14244] Bluetooth: hci1: command 0x0406 tx timeout [ 785.619867][T14655] Bluetooth: hci0: command 0x0406 tx timeout [ 785.625552][T14244] Bluetooth: hci2: command 0x0c1a tx timeout [ 785.696445][T14655] Bluetooth: hci3: command 0x041b tx timeout [ 785.774277][T22718] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6465'. [ 786.210944][T22734] netlink: 146 bytes leftover after parsing attributes in process `syz.5.6471'. [ 786.394549][T22739] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 786.443199][T22737] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6473'. [ 787.226883][T22756] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 787.233640][T22756] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 787.241012][T22756] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 787.252120][T22756] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 788.197910][T22790] IPv6: NLM_F_CREATE should be specified when creating new route [ 789.078441][T22817] validate_nla: 2 callbacks suppressed [ 789.078479][T22817] netlink: 'syz.1.6503': attribute type 5 has an invalid length. [ 789.306518][T22713] Bluetooth: hci1: command 0x0406 tx timeout [ 789.313513][T22713] Bluetooth: hci0: command 0x0406 tx timeout [ 789.317200][T14244] Bluetooth: hci2: command 0x0c1a tx timeout [ 789.320443][T14655] Bluetooth: hci3: command 0x041b tx timeout [ 791.977045][T22879] __nla_validate_parse: 8 callbacks suppressed [ 791.977072][T22879] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6524'. [ 793.118862][T22897] netlink: 146 bytes leftover after parsing attributes in process `syz.1.6530'. [ 793.831569][T22914] netlink: 'syz.1.6534': attribute type 4 has an invalid length. [ 793.870201][T22914] netlink: 314 bytes leftover after parsing attributes in process `syz.1.6534'. [ 793.939260][T22916] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[22916] [ 794.451457][T22922] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6538'. [ 794.756974][T22929] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6547'. [ 798.046473][T22954] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6546'. [ 798.091429][T22954] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6546'. [ 799.411215][T22983] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6558'. [ 800.441546][T22998] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6564'. [ 802.694551][T23015] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6570'. [ 802.766650][T23015] veth1_macvtap: left allmulticast mode [ 802.772354][T23015] veth1_macvtap: left promiscuous mode [ 803.040913][T23019] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6572'. [ 803.192574][T23027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6575'. [ 803.226161][T23027] unsupported nlmsg_type 40 [ 803.389535][T23031] netlink: 306 bytes leftover after parsing attributes in process `syz.1.6576'. [ 803.713929][T23038] netlink: 266 bytes leftover after parsing attributes in process `syz.1.6579'. [ 804.076159][T23044] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6582'. [ 804.741826][T23064] netlink: 'syz.4.6591': attribute type 19 has an invalid length. [ 804.765154][T23064] netlink: 114 bytes leftover after parsing attributes in process `syz.4.6591'. [ 805.730608][T23091] netlink: 'syz.1.6600': attribute type 4 has an invalid length. [ 805.759117][T23091] netlink: 314 bytes leftover after parsing attributes in process `syz.1.6600'. [ 805.868651][T23095] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6602'. [ 806.590953][T23117] netlink: 266 bytes leftover after parsing attributes in process `syz.4.6609'. [ 806.611132][T23117] IPv6: NLM_F_CREATE should be specified when creating new route [ 806.857223][T23121] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6611'. [ 807.717019][T23138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6618'. [ 808.294261][T23149] netlink: 'syz.2.6622': attribute type 27 has an invalid length. [ 808.312817][T23149] __nla_validate_parse: 1 callbacks suppressed [ 808.312845][T23149] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6622'. [ 808.396082][T23151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6623'. [ 808.994562][T23161] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6629'. [ 809.009537][T23161] veth1_macvtap: left promiscuous mode [ 809.048133][T23162] netlink: 'syz.1.6628': attribute type 28 has an invalid length. [ 809.076419][T23162] netlink: 'syz.1.6628': attribute type 29 has an invalid length. [ 809.109781][T23162] netlink: 'syz.1.6628': attribute type 30 has an invalid length. [ 809.129281][T23162] netlink: 'syz.1.6628': attribute type 31 has an invalid length. [ 809.156337][T23162] netlink: 'syz.1.6628': attribute type 32 has an invalid length. [ 809.164237][T23162] netlink: 'syz.1.6628': attribute type 33 has an invalid length. [ 809.187070][T23162] netlink: 'syz.1.6628': attribute type 35 has an invalid length. [ 809.194979][T23162] netlink: 18 bytes leftover after parsing attributes in process `syz.1.6628'. [ 809.273845][T23168] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6632'. [ 809.432011][T23173] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6633'. [ 810.597070][T23194] validate_nla: 4 callbacks suppressed [ 810.597099][T23194] netlink: 'syz.5.6640': attribute type 21 has an invalid length. [ 810.626482][T23194] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6640'. [ 811.008858][T23203] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6641'. [ 811.053381][T23203] veth1_macvtap: left promiscuous mode [ 811.402244][T23208] netlink: 'syz.2.6644': attribute type 2 has an invalid length. [ 812.476095][T23234] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6655'. [ 814.046921][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.065064][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.699097][T23268] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 815.806133][T23286] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6674'. [ 817.780606][T23319] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6685'. [ 817.816451][T23319] IPv6: Can't replace route, no match found [ 818.262292][T23331] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6690'. [ 818.781931][T23349] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6696'. [ 820.262629][T23365] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6702'. [ 820.392467][T23370] netlink: 266 bytes leftover after parsing attributes in process `syz.1.6704'. [ 820.591543][T23374] netlink: 326 bytes leftover after parsing attributes in process `syz.1.6706'. [ 820.659372][T23376] netlink: 244 bytes leftover after parsing attributes in process `syz.2.6707'. [ 820.836161][T23384] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6711'. [ 820.940361][T23387] netlink: 'syz.1.6712': attribute type 4 has an invalid length. [ 823.151584][T23447] sctp: [Deprecated]: syz.1.6735 (pid 23447) Use of int in maxseg socket option. [ 823.151584][T23447] Use struct sctp_assoc_value instead [ 823.411074][T23457] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6740'. [ 823.427018][T23456] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6741'. [ 823.439582][T23456] IPv6: Can't replace route, no match found [ 823.590108][T23462] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6742'. [ 823.599854][T23462] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6742'. [ 823.722276][T14655] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 823.753836][T23465] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6744'. [ 825.150661][T23495] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6760'. [ 825.303122][T23496] blktrace: Concurrent blktraces are not allowed on sg0 [ 825.772111][T23513] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6758'. [ 825.870161][T23518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6761'. [ 825.883301][T23518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6761'. [ 826.507847][T23531] netlink: 146 bytes leftover after parsing attributes in process `syz.1.6766'. [ 830.171268][T23587] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6786'. [ 830.188853][T23587] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6786'. [ 830.597291][T23601] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6791'. [ 831.528838][T23630] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6803'. [ 831.668454][T23632] netlink: 'syz.5.6805': attribute type 19 has an invalid length. [ 831.696445][T23632] netlink: 114 bytes leftover after parsing attributes in process `syz.5.6805'. [ 831.864426][T23638] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6807'. [ 832.111365][T23645] netlink: 326 bytes leftover after parsing attributes in process `syz.1.6810'. [ 832.123629][T23642] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 832.128022][T23646] netlink: 'syz.2.6811': attribute type 20 has an invalid length. [ 832.166444][T23646] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6811'. [ 833.612842][T23671] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6820'. [ 834.846729][T23700] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6831'. [ 834.897660][T23700] netlink: 214 bytes leftover after parsing attributes in process `syz.5.6831'. [ 834.946530][T23700] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 834.953878][T23700] IPv6: NLM_F_CREATE should be set when creating new route [ 834.961295][T23700] IPv6: NLM_F_CREATE should be set when creating new route [ 834.968636][T23700] IPv6: NLM_F_CREATE should be set when creating new route [ 836.428693][T23730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6841'. [ 836.702699][T23736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6843'. [ 836.787532][T23736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6843'. [ 837.874238][T23758] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6849'. [ 839.333521][T23783] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6859'. [ 839.824341][T23798] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6864'. [ 840.076095][T23798] team0: Port device team_slave_0 removed [ 840.282016][T23806] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6868'. [ 840.349517][T23808] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6867'. [ 843.173045][T23850] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6884'. [ 843.348146][T23856] netlink: 'syz.1.6886': attribute type 1 has an invalid length. [ 843.386611][T23856] netlink: 53 bytes leftover after parsing attributes in process `syz.1.6886'. [ 843.417629][T23856] netlink: 'syz.1.6886': attribute type 1 has an invalid length. [ 843.438437][T23858] netlink: 'syz.2.6888': attribute type 64 has an invalid length. [ 843.446402][T23856] netlink: 53 bytes leftover after parsing attributes in process `syz.1.6886'. [ 843.476505][T23858] netlink: 74 bytes leftover after parsing attributes in process `syz.2.6888'. [ 843.728694][T23867] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6892'. [ 843.882113][T23870] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6893'. [ 843.907743][T23870] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6893'. [ 844.317947][T23881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6898'. [ 844.485275][T23883] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6899'. [ 844.516564][T23883] : renamed from gre0 (while UP) [ 844.542568][T23883] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6899'. [ 847.469519][T23957] : renamed from gre0 (while UP) [ 848.461639][T23984] __nla_validate_parse: 11 callbacks suppressed [ 848.461667][T23984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6938'. [ 848.512270][T23984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6938'. [ 848.805313][T23993] netlink: 326 bytes leftover after parsing attributes in process `syz.1.6941'. [ 848.916516][T14655] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 849.219672][T24004] netlink: 306 bytes leftover after parsing attributes in process `syz.2.6946'. [ 850.026336][T24021] netlink: 'syz.5.6949': attribute type 4 has an invalid length. [ 850.130060][T24025] netlink: 'syz.1.6951': attribute type 4 has an invalid length. [ 850.146808][T24025] netlink: 314 bytes leftover after parsing attributes in process `syz.1.6951'. [ 850.427205][T24019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6950'. [ 850.439034][T24019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6950'. [ 850.667305][T24033] netlink: 'syz.5.6953': attribute type 17 has an invalid length. [ 850.691092][T24033] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6953'. [ 850.976965][T24044] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6957'. [ 851.007842][T24042] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6958'. [ 852.469481][T24079] netlink: 'syz.1.6973': attribute type 39 has an invalid length. [ 853.895667][T24110] __nla_validate_parse: 8 callbacks suppressed [ 853.895697][T24110] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6986'. [ 854.389561][T24120] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6989'. [ 854.423826][T24120] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6989'. [ 855.150149][T24143] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6999'. [ 855.187758][T24143] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6999'. [ 855.313894][T24146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7000'. [ 855.357201][T24146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7000'. [ 856.643255][T24173] netlink: 222 bytes leftover after parsing attributes in process `syz.4.7007'. [ 856.676050][T24173] netlink: 222 bytes leftover after parsing attributes in process `syz.4.7007'. [ 856.692405][T24171] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7006'. [ 859.052188][T24224] __nla_validate_parse: 1 callbacks suppressed [ 859.052215][T24224] netlink: 342 bytes leftover after parsing attributes in process `syz.2.7025'. [ 859.539014][T24237] binder: 24236:24237 ioctl c018620c 9 returned -22 [ 861.017264][T24261] tipc: Started in network mode [ 861.022283][T24261] tipc: Node identity ffffffff, cluster identity 4711 [ 861.066409][T24261] tipc: Node number set to 4294967295 [ 861.111951][T24266] netlink: 'syz.4.7042': attribute type 4 has an invalid length. [ 861.120123][T24266] netlink: 314 bytes leftover after parsing attributes in process `syz.4.7042'. [ 861.145920][T24266] netlink: 'syz.4.7042': attribute type 4 has an invalid length. [ 861.155711][T24266] netlink: 314 bytes leftover after parsing attributes in process `syz.4.7042'. [ 861.209784][T24268] netlink: 'syz.5.7041': attribute type 8 has an invalid length. [ 861.266507][T24268] netlink: 'syz.5.7041': attribute type 9 has an invalid length. [ 861.316639][T24268] netlink: 162 bytes leftover after parsing attributes in process `syz.5.7041'. [ 861.343441][T24270] sp0: Synchronizing with TNC [ 861.627958][T24283] netlink: 334 bytes leftover after parsing attributes in process `syz.5.7047'. [ 865.226089][T24338] netlink: 322 bytes leftover after parsing attributes in process `syz.4.7066'. [ 865.886667][T24352] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7072'. [ 866.057303][T24357] netlink: 206 bytes leftover after parsing attributes in process `syz.5.7071'. [ 866.574712][T24369] netlink: 'syz.1.7078': attribute type 10 has an invalid length. [ 866.596312][T24369] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7078'. [ 867.871340][T24412] netlink: 342 bytes leftover after parsing attributes in process `syz.2.7094'. [ 870.007963][T24476] netlink: 334 bytes leftover after parsing attributes in process `syz.2.7118'. [ 870.559820][T24492] netlink: 286 bytes leftover after parsing attributes in process `syz.1.7132'. [ 871.175777][T24512] netlink: 342 bytes leftover after parsing attributes in process `syz.5.7133'. [ 872.778694][T24546] sp0: Synchronizing with TNC [ 874.930776][T14244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 874.939941][T24589] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7162'. [ 874.960234][T14244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 874.976800][T14244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 874.990077][T14244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 875.016579][T14244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 875.026788][T14244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 875.460302][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.466795][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.573862][T24600] chnl_net:caif_netlink_parms(): no params data found [ 875.758661][T24600] bridge0: port 1(bridge_slave_0) entered blocking state [ 875.768980][T24600] bridge0: port 1(bridge_slave_0) entered disabled state [ 875.796743][T24600] bridge_slave_0: entered allmulticast mode [ 875.806077][T24600] bridge_slave_0: entered promiscuous mode [ 875.818609][T24600] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.826431][T24600] bridge0: port 2(bridge_slave_1) entered disabled state [ 875.833917][T24600] bridge_slave_1: entered allmulticast mode [ 875.850591][T24600] bridge_slave_1: entered promiscuous mode [ 875.905807][T24600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.919352][T24600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 875.969857][T24600] team0: Port device team_slave_0 added [ 875.992246][T24600] team0: Port device team_slave_1 added [ 876.027132][T24600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 876.034680][T24600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.061586][T24600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 876.074626][T24600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 876.082712][T24600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.110911][T24600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 876.158624][T24600] hsr_slave_0: entered promiscuous mode [ 876.165350][T24600] hsr_slave_1: entered promiscuous mode [ 876.172131][T24600] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 876.183501][T24600] Cannot create hsr debugfs directory [ 876.320087][T24600] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.327599][T24600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 876.335277][T24600] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.342515][T24600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 876.432570][T24600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 876.459171][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.479173][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.506875][T24600] 8021q: adding VLAN 0 to HW filter on device team0 [ 876.520138][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.527341][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 876.540735][ T7677] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.547937][ T7677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 876.761262][T24600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 876.963642][T24600] veth0_vlan: entered promiscuous mode [ 876.980773][T24600] veth1_vlan: entered promiscuous mode [ 877.004913][T24600] veth0_macvtap: entered promiscuous mode [ 877.013907][T24600] veth1_macvtap: entered promiscuous mode [ 877.032894][T24600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 877.046819][T24600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 877.124915][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 877.136730][T14244] Bluetooth: hci3: command tx timeout [ 877.148507][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.178197][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 877.187471][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.371421][T24638] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7178'. [ 878.134164][T24661] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7176'. [ 878.682825][T24674] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7184'. [ 879.226919][T14244] Bluetooth: hci3: command tx timeout [ 880.707170][T24701] syz.4.7193 (24701) used greatest stack depth: 20672 bytes left [ 881.051185][T24720] netlink: 314 bytes leftover after parsing attributes in process `syz.2.7199'. [ 881.297289][T14244] Bluetooth: hci3: command tx timeout [ 883.090882][T24768] netlink: 334 bytes leftover after parsing attributes in process `syz.2.7216'. [ 883.376533][T14244] Bluetooth: hci3: command tx timeout [ 883.667691][T24782] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 883.686665][T24782] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 883.692845][T24782] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 883.752785][T24782] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 883.780808][T24782] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 883.870106][T24782] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 884.943698][T24800] netlink: 354 bytes leftover after parsing attributes in process `syz.6.7228'. [ 885.697741][T14244] Bluetooth: hci1: command 0x0406 tx timeout [ 885.703844][T14244] Bluetooth: hci0: command 0x0406 tx timeout [ 885.710908][T14655] Bluetooth: hci2: command 0x0c1a tx timeout [ 885.776657][T14244] Bluetooth: hci3: command 0x0c1a tx timeout [ 886.228850][T24826] netlink: 338 bytes leftover after parsing attributes in process `syz.4.7238'. [ 887.856315][T14244] Bluetooth: hci3: command 0x0c1a tx timeout [ 888.344755][T24860] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7251'. [ 889.645396][T24893] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7263'. [ 889.936409][T14244] Bluetooth: hci3: command 0x0c1a tx timeout [ 890.400767][T24917] netlink: 'syz.2.7269': attribute type 27 has an invalid length. [ 890.450771][T24917] netlink: 'syz.2.7269': attribute type 28 has an invalid length. [ 890.502663][T24917] netlink: 'syz.2.7269': attribute type 29 has an invalid length. [ 890.563059][T24917] netlink: 'syz.2.7269': attribute type 30 has an invalid length. [ 890.615933][T24917] netlink: 'syz.2.7269': attribute type 31 has an invalid length. [ 890.698846][T24917] netlink: 'syz.2.7269': attribute type 32 has an invalid length. [ 890.766847][T24917] netlink: 'syz.2.7269': attribute type 33 has an invalid length. [ 890.860845][T24917] netlink: 'syz.2.7269': attribute type 35 has an invalid length. [ 890.939999][T24917] netlink: 'syz.2.7269': attribute type 37 has an invalid length. [ 891.043334][T24917] netlink: 'syz.2.7269': attribute type 39 has an invalid length. [ 891.126162][T24917] netlink: 14 bytes leftover after parsing attributes in process `syz.2.7269'. [ 891.253046][T24920] delete_channel: no stack [ 894.200518][T24962] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7284'. [ 894.267913][T24962] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7284'. [ 896.033735][T25001] netlink: 326 bytes leftover after parsing attributes in process `syz.1.7299'. [ 896.506375][T25019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7304'. [ 896.547190][T25019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7304'. [ 896.882665][T25032] validate_nla: 1 callbacks suppressed [ 896.882692][T25032] netlink: 'syz.1.7308': attribute type 5 has an invalid length. [ 896.900282][T25032] netlink: 314 bytes leftover after parsing attributes in process `syz.1.7308'. [ 897.323108][T25052] netlink: 130 bytes leftover after parsing attributes in process `syz.6.7318'. [ 898.677932][T25101] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7338'. [ 898.688753][T25101] vcan0: entered promiscuous mode [ 899.366854][T25116] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7343'. [ 899.381633][T25116] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7343'. [ 899.683969][T25125] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7348'. [ 899.704672][T25125] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7348'. [ 900.962308][T25152] netlink: 342 bytes leftover after parsing attributes in process `syz.1.7358'. [ 900.999502][T25152] netlink: 266 bytes leftover after parsing attributes in process `syz.1.7358'. [ 902.788162][T25194] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7374'. [ 903.349679][T25209] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 903.589254][T25215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7381'. [ 904.352818][T25227] netlink: 'syz.6.7386': attribute type 33 has an invalid length. [ 904.368449][T25227] netlink: 322 bytes leftover after parsing attributes in process `syz.6.7386'. [ 904.598447][T25246] netlink: 314 bytes leftover after parsing attributes in process `syz.2.7393'. [ 904.614363][T25248] sock: sock_set_timeout: `syz.1.7394' (pid 25248) tries to set negative timeout [ 905.728615][T25277] netlink: 326 bytes leftover after parsing attributes in process `syz.2.7404'. [ 905.745632][T25279] mkiss: ax0: crc mode is auto. [ 906.008747][T25290] netlink: 'syz.6.7410': attribute type 4 has an invalid length. [ 906.017941][T25290] netlink: 314 bytes leftover after parsing attributes in process `syz.6.7410'. [ 906.044626][T25290] IPv6: NLM_F_CREATE should be specified when creating new route [ 906.058017][T25290] IPv6: NLM_F_REPLACE set, but no existing node found! [ 906.370935][T25303] netlink: 'syz.2.7414': attribute type 4 has an invalid length. [ 906.382421][T25303] netlink: 314 bytes leftover after parsing attributes in process `syz.2.7414'. [ 906.818743][T25318] netlink: 342 bytes leftover after parsing attributes in process `syz.2.7420'. [ 908.963051][T25389] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7446'. [ 909.542227][T25408] netlink: 326 bytes leftover after parsing attributes in process `syz.1.7454'. [ 909.555114][T25410] netlink: 342 bytes leftover after parsing attributes in process `syz.6.7456'. [ 909.565912][T25410] netlink: 342 bytes leftover after parsing attributes in process `syz.6.7456'. [ 909.586799][T25410] netlink: 342 bytes leftover after parsing attributes in process `syz.6.7456'. [ 909.606635][T25410] netlink: 342 bytes leftover after parsing attributes in process `syz.6.7456'. [ 909.627668][T25410] netlink: 342 bytes leftover after parsing attributes in process `syz.6.7456'. [ 910.098937][T25432] netlink: 146 bytes leftover after parsing attributes in process `syz.6.7461'. [ 911.939800][T25497] netlink: 334 bytes leftover after parsing attributes in process `syz.6.7487'. [ 913.056074][T25547] netlink: 342 bytes leftover after parsing attributes in process `syz.2.7503'. [ 913.065801][T25547] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 913.073139][T25547] IPv6: NLM_F_CREATE should be set when creating new route [ 913.080521][T25547] IPv6: NLM_F_CREATE should be set when creating new route [ 913.087864][T25547] IPv6: NLM_F_CREATE should be set when creating new route [ 914.834102][T25625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7532'. [ 914.850753][T25625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7532'. [ 914.934114][T25630] netlink: 'syz.4.7534': attribute type 33 has an invalid length. [ 914.943244][T25630] netlink: 322 bytes leftover after parsing attributes in process `syz.4.7534'. [ 915.098134][T25635] netlink: 326 bytes leftover after parsing attributes in process `syz.6.7536'. [ 915.200150][T25639] netlink: 326 bytes leftover after parsing attributes in process `syz.6.7538'. [ 915.213970][T25639] bridge0: port 2(bridge_slave_1) entered disabled state [ 915.221868][T25639] bridge0: port 1(bridge_slave_0) entered disabled state [ 916.036689][T25669] netlink: 'syz.4.7551': attribute type 39 has an invalid length. [ 916.044875][T25669] netlink: 'syz.4.7551': attribute type 40 has an invalid length. [ 916.072790][T25669] netlink: 'syz.4.7551': attribute type 41 has an invalid length. [ 916.081839][T25669] netlink: 'syz.4.7551': attribute type 44 has an invalid length. [ 916.091612][T25669] netlink: 'syz.4.7551': attribute type 46 has an invalid length. [ 916.100352][T25669] netlink: 'syz.4.7551': attribute type 47 has an invalid length. [ 916.115914][T25669] netlink: 'syz.4.7551': attribute type 48 has an invalid length. [ 916.131740][T25669] netlink: 'syz.4.7551': attribute type 49 has an invalid length. [ 916.139857][T25669] netlink: 'syz.4.7551': attribute type 50 has an invalid length. [ 916.146720][T25673] netlink: 334 bytes leftover after parsing attributes in process `syz.1.7552'. [ 916.149307][T25669] netlink: 6 bytes leftover after parsing attributes in process `syz.4.7551'. [ 916.276915][T25675] [ 916.279310][T25675] ====================================================== [ 916.286366][T25675] WARNING: possible circular locking dependency detected [ 916.293443][T25675] 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Not tainted [ 916.300602][T25675] ------------------------------------------------------ [ 916.307661][T25675] syz.2.7553/25675 is trying to acquire lock: [ 916.313765][T25675] ffff8880234cb740 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x750 [ 916.324645][T25675] [ 916.324645][T25675] but task is already holding lock: [ 916.332018][T25675] ffff88801ac70ba0 (&mm->mmap_lock){++++}-{4:4}, at: faultin_page_range+0x348/0x980 [ 916.341486][T25675] [ 916.341486][T25675] which lock already depends on the new lock. [ 916.341486][T25675] [ 916.351922][T25675] [ 916.351922][T25675] the existing dependency chain (in reverse order) is: [ 916.360960][T25675] [ 916.360960][T25675] -> #5 (&mm->mmap_lock){++++}-{4:4}: [ 916.368561][T25675] __might_fault+0x11b/0x190 [ 916.373725][T25675] _copy_from_user+0x29/0xd0 [ 916.378878][T25675] __blk_trace_setup+0xa8/0x180 [ 916.384288][T25675] blk_trace_setup+0x47/0x70 [ 916.389433][T25675] sg_ioctl+0x7a3/0x26b0 [ 916.394233][T25675] __x64_sys_ioctl+0x190/0x200 [ 916.399542][T25675] do_syscall_64+0xcd/0x250 [ 916.404610][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.411055][T25675] [ 916.411055][T25675] -> #4 (&q->debugfs_mutex){+.+.}-{4:4}: [ 916.418908][T25675] __mutex_lock+0x19b/0xa60 [ 916.423965][T25675] blk_mq_init_sched+0x42b/0x640 [ 916.429460][T25675] elevator_init_mq+0x2cd/0x420 [ 916.434866][T25675] add_disk_fwnode+0x113/0x1300 [ 916.440279][T25675] sd_probe+0xa66/0xfa0 [ 916.444996][T25675] really_probe+0x23e/0xa90 [ 916.450053][T25675] __driver_probe_device+0x1de/0x440 [ 916.455903][T25675] driver_probe_device+0x4c/0x1b0 [ 916.461480][T25675] __device_attach_driver+0x1df/0x310 [ 916.467439][T25675] bus_for_each_drv+0x157/0x1e0 [ 916.472922][T25675] __device_attach_async_helper+0x1d3/0x290 [ 916.479368][T25675] async_run_entry_fn+0x9c/0x530 [ 916.484940][T25675] process_one_work+0x958/0x1b30 [ 916.490432][T25675] worker_thread+0x6c8/0xf00 [ 916.495562][T25675] kthread+0x2c1/0x3a0 [ 916.500182][T25675] ret_from_fork+0x45/0x80 [ 916.505140][T25675] ret_from_fork_asm+0x1a/0x30 [ 916.510462][T25675] [ 916.510462][T25675] -> #3 (&q->q_usage_counter(queue)#50){++++}-{0:0}: [ 916.519407][T25675] blk_queue_enter+0x50f/0x640 [ 916.524748][T25675] blk_mq_alloc_request+0x59b/0x950 [ 916.530501][T25675] scsi_execute_cmd+0x1f1/0xff0 [ 916.535904][T25675] read_capacity_16+0x21a/0xe20 [ 916.541312][T25675] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 916.547683][T25675] sd_probe+0x8ee/0xfa0 [ 916.552433][T25675] really_probe+0x23e/0xa90 [ 916.557499][T25675] __driver_probe_device+0x1de/0x440 [ 916.563354][T25675] driver_probe_device+0x4c/0x1b0 [ 916.568940][T25675] __device_attach_driver+0x1df/0x310 [ 916.574872][T25675] bus_for_each_drv+0x157/0x1e0 [ 916.580272][T25675] __device_attach_async_helper+0x1d3/0x290 [ 916.586721][T25675] async_run_entry_fn+0x9c/0x530 [ 916.592998][T25675] process_one_work+0x958/0x1b30 [ 916.598498][T25675] worker_thread+0x6c8/0xf00 [ 916.603647][T25675] kthread+0x2c1/0x3a0 [ 916.608281][T25675] ret_from_fork+0x45/0x80 [ 916.613239][T25675] ret_from_fork_asm+0x1a/0x30 [ 916.618586][T25675] [ 916.618586][T25675] -> #2 (&q->limits_lock){+.+.}-{4:4}: [ 916.626260][T25675] __mutex_lock+0x19b/0xa60 [ 916.631747][T25675] __nbd_set_size+0x2c0/0x730 [ 916.636968][T25675] nbd_start_device+0x8fd/0xd70 [ 916.642363][T25675] nbd_genl_connect+0x1204/0x1c00 [ 916.647936][T25675] genl_family_rcv_msg_doit+0x202/0x2f0 [ 916.654030][T25675] genl_rcv_msg+0x565/0x800 [ 916.659077][T25675] netlink_rcv_skb+0x165/0x410 [ 916.664383][T25675] genl_rcv+0x28/0x40 [ 916.668920][T25675] netlink_unicast+0x53c/0x7f0 [ 916.674223][T25675] netlink_sendmsg+0x8b8/0xd70 [ 916.679527][T25675] ____sys_sendmsg+0x9ae/0xb40 [ 916.684842][T25675] ___sys_sendmsg+0x135/0x1e0 [ 916.690167][T25675] __sys_sendmsg+0x16e/0x220 [ 916.695316][T25675] do_syscall_64+0xcd/0x250 [ 916.700372][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.706826][T25675] [ 916.706826][T25675] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}: [ 916.715474][T25675] blk_mq_submit_bio+0x1fb6/0x24c0 [ 916.721233][T25675] __submit_bio+0x384/0x540 [ 916.726290][T25675] submit_bio_noacct_nocheck+0x698/0xd70 [ 916.732480][T25675] submit_bio_noacct+0x93a/0x1e20 [ 916.738059][T25675] mpage_readahead+0x41d/0x590 [ 916.743375][T25675] read_pages+0x1a8/0xdc0 [ 916.748246][T25675] page_cache_ra_unbounded+0x3dc/0x750 [ 916.754291][T25675] force_page_cache_ra+0x24b/0x340 [ 916.759949][T25675] page_cache_sync_ra+0x110/0x9c0 [ 916.765517][T25675] filemap_get_pages+0xd7b/0x1be0 [ 916.771092][T25675] filemap_read+0x3ca/0xd70 [ 916.776143][T25675] blkdev_read_iter+0x187/0x480 [ 916.781573][T25675] vfs_read+0x87f/0xbe0 [ 916.786276][T25675] ksys_read+0x12b/0x250 [ 916.791070][T25675] do_syscall_64+0xcd/0x250 [ 916.796122][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.802574][T25675] [ 916.802574][T25675] -> #0 (mapping.invalidate_lock#2){++++}-{4:4}: [ 916.811131][T25675] __lock_acquire+0x249e/0x3c40 [ 916.816542][T25675] lock_acquire.part.0+0x11b/0x380 [ 916.822211][T25675] down_read+0x9a/0x330 [ 916.826916][T25675] page_cache_ra_unbounded+0x173/0x750 [ 916.832921][T25675] page_cache_ra_order+0x8f2/0xc80 [ 916.838582][T25675] filemap_fault+0x14a5/0x2820 [ 916.843900][T25675] __do_fault+0x10a/0x490 [ 916.848779][T25675] do_pte_missing+0x1a8/0x3e00 [ 916.854101][T25675] __handle_mm_fault+0x103c/0x2a40 [ 916.859762][T25675] handle_mm_fault+0x3fa/0xaa0 [ 916.865083][T25675] __get_user_pages+0x8d9/0x3b50 [ 916.870567][T25675] faultin_page_range+0x3a8/0x980 [ 916.876145][T25675] do_madvise+0x504/0x770 [ 916.881035][T25675] __x64_sys_madvise+0xa9/0x110 [ 916.886427][T25675] do_syscall_64+0xcd/0x250 [ 916.891488][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.897935][T25675] [ 916.897935][T25675] other info that might help us debug this: [ 916.897935][T25675] [ 916.908172][T25675] Chain exists of: [ 916.908172][T25675] mapping.invalidate_lock#2 --> &q->debugfs_mutex --> &mm->mmap_lock [ 916.908172][T25675] [ 916.922218][T25675] Possible unsafe locking scenario: [ 916.922218][T25675] [ 916.929675][T25675] CPU0 CPU1 [ 916.935048][T25675] ---- ---- [ 916.940419][T25675] rlock(&mm->mmap_lock); [ 916.944853][T25675] lock(&q->debugfs_mutex); [ 916.951997][T25675] lock(&mm->mmap_lock); [ 916.958879][T25675] rlock(mapping.invalidate_lock#2); [ 916.964300][T25675] [ 916.964300][T25675] *** DEADLOCK *** [ 916.964300][T25675] [ 916.972460][T25675] 1 lock held by syz.2.7553/25675: [ 916.977586][T25675] #0: ffff88801ac70ba0 (&mm->mmap_lock){++++}-{4:4}, at: faultin_page_range+0x348/0x980 [ 916.987496][T25675] [ 916.987496][T25675] stack backtrace: [ 916.993395][T25675] CPU: 1 UID: 0 PID: 25675 Comm: syz.2.7553 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 917.004179][T25675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 917.014256][T25675] Call Trace: [ 917.017553][T25675] [ 917.020498][T25675] dump_stack_lvl+0x116/0x1f0 [ 917.025244][T25675] print_circular_bug+0x41c/0x610 [ 917.030428][T25675] check_noncircular+0x31a/0x400 [ 917.035428][T25675] ? __pfx_check_noncircular+0x10/0x10 [ 917.041021][T25675] ? lockdep_lock+0xc6/0x200 [ 917.045655][T25675] ? __pfx_lockdep_lock+0x10/0x10 [ 917.050712][T25675] __lock_acquire+0x249e/0x3c40 [ 917.055595][T25675] ? __pfx___lock_acquire+0x10/0x10 [ 917.060814][T25675] ? __pfx_mark_lock+0x10/0x10 [ 917.065618][T25675] lock_acquire.part.0+0x11b/0x380 [ 917.070760][T25675] ? page_cache_ra_unbounded+0x173/0x750 [ 917.076424][T25675] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 917.082078][T25675] ? rcu_is_watching+0x12/0xc0 [ 917.086872][T25675] ? trace_lock_acquire+0x14e/0x1f0 [ 917.092102][T25675] ? page_cache_ra_unbounded+0x173/0x750 [ 917.097771][T25675] ? lock_acquire+0x2f/0xb0 [ 917.102296][T25675] ? page_cache_ra_unbounded+0x173/0x750 [ 917.107967][T25675] down_read+0x9a/0x330 [ 917.112156][T25675] ? page_cache_ra_unbounded+0x173/0x750 [ 917.117822][T25675] ? __pfx_down_read+0x10/0x10 [ 917.122626][T25675] ? hlock_class+0x4e/0x130 [ 917.127158][T25675] ? mark_lock+0xb5/0xc60 [ 917.131527][T25675] ? __pfx___lock_acquire+0x10/0x10 [ 917.136750][T25675] ? xas_load+0x49/0x5b0 [ 917.141024][T25675] page_cache_ra_unbounded+0x173/0x750 [ 917.146523][T25675] ? find_held_lock+0x2d/0x110 [ 917.151323][T25675] page_cache_ra_order+0x8f2/0xc80 [ 917.156913][T25675] filemap_fault+0x14a5/0x2820 [ 917.161730][T25675] ? __pfx_filemap_fault+0x10/0x10 [ 917.166899][T25675] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 917.172570][T25675] ? rcu_is_watching+0x12/0xc0 [ 917.177371][T25675] ? __pfx_filemap_map_pages+0x10/0x10 [ 917.182859][T25675] __do_fault+0x10a/0x490 [ 917.187219][T25675] ? __pfx_filemap_map_pages+0x10/0x10 [ 917.192708][T25675] do_pte_missing+0x1a8/0x3e00 [ 917.197515][T25675] __handle_mm_fault+0x103c/0x2a40 [ 917.202675][T25675] ? find_held_lock+0x2d/0x110 [ 917.207471][T25675] ? __pfx___handle_mm_fault+0x10/0x10 [ 917.212969][T25675] ? follow_page_pte+0x3c3/0x1b20 [ 917.218022][T25675] ? __pfx_lock_release+0x10/0x10 [ 917.223075][T25675] ? follow_page_pte+0x3f7/0x1b20 [ 917.228135][T25675] handle_mm_fault+0x3fa/0xaa0 [ 917.232933][T25675] __get_user_pages+0x8d9/0x3b50 [ 917.237929][T25675] ? __pfx___get_user_pages+0x10/0x10 [ 917.243590][T25675] ? down_read_killable+0xcc/0x380 [ 917.248752][T25675] ? __pfx_down_read_killable+0x10/0x10 [ 917.254370][T25675] ? lock_acquire+0x2f/0xb0 [ 917.258899][T25675] faultin_page_range+0x3a8/0x980 [ 917.263964][T25675] do_madvise+0x504/0x770 [ 917.268336][T25675] ? __pfx_do_madvise+0x10/0x10 [ 917.273234][T25675] ? __x64_sys_futex+0x1e1/0x4c0 [ 917.278213][T25675] ? rcu_is_watching+0x12/0xc0 [ 917.283009][T25675] __x64_sys_madvise+0xa9/0x110 [ 917.287882][T25675] ? lockdep_hardirqs_on+0x7c/0x110 [ 917.293108][T25675] do_syscall_64+0xcd/0x250 [ 917.297667][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.303596][T25675] RIP: 0033:0x7f7dca785d29 [ 917.308036][T25675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 917.327769][T25675] RSP: 002b:00007f7dcb677038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 917.336233][T25675] RAX: ffffffffffffffda RBX: 00007f7dca975fa0 RCX: 00007f7dca785d29 [ 917.344234][T25675] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 917.352234][T25675] RBP: 00007f7dca801aa8 R08: 0000000000000000 R09: 0000000000000000 [ 917.360226][T25675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 917.368213][T25675] R13: 0000000000000000 R14: 00007f7dca975fa0 R15: 00007fff15bc46c8 [ 917.376213][T25675] [ 918.342836][T22778] smc: removing net device syz_tun with user defined pnetid ETHTOOL